Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Anti-virus//MBAM shut down: scans not running, fake firewall warnings(

Started by princessmimi , Oct 24 2011 09:44 AM

  • This topic is locked This topic is locked

#1
princessmimi
Posted 24 October 2011 - 09:44 AM

princessmimi

    Member

  • Member
  • PipPip
  • 48 posts
Hello (again) :) !
I was here a very short while ago with an infection (thanks for the help! ^^) and after a few days of coming out completely clean, my brother went on the internet all day yesterday (everything was clean and running perfectly before the 23rd of October) and I went on after him, only to find the whole computer's messed up. There are a few self-help messages about MBAM, in particular, but I don't have that much faith in myself to attempt it and screw something up. ^^;;

My AVG is all selected as being active, but it's saying the Resident and Internet Shields are both inactive. Windows is also giving me warnings that my A/V is disabled. The AVG tray icon has ceased to exist and when I did the scheduled scan this morning, an AVG virus message popped up [Move to Vault - Ignore - Go to file; it was a Win32 something -- the log has no history of it appearing] and all scans shut down. I went back onto the main AVG page and tried to start my own scan, both complete or selected folders, and it refuses to start it up. I click "scan" and nothing happens.

Suspecting a virus, I started up Malware Bytes' Anti-Malware, clicked the quick scan option and after enumerating registry entries, a Windows Firewall alert popped up and asked to unblock MBAM. I exed the alert, all scans stopped and MBAM disappeared. Clicking on the start menu program, I'm getting "Windows cannot access the specified device, path of file. You may not have the appropriate permissions to access the item." and from the directory, it looks like the program has been completely wiped from the computer. I reinstalled it three times, updated it, and upon scanning, the program is removed.

Seeing as I'm getting a whole bunch of Windows Firewall alerts all of a sudden (it also disabled my network software), I'm suspecting they might be fake? My Firewall is always up and running, so I don't think I should be getting prompts to allow/disallow my usual programs.

Besides banning the brother entirely from the computer, I have no idea what to do next. Any help asap (since I don't want to use my internet until it's resolved) would be greatly, greatly appreciated. Thank you!!!! :yes:

___
OTL log: (OTL extras, if needed, will be in a separate post)

OTL logfile created on: 10/24/2011 11:06:03 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Mimi II\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.07 Mb Total Physical Memory | 474.04 Mb Available Physical Memory | 46.38% Memory free
2.40 Gb Paging File | 1.83 Gb Available in Paging File | 76.09% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.68 Gb Total Space | 8.78 Gb Free Space | 12.25% Space Free | Partition Type: NTFS

Computer Name: D3T0R661 | User Name: Mimi II | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found -- C:\WINDOWS\897045189:976062666.exe
PRC - [2011/10/24 11:05:51 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mimi II\Desktop\OTL.exe
PRC - [2011/10/24 10:44:42 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
PRC - [2011/10/18 16:47:54 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2011/10/18 16:47:54 | 000,621,920 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2011/10/18 16:46:56 | 000,842,592 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgam.exe
PRC - [2011/10/18 16:46:54 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2011/10/18 16:46:13 | 005,897,808 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2011/05/21 16:46:58 | 000,273,544 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2011/03/21 14:56:16 | 001,230,704 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2009/09/14 11:07:30 | 000,472,112 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Pure Networks\Network Magic\nmapp.exe
PRC - [2009/07/07 14:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/11/06 11:08:10 | 000,397,312 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe
PRC - [2006/09/29 11:55:14 | 000,057,344 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe
PRC - [2004/02/25 10:04:16 | 001,123,440 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
PRC - [2001/11/27 09:10:00 | 000,106,560 | ---- | M] (WinZip Computing, Inc.) -- C:\Program Files\WinZip\WZQKPICK.EXE


========== Modules (No Company Name) ==========

MOD - [2011/10/18 16:46:12 | 000,077,824 | ---- | M] () -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\boost_log-vc71-mt-1_32.dll
MOD - [2011/10/18 16:46:12 | 000,057,344 | ---- | M] () -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\boost_thread-vc71-mt-1_32.dll
MOD - [2011/10/13 19:32:06 | 000,771,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\36bf3d5f05a40c9e3cadca5789c8a469\System.Runtime.Remoting.ni.dll
MOD - [2011/10/13 19:31:56 | 011,800,576 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\60df958ca96c9b8945f836759b6abd34\System.Web.ni.dll
MOD - [2011/10/13 11:14:27 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\bce0720436dc6cb76006377f295ea365\System.Configuration.ni.dll
MOD - [2011/10/13 11:13:28 | 000,025,600 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\d86a3346c3d90ff12d0df9d7726f3ece\Accessibility.ni.dll
MOD - [2011/10/13 11:12:03 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\70cacc44f0b4257f6037eda7a59a0aeb\System.Xml.ni.dll
MOD - [2011/10/13 11:11:55 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\71a2ae9ad561a62181cbd9fb11e9de7a\System.Windows.Forms.ni.dll
MOD - [2011/10/13 11:11:37 | 001,587,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\c10bea3c4bb7ef654651141bf9419090\System.Drawing.ni.dll
MOD - [2011/10/13 11:08:33 | 007,950,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll
MOD - [2011/10/13 11:08:06 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
MOD - [2011/07/06 19:01:53 | 000,011,776 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.HydraVision.Runtime\2.0.3693.42552__90ba9c70f846762e\CLI.Caste.HydraVision.Runtime.dll
MOD - [2011/07/06 19:01:53 | 000,008,704 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.HydraVision.Shared\2.0.3693.42552__90ba9c70f846762e\CLI.Caste.HydraVision.Shared.dll
MOD - [2011/07/06 19:01:53 | 000,007,680 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.HydraVision.Wizard\2.0.3693.42556__90ba9c70f846762e\CLI.Caste.HydraVision.Wizard.dll
MOD - [2011/07/06 19:01:53 | 000,007,680 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.HydraVision.Dashboard\2.0.3693.42552__90ba9c70f846762e\CLI.Caste.HydraVision.Dashboard.dll
MOD - [2011/07/06 19:01:52 | 000,290,816 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3693.42442__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll
MOD - [2011/07/06 19:01:52 | 000,204,800 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3693.42461__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll
MOD - [2011/07/06 19:01:52 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3693.42456__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll
MOD - [2011/07/06 19:01:52 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3693.42451__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll
MOD - [2011/07/06 19:01:51 | 001,728,512 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3693.42460__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll
MOD - [2011/07/06 19:01:51 | 000,692,224 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Wizard\2.0.3693.42508__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Wizard.dll
MOD - [2011/07/06 19:01:51 | 000,491,520 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3693.42537__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll
MOD - [2011/07/06 19:01:51 | 000,364,544 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Wizard\2.0.3693.42522__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Wizard.dll
MOD - [2011/07/06 19:01:51 | 000,077,824 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3693.42517__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll
MOD - [2011/07/06 19:01:51 | 000,069,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3693.42499__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll
MOD - [2011/07/06 19:01:51 | 000,036,864 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3693.42486__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll
MOD - [2011/07/06 19:01:50 | 000,139,264 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3693.42537__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll
MOD - [2011/07/06 19:01:50 | 000,106,496 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Dashboard\2.0.3693.42461__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Dashboard.dll
MOD - [2011/07/06 19:01:50 | 000,073,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3693.42450__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll
MOD - [2011/07/06 19:01:49 | 000,364,544 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3693.42504__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll
MOD - [2011/07/06 19:01:49 | 000,094,208 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3693.42504__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll
MOD - [2011/07/06 19:01:49 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Runtime\2.0.3693.42460__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Runtime.dll
MOD - [2011/07/06 19:01:48 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3693.42503__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll
MOD - [2011/07/06 19:01:45 | 000,811,008 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3693.42488__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll
MOD - [2011/07/06 19:01:45 | 000,405,504 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3693.42512__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll
MOD - [2011/07/06 19:01:45 | 000,081,920 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3693.42487__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll
MOD - [2011/07/06 19:01:44 | 000,712,704 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3693.42452__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll
MOD - [2011/07/06 19:01:44 | 000,589,824 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3693.42462__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll
MOD - [2011/07/06 19:01:44 | 000,225,280 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3693.42462__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll
MOD - [2011/07/06 19:01:44 | 000,126,976 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3693.42496__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll
MOD - [2011/07/06 19:01:44 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3693.42466__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll
MOD - [2011/07/06 19:01:44 | 000,036,864 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3693.42496__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll
MOD - [2011/07/06 19:01:43 | 000,798,720 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Dashboard\2.0.3693.42518__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Dashboard.dll
MOD - [2011/07/06 19:01:43 | 000,450,560 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3693.42482__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll
MOD - [2011/07/06 19:01:43 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3693.42497__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll
MOD - [2011/07/06 19:01:42 | 000,675,840 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Dashboard\2.0.3693.42500__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Dashboard.dll
MOD - [2011/07/06 19:01:42 | 000,438,272 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3693.42487__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll
MOD - [2011/07/06 19:01:42 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3693.42486__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll
MOD - [2011/07/06 19:01:42 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3693.42487__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll
MOD - [2011/07/06 19:01:41 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3309.28617__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll
MOD - [2011/07/06 19:01:41 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3309.28608__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll
MOD - [2011/07/06 19:01:41 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3309.28629__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll
MOD - [2011/07/06 19:01:41 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3309.28645__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll
MOD - [2011/07/06 19:01:41 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3309.28647__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll
MOD - [2011/07/06 19:01:41 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3309.28627__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll
MOD - [2011/07/06 19:01:41 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3309.28647__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll
MOD - [2011/07/06 19:01:40 | 000,007,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll
MOD - [2011/07/06 19:01:39 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation\2.0.3309.28601__90ba9c70f846762e\LOG.Foundation.dll
MOD - [2011/07/06 19:01:39 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3309.28603__90ba9c70f846762e\NEWAEM.Foundation.dll
MOD - [2011/07/06 19:01:39 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.OS.I0602\2.0.3309.28630__90ba9c70f846762e\DEM.OS.I0602.dll
MOD - [2011/07/06 19:01:39 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\MOM.Foundation\2.0.3309.28626__90ba9c70f846762e\MOM.Foundation.dll
MOD - [2011/07/06 19:01:39 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.OS\2.0.3309.28645__90ba9c70f846762e\DEM.OS.dll
MOD - [2011/07/06 19:01:39 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll
MOD - [2011/07/06 19:01:38 | 000,073,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation\2.0.3309.28604__90ba9c70f846762e\CLI.Foundation.dll
MOD - [2011/07/06 19:01:38 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll
MOD - [2011/07/06 19:01:38 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3309.28669__90ba9c70f846762e\CLI.Foundation.XManifest.dll
MOD - [2011/07/06 19:01:38 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3309.28620__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll
MOD - [2011/07/06 19:01:38 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3309.28617__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll
MOD - [2011/07/06 19:01:38 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3309.28611__90ba9c70f846762e\CLI.Component.Client.Shared.dll
MOD - [2011/07/06 19:01:38 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics\2.0.3309.28630__90ba9c70f846762e\DEM.Graphics.dll
MOD - [2011/07/06 19:01:38 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll
MOD - [2011/07/06 19:01:38 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3309.28617__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll
MOD - [2011/07/06 19:01:37 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3309.28618__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll
MOD - [2011/07/06 19:01:37 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Shared\2.0.3309.28631__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Shared.dll
MOD - [2011/07/06 19:01:37 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3309.28631__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll
MOD - [2011/07/06 19:01:37 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3309.28630__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll
MOD - [2011/07/06 19:01:36 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3309.28644__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll
MOD - [2011/07/06 19:01:35 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3309.28636__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll
MOD - [2011/07/06 19:01:33 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3309.28636__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll
MOD - [2011/07/06 19:01:33 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3309.28634__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll
MOD - [2011/07/06 19:01:33 | 000,049,152 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3309.28634__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll
MOD - [2011/07/06 19:01:33 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3309.28636__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll
MOD - [2011/07/06 19:01:33 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3309.28624__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll
MOD - [2011/07/06 19:01:33 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3309.28632__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll
MOD - [2011/07/06 19:01:33 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3309.28630__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll
MOD - [2011/07/06 19:01:33 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3309.28635__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll
MOD - [2011/07/06 19:01:33 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3309.28630__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll
MOD - [2011/07/06 19:01:32 | 000,503,808 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ResourceManagement.Foundation.Implementation\2.0.3693.42564__90ba9c70f846762e\ResourceManagement.Foundation.Implementation.dll
MOD - [2011/07/06 19:01:32 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3309.28634__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll
MOD - [2011/07/06 19:01:32 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3693.42545__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll
MOD - [2011/07/06 19:01:32 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3309.28627__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll
MOD - [2011/07/06 19:01:32 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll
MOD - [2011/07/06 19:01:32 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\APM.Foundation\2.0.3309.28626__90ba9c70f846762e\APM.Foundation.dll
MOD - [2011/07/06 19:01:32 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3309.28617__90ba9c70f846762e\AEM.Server.Shared.dll
MOD - [2011/07/06 19:01:31 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3309.28612__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll
MOD - [2011/07/06 19:01:31 | 000,014,848 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll
MOD - [2011/07/06 19:01:31 | 000,013,312 | ---- | M] () -- C:\WINDOWS\assembly\GAC\Interop.WBOCXLib\1.0.0.0__90ba9c70f846762e\Interop.WBOCXLib.dll
MOD - [2011/07/06 19:01:31 | 000,007,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3693.42437__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll
MOD - [2011/07/06 19:01:30 | 000,544,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3693.42525__90ba9c70f846762e\CLI.Component.Systemtray.dll
MOD - [2011/07/06 19:01:30 | 000,405,504 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3693.42455__90ba9c70f846762e\CLI.Component.Wizard.dll
MOD - [2011/07/06 19:01:30 | 000,106,496 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\MOM.Implementation\2.0.3693.42531__90ba9c70f846762e\MOM.Implementation.dll
MOD - [2011/07/06 19:01:30 | 000,081,920 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3693.42440__90ba9c70f846762e\CLI.Component.Runtime.dll
MOD - [2011/07/06 19:01:30 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3693.42530__90ba9c70f846762e\LOG.Foundation.Implementation.dll
MOD - [2011/07/06 19:01:30 | 000,057,344 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3693.42441__90ba9c70f846762e\CLI.Component.SkinFactory.dll
MOD - [2011/07/06 19:01:30 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3309.28628__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll
MOD - [2011/07/06 19:01:30 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3309.28608__90ba9c70f846762e\CLI.Foundation.Private.dll
MOD - [2011/07/06 19:01:30 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3309.28614__90ba9c70f846762e\LOG.Foundation.Private.dll
MOD - [2011/07/06 19:01:30 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3309.28627__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll
MOD - [2011/07/06 19:01:30 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3309.28626__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll
MOD - [2011/07/06 19:01:28 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3309.28624__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll
MOD - [2011/07/06 19:01:26 | 001,142,784 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3693.42446__90ba9c70f846762e\CLI.Component.Dashboard.dll
MOD - [2011/07/06 19:01:25 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3309.28621__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll
MOD - [2011/07/06 19:01:25 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3309.28637__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll
MOD - [2011/07/06 19:01:24 | 000,081,920 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ATIDEMOS\2.0.3693.42440__90ba9c70f846762e\ATIDEMOS.dll
MOD - [2011/07/06 19:01:24 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll
MOD - [2011/07/06 19:01:24 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CCC.Implementation\2.0.3693.42531__90ba9c70f846762e\CCC.Implementation.dll
MOD - [2011/07/06 19:01:23 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\APM.Server\2.0.3693.42439__90ba9c70f846762e\APM.Server.dll
MOD - [2011/07/06 19:01:23 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Server\2.0.3693.42438__90ba9c70f846762e\AEM.Server.dll
MOD - [2011/03/21 14:57:34 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/03/21 14:56:16 | 001,230,704 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2010/08/10 00:01:06 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2009/11/24 13:36:36 | 000,016,384 | R--- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll
MOD - [2009/07/13 17:37:04 | 000,152,112 | ---- | M] () -- C:\Program Files\Common Files\Pure Networks Shared\Platform\CAntiVirusCOM.dll
MOD - [2009/07/13 17:37:04 | 000,098,304 | ---- | M] () -- C:\Program Files\Common Files\Pure Networks Shared\Platform\CFirewallCOM.dll
MOD - [2008/06/20 12:02:47 | 000,245,248 | ---- | M] () -- \\?\globalroot\systemroot\system32\mswsock.dll
MOD - [2004/06/18 11:29:44 | 000,007,680 | ---- | M] () -- C:\Program Files\Dell Photo AIO Printer 922\dlbtmcro.dll
MOD - [2004/06/18 11:27:50 | 000,065,536 | ---- | M] () -- C:\Program Files\Dell Photo AIO Printer 922\JetScan.dll
MOD - [2004/06/18 11:26:42 | 000,065,536 | ---- | M] () -- C:\Program Files\Dell Photo AIO Printer 922\JetImage.dll
MOD - [2004/06/18 11:26:18 | 000,028,672 | ---- | M] () -- C:\Program Files\Dell Photo AIO Printer 922\JetPDF.dll
MOD - [2004/06/18 11:25:56 | 000,036,864 | ---- | M] () -- C:\Program Files\Dell Photo AIO Printer 922\JetFunc.dll
MOD - [2004/03/29 12:45:52 | 000,075,264 | ---- | M] () -- C:\WINDOWS\SYSTEM32\SPOOL\PRTPROCS\W32X86\DLBTPP5C.DLL
MOD - [2004/03/10 10:36:24 | 000,061,440 | ---- | M] () -- C:\Program Files\Dell Photo AIO Printer 922\ConvDIB.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (winsocket)
SRV - File not found [Auto | Stopped] -- -- (RPC Security)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/10/24 10:44:42 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2011/10/18 16:46:54 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2011/10/18 16:46:13 | 005,897,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2008/04/13 20:12:02 | 000,105,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\p2pgasvc.dll -- (p2pgasvc)
SRV - [2008/04/13 20:11:55 | 000,035,328 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SYSTEM32\iprip.dll -- (Iprip)
SRV - [2007/03/07 15:47:46 | 000,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2004/03/16 16:33:24 | 000,421,888 | ---- | M] (Dell) [On_Demand | Stopped] -- C:\WINDOWS\System32\dlbtcoms.exe -- (dlbt_device)
SRV - [2004/02/25 10:04:16 | 001,123,440 | ---- | M] (America Online, Inc.) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -- (AOL ACS)


========== Driver Services (SafeList) ==========

DRV - [2011/10/24 11:00:10 | 000,041,272 | ---- | M] (Malwarebytes Corporation) [Kernel | Disabled | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2011/10/18 16:52:24 | 000,029,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\avgmfx86.sys -- (AvgMfx86)
DRV - [2011/10/18 16:49:10 | 000,052,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\System32\Drivers\avgrkx86.sys -- (AvgRkx86)
DRV - [2011/10/18 16:49:10 | 000,025,168 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\AVGIDSxx.sys -- (AVGIDSErHrxpx)
DRV - [2011/10/18 16:49:09 | 000,243,152 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\avgtdix.sys -- (AvgTdiX)
DRV - [2011/10/18 16:48:58 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\avgldx86.sys -- (AvgLdx86)
DRV - [2011/10/18 16:46:16 | 000,122,448 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys -- (AVGIDSDriverxpx)
DRV - [2011/10/18 16:46:16 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys -- (AVGIDSFilterxpx)
DRV - [2011/10/18 16:46:15 | 000,026,192 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys -- (AVGIDSShimxpx)
DRV - [2010/02/11 08:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\tcpip6.sys -- (Tcpip6)
DRV - [2010/02/11 03:38:10 | 003,565,056 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ati2mtag.sys -- (ati2mtag)
DRV - [2010/01/01 14:07:51 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\atksgt.sys -- (atksgt)
DRV - [2010/01/01 14:07:50 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\lirsgt.sys -- (lirsgt)
DRV - [2009/07/07 14:48:44 | 000,026,672 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\purendis.sys -- (purendis)
DRV - [2009/07/07 14:48:44 | 000,025,392 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\pnarp.sys -- (pnarp)
DRV - [2008/06/27 12:09:32 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2007/08/01 22:47:26 | 000,102,664 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\tmcomm.sys -- (tmcomm)
DRV - [2007/02/25 12:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\dsunidrv.sys -- (dsunidrv)
DRV - [2006/10/05 16:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2006/09/05 12:03:16 | 000,003,968 | ---- | M] (GRISOFT, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\AvgAsCln.sys -- (AvgAsCln)
DRV - [2005/11/21 01:48:21 | 000,016,512 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ASPI32.SYS -- (ASPI32)
DRV - [2004/06/16 00:52:40 | 000,061,157 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC53.sys -- (IntelC53)
DRV - [2004/03/06 00:15:34 | 000,647,929 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC52.sys -- (IntelC52)
DRV - [2004/03/06 00:14:42 | 001,233,525 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC51.sys -- (IntelC51)
DRV - [2004/03/06 00:13:38 | 000,037,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mohfilt.sys -- (mohfilt)
DRV - [2003/08/28 20:58:40 | 000,004,272 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\bvrp_pci.sys -- (bvrp_pci)
DRV - [2003/06/13 10:53:06 | 000,015,232 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdrbsvsd.sys -- (cdrbsvsd)
DRV - [2003/01/10 18:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2002/11/08 15:45:06 | 000,017,217 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.hotmail.com"

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.647: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.647: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/05/21 16:47:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2011/10/18 16:55:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/23 00:28:29 | 000,134,104 | ---- | M] (Mozilla Foundation)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/28 12:06:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Netscape 7.2\Extensions\\Components: C:\Program Files\Netscape\Netscape\Components [2011/07/27 18:16:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Netscape 7.2\Extensions\\Plugins: C:\Program Files\Netscape\Netscape\Plugins [2011/07/01 10:28:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Netscape Navigator 9.0.0.6\extensions\\Components: C:\Program Files\Netscape\Navigator 9\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Netscape Navigator 9.0.0.6\extensions\\Plugins: C:\Program Files\Netscape\Navigator 9\plugins [2011/03/08 19:33:17 | 000,000,000 | ---D | M]

[2011/10/14 11:45:08 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mimi II\Application Data\Mozilla\Extensions
[2011/09/28 12:06:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/10 18:17:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/10/11 18:08:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/12/14 11:33:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/01/11 11:27:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/03/11 11:24:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/07/10 18:19:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2009/04/17 10:22:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\FirefoxPortable\App\Firefox\extensions
[2011/09/28 12:02:19 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\FirefoxPortable\App\Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2011/10/22 20:15:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\FirefoxPortable\Data\profile\extensions
[2010/07/13 11:27:20 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Program Files\Mozilla Firefox\FirefoxPortable\Data\profile\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/12/30 21:38:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\FirefoxPortable\Data\profile\extensions\{b80f591e-fe9a-46cf-a13e-180377240586}
[2010/11/17 19:05:10 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Program Files\Mozilla Firefox\FirefoxPortable\Data\profile\extensions\[email protected]
[2011/10/12 19:12:29 | 000,000,000 | ---D | M] (Canadian English Dictionary) -- C:\Program Files\Mozilla Firefox\FirefoxPortable\Data\profile\extensions\[email protected]
[2010/12/30 21:38:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\FirefoxPortable\Data\profile\extensions\[email protected]
[2011/03/04 11:10:35 | 000,000,000 | ---D | M] (Suomen kielen oikoluku) -- C:\Program Files\Mozilla Firefox\FirefoxPortable\Data\profile\extensions\[email protected]
[2011/10/12 11:30:57 | 000,000,000 | ---D | M] (Dictionnaire français «Moderne») -- C:\Program Files\Mozilla Firefox\FirefoxPortable\Data\profile\extensions\[email protected]
[2011/04/28 20:47:12 | 000,000,000 | ---D | M] (Icelandic Dictionary) -- C:\Program Files\Mozilla Firefox\FirefoxPortable\Data\profile\extensions\[email protected]
[2011/04/28 20:47:11 | 000,000,000 | ---D | M] (Dizionario italiano) -- C:\Program Files\Mozilla Firefox\FirefoxPortable\Data\profile\extensions\[email protected]
[2011/06/28 21:08:22 | 000,000,000 | ---D | M] (Norsk bokmĂ¥l ordliste) -- C:\Program Files\Mozilla Firefox\FirefoxPortable\Data\profile\extensions\[email protected]
[2011/07/01 11:16:54 | 000,000,000 | ---D | M] (Polski slownik poprawnej pisowni) -- C:\Program Files\Mozilla Firefox\FirefoxPortable\Data\profile\extensions\[email protected]
[2010/09/15 18:05:52 | 000,000,000 | ---D | M] (Russian spellchecking dictionary) -- C:\Program Files\Mozilla Firefox\FirefoxPortable\Data\profile\extensions\[email protected]
[2011/07/01 11:16:54 | 000,000,000 | ---D | M] (Svensk ordlista) -- C:\Program Files\Mozilla Firefox\FirefoxPortable\Data\profile\extensions\[email protected]
[2010/04/10 18:17:39 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2009/09/01 18:07:07 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/09/22 21:16:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/10/18 16:21:15 | 000,000,027 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\SYSTEM32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe ()
O4 - HKLM..\Run: [CTCheck] C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe ()
O4 - HKLM..\Run: [nmapp] C:\Program Files\Pure Networks\Network Magic\nmapp.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Mam\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe (America Online, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\LUMIX Simple Viewer.lnk = C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe (Matsushita Electric Industrial Co., Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoMovingBands = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCloseDragDropBands = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoToolbarsOnTaskbar = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmat...enWebRadio.html File not found
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Mimi II\Start Menu\Programs\IMVU\Run IMVU.lnk File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} http://housecall65.t...ivex/hcImpl.cab (Trend Micro ActiveX Scan Agent 6.6)
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} http://dl.tvunetworks.com/TVUAx.cab (CTVUAxCtrl Object)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail....es/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C7DEDA04-2FFF-4B81-AE66-0A0E0EF4AD2F} http://cameracanadap...PUploader57.cab (Image Uploader Control)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O16 - DPF: Microsoft XML Parser for Java Reg Error: Value error. (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{08B6E02A-BBEA-450C-A110-EED00DD6157E}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\SYSTEM32\userinit.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (C:\Documents and Settings\Mimi II\Local Settings\Application Data\c5d27735\X) -C:\Documents and Settings\Mimi II\Local Settings\Application Data\c5d27735\X ()
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\avgrsstarter: DllName - (avgrsstx.dll) - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop WallPaper: C:\Documents and Settings\Mimi II\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Mimi II\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

File not found -- C:\WINDOWS\System32\
[2011/10/24 11:05:50 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Mimi II\Desktop\OTL.exe
[2011/10/24 10:59:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\mamprog
[2011/10/24 10:59:33 | 000,000,000 | ---D | C] -- C:\Program Files\Mam
[2011/10/24 10:49:26 | 009,852,544 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Mimi II\Desktop\mbam-setup-1.51.2.1300.exe
[2011/10/24 10:31:22 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/10/23 14:51:22 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Mimi II\Local Settings\Application Data\c5d27735
[2011/10/18 16:53:57 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/10/18 16:49:10 | 000,025,168 | ---- | C] (AVG Technologies CZ, s.r.o. ) -- C:\WINDOWS\System32\drivers\AVGIDSxx.sys
[2011/10/18 16:49:10 | 000,012,536 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2011/10/18 16:49:09 | 000,052,872 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgrkx86.sys
[2011/10/18 16:49:07 | 000,243,152 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2011/10/18 16:48:57 | 000,216,400 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2011/10/18 16:48:55 | 000,029,712 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2011/10/18 16:48:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
[2011/10/18 16:00:21 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/10/01 19:14:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/09/26 11:44:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NCH Software
[2011/09/26 11:44:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mimi II\Application Data\NCH Software
[2011/09/24 17:28:33 | 000,000,000 | ---D | C] -- C:\Program Files\MALWAREBYTES ANTI-MALWARE
[2008/05/28 10:22:26 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Mimi II\Application Data\pcouffin.sys
[1980/01/01 02:00:00 | 000,151,552 | ---- | C] ( ) -- C:\WINDOWS\System32\ATIDEMGR.dll

========== Files - Modified Within 30 Days ==========

File not found -- C:\WINDOWS\System32\
[2011/10/24 11:05:51 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mimi II\Desktop\OTL.exe
[2011/10/24 11:00:10 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/10/24 10:51:19 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Mimi II\Local Settings\Application Data\prvlcl.dat
[2011/10/24 10:49:32 | 009,852,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Mimi II\Desktop\mbam-setup-1.51.2.1300.exe
[2011/10/24 10:45:31 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2011/10/24 10:43:06 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-536494136-2410558530-2963846775-1008.job
[2011/10/24 10:42:49 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/10/24 10:42:46 | 000,000,000 | ---- | M] () -- C:\WINDOWS\897045189
[2011/10/24 10:42:45 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2011/10/24 10:42:39 | 1071,796,224 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/24 10:38:01 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/10/24 10:21:58 | 087,751,265 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2011/10/24 10:14:43 | 000,000,327 | RHS- | M] () -- C:\BOOT.INI
[2011/10/23 20:16:17 | 004,958,166 | ---- | M] () -- C:\Documents and Settings\Mimi II\My Documents\mapleville-1.psd
[2011/10/21 20:13:11 | 000,000,290 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-536494136-2410558530-2963846775-1008.job
[2011/10/21 11:15:41 | 000,397,552 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/10/20 13:47:17 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/10/18 18:07:50 | 000,000,956 | ---- | M] () -- C:\Documents and Settings\Mimi II\Desktop\Internet Explorer.lnk
[2011/10/18 18:06:28 | 000,001,499 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 9.0.lnk
[2011/10/18 16:52:24 | 000,029,712 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2011/10/18 16:49:12 | 000,012,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2011/10/18 16:49:10 | 000,052,872 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgrkx86.sys
[2011/10/18 16:49:10 | 000,025,168 | ---- | M] (AVG Technologies CZ, s.r.o. ) -- C:\WINDOWS\System32\drivers\AVGIDSxx.sys
[2011/10/18 16:49:09 | 000,243,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2011/10/18 16:48:58 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2011/10/18 16:48:55 | 000,113,461 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2011/10/18 16:21:15 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\hosts
[2011/10/18 11:05:48 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/10/16 22:54:11 | 000,000,986 | ---- | M] () -- C:\WINDOWS\dellstat.ini
[2011/10/15 18:00:32 | 000,014,198 | ---- | M] () -- C:\Documents and Settings\Mimi II\My Documents\fra.jpg
[2011/10/15 17:56:54 | 000,088,937 | ---- | M] () -- C:\Documents and Settings\Mimi II\My Documents\P1050761.jpg
[2011/10/15 17:56:17 | 000,106,359 | ---- | M] () -- C:\Documents and Settings\Mimi II\My Documents\P1050699.jpg
[2011/10/14 16:02:41 | 003,245,726 | ---- | M] () -- C:\Documents and Settings\Mimi II\My Documents\DSCF3212.jpg
[2011/10/14 16:02:24 | 003,943,057 | ---- | M] () -- C:\Documents and Settings\Mimi II\My Documents\DSCF3196.jpg
[2011/10/14 16:02:02 | 004,596,960 | ---- | M] () -- C:\Documents and Settings\Mimi II\My Documents\DSCF3110.jpg
[2011/10/14 16:01:48 | 004,469,231 | ---- | M] () -- C:\Documents and Settings\Mimi II\My Documents\DSCF3088.jpg
[2011/10/13 20:26:30 | 000,302,592 | ---- | M] () -- C:\sbruso00.exe
[2011/10/13 11:07:07 | 000,445,830 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2011/10/13 11:07:07 | 000,073,036 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[2011/10/13 10:56:04 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/10/12 17:02:58 | 000,316,170 | ---- | M] () -- C:\Documents and Settings\Mimi II\My Documents\_MG_8544.jpg
[2011/10/12 17:00:44 | 001,502,898 | ---- | M] () -- C:\Documents and Settings\Mimi II\My Documents\Henry_Burris_-_CFL_PHOTO_-_Peter_McCabe.jpg
[2011/10/04 19:33:39 | 000,014,998 | ---- | M] () -- C:\Documents and Settings\Mimi II\My Documents\DSCF2219.jpg
[2011/10/04 19:20:53 | 000,021,908 | ---- | M] () -- C:\Documents and Settings\Mimi II\My Documents\nor.jpg
[2011/09/28 12:10:02 | 000,001,776 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/09/28 12:06:48 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Mimi II\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/09/26 12:04:41 | 000,063,487 | ---- | M] () -- C:\Documents and Settings\Mimi II\My Documents\ss.jpg
[2011/09/25 10:22:01 | 000,000,211 | ---- | M] () -- C:\Boot.bak

========== Files Created - No Company Name ==========

[2011/10/23 14:51:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\897045189
[2011/10/18 18:07:32 | 000,000,956 | ---- | C] () -- C:\Documents and Settings\Mimi II\Desktop\Internet Explorer.lnk
[2011/10/18 16:49:13 | 000,001,499 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 9.0.lnk
[2011/10/18 16:48:55 | 000,113,461 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2011/10/18 16:48:34 | 087,751,265 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2011/10/18 16:00:25 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/10/18 16:00:23 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/10/16 20:11:28 | 004,958,166 | ---- | C] () -- C:\Documents and Settings\Mimi II\My Documents\mapleville-1.psd
[2011/10/15 18:00:32 | 000,014,198 | ---- | C] () -- C:\Documents and Settings\Mimi II\My Documents\fra.jpg
[2011/10/15 17:56:53 | 000,088,937 | ---- | C] () -- C:\Documents and Settings\Mimi II\My Documents\P1050761.jpg
[2011/10/15 17:56:13 | 000,106,359 | ---- | C] () -- C:\Documents and Settings\Mimi II\My Documents\P1050699.jpg
[2011/10/13 20:26:29 | 000,302,592 | ---- | C] () -- C:\sbruso00.exe
[2011/10/13 10:55:36 | 000,001,393 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2011/10/12 17:02:57 | 000,316,170 | ---- | C] () -- C:\Documents and Settings\Mimi II\My Documents\_MG_8544.jpg
[2011/10/12 17:00:41 | 001,502,898 | ---- | C] () -- C:\Documents and Settings\Mimi II\My Documents\Henry_Burris_-_CFL_PHOTO_-_Peter_McCabe.jpg
[2011/10/04 19:30:12 | 000,014,998 | ---- | C] () -- C:\Documents and Settings\Mimi II\My Documents\DSCF2219.jpg
[2011/10/04 19:20:53 | 000,021,908 | ---- | C] () -- C:\Documents and Settings\Mimi II\My Documents\nor.jpg
[2011/09/30 11:09:40 | 003,245,726 | ---- | C] () -- C:\Documents and Settings\Mimi II\My Documents\DSCF3212.jpg
[2011/09/30 11:04:22 | 003,943,057 | ---- | C] () -- C:\Documents and Settings\Mimi II\My Documents\DSCF3196.jpg
[2011/09/30 10:20:20 | 004,596,960 | ---- | C] () -- C:\Documents and Settings\Mimi II\My Documents\DSCF3110.jpg
[2011/09/30 10:08:30 | 004,469,231 | ---- | C] () -- C:\Documents and Settings\Mimi II\My Documents\DSCF3088.jpg
[2011/09/28 12:06:47 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011/09/26 12:03:00 | 000,063,487 | ---- | C] () -- C:\Documents and Settings\Mimi II\My Documents\ss.jpg
[2011/09/25 10:21:56 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AOL 9.0 Tray Icon.lnk
[2011/07/06 19:09:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2011/07/06 18:58:54 | 000,593,920 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2011/02/27 15:50:22 | 000,000,003 | ---- | C] () -- C:\WINDOWS\treeskp.sys
[2011/02/27 15:50:22 | 000,000,003 | ---- | C] () -- C:\WINDOWS\sbacknt.bin
[2010/02/11 00:12:00 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2010/02/11 00:12:00 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2009/12/17 04:33:56 | 003,190,784 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2009/12/17 04:33:56 | 000,405,504 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2009/12/17 04:33:56 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\ff_libdts.dll
[2009/12/17 04:33:56 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll
[2009/12/17 04:33:56 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\ff_libmad.dll
[2009/12/17 04:33:56 | 000,097,280 | ---- | C] () -- C:\WINDOWS\System32\ff_realaac.dll
[2009/12/17 04:33:56 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ff_liba52.dll
[2009/12/17 04:33:56 | 000,038,400 | ---- | C] () -- C:\WINDOWS\System32\ff_unrar.dll
[2009/12/17 04:33:54 | 000,741,376 | ---- | C] () -- C:\WINDOWS\System32\audxlib.dll
[2009/12/17 04:33:54 | 000,662,016 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/12/17 04:33:54 | 000,511,488 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2009/12/17 04:33:54 | 000,245,760 | ---- | C] () -- C:\WINDOWS\System32\ff_libfaad2.dll
[2009/12/17 04:33:54 | 000,221,184 | ---- | C] () -- C:\WINDOWS\System32\ff_kernelDeint.dll
[2009/12/17 04:33:54 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2009/12/17 04:33:54 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\ff_samplerate.dll
[2009/12/17 04:33:54 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2009/12/17 04:33:54 | 000,079,872 | ---- | C] () -- C:\WINDOWS\System32\ff_tremor.dll
[2009/12/17 04:33:54 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2009/12/17 04:33:54 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/05/01 16:03:56 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Mimi II\Local Settings\Application Data\prvlcl.dat
[2009/04/23 18:29:16 | 000,189,051 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2009/04/16 11:24:06 | 008,892,928 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\atscie.msi
[2008/12/26 20:03:10 | 000,281,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2008/12/26 20:03:03 | 000,025,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2008/05/28 10:22:26 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Mimi II\Application Data\pcouffin.cat
[2008/05/28 10:22:26 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Mimi II\Application Data\pcouffin.inf
[2008/04/29 11:36:06 | 000,000,001 | ---- | C] () -- C:\WINDOWS\dedlat2.dll
[2008/01/30 17:10:46 | 000,274,432 | ---- | C] () -- C:\WINDOWS\System32\libcurl.dll
[2007/12/14 15:52:38 | 000,000,005 | ---- | C] () -- C:\WINDOWS\System32\SySVid.dat
[2007/12/14 15:51:39 | 000,003,082 | ---- | C] () -- C:\WINDOWS\System32\affv11300p4now.sys
[2007/12/13 15:15:14 | 000,000,206 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2007/12/05 18:06:04 | 000,000,335 | ---- | C] () -- C:\WINDOWS\mozregistry.dat
[2007/11/29 11:31:11 | 000,915,488 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2007/11/29 11:31:11 | 000,058,144 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox2.dat
[2007/11/17 19:53:56 | 000,001,578 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpowerAMP Mp4 Codec.dat
[2007/11/17 19:52:02 | 000,002,154 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpowerAMP Ogg Vorbis Codec.dat
[2007/11/17 19:51:08 | 000,002,467 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dMC mp3PRO (CLI) Encoder.dat
[2007/11/17 19:49:16 | 000,002,286 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpowerAMP Monkeys Audio Codec.dat
[2007/10/31 10:39:54 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\zlib1.dll
[2007/07/24 16:22:50 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2007/07/24 16:22:49 | 000,111,932 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2007/07/24 16:22:49 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2007/07/24 16:22:49 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2007/07/24 16:22:49 | 000,026,154 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2007/07/24 16:22:49 | 000,024,903 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2007/07/24 16:22:49 | 000,021,390 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2007/07/24 16:22:49 | 000,020,148 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2007/07/24 16:22:49 | 000,011,811 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2007/07/24 16:22:49 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2007/07/24 16:22:49 | 000,001,146 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_DU.dat
[2007/07/24 16:22:49 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2007/07/24 16:22:49 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2007/07/24 16:22:49 | 000,001,136 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2007/07/24 16:22:49 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2007/07/24 16:22:49 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2007/07/24 16:22:49 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_IT.dat
[2007/07/24 16:22:49 | 000,001,107 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_GE.dat
[2007/07/24 16:22:49 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2007/07/06 18:06:24 | 000,001,160 | ---- | C] () -- C:\WINDOWS\ARCHPR.INI
[2007/06/07 18:20:02 | 000,003,452 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpowerAMP Musepack Codec.dat
[2007/06/01 15:17:27 | 000,000,227 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2007/06/01 15:17:21 | 000,045,568 | ---- | C] () -- C:\WINDOWS\UniFish3.exe
[2007/05/17 13:58:10 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\libexpatw.dll
[2007/03/28 15:25:37 | 000,000,050 | ---- | C] () -- C:\WINDOWS\MegaManager.INI
[2007/03/22 16:47:35 | 000,046,344 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.EXE
[2007/02/20 18:14:20 | 000,194,133 | ---- | C] () -- C:\WINDOWS\patcher.exe
[2007/02/05 21:34:05 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\MP2enc.dll
[2007/01/19 12:34:39 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2007/01/19 12:34:39 | 000,000,341 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll
[2007/01/19 12:33:58 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll
[2007/01/19 12:33:58 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll
[2007/01/19 12:33:58 | 000,000,073 | ---- | C] () -- C:\WINDOWS\System32\ssprs.dll
[2007/01/19 12:33:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\nsprs.dll
[2006/11/20 12:04:59 | 000,014,848 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2006/11/06 15:30:38 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2006/06/18 19:47:49 | 000,161,280 | ---- | C] () -- C:\Documents and Settings\Mimi II\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/06/18 19:47:49 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\Mimi II\Local Settings\Application Data\fusioncache.dat
[2006/06/17 13:32:06 | 001,019,094 | RHS- | C] () -- C:\Program Files\serial.zip
[2006/06/17 13:32:06 | 001,019,094 | RHS- | C] () -- C:\Program Files\serial.tde
[2006/05/28 12:45:47 | 000,397,306 | RHS- | C] () -- C:\Program Files\wunauclt.zip
[2006/05/28 12:45:47 | 000,397,306 | RHS- | C] () -- C:\Program Files\wunauclt.tbe
[2006/05/01 19:19:24 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2006/04/15 10:38:42 | 000,001,067 | ---- | C] () -- C:\WINDOWS\ARPR.INI
[2006/02/11 21:14:57 | 000,000,004 | ---- | C] () -- C:\WINDOWS\System32\micr0st.dll
[2006/02/11 21:01:13 | 000,000,067 | ---- | C] () -- C:\WINDOWS\A1 DVD Ripper.INI
[2006/01/13 18:28:11 | 000,001,757 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2005/12/07 10:56:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\TempName.dll
[2005/12/06 21:05:32 | 000,000,072 | ---- | C] () -- C:\WINDOWS\System32\drivers\netfltConfig.dat
[2005/11/24 17:46:19 | 000,370,000 | RHS- | C] () -- C:\WINDOWS\aiiaacc.exe
[2005/11/24 17:46:19 | 000,000,007 | ---- | C] () -- C:\WINDOWS\wocnm.dat
[2005/11/24 17:46:19 | 000,000,001 | ---- | C] () -- C:\WINDOWS\isf.dat
[2005/11/01 13:51:23 | 000,001,290 | ---- | C] () -- C:\WINDOWS\AZPR3.INI
[2005/10/01 18:01:50 | 000,000,066 | ---- | C] () -- C:\WINDOWS\Aurora Video VCD_SVCD_DVD Creator.INI
[2005/10/01 17:33:25 | 000,000,067 | ---- | C] () -- C:\WINDOWS\VideoConvert.INI
[2005/10/01 17:31:01 | 000,000,066 | ---- | C] () -- C:\WINDOWS\#1 Video Converter.INI
[2005/09/11 18:06:16 | 000,000,287 | ---- | C] () -- C:\WINDOWS\EReg072.dat
[2005/06/22 21:37:51 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\FileOps.exe
[2005/05/13 12:41:24 | 000,167,424 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall.exe
[2005/05/13 12:14:11 | 000,000,005 | ---- | C] () -- C:\WINDOWS\System32\wincon.dat
[2005/03/10 14:40:28 | 000,000,339 | ---- | C] () -- C:\WINDOWS\ULEAD32.INI
[2005/03/07 12:25:55 | 000,099,965 | ---- | C] () -- C:\WINDOWS\UninstallFirefox.exe
[2005/03/02 18:36:38 | 000,105,168 | ---- | C] () -- C:\WINDOWS\NSUninst.exe
[2005/03/02 18:36:18 | 000,105,168 | ---- | C] () -- C:\WINDOWS\GREUninstall.exe
[2005/03/02 18:36:16 | 000,013,605 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2005/03/01 21:58:36 | 000,004,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\bvrp_pci.sys
[2005/02/27 10:56:58 | 000,000,819 | ---- | C] () -- C:\WINDOWS\jamkeys.ini
[2005/02/27 10:56:58 | 000,000,024 | ---- | C] () -- C:\WINDOWS\jam.ini
[2005/02/27 10:56:46 | 000,000,055 | ---- | C] () -- C:\WINDOWS\mediachk.ini
[2005/02/27 10:56:46 | 000,000,040 | ---- | C] () -- C:\WINDOWS\sndcheck.ini
[2005/02/27 10:56:42 | 000,025,440 | ---- | C] () -- C:\WINDOWS\VUNINSTL.DLL
[2005/02/27 10:56:38 | 000,304,128 | ---- | C] () -- C:\WINDOWS\VUNINSTL.EXE
[2005/02/27 10:55:33 | 000,000,395 | ---- | C] () -- C:\WINDOWS\VUNINSTL.INI
[2005/02/14 13:53:19 | 000,000,402 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2005/01/12 14:17:03 | 000,000,338 | ---- | C] () -- C:\WINDOWS\fontssg.ini
[2005/01/12 14:17:03 | 000,000,097 | ---- | C] () -- C:\WINDOWS\LMICD.INI
[2005/01/04 12:30:46 | 000,059,419 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2005/01/01 14:11:10 | 000,000,644 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2004/12/29 14:30:34 | 000,001,125 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2004/12/29 13:56:55 | 000,000,986 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2004/12/29 13:55:59 | 000,143,360 | R--- | C] () -- C:\WINDOWS\System32\dlbtcoin.dll
[2004/12/29 13:55:59 | 000,126,976 | R--- | C] () -- C:\WINDOWS\System32\dlbtsnls.dll
[2004/12/29 13:55:43 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlbtvs.dll
[2004/12/29 13:55:42 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\dlbtih.exe
[2004/12/29 13:55:39 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\dlbtcur.dll
[2004/12/29 13:55:39 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\dlbtcu.dll
[2004/12/29 13:55:34 | 000,557,056 | ---- | C] () -- C:\WINDOWS\System32\dlbtjswr.dll
[2004/12/29 13:55:26 | 000,401,408 | ---- | C] () -- C:\WINDOWS\System32\dlbtutil.dll
[2004/12/29 13:25:06 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2004/12/03 19:59:44 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/12/03 19:57:05 | 000,000,324 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2004/12/03 19:52:41 | 000,000,590 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/12/03 19:50:14 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2004/12/03 19:41:36 | 000,002,048 | --S- | C] () -- C:\WINDOWS\BOOTSTAT.DAT
[2004/12/03 19:40:54 | 000,445,830 | ---- | C] () -- C:\WINDOWS\System32\PERFH009.DAT
[2004/12/03 19:40:54 | 000,073,036 | ---- | C] () -- C:\WINDOWS\System32\PERFC009.DAT
[2004/12/03 19:27:50 | 000,000,519 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/10/26 18:39:05 | 003,375,104 | ---- | C] () -- C:\WINDOWS\System32\qt-mt331.dll
[2004/09/28 07:38:30 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\wmatimer.dll
[2004/09/16 00:03:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/10 15:13:12 | 000,000,882 | ---- | C] () -- C:\WINDOWS\ORUN32.INI
[2004/08/10 15:08:08 | 000,397,552 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/10 15:03:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/10 15:02:16 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/10 12:08:26 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.BIN
[2004/08/10 12:08:26 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.DAT
[2004/08/04 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\MLANG.DAT
[2004/08/04 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\PERFI009.DAT
[2004/08/04 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\DSSEC.DAT
[2004/08/04 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\MIB.BIN
[2004/08/04 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\PERFD009.DAT
[2004/08/04 07:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\SECUPD.DAT
[2004/08/04 07:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 07:00:00 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\FXSPERF.INI
[2004/08/04 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\NOISE.DAT
[2004/07/19 18:01:02 | 000,045,056 | ---- | C] () -- C:\WINDOWS\SETPWRCG.EXE
[2004/07/03 22:08:04 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2003/12/13 22:40:42 | 001,003,520 | ---- | C] () -- C:\WINDOWS\System32\ltmm_n.dll
[2003/07/31 19:16:46 | 000,000,017 | -H-- | C] () -- C:\WINDOWS\System32\drivers\DVEMODEM.DAT
[2003/01/07 17:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/10/15 18:54:04 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[1997/08/23 12:33:24 | 000,022,064 | ---- | C] () -- C:\WINDOWS\System32\tntlvr.dll
[1997/06/13 21:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll
[1980/01/01 02:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll

========== LOP Check ==========

[2011/10/18 16:44:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2004/12/03 19:49:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2011/03/14 10:24:55 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2008/12/26 19:37:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2009/05/08 12:11:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FarmFrenzy-PizzaParty
[2007/09/08 10:45:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Internet debug mess great
[2007/12/03 22:18:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2009/02/27 14:33:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
[2010/10/01 18:23:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2008/05/04 15:32:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PrevxCSI
[2010/09/08 11:45:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\River Past G5
[2008/08/28 12:12:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SimCity Societies
[2011/07/02 17:45:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Solidshield
[2010/06/19 10:36:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sports Interactive
[2010/02/01 18:39:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
[2009/06/18 18:47:08 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\System Restore
[2005/01/08 11:46:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tavultesoft
[2009/05/08 12:11:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/10/11 11:53:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2007/05/16 19:56:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mimi II\Application Data\.BitTornado
[2009/11/30 12:05:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mimi II\Application Data\AVG9
[2008/12/26 19:38:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mimi II\Application Data\DAEMON Tools
[2008/12/26 19:38:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mimi II\Application Data\DAEMON Tools Lite
[2008/12/26 19:38:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mimi II\Application Data\DAEMON Tools Pro
[2008/02/06 16:02:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mimi II\Application Data\Design Science
[2011/02/15 19:15:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mimi II\Application Data\Dropbox
[2006/06/18 19:40:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mimi II\Application Data\FIFA2003CC
[2006/06/18 19:40:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mimi II\Application Data\GlobalSCAPE
[2007/11/23 20:40:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mimi II\Application Data\Grammatica
[2010/03/12 15:24:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mimi II\Application Data\gtk-2.0
[2006/06/18 19:39:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mimi II\Application Data\Leadertech
[2011/06/08 19:06:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mimi II\Application Data\Mael
[2008/09/15 13:17:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mimi II\Application Data\Maple
[2008/10/06 18:11:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mimi II\Application Data\My Games
[2010/10/01 18:23:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mimi II\Application Data\NCH Swift Sound
[2009/05/26 18:44:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mimi II\Application Data\Netscape
[2011/06/08 19:09:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mimi II\Application Data\Notepad++
[2009/03/16 20:11:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mimi II\Application Data\OpenOffice.org
[2007/07/24 16:23:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mimi II\Application Data\Panasonic
[2007/07/31 15:56:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mimi II\Application Data\ppstream
[2011/01/09 14:33:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mimi II\Application Data\RenPy
[2008/04/04 20:08:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mimi II\Application Data\River Past G5
[2009/02/13 19:09:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mimi II\Application Data\SendSpace Wizard
[2006/06/18 19:35:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mimi II\Application Data\Seven Zip
[2010/06/19 10:35:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mimi II\Application Data\Sports Interactive
[2006/06/18 19:35:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mimi II\Application Data\STOIK
[2011/09/11 18:51:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mimi II\Application Data\Ubisoft
[2007/11/30 21:58:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mimi II\Application Data\Uniblue
[2011/01/09 14:43:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mimi II\Application Data\Utherverse
[2006/06/18 19:34:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mimi II\Application Data\Visicom Media
[2010/08/18 12:00:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mimi II\Application Data\Vivox
[2006/06/18 19:34:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mimi II\Application Data\VP-Software
[2008/06/10 20:43:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mimi II\Application Data\Vso
[2011/09/16 18:30:43 | 000,000,282 | ---- | M] () -- C:\WINDOWS\Tasks\switchShakeIcon.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 816 bytes -> C:\WINDOWS\897045189:976062666.exe
@Alternate Data Stream - 159 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A5227364
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A73B0434

< End of report >
  • 0

Advertisements

#2
princessmimi
Posted 24 October 2011 - 09:46 AM

princessmimi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts
OTL extras:

OTL Extras logfile created on: 10/24/2011 11:06:03 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Mimi II\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.07 Mb Total Physical Memory | 474.04 Mb Available Physical Memory | 46.38% Memory free
2.40 Gb Paging File | 1.83 Gb Available in Paging File | 76.09% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.68 Gb Total Space | 8.78 Gb Free Space | 12.25% Space Free | Partition Type: NTFS

Computer Name: D3T0R661 | User Name: Mimi II | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
.reg [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
.scr [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\Winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\Winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
"DisableMonitoring" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
"DisableMonitoring" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"4662:TCP" = 4662:TCP:*:Enabled:eMule port
"67:UDP" = 67:UDP:*:Enabled:DHCP Discovery Service
"4672:UDP" = 4672:UDP:*:Enabled:eMule port

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Netscape\Netscape\Netscp.exe" = C:\Program Files\Netscape\Netscape\Netscp.exe:*:Enabled:Netscape -- (Mozilla, Netscape)
"C:\Program Files\BitTornado\btdownloadgui.exe" = C:\Program Files\BitTornado\btdownloadgui.exe:*:Enabled:btdownloadgui -- ()
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\Java\jre6\bin\javaw.exe" = C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\eMule\emule.exe" = C:\Program Files\eMule\emule.exe:*:Enabled:eMule -- (http://www.emule-project.net)
"C:\Documents and Settings\Mimi II\Application Data\SopCast\adv\SopAdver.exe" = C:\Documents and Settings\Mimi II\Application Data\SopCast\adv\SopAdver.exe:*:Disabled:SopCast Adver -- (www.sopcast.com)
"C:\Program Files\Mozilla Firefox\FirefoxPortable\App\Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\FirefoxPortable\App\Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\Google\Google Earth\client\googleearth.exe" = C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)
"C:\Program Files\Ubisoft\Related Designs\ANNO 1404\Anno4.exe" = C:\Program Files\Ubisoft\Related Designs\ANNO 1404\Anno4.exe:*:Enabled:ANNO 1404 -- (Related Designs)
"C:\Program Files\Ubisoft\Related Designs\ANNO 1404\tools\Anno4Web.exe" = C:\Program Files\Ubisoft\Related Designs\ANNO 1404\tools\Anno4Web.exe:*:Enabled:ANNO 1404 Web -- ()
"C:\Program Files\AVG\AVG9\avgam.exe" = C:\Program Files\AVG\AVG9\avgam.exe:*:Enabled:avgam.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgdiagex.exe" = C:\Program Files\AVG\AVG9\avgdiagex.exe:*:Enabled:avgdiagex.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Disabled:Windows Explorer -- (Microsoft Corporation)
"C:\Program Files\Common Files\Java\Java Update\jucheck.exe" = C:\Program Files\Common Files\Java\Java Update\jucheck.exe:*:Enabled:Java™ Update Checker -- (Sun Microsystems, Inc.)
"C:\Program Files\DivX\DivX Plus Player\DivX Plus Player.exe" = C:\Program Files\DivX\DivX Plus Player\DivX Plus Player.exe:*:Enabled:DivX Plus Player -- ()
"C:\Documents and Settings\Mimi II\Application Data\Real\Update\UpgradeHelper\RealPlayer\9.00\rnupgagent.exe" = C:\Documents and Settings\Mimi II\Application Data\Real\Update\UpgradeHelper\RealPlayer\9.00\rnupgagent.exe:*:Enabled:RealNetworks Installer -- (RealNetworks, Inc.)
"C:\Program Files\Pure Networks\Network Magic\nmusbcfg.exe" = C:\Program Files\Pure Networks\Network Magic\nmusbcfg.exe:*:Enabled:nmusbcfg -- (Cisco Systems, Inc.)
"C:\Program Files\Pure Networks\Network Magic\nmapp.exe" = C:\Program Files\Pure Networks\Network Magic\nmapp.exe:*:Enabled:nmapp -- (Cisco Systems, Inc.)
"C:\Program Files\AVG\AVG9\avgui.exe" = C:\Program Files\AVG\AVG9\avgui.exe:*:Enabled:AVG User Interface -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" = C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe:*:Enabled:Malwarebytes' Anti-Malware -- ()
"C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe" = C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:LocalSubNet,0.0.0.0/255.255.255.255:Enabled:Pure Networks Platform Service -- (Cisco Systems, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{03ADC8AB-C130-0C3D-1FF9-2C385DF25689}" = CCC Help Czech
"{053A7E07-3D44-4CDB-B79C-EE8755BFD7D6}" = Class_50_Content_Update
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{07021185-008D-ABF9-7716-475AC035F8B3}" = CCC Help Spanish
"{09CF6AF5-9206-4FD7-9B08-BA6819FB47E3}" = Anno 1404
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{0F8D0406-7755-AC37-6529-73AD649DBE32}" = Catalyst Control Center Graphics Previews Common
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{17334AAF-C9E7-483B-9F45-E3FCAF07FFA7}" = Intel® PROSet for Wired Connections
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{1B2DBF55-05D4-4072-87D8-689141E262BD}" = Creative ZEN
"{1BD07DF4-FB06-41BA-B896-B2DA59000C96}" = Windows Live Toolbar
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22072CC8-7230-96F8-52F4-05EAF3F906B6}" = CCC Help Polish
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2368ADBD-6FDF-4B9F-FE41-E20B4D78E79E}" = CCC Help Chinese Standard
"{25EF0DC4-B072-2E04-4581-A13C91423CE6}" = CCC Help Portuguese
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Dell Media Experience
"{26A24AE4-039D-4CA4-87B4-2F83216019FF}" = Java™ 6 Update 26
"{26F7855C-443B-00A6-F7B8-A97A5403F617}" = CCC Help Danish
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2CB4A925-48A7-DA65-DCEE-D4DE224B7D84}" = CCC Help English
"{2CDCCE7E-55D5-40CC-AEA0-ABA54713501F}" = LUMIX Simple Viewer
"{306D75B9-7FFF-FF65-0C76-57F2FE4FE1D6}" = Catalyst Control Center Core Implementation
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0150020}" = J2SE Runtime Environment 5.0 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0150040}" = J2SE Runtime Environment 5.0 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{32B12FE4-5A51-751A-1FB6-A14E97EBDD5C}" = CCC Help German
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{351512E5-01BD-E878-6F57-AA3E517D9ECE}" = Skins
"{354A387E-0374-21A3-6832-335674A6D7D1}" = CCC Help French
"{3C00BEE9-26D0-D9E0-A2D1-62F70D412A12}" = CCC Help Turkish
"{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = Modem On Hold
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4346F7AA-3D56-0941-424C-4454E04D37F6}" = CCC Help Italian
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CAE2F2C-75CD-A0DE-7520-449BCBBCC833}" = CCC Help Korean
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{57F7F0A5-8F22-8E63-E819-803B5C9CA3A5}" = CCC Help Dutch
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5EA437D2-7A57-B60E-E8F2-76BFAC0895A5}" = CCC Help Chinese Traditional
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{61AF4E75-050E-0304-3417-8BC16417FEB1}" = CCC Help Greek
"{632005DA-C291-5275-284C-5EE96B05C714}" = Catalyst Control Center HydraVision Full
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.3
"{6C72BE0C-3E25-CACD-0070-2FD9C02ABA14}" = ccc-core-preinstall
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{7148F0A8-6813-11D6-A77B-00B0D0142060}" = Java 2 Runtime Environment, SE v1.4.2_06
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{76EFFC7C-17A6-479D-9E47-8E658C1695AE}" = Windows Backup Utility
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{7A0EFAFB-AC4B-4B88-8C6B-6731BE88DB68}" = Modem Event Monitor
"{7AC0886A-CE48-4EB6-9CC3-4C56D427F2E1}" = Cisco Network Magic
"{7E6066E6-8B5B-4100-B0FA-1D9E9B663CBA}" = iTunes
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{7FCC4EDC-6EE2-4309-ABD7-85F2667A7B90}" = WebEx Support Manager for Internet Explorer
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{880BB617-914E-17E8-D877-A96BAC5794D2}" = Catalyst Control Center Graphics Full New
"{8897CF22-DB6C-8248-895C-12BFA2677F51}" = CCC Help Hungarian
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8EF1122E-E90C-4EE9-AB0C-7FDE2BA42C26}" = Musicmatch® Jukebox
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91130409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Basic Edition 2003
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{998D6972-F58E-479D-9248-8F179E55AE38}" = Java DB 10.4.1.3
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AC76BA86-7AD7-5670-0000-800000000003}" = Korean Fonts Support For Adobe Reader 8
"{AC76BA86-7AD7-5760-0000-800000000003}" = Japanese Fonts Support For Adobe Reader 8
"{AF710FDE-2815-8C8D-5281-8004C2654AA6}" = CCC Help Russian
"{AFF2D965-C6F2-A210-FBF7-532612AA1D23}" = CCC Help Swedish
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B21336EE-4AEF-9940-4AC7-EDB89854B8D3}" = CCC Help Thai
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BBA69346-61A1-BD34-E75A-4D81232DB1FE}" = Catalyst Control Center Localization All
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BF7C1B99-A250-45EF-B186-0C33B7308F95}" = SD40-2_Content_Update
"{BFD5ED08-F066-92D5-BE67-3B9AE5DCFF0C}" = CCC Help Japanese
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C4609F15-FB3C-D97E-BAA1-4F10815039C2}" = Catalyst Control Center Graphics Full Existing
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}" = Jasc Paint Shop Photo Album
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D01FAC3D-86B4-3A19-9D10-9156A0EB3EBE}" = CCC Help Finnish
"{D1696920-9794-4BBC-8A30-7A88763DE5A2}" = ABBYY FineReader 5.0 Sprint Plus
"{D73722C8-3F65-C75B-A631-5D36894DAB92}" = ccc-core-static
"{DB5F474C-B584-417F-810B-DEBBC1893C2A}" = TBS WMP Plug-in
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer
"{DDAD33B6-8C00-428D-087B-A7088355B9BE}" = Catalyst Control Center Graphics Light
"{E333F074-FC7F-596D-3D61-44F0EC28E8C0}" = ccc-utility
"{E3436EE2-D5CB-4249-840B-3A0140CC34C3}" = Classic PhoneTools
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E93E5EF6-D361-481E-849D-F16EF5C78EBC}" = Musicmatch for Windows Media Player
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F71C0208-1D32-439D-9257-F90F0BAACE6A}" = CM 03-04
"{FA38F9E4-BED7-E021-B660-8FDFF7EC6E1A}" = CCC Help Norwegian
"{FC467B61-F890-4E29-8585-365DAB66F13E}" = Pure Networks Platform
"Adobe Acrobat 4.0" = Adobe Acrobat 4.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"All ATI Software" = ATI - Software Uninstall Utility
"America Online ca" = AOL (Choose which version to remove)
"AOL Connectivity Services" = AOL Connectivity Services
"ATI Display Driver" = ATI Display Driver
"AVG9Uninstall" = AVG 9.0
"BitTornado" = BitTornado 0.3.17
"CCleaner" = CCleaner (remove only)
"Crossword Weaver 7.0" = Crossword Weaver 7.0
"dBpowerAMP Monkeys Audio Codec" = dBpowerAMP Monkeys Audio Codec
"dBpowerAMP Mp4 Codec" = dBpowerAMP Mp4 Codec
"dBpowerAMP Musepack Codec" = dBpowerAMP Musepack Codec
"dBpowerAMP Ogg Vorbis Codec" = dBpowerAMP Ogg Vorbis Codec
"Dell Photo AIO Printer 922" = Dell Photo AIO Printer 922
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX Setup
"dMC mp3PRO (CLI) Encoder" = dMC mp3PRO (CLI) Encoder
"DSMT6" = MathType 6
"eMule" = eMule
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{DB5F474C-B584-417F-810B-DEBBC1893C2A}" = TBS WMP Plug-in
"InstallShield_{F71C0208-1D32-439D-9257-F90F0BAACE6A}" = CM 03-04
"Intel® 537EP V9x DFV PCI Modem" = Intel® 537EP V9x DFV PCI Modem
"JDownloader" = JDownloader
"Keyman Package blackfoot" = Keyman Package - Blackfoot Practical Unicode
"Keyman Package cree_east_u" = Keyman Package - East Cree Unicode
"Keyman Package dakelh1_u" = Keyman Package - Dakelh I Unicode
"Keyman Package inuktitut_u" = Keyman Package - Inuktitut Unicode
"Keyman Package kmtip" = Keyman Package - Add-in for Text Services Framework
"Keyman Package naskapi_u" = Keyman Package - Naskapi Unicode
"Keyman Package ojibway_af_ww" = Keyman Package - Ojibway a-final West-w
"Keyman Package richedit" = Keyman Package - Add-in for Richedit Control
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 7.0 (x86 en-US)" = Mozilla Firefox 7.0 (x86 en-US)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Netscape (7.2)" = Netscape (7.2)
"Network MagicUninstall" = Network Magic
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PROSet" = Intel® PRO Network Adapters and Drivers
"ProTrain 1.1 US 1.1" = ProTrain 1.1 US 1.1
"PSSENSOR_ab977ca22ef595e0c55853eb3fbfffd950acc82c" = Windows Driver Package - PASCO Scientific (PASCO) USB 01/17/2004 1.9.0.0
"RadLight APE DirectShow filter" = RadLight APE DirectShow filter (remove only)
"RadLight TTA DirectShow filter" = RadLight TTA DirectShow filter (remove only)
"RealPlayer 12.0" = RealPlayer
"Switch" = Switch Sound File Converter
"SysInfo" = Creative System Information
"Tavultesoft Keyman 6.0" = Tavultesoft Keyman 6.0
"VLC media player" = VideoLAN VLC media player 0.8.6b
"VobSub" = VobSub v2.23 (Remove Only)
"vPod" = vPod (Remove Only)
"Winamp" = Winamp (remove only)
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WinZip" = WinZip
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xfire" = Xfire (remove only)
"ZENcast Organizer" = ZENcast Organizer

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Video4iPod Converter" = Video4iPod Converter

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/18/2011 1:39:33 PM | Computer Name = D3T0R661 | Source = ESENT | ID = 490
Description = svchost (1212) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb"
for read / write access failed with system error 32 (0x00000020): "The process
cannot access the file because it is being used by another process. ". The open
file operation will fail with error -1032 (0xfffffbf8).

Error - 10/18/2011 6:12:27 PM | Computer Name = D3T0R661 | Source = ESENT | ID = 490
Description = svchost (1216) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb"
for read / write access failed with system error 32 (0x00000020): "The process
cannot access the file because it is being used by another process. ". The open
file operation will fail with error -1032 (0xfffffbf8).

Error - 10/18/2011 6:12:27 PM | Computer Name = D3T0R661 | Source = ESENT | ID = 470
Description = Catalog Database (1216) Database C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
is partially attached. Attachment stage: 3. Error: -1032.

Error - 10/19/2011 7:46:06 PM | Computer Name = D3T0R661 | Source = ESENT | ID = 490
Description = svchost (1208) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb"
for read / write access failed with system error 32 (0x00000020): "The process
cannot access the file because it is being used by another process. ". The open
file operation will fail with error -1032 (0xfffffbf8).

Error - 10/19/2011 7:46:06 PM | Computer Name = D3T0R661 | Source = ESENT | ID = 439
Description = Catalog Database (1208) Unable to write a shadowed header for file
C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb. Error
-1032.

Error - 10/19/2011 7:46:06 PM | Computer Name = D3T0R661 | Source = ESENT | ID = 473
Description = Catalog Database (1208) Database C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb
was partially detached. Error -1032 encountered updating database headers.

Error - 10/22/2011 5:19:52 PM | Computer Name = D3T0R661 | Source = ESENT | ID = 490
Description = svchost (1212) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb"
for read / write access failed with system error 32 (0x00000020): "The process
cannot access the file because it is being used by another process. ". The open
file operation will fail with error -1032 (0xfffffbf8).

Error - 10/22/2011 5:19:52 PM | Computer Name = D3T0R661 | Source = ESENT | ID = 439
Description = Catalog Database (1212) Unable to write a shadowed header for file
C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb. Error
-1032.

Error - 10/22/2011 5:19:52 PM | Computer Name = D3T0R661 | Source = ESENT | ID = 470
Description = Catalog Database (1212) Database C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
is partially attached. Attachment stage: 1. Error: -1032.

Error - 10/23/2011 3:04:31 PM | Computer Name = D3T0R661 | Source = Application Hang | ID = 1002
Description = Hanging application , version 0.0.0.0, hang module hungapp, version
0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 10/24/2011 10:44:35 AM | Computer Name = D3T0R661 | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 10/24/2011 10:44:35 AM | Computer Name = D3T0R661 | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 10/24/2011 10:44:36 AM | Computer Name = D3T0R661 | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 10/24/2011 10:44:36 AM | Computer Name = D3T0R661 | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 10/24/2011 10:44:36 AM | Computer Name = D3T0R661 | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 10/24/2011 10:44:36 AM | Computer Name = D3T0R661 | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 10/24/2011 10:44:37 AM | Computer Name = D3T0R661 | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 10/24/2011 10:45:29 AM | Computer Name = D3T0R661 | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 10/24/2011 10:45:29 AM | Computer Name = D3T0R661 | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 10/24/2011 11:09:21 AM | Computer Name = D3T0R661 | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume C:.


< End of report >
  • 0

#3
Essexboy
Posted 24 October 2011 - 11:56 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi you have the zero access rootkit and this can be a blighter to remove - but lets go for it

When you download this programme please rename it to svchost and download it to the root c: drive i.e it will look like c:\svchost.exe on the disc. When you run it it will ask to download the recovery console - allow it to do so

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your c drive

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.

  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
  • 0

#4
princessmimi
Posted 24 October 2011 - 03:17 PM

princessmimi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts
Hello! Thanks so much for the reply!

I have run combofix on my computer; it produced a log with a whole bunch of files being disinfected (some were not). The problem is... my computer won't allow me to connect to the internet at all. I have a wireless connection with the modem/router being connected to the main computer (the one infected), so the other computers' internet is working fine (I'm using another computer with the same connection to write this), but mine says there are connectivity issues. I tried to set up Windows Firewall again and it won't let me do that either: I'm asked if I want to run Windows Firewall/ICS (Internet Connection Service??), I click okay and I get an error that the service cannot be started up and the computer needs to be restarted. I've shut down and restarted and I get the same problem: no firewall, no internet. Any suggestions? I really have no idea what to do.

Edited by princessmimi, 24 October 2011 - 03:19 PM.

  • 0

#5
Essexboy
Posted 24 October 2011 - 03:21 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you copy the log to the clean computer and post it from there ?

Also run combofix again on the poorly one to see if that can resolve it
  • 0

#6
princessmimi
Posted 24 October 2011 - 04:13 PM

princessmimi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts
Here's the log from the first time. I'll try running Combofix again now:

ComboFix 11-10-24.04 - Mimi II 10/24/2011 16:16:05.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.674 [GMT -4:00]
Running from: C:\ComboFix.exe
AV: AVG Internet Security *Disabled/Outdated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Mimi II\Local Settings\Application Data\c5d27735
c:\documents and settings\Mimi II\Local Settings\Application Data\c5d27735\@
c:\documents and settings\Mimi II\Local Settings\Application Data\c5d27735\U\80000000.@
c:\documents and settings\Mimi II\Local Settings\Application Data\c5d27735\U\800000cb.@
c:\documents and settings\Mimi II\Local Settings\Application Data\c5d27735\X
c:\windows\$NtUninstallKB19736$\3318904629\@
c:\windows\$NtUninstallKB19736$\3318904629\L\odetmngk
c:\windows\$NtUninstallKB19736$\3318904629\loader.tlb
c:\windows\$NtUninstallKB19736$\3318904629\U\@00000001
c:\windows\$NtUninstallKB19736$\3318904629\U\@000000c0
c:\windows\$NtUninstallKB19736$\3318904629\U\@000000cb
c:\windows\$NtUninstallKB19736$\3318904629\U\@000000cf
c:\windows\$NtUninstallKB19736$\3318904629\U\@80000000
c:\windows\$NtUninstallKB19736$\3318904629\U\@800000c0
c:\windows\$NtUninstallKB19736$\3318904629\U\@800000cb
c:\windows\$NtUninstallKB19736$\3318904629\U\@800000cf
c:\windows\$NtUninstallKB19736$\4264921843
c:\windows\assembly\GAC_MSIL\desktop.ini
c:\windows\help\tours\htmltour\unlock_playing.htm
c:\windows\system32\
c:\windows\$NtUninstallKB19736$ . . . . Failed to delete
.
Infected copy of c:\progra~1\COMMON~1\AOL\ACS\AOLacsd.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1782\A1049938.exe
.
Infected copy of c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1782\A1049939.exe
.
Infected copy of c:\windows\system32\Ati2evxx.exe was found and disinfected
Restored copy from - c:\windows\SYSTEM32\ReinstallBackups\0001\DriverFiles\ati2evxx.exe
.
Infected copy of c:\windows\SYSTEM32\ati2sgag.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1783\A1050344.exe
.
Infected copy of c:\program files\Bonjour\mDNSResponder.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1782\A1049941.exe
.
Infected copy of c:\windows\system32\CTsvcCDA.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1782\A1049993.EXE
.
Infected copy of c:\program files\Google\Update\GoogleUpdate.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1783\A1050307.exe
.
Infected copy of c:\program files\iPod\bin\iPodService.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1782\A1049951.exe
.
Infected copy of c:\program files\Java\jre6\bin\jqs.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1782\A1049943.exe
.
Infected copy of c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE was found and disinfected
Restored copy from - c:\system volume information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1782\A1049944.EXE
.
Infected copy of c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1782\A1049949.exe
.
Infected copy of c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1782\A1049947.exe
.
Infected copy of c:\windows\system32\MsPMSPSv.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1783\A1050157.exe
.
Infected copy of c:\windows\SYSTEM32\ati2sgag.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1783\A1050344.exe
Infected copy of c:\windows\system32\CTsvcCDA.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1782\A1049993.EXE
Infected copy of c:\windows\system32\MsPMSPSv.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1783\A1050157.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_c5d27735
.
.
((((((((((((((((((((((((( Files Created from 2011-09-24 to 2011-10-24 )))))))))))))))))))))))))))))))
.
.
2011-10-24 14:59 . 2011-10-24 14:59 -------- d-----w- c:\program files\Mam
2011-10-24 14:31 . 2011-10-24 15:00 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-10-18 20:49 . 2011-10-18 20:49 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2011-10-18 20:49 . 2011-10-18 20:49 25168 ----a-w- c:\windows\system32\drivers\AVGIDSxx.sys
2011-10-18 20:48 . 2011-10-24 14:25 -------- d-----w- c:\windows\system32\drivers\Avg
2011-10-14 00:26 . 2011-10-14 00:26 302592 ----a-w- C:\sbruso00.exe
2011-09-28 16:06 . 2011-09-23 04:28 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2011-09-28 16:06 . 2011-09-23 04:28 773080 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-09-28 16:06 . 2011-09-23 04:28 719832 ----a-w- c:\program files\Mozilla Firefox\mozcpp19.dll
2011-09-28 16:06 . 2011-09-23 04:28 478168 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2011-09-28 16:06 . 2011-09-23 04:28 1833944 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
2011-09-28 16:06 . 2011-09-23 04:28 16856 ----a-w- c:\program files\Mozilla Firefox\plugin-container.exe
2011-09-28 16:06 . 2011-09-23 04:28 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
2011-09-28 16:06 . 2011-09-23 01:16 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2011-09-28 16:06 . 2011-09-23 01:16 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
2011-09-26 15:44 . 2011-09-26 15:44 -------- d-----w- c:\documents and settings\All Users\Application Data\NCH Software
2011-09-26 15:44 . 2011-09-26 15:44 -------- d-----w- c:\documents and settings\Mimi II\Application Data\NCH Software
2011-09-24 21:28 . 2011-10-24 14:31 -------- d-----w- c:\program files\MALWAREBYTES ANTI-MALWARE
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-28 16:05 . 2011-05-28 14:32 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-26 15:41 . 2008-07-29 23:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 15:41 . 2004-08-04 11:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 15:41 . 2004-08-04 11:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-09 09:12 . 2004-08-04 11:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-06 13:20 . 2004-08-04 11:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-08-31 21:00 . 2009-11-11 17:47 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-22 23:48 . 2004-08-04 11:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-08-22 23:48 . 2004-08-04 11:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-08-22 23:48 . 2004-08-04 11:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-08-22 11:56 . 2004-08-04 11:00 385024 ----a-w- c:\windows\system32\html.iec
2011-08-17 13:49 . 2004-08-04 11:00 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-06-03 68856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-10-12 57344]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2009-07-07 647216]
"nmapp"="c:\program files\Pure Networks\Network Magic\nmapp.exe" [2009-09-14 472112]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-08-31 1047208]
"CTCheck"="c:\program files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe" [2007-11-06 397312]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-05-21 273544]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-11 61440]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-06-07 421160]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2011-10-18 2076512]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-6-23 113664]
AOL 9.0 Tray Icon.lnk - c:\program files\AOL 9.0\aoltray.exe [2004-12-3 156784]
LUMIX Simple Viewer.lnk - c:\program files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe [2007-7-24 57344]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2005-3-8 106560]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2011-10-18 20:49 12536 ----a-w- c:\windows\SYSTEM32\avgrsstx.dll
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\Program Files\\Netscape\\Netscape\\Netscp.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\BitTornado\\btdownloadgui.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Documents and Settings\\Mimi II\\Application Data\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\Mozilla Firefox\\FirefoxPortable\\App\\Firefox\\firefox.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Ubisoft\\Related Designs\\ANNO 1404\\Anno4.exe"=
"c:\\Program Files\\Ubisoft\\Related Designs\\ANNO 1404\\tools\\Anno4Web.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\Java\\Java Update\\jucheck.exe"=
"c:\\Program Files\\DivX\\DivX Plus Player\\DivX Plus Player.exe"=
"c:\\Documents and Settings\\Mimi II\\Application Data\\Real\\Update\\UpgradeHelper\\RealPlayer\\9.00\\rnupgagent.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgui.exe"=
"c:\\Program Files\\Pure Networks\\Network Magic\\nmapp.exe"=
"c:\\Program Files\\Pure Networks\\Network Magic\\nmusbcfg.exe"=
"c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe"= c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:LocalSubNet,0.0.0.0/255.255.255.255:Enabled:Pure Networks Platform Service
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"4662:TCP"= 4662:TCP:eMule port
"67:UDP"= 67:UDP:DHCP Discovery Service
"4672:UDP"= 4672:UDP:eMule port
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R0 sptd;sptd;c:\windows\SYSTEM32\DRIVERS\sptd.sys [6/27/2008 12:00 PM 717296]
S0 sgkt;sgkt;c:\windows\system32\drivers\jrdn.sys --> c:\windows\system32\drivers\jrdn.sys [?]
S2 bsaspi32;bsaspi32; [x]
S2 gupdate1c9bee52bba4c2c;Google Update Service (gupdate1c9bee52bba4c2c);c:\program files\Google\Update\GoogleUpdate.exe /svc --> c:\program files\Google\Update\GoogleUpdate.exe [?]
S2 Iprip;RIP Listener;c:\windows\System32\svchost.exe -k netsvcs [8/4/2004 7:00 AM 14336]
S2 RPC Security;RPC Security;c:\windows\svchost.exe --> c:\windows\svchost.exe [?]
S2 winsocket;winsocket;c:\windows\system32\winsocket.exe --> c:\windows\system32\winsocket.exe [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe /medsvc --> c:\program files\Google\Update\GoogleUpdate.exe [?]
S3 pcouffin;VSO Software pcouffin;c:\windows\SYSTEM32\DRIVERS\pcouffin.sys [5/28/2008 10:22 AM 47360]
S4 AvFlt;Antivirus Filter Driver;c:\windows\system32\drivers\av5flt.sys --> c:\windows\system32\drivers\av5flt.sys [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 15:50]
.
2011-10-24 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-536494136-2410558530-2963846775-1008.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]
.
2011-10-22 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-536494136-2410558530-2963846775-1008.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]
.
2011-09-16 c:\windows\Tasks\switchShakeIcon.job
- c:\program files\NCH Swift Sound\Switch\switch.exe [2010-10-01 22:39]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.bbc.co.uk/
uInternet Settings,ProxyOverride = *.local
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Mimi II\Start Menu\Programs\IMVU\Run IMVU.lnk
TCP: DhcpNameServer = 192.168.0.1
DPF: Microsoft XML Parser for Java
FF - ProfilePath - c:\documents and settings\Mimi II\Application Data\Mozilla\Firefox\Profiles\fye2bq6f.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.hotmail.com
.
.
------- File Associations -------
.
.scr=
.reg=
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-24 16:35
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-536494136-2410558530-2963846775-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-536494136-2410558530-2963846775-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-536494136-2410558530-2963846775-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*8nPN]*]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-536494136-2410558530-2963846775-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*8nPN]*\OpenWithList]
@Class="Shell"
.
[HKEY_LOCAL_MACHINE\software\Classes\ *0.m'**X¸§* *_*a*u*t*o*_*f*i*l*e*\shell]
@="Play"
.
[HKEY_LOCAL_MACHINE\software\Classes\ *0.m'**X¸§* *_*a*u*t*o*_*f*i*l*e*\shell\Enqueue]
@="&Enqueue in Winamp"
.
[HKEY_LOCAL_MACHINE\software\Classes\ *0.m'**X¸§* *_*a*u*t*o*_*f*i*l*e*\shell\Enqueue\command]
@="\"c:\\Program Files\\Winamp\\winamp.exe\" /ADD \"%1\""
.
[HKEY_LOCAL_MACHINE\software\Classes\ *0.m'**X¸§* *_*a*u*t*o*_*f*i*l*e*\shell\Enqueue\DropTarget]
"Clsid"="{77A366BA-2BE4-4a1e-9263-7734AA3E99A2}"
.
[HKEY_LOCAL_MACHINE\software\Classes\ *0.m'**X¸§* *_*a*u*t*o*_*f*i*l*e*\shell\ListBookmark]
@="Add to Winamp's &Bookmark list"
.
[HKEY_LOCAL_MACHINE\software\Classes\ *0.m'**X¸§* *_*a*u*t*o*_*f*i*l*e*\shell\ListBookmark\command]
@="\"c:\\Program Files\\Winamp\\winamp.exe\" /BOOKMARK \"%1\""
.
[HKEY_LOCAL_MACHINE\software\Classes\ *0.m'**X¸§* *_*a*u*t*o*_*f*i*l*e*\shell\open]
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\ *0.m'**X¸§* *_*a*u*t*o*_*f*i*l*e*\shell\open\command]
@="\"c:\\Program Files\\Winamp\\winamp.exe\" \"%1\""
.
[HKEY_LOCAL_MACHINE\software\Classes\ *0.m'**X¸§* *_*a*u*t*o*_*f*i*l*e*\shell\open\DropTarget]
"Clsid"="{46986115-84D6-459c-8F95-52DD653E532E}"
.
[HKEY_LOCAL_MACHINE\software\Classes\ *0.m'**X¸§* *_*a*u*t*o*_*f*i*l*e*\shell\Play]
@="&Play in Winamp"
.
[HKEY_LOCAL_MACHINE\software\Classes\ *0.m'**X¸§* *_*a*u*t*o*_*f*i*l*e*\shell\Play\command]
@="\"c:\\Program Files\\Winamp\\winamp.exe\" \"%1\""
.
[HKEY_LOCAL_MACHINE\software\Classes\ *0.m'**X¸§* *_*a*u*t*o*_*f*i*l*e*\shell\Play\DropTarget]
"Clsid"="{46986115-84D6-459c-8F95-52DD653E532E}"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(620)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(3548)
c:\windows\system32\WININET.dll
c:\windows\IME\SPGRMR.DLL
c:\program files\Common Files\Microsoft Shared\INK\PENUSA.DLL
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\progra~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\windows\system32\CTsvcCDA.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\tcpsvcs.exe
c:\windows\system32\MsPMSPSv.exe
c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wscntfy.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
.
**************************************************************************
.
Completion time: 2011-10-24 16:41:30 - machine was rebooted
ComboFix-quarantined-files.txt 2011-10-24 20:41
.
Pre-Run: 9,533,771,776 bytes free
Post-Run: 9,520,492,544 bytes free
.
Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=,1,2,3,4
- - End Of File - - 9B1738C03DA707B9F10D83B749D0FDDC
  • 0

#7
princessmimi
Posted 24 October 2011 - 04:50 PM

princessmimi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts
Alright, I ran Combofix a second time and there was nothing to be repaired. My computer is coming out clean, virus and malware-wise, but at the same time, I still can't connect to the internet or start up Windows Firewall or anything Network/Internet related. According to my Network software, it says that there may be problems with the adapter software driver. "Try rebooting the computer, or reinstalling the driver." I really have no idea if this is connected to the rootkit problem, but before Combofix there was nothing wrong with my internet/Windows access.
  • 0

#8
Essexboy
Posted 25 October 2011 - 11:22 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
The problem with this type of malware is that it messes around with the network system

Could you start a command prompt by going to start > Run
Type in cmd and press enter
In the black box that opens type the following :

Ping geekstogo.com

Let me know if it achieves the ping

Then in the same command prompt type the following :

ipconfig /flushdns

Retry the net connection

Check the services

Open Services...
Start > Run > Type: services.msc > Click OK
Scroll down to and double click DNS Client
Set to Automatic under Startup type
Click the Apply button
Click the Start button
When it starts click OK

Repeat for DHCP Client.
And repeat for Remote Procedure Call (RPC).

When done, close Services.

Try the connection again

Winsock check

Download the attached zip file to the affected system [attachment=53181:MicrosoftFixit50203.zip]
Unzip the file to the desktop and then run

Try the connection again

Then run OTL and run the following script as I need to check the dependency files

[*]Select All Users
[*]Under the Custom Scan box paste this in
netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
afd.*
tcpip.*
netbt.*
/md5stop
C:\Windows\assembly\tmp\U /s
CREATERESTOREPOINT
  • 0

#9
princessmimi
Posted 25 October 2011 - 12:11 PM

princessmimi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts
Hello!

Some good (I am using internet on my computer!)... and (hopefully not too) bad news. :) While complaining to a techie acquaintance about my poor computer, he shrugged and told me "why not just do a system restore before you got the malware?" Seeing as I had been doing quite a bit of work last week with OTL and Combofix and not wanting anything to go bad along the way, I made several restore points and, seeing as I've never had any problems before and nothing's ever messed up, I was a moron and thought I'd follow the friend's advice and do a system restore to two days before I got the malware and immediately after a fellow Geeks to Go member said my computer was in perfect condition. I've restored it and I can't load Windows Explorer. I thought the computer was frozen and had it sitting for... 2 1/2 hours until I read on the forum through the laptop that CTRL + ALT + DELETE should work. I can start up programs, but not explorer. I haven't restarted the computer (I'm too scared... I don't want anything to get lost), but besides this, everything seems to be working.

((I'm not sure if this is still considered a malware problem, but any help so far has been appreciated and I hope I haven't messed up too much in the meanwhile... I hate thinking of myself as such a bother... I'm sorry. -__-))
  • 0

#10
Essexboy
Posted 25 October 2011 - 12:23 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
No problem - what we shall do though is run OTL again using the method that works :

Use the following custom scan please and I will check out explorer and ensure that everything has actually gone

Do you have a desktop and icons ?

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    C:\Windows\assembly\tmp\U\*.* /s
    CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs

  • 0

Advertisements

#11
princessmimi
Posted 25 October 2011 - 02:05 PM

princessmimi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts
I've run OTL via the Run command. I have my desktop background with my mouse and nothing else: all icons are gone as well as the start bar/system tray. While scanning, I received two messages from OTL.exe:
"The file or directory C: is corrupt and unreadable. Please run the Chkdsk utility."
"Exception Processing Message c0000102 Parameters 75b6bf7c 75b6bf7c 75b6bf7c 75b6bf7c"

OTL log:

OTL logfile created on: 10/25/2011 3:50:54 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Mimi II\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.07 Mb Total Physical Memory | 459.91 Mb Available Physical Memory | 45.00% Memory free
2.40 Gb Paging File | 1.91 Gb Available in Paging File | 79.69% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.68 Gb Total Space | 8.57 Gb Free Space | 11.96% Space Free | Partition Type: NTFS

Computer Name: D3T0R661 | User Name: Mimi II | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/25 15:49:48 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mimi II\Desktop\OTL.exe
PRC - [2011/10/25 11:04:57 | 002,078,048 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2011/10/25 10:57:25 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
PRC - [2011/10/18 16:47:54 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2011/10/18 16:47:54 | 000,621,920 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2011/10/18 16:47:52 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2011/10/18 16:47:49 | 000,725,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2011/10/18 16:46:56 | 000,842,592 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgam.exe
PRC - [2011/10/18 16:46:54 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2011/10/18 16:46:14 | 000,596,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011/10/18 16:46:13 | 005,897,808 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2008/04/13 20:12:33 | 000,380,416 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\Restore\rstrui.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/02/25 10:04:16 | 001,123,440 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/18 16:46:12 | 000,077,824 | ---- | M] () -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\boost_log-vc71-mt-1_32.dll
MOD - [2011/10/18 16:46:12 | 000,057,344 | ---- | M] () -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\boost_thread-vc71-mt-1_32.dll
MOD - [2004/06/18 11:29:44 | 000,007,680 | ---- | M] () -- C:\Program Files\Dell Photo AIO Printer 922\dlbtmcro.dll
MOD - [2004/06/18 11:27:50 | 000,065,536 | ---- | M] () -- C:\Program Files\Dell Photo AIO Printer 922\JetScan.dll
MOD - [2004/06/18 11:26:42 | 000,065,536 | ---- | M] () -- C:\Program Files\Dell Photo AIO Printer 922\JetImage.dll
MOD - [2004/06/18 11:26:18 | 000,028,672 | ---- | M] () -- C:\Program Files\Dell Photo AIO Printer 922\JetPDF.dll
MOD - [2004/06/18 11:25:56 | 000,036,864 | ---- | M] () -- C:\Program Files\Dell Photo AIO Printer 922\JetFunc.dll
MOD - [2004/03/29 12:45:52 | 000,075,264 | ---- | M] () -- C:\WINDOWS\SYSTEM32\SPOOL\PRTPROCS\W32X86\DLBTPP5C.DLL
MOD - [2004/03/10 10:36:24 | 000,061,440 | ---- | M] () -- C:\Program Files\Dell Photo AIO Printer 922\ConvDIB.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (winsocket)
SRV - File not found [Auto | Stopped] -- -- (RPC Security)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/10/25 10:57:25 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2011/10/18 16:46:54 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2011/10/18 16:46:13 | 005,897,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2008/04/13 20:12:02 | 000,105,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\p2pgasvc.dll -- (p2pgasvc)
SRV - [2008/04/13 20:11:55 | 000,035,328 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SYSTEM32\iprip.dll -- (Iprip)
SRV - [2007/03/07 15:47:46 | 000,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2004/03/16 16:33:24 | 000,421,888 | ---- | M] (Dell) [On_Demand | Stopped] -- C:\WINDOWS\System32\dlbtcoms.exe -- (dlbt_device)
SRV - [2004/02/25 10:04:16 | 001,123,440 | ---- | M] (America Online, Inc.) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -- (AOL ACS)


========== Driver Services (SafeList) ==========

DRV - [2011/10/18 16:52:24 | 000,029,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\avgmfx86.sys -- (AvgMfx86)
DRV - [2011/10/18 16:49:10 | 000,052,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\System32\Drivers\avgrkx86.sys -- (AvgRkx86)
DRV - [2011/10/18 16:49:10 | 000,025,168 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\AVGIDSxx.sys -- (AVGIDSErHrxpx)
DRV - [2011/10/18 16:49:09 | 000,243,152 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\avgtdix.sys -- (AvgTdiX)
DRV - [2011/10/18 16:48:58 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\avgldx86.sys -- (AvgLdx86)
DRV - [2011/10/18 16:46:16 | 000,122,448 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys -- (AVGIDSDriverxpx)
DRV - [2011/10/18 16:46:16 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys -- (AVGIDSFilterxpx)
DRV - [2011/10/18 16:46:15 | 000,026,192 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys -- (AVGIDSShimxpx)
DRV - [2010/02/11 08:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\tcpip6.sys -- (Tcpip6)
DRV - [2010/02/11 03:38:10 | 003,565,056 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ati2mtag.sys -- (ati2mtag)
DRV - [2010/01/01 14:07:51 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\atksgt.sys -- (atksgt)
DRV - [2010/01/01 14:07:50 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\lirsgt.sys -- (lirsgt)
DRV - [2009/07/07 14:48:44 | 000,026,672 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\purendis.sys -- (purendis)
DRV - [2009/07/07 14:48:44 | 000,025,392 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\pnarp.sys -- (pnarp)
DRV - [2008/06/27 12:09:32 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2007/08/01 22:47:26 | 000,102,664 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\tmcomm.sys -- (tmcomm)
DRV - [2007/02/25 12:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\dsunidrv.sys -- (dsunidrv)
DRV - [2006/10/05 16:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2006/09/05 12:03:16 | 000,003,968 | ---- | M] (GRISOFT, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\AvgAsCln.sys -- (AvgAsCln)
DRV - [2005/11/21 01:48:21 | 000,016,512 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ASPI32.SYS -- (ASPI32)
DRV - [2004/06/16 00:52:40 | 000,061,157 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC53.sys -- (IntelC53)
DRV - [2004/03/06 00:15:34 | 000,647,929 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC52.sys -- (IntelC52)
DRV - [2004/03/06 00:14:42 | 001,233,525 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC51.sys -- (IntelC51)
DRV - [2004/03/06 00:13:38 | 000,037,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mohfilt.sys -- (mohfilt)
DRV - [2003/08/28 20:58:40 | 000,004,272 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\bvrp_pci.sys -- (bvrp_pci)
DRV - [2003/06/13 10:53:06 | 000,015,232 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdrbsvsd.sys -- (cdrbsvsd)
DRV - [2003/01/10 18:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2002/11/08 15:45:06 | 000,017,217 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.com
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.com
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-536494136-2410558530-2963846775-1007.bak\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
IE - HKU\S-1-5-21-536494136-2410558530-2963846775-1007.bak\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://ca.rd.yahoo.c...earch.yahoo.com
IE - HKU\S-1-5-21-536494136-2410558530-2963846775-1007.bak\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://sympatico.msn.ca/
IE - HKU\S-1-5-21-536494136-2410558530-2963846775-1007.bak\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-536494136-2410558530-2963846775-1008\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-536494136-2410558530-2963846775-1008\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKU\S-1-5-21-536494136-2410558530-2963846775-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/
IE - HKU\S-1-5-21-536494136-2410558530-2963846775-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-536494136-2410558530-2963846775-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.hotmail.com"

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.647: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.647: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/05/21 16:47:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2011/10/18 16:55:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/23 00:28:29 | 000,134,104 | ---- | M] (Mozilla Foundation)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/28 12:06:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Netscape 7.2\Extensions\\Components: C:\Program Files\Netscape\Netscape\Components [2011/07/27 18:16:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Netscape 7.2\Extensions\\Plugins: C:\Program Files\Netscape\Netscape\Plugins [2011/07/01 10:28:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Netscape Navigator 9.0.0.6\extensions\\Components: C:\Program Files\Netscape\Navigator 9\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Netscape Navigator 9.0.0.6\extensions\\Plugins: C:\Program Files\Netscape\Navigator 9\plugins [2011/03/08 19:33:17 | 000,000,000 | ---D | M]

[2011/10/14 11:45:08 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mimi II\Application Data\Mozilla\Extensions
[2011/09/28 12:06:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/10 18:17:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/10/11 18:08:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/12/14 11:33:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/01/11 11:27:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/03/11 11:24:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/07/10 18:19:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2009/04/17 10:22:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\FirefoxPortable\App\Firefox\extensions
[2011/09/28 12:02:19 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\FirefoxPortable\App\Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2011/10/25 14:08:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\FirefoxPortable\Data\profile\extensions
[2010/07/13 11:27:20 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Program Files\Mozilla Firefox\FirefoxPortable\Data\profile\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/12/30 21:38:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\FirefoxPortable\Data\profile\extensions\{b80f591e-fe9a-46cf-a13e-180377240586}
[2010/11/17 19:05:10 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Program Files\Mozilla Firefox\FirefoxPortable\Data\profile\extensions\[email protected]
[2011/10/12 19:12:29 | 000,000,000 | ---D | M] (Canadian English Dictionary) -- C:\Program Files\Mozilla Firefox\FirefoxPortable\Data\profile\extensions\[email protected]
[2010/12/30 21:38:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\FirefoxPortable\Data\profile\extensions\[email protected]
[2011/03/04 11:10:35 | 000,000,000 | ---D | M] (Suomen kielen oikoluku) -- C:\Program Files\Mozilla Firefox\FirefoxPortable\Data\profile\extensions\[email protected]
[2011/10/12 11:30:57 | 000,000,000 | ---D | M] (Dictionnaire français «Moderne») -- C:\Program Files\Mozilla Firefox\FirefoxPortable\Data\profile\extensions\[email protected]
[2011/04/28 20:47:12 | 000,000,000 | ---D | M] (Icelandic Dictionary) -- C:\Program Files\Mozilla Firefox\FirefoxPortable\Data\profile\extensions\[email protected]
[2011/04/28 20:47:11 | 000,000,000 | ---D | M] (Dizionario italiano) -- C:\Program Files\Mozilla Firefox\FirefoxPortable\Data\profile\extensions\[email protected]
[2011/06/28 21:08:22 | 000,000,000 | ---D | M] (Norsk bokmÃ¥l ordliste) -- C:\Program Files\Mozilla Firefox\FirefoxPortable\Data\profile\extensions\[email protected]
[2011/07/01 11:16:54 | 000,000,000 | ---D | M] (Polski slownik poprawnej pisowni) -- C:\Program Files\Mozilla Firefox\FirefoxPortable\Data\profile\extensions\[email protected]
[2010/09/15 18:05:52 | 000,000,000 | ---D | M] (Russian spellchecking dictionary) -- C:\Program Files\Mozilla Firefox\FirefoxPortable\Data\profile\extensions\[email protected]
[2011/07/01 11:16:54 | 000,000,000 | ---D | M] (Svensk ordlista) -- C:\Program Files\Mozilla Firefox\FirefoxPortable\Data\profile\extensions\[email protected]
[2010/04/10 18:17:39 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2009/09/01 18:07:07 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/09/22 21:16:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/10/24 16:32:32 | 000,000,027 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\SYSTEM32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKU\S-1-5-21-536494136-2410558530-2963846775-1007.bak\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-536494136-2410558530-2963846775-1007.bak\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKU\S-1-5-21-536494136-2410558530-2963846775-1007.bak\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKU\S-1-5-21-536494136-2410558530-2963846775-1008\..\Toolbar\ShellBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKU\S-1-5-21-536494136-2410558530-2963846775-1008\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CTCheck] C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [nmapp] C:\Program Files\Pure Networks\Network Magic\nmapp.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-21-536494136-2410558530-2963846775-1007.bak..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup File not found
O4 - HKU\S-1-5-21-536494136-2410558530-2963846775-1007.bak..\Run: [irassync] C:\WINDOWS\system32\irasyncd.exe File not found
O4 - HKU\S-1-5-21-536494136-2410558530-2963846775-1007.bak..\RunOnce: [avg_spchecker] C:\Program Files\AVG\AVG9\Notification\SPChecker1.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe (America Online, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\LUMIX Simple Viewer.lnk = C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe (Matsushita Electric Industrial Co., Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-536494136-2410558530-2963846775-1007.bak\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-536494136-2410558530-2963846775-1007.bak\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-536494136-2410558530-2963846775-1008\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-536494136-2410558530-2963846775-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0
O7 - HKU\S-1-5-21-536494136-2410558530-2963846775-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoMovingBands = 0
O7 - HKU\S-1-5-21-536494136-2410558530-2963846775-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCloseDragDropBands = 0
O7 - HKU\S-1-5-21-536494136-2410558530-2963846775-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
O7 - HKU\S-1-5-21-536494136-2410558530-2963846775-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoToolbarsOnTaskbar = 0
O7 - HKU\S-1-5-21-536494136-2410558530-2963846775-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-536494136-2410558530-2963846775-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-536494136-2410558530-2963846775-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmat...enWebRadio.html File not found
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Mimi II\Start Menu\Programs\IMVU\Run IMVU.lnk File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-536494136-2410558530-2963846775-1007.bak\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} http://housecall65.t...ivex/hcImpl.cab (Trend Micro ActiveX Scan Agent 6.6)
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} http://dl.tvunetworks.com/TVUAx.cab (CTVUAxCtrl Object)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail....es/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C7DEDA04-2FFF-4B81-AE66-0A0E0EF4AD2F} http://cameracanadap...PUploader57.cab (Image Uploader Control)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O16 - DPF: Microsoft XML Parser for Java Reg Error: Value error. (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{08B6E02A-BBEA-450C-A110-EED00DD6157E}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\SYSTEM32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\avgrsstarter: DllName - (avgrsstx.dll) - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop WallPaper: C:\Documents and Settings\Mimi II\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Mimi II\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: AppMgmt - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - C:\WINDOWS\SYSTEM32\iprip.dll (Microsoft Corporation)
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/10/25 15:49:47 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Mimi II\Desktop\OTL.exe
[2011/10/25 14:07:05 | 002,146,000 | ---- | C] (AVG Technologies) -- C:\Documents and Settings\Mimi II\Desktop\avg_isw_stb_all_9_117.exe
[2011/10/25 10:43:21 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/10/24 18:52:58 | 000,000,000 | -HSD | C] -- C:\RECYCLER(2)
[2011/10/24 15:59:38 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/10/24 10:59:33 | 000,000,000 | ---D | C] -- C:\Program Files\Mam
[2011/10/18 16:49:10 | 000,025,168 | ---- | C] (AVG Technologies CZ, s.r.o. ) -- C:\WINDOWS\System32\drivers\AVGIDSxx.sys
[2011/10/18 16:49:10 | 000,012,536 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2011/10/18 16:49:09 | 000,052,872 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgrkx86.sys
[2011/10/18 16:49:07 | 000,243,152 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2011/10/18 16:48:57 | 000,216,400 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2011/10/18 16:48:55 | 000,029,712 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2011/10/18 16:48:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
[2011/10/18 16:00:21 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/10/01 19:14:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/09/26 11:44:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NCH Software
[2011/09/26 11:44:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mimi II\Application Data\NCH Software
[2008/05/28 10:22:26 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Mimi II\Application Data\pcouffin.sys
[1980/01/01 02:00:00 | 000,151,552 | ---- | C] ( ) -- C:\WINDOWS\System32\ATIDEMGR.dll

========== Files - Modified Within 30 Days ==========

[2011/10/25 15:49:48 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mimi II\Desktop\OTL.exe
[2011/10/25 14:07:05 | 002,146,000 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\Mimi II\Desktop\avg_isw_stb_all_9_117.exe
[2011/10/25 13:51:57 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Mimi II\Local Settings\Application Data\prvlcl.dat
[2011/10/25 11:02:59 | 087,778,372 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2011/10/25 10:56:28 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2011/10/25 10:54:13 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-536494136-2410558530-2963846775-1008.job
[2011/10/25 10:54:03 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2011/10/25 10:53:56 | 1071,796,224 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/24 16:32:32 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\hosts
[2011/10/24 13:47:41 | 007,026,547 | ---- | M] () -- C:\Documents and Settings\Mimi II\My Documents\mapleville-1.psd
[2011/10/21 20:13:11 | 000,000,290 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-536494136-2410558530-2963846775-1008.job
[2011/10/21 11:15:41 | 000,397,552 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/10/20 13:47:17 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/10/18 18:07:50 | 000,000,956 | ---- | M] () -- C:\Documents and Settings\Mimi II\Desktop\Internet Explorer.lnk
[2011/10/18 18:06:28 | 000,001,499 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 9.0.lnk
[2011/10/18 16:52:24 | 000,029,712 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2011/10/18 16:49:12 | 000,012,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2011/10/18 16:49:10 | 000,052,872 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgrkx86.sys
[2011/10/18 16:49:10 | 000,025,168 | ---- | M] (AVG Technologies CZ, s.r.o. ) -- C:\WINDOWS\System32\drivers\AVGIDSxx.sys
[2011/10/18 16:49:09 | 000,243,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2011/10/18 16:48:58 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2011/10/18 16:48:55 | 000,113,461 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2011/10/18 16:00:25 | 000,000,327 | RHS- | M] () -- C:\BOOT.INI
[2011/10/18 11:05:48 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/10/16 22:54:11 | 000,000,986 | ---- | M] () -- C:\WINDOWS\dellstat.ini
[2011/10/15 18:00:32 | 000,014,198 | ---- | M] () -- C:\Documents and Settings\Mimi II\My Documents\fra.jpg
[2011/10/15 17:56:54 | 000,088,937 | ---- | M] () -- C:\Documents and Settings\Mimi II\My Documents\P1050761.jpg
[2011/10/15 17:56:17 | 000,106,359 | ---- | M] () -- C:\Documents and Settings\Mimi II\My Documents\P1050699.jpg
[2011/10/14 16:02:41 | 003,245,726 | ---- | M] () -- C:\Documents and Settings\Mimi II\My Documents\DSCF3212.jpg
[2011/10/14 16:02:24 | 003,943,057 | ---- | M] () -- C:\Documents and Settings\Mimi II\My Documents\DSCF3196.jpg
[2011/10/14 16:02:02 | 004,596,960 | ---- | M] () -- C:\Documents and Settings\Mimi II\My Documents\DSCF3110.jpg
[2011/10/14 16:01:48 | 004,469,231 | ---- | M] () -- C:\Documents and Settings\Mimi II\My Documents\DSCF3088.jpg
[2011/10/13 20:26:30 | 000,302,592 | ---- | M] () -- C:\sbruso00.exe
[2011/10/13 11:07:07 | 000,445,830 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2011/10/13 11:07:07 | 000,073,036 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[2011/10/12 17:02:58 | 000,316,170 | ---- | M] () -- C:\Documents and Settings\Mimi II\My Documents\_MG_8544.jpg
[2011/10/12 17:00:44 | 001,502,898 | ---- | M] () -- C:\Documents and Settings\Mimi II\My Documents\Henry_Burris_-_CFL_PHOTO_-_Peter_McCabe.jpg
[2011/10/04 19:33:39 | 000,014,998 | ---- | M] () -- C:\Documents and Settings\Mimi II\My Documents\DSCF2219.jpg
[2011/10/04 19:20:53 | 000,021,908 | ---- | M] () -- C:\Documents and Settings\Mimi II\My Documents\nor.jpg
[2011/09/28 12:10:02 | 000,001,776 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/09/28 12:06:48 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Mimi II\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/09/26 12:04:41 | 000,063,487 | ---- | M] () -- C:\Documents and Settings\Mimi II\My Documents\ss.jpg

========== Files Created - No Company Name ==========

[2011/10/18 18:07:32 | 000,000,956 | ---- | C] () -- C:\Documents and Settings\Mimi II\Desktop\Internet Explorer.lnk
[2011/10/18 16:49:13 | 000,001,499 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 9.0.lnk
[2011/10/18 16:48:55 | 000,113,461 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2011/10/18 16:48:34 | 087,778,372 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2011/10/18 16:00:25 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/10/18 16:00:23 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/10/16 20:11:28 | 007,026,547 | ---- | C] () -- C:\Documents and Settings\Mimi II\My Documents\mapleville-1.psd
[2011/10/15 18:00:32 | 000,014,198 | ---- | C] () -- C:\Documents and Settings\Mimi II\My Documents\fra.jpg
[2011/10/15 17:56:53 | 000,088,937 | ---- | C] () -- C:\Documents and Settings\Mimi II\My Documents\P1050761.jpg
[2011/10/15 17:56:13 | 000,106,359 | ---- | C] () -- C:\Documents and Settings\Mimi II\My Documents\P1050699.jpg
[2011/10/13 20:26:29 | 000,302,592 | ---- | C] () -- C:\sbruso00.exe
[2011/10/12 17:02:57 | 000,316,170 | ---- | C] () -- C:\Documents and Settings\Mimi II\My Documents\_MG_8544.jpg
[2011/10/12 17:00:41 | 001,502,898 | ---- | C] () -- C:\Documents and Settings\Mimi II\My Documents\Henry_Burris_-_CFL_PHOTO_-_Peter_McCabe.jpg
[2011/10/04 19:30:12 | 000,014,998 | ---- | C] () -- C:\Documents and Settings\Mimi II\My Documents\DSCF2219.jpg
[2011/10/04 19:20:53 | 000,021,908 | ---- | C] () -- C:\Documents and Settings\Mimi II\My Documents\nor.jpg
[2011/09/30 11:09:40 | 003,245,726 | ---- | C] () -- C:\Documents and Settings\Mimi II\My Documents\DSCF3212.jpg
[2011/09/30 11:04:22 | 003,943,057 | ---- | C] () -- C:\Documents and Settings\Mimi II\My Documents\DSCF3196.jpg
[2011/09/30 10:20:20 | 004,596,960 | ---- | C] () -- C:\Documents and Settings\Mimi II\My Documents\DSCF3110.jpg
[2011/09/30 10:08:30 | 004,469,231 | ---- | C] () -- C:\Documents and Settings\Mimi II\My Documents\DSCF3088.jpg
[2011/09/28 12:06:47 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011/09/26 12:03:00 | 000,063,487 | ---- | C] () -- C:\Documents and Settings\Mimi II\My Documents\ss.jpg
[2011/07/06 19:09:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2011/07/06 18:58:54 | 000,593,920 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2011/02/27 15:50:22 | 000,000,003 | ---- | C] () -- C:\WINDOWS\treeskp.sys
[2011/02/27 15:50:22 | 000,000,003 | ---- | C] () -- C:\WINDOWS\sbacknt.bin
[2010/02/11 00:12:00 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2010/02/11 00:12:00 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2009/12/17 04:33:56 | 003,190,784 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2009/12/17 04:33:56 | 000,405,504 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2009/12/17 04:33:56 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\ff_libdts.dll
[2009/12/17 04:33:56 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll
[2009/12/17 04:33:56 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\ff_libmad.dll
[2009/12/17 04:33:56 | 000,097,280 | ---- | C] () -- C:\WINDOWS\System32\ff_realaac.dll
[2009/12/17 04:33:56 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ff_liba52.dll
[2009/12/17 04:33:56 | 000,038,400 | ---- | C] () -- C:\WINDOWS\System32\ff_unrar.dll
[2009/12/17 04:33:54 | 000,741,376 | ---- | C] () -- C:\WINDOWS\System32\audxlib.dll
[2009/12/17 04:33:54 | 000,662,016 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/12/17 04:33:54 | 000,511,488 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2009/12/17 04:33:54 | 000,245,760 | ---- | C] () -- C:\WINDOWS\System32\ff_libfaad2.dll
[2009/12/17 04:33:54 | 000,221,184 | ---- | C] () -- C:\WINDOWS\System32\ff_kernelDeint.dll
[2009/12/17 04:33:54 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2009/12/17 04:33:54 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\ff_samplerate.dll
[2009/12/17 04:33:54 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2009/12/17 04:33:54 | 000,079,872 | ---- | C] () -- C:\WINDOWS\System32\ff_tremor.dll
[2009/12/17 04:33:54 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2009/12/17 04:33:54 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/05/01 16:03:56 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Mimi II\Local Settings\Application Data\prvlcl.dat
[2009/04/23 18:29:16 | 000,189,051 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2009/04/16 11:24:06 | 008,892,928 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\atscie.msi
[2008/12/26 20:03:10 | 000,281,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2008/12/26 20:03:03 | 000,025,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2008/05/28 10:22:26 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Mimi II\Application Data\pcouffin.cat
[2008/05/28 10:22:26 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Mimi II\Application Data\pcouffin.inf
[2008/04/29 11:36:06 | 000,000,001 | ---- | C] () -- C:\WINDOWS\dedlat2.dll
[2008/01/30 17:10:46 | 000,274,432 | ---- | C] () -- C:\WINDOWS\System32\libcurl.dll
[2007/12/14 15:52:38 | 000,000,005 | ---- | C] () -- C:\WINDOWS\System32\SySVid.dat
[2007/12/14 15:51:39 | 000,003,082 | ---- | C] () -- C:\WINDOWS\System32\affv11300p4now.sys
[2007/12/13 15:15:14 | 000,000,206 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2007/12/05 18:06:04 | 000,000,335 | ---- | C] () -- C:\WINDOWS\mozregistry.dat
[2007/11/29 11:31:11 | 000,915,488 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2007/11/29 11:31:11 | 000,058,144 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox2.dat
[2007/11/17 19:53:56 | 000,001,578 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpowerAMP Mp4 Codec.dat
[2007/11/17 19:52:02 | 000,002,154 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpowerAMP Ogg Vorbis Codec.dat
[2007/11/17 19:51:08 | 000,002,467 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dMC mp3PRO (CLI) Encoder.dat
[2007/11/17 19:49:16 | 000,002,286 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpowerAMP Monkeys Audio Codec.dat
[2007/10/31 10:39:54 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\zlib1.dll
[2007/07/24 16:22:50 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2007/07/24 16:22:49 | 000,111,932 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2007/07/24 16:22:49 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2007/07/24 16:22:49 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2007/07/24 16:22:49 | 000,026,154 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2007/07/24 16:22:49 | 000,024,903 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2007/07/24 16:22:49 | 000,021,390 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2007/07/24 16:22:49 | 000,020,148 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2007/07/24 16:22:49 | 000,011,811 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2007/07/24 16:22:49 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2007/07/24 16:22:49 | 000,001,146 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_DU.dat
[2007/07/24 16:22:49 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2007/07/24 16:22:49 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2007/07/24 16:22:49 | 000,001,136 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2007/07/24 16:22:49 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2007/07/24 16:22:49 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2007/07/24 16:22:49 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_IT.dat
[2007/07/24 16:22:49 | 000,001,107 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_GE.dat
[2007/07/24 16:22:49 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2007/07/06 18:06:24 | 000,001,160 | ---- | C] () -- C:\WINDOWS\ARCHPR.INI
[2007/06/07 18:20:02 | 000,003,452 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpowerAMP Musepack Codec.dat
[2007/06/01 15:17:27 | 000,000,227 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2007/06/01 15:17:21 | 000,045,568 | ---- | C] () -- C:\WINDOWS\UniFish3.exe
[2007/05/17 13:58:10 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\libexpatw.dll
[2007/03/28 15:25:37 | 000,000,050 | ---- | C] () -- C:\WINDOWS\MegaManager.INI
[2007/03/22 16:47:35 | 000,046,344 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.EXE
[2007/02/20 18:14:20 | 000,194,133 | ---- | C] () -- C:\WINDOWS\patcher.exe
[2007/02/05 21:34:05 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\MP2enc.dll
[2007/01/19 12:34:39 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2007/01/19 12:34:39 | 000,000,341 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll
[2007/01/19 12:33:58 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll
[2007/01/19 12:33:58 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll
[2007/01/19 12:33:58 | 000,000,073 | ---- | C] () -- C:\WINDOWS\System32\ssprs.dll
[2007/01/19 12:33:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\nsprs.dll
[2006/11/20 12:04:59 | 000,014,848 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2006/11/06 15:30:38 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2006/06/18 19:47:49 | 000,161,280 | ---- | C] () -- C:\Documents and Settings\Mimi II\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/06/18 19:47:49 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\Mimi II\Local Settings\Application Data\fusioncache.dat
[2006/06/17 13:32:06 | 001,019,094 | RHS- | C] () -- C:\Program Files\serial.zip
[2006/06/17 13:32:06 | 001,019,094 | RHS- | C] () -- C:\Program Files\serial.tde
[2006/05/28 12:45:47 | 000,397,306 | RHS- | C] () -- C:\Program Files\wunauclt.zip
[2006/05/28 12:45:47 | 000,397,306 | RHS- | C] () -- C:\Program Files\wunauclt.tbe
[2006/05/01 19:19:24 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2006/04/15 10:38:42 | 000,001,067 | ---- | C] () -- C:\WINDOWS\ARPR.INI
[2006/02/11 21:14:57 | 000,000,004 | ---- | C] () -- C:\WINDOWS\System32\micr0st.dll
[2006/02/11 21:01:13 | 000,000,067 | ---- | C] () -- C:\WINDOWS\A1 DVD Ripper.INI
[2006/01/13 18:28:11 | 000,001,757 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2005/12/07 10:56:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\TempName.dll
[2005/12/06 21:05:32 | 000,000,072 | ---- | C] () -- C:\WINDOWS\System32\drivers\netfltConfig.dat
[2005/11/24 17:46:19 | 000,370,000 | RHS- | C] () -- C:\WINDOWS\aiiaacc.exe
[2005/11/24 17:46:19 | 000,000,007 | ---- | C] () -- C:\WINDOWS\wocnm.dat
[2005/11/24 17:46:19 | 000,000,001 | ---- | C] () -- C:\WINDOWS\isf.dat
[2005/11/01 13:51:23 | 000,001,290 | ---- | C] () -- C:\WINDOWS\AZPR3.INI
[2005/10/01 18:01:50 | 000,000,066 | ---- | C] () -- C:\WINDOWS\Aurora Video VCD_SVCD_DVD Creator.INI
[2005/10/01 17:33:25 | 000,000,067 | ---- | C] () -- C:\WINDOWS\VideoConvert.INI
[2005/10/01 17:31:01 | 000,000,066 | ---- | C] () -- C:\WINDOWS\#1 Video Converter.INI
[2005/09/11 18:06:16 | 000,000,287 | ---- | C] () -- C:\WINDOWS\EReg072.dat
[2005/06/22 21:37:51 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\FileOps.exe
[2005/05/13 12:41:24 | 000,167,424 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall.exe
[2005/05/13 12:14:11 | 000,000,005 | ---- | C] () -- C:\WINDOWS\System32\wincon.dat
[2005/03/10 14:40:28 | 000,000,339 | ---- | C] () -- C:\WINDOWS\ULEAD32.INI
[2005/03/07 12:25:55 | 000,099,965 | ---- | C] () -- C:\WINDOWS\UninstallFirefox.exe
[2005/03/02 18:36:38 | 000,105,168 | ---- | C] () -- C:\WINDOWS\NSUninst.exe
[2005/03/02 18:36:18 | 000,105,168 | ---- | C] () -- C:\WINDOWS\GREUninstall.exe
[2005/03/02 18:36:16 | 000,013,605 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2005/03/01 21:58:36 | 000,004,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\bvrp_pci.sys
[2005/02/27 10:56:58 | 000,000,819 | ---- | C] () -- C:\WINDOWS\jamkeys.ini
[2005/02/27 10:56:58 | 000,000,024 | ---- | C] () -- C:\WINDOWS\jam.ini
[2005/02/27 10:56:46 | 000,000,055 | ---- | C] () -- C:\WINDOWS\mediachk.ini
[2005/02/27 10:56:46 | 000,000,040 | ---- | C] () -- C:\WINDOWS\sndcheck.ini
[2005/02/27 10:56:42 | 000,025,440 | ---- | C] () -- C:\WINDOWS\VUNINSTL.DLL
[2005/02/27 10:56:38 | 000,304,128 | ---- | C] () -- C:\WINDOWS\VUNINSTL.EXE
[2005/02/27 10:55:33 | 000,000,395 | ---- | C] () -- C:\WINDOWS\VUNINSTL.INI
[2005/02/14 13:53:19 | 000,000,402 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2005/01/12 14:17:03 | 000,000,338 | ---- | C] () -- C:\WINDOWS\fontssg.ini
[2005/01/12 14:17:03 | 000,000,097 | ---- | C] () -- C:\WINDOWS\LMICD.INI
[2005/01/04 12:30:46 | 000,059,419 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2005/01/01 14:11:10 | 000,000,644 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2004/12/29 14:30:34 | 000,001,125 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2004/12/29 13:56:55 | 000,000,986 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2004/12/29 13:55:59 | 000,143,360 | R--- | C] () -- C:\WINDOWS\System32\dlbtcoin.dll
[2004/12/29 13:55:59 | 000,126,976 | R--- | C] () -- C:\WINDOWS\System32\dlbtsnls.dll
[2004/12/29 13:55:43 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlbtvs.dll
[2004/12/29 13:55:42 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\dlbtih.exe
[2004/12/29 13:55:39 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\dlbtcur.dll
[2004/12/29 13:55:39 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\dlbtcu.dll
[2004/12/29 13:55:34 | 000,557,056 | ---- | C] () -- C:\WINDOWS\System32\dlbtjswr.dll
[2004/12/29 13:55:26 | 000,401,408 | ---- | C] () -- C:\WINDOWS\System32\dlbtutil.dll
[2004/12/29 13:25:06 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2004/12/03 19:59:44 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/12/03 19:57:05 | 000,000,324 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2004/12/03 19:52:41 | 000,000,590 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/12/03 19:50:14 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2004/12/03 19:41:36 | 000,002,048 | --S- | C] () -- C:\WINDOWS\BOOTSTAT.DAT
[2004/12/03 19:40:54 | 000,445,830 | ---- | C] () -- C:\WINDOWS\System32\PERFH009.DAT
[2004/12/03 19:40:54 | 000,073,036 | ---- | C] () -- C:\WINDOWS\System32\PERFC009.DAT
[2004/12/03 19:27:50 | 000,000,519 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/10/26 18:39:05 | 003,375,104 | ---- | C] () -- C:\WINDOWS\System32\qt-mt331.dll
[2004/09/28 07:38:30 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\wmatimer.dll
[2004/09/16 00:03:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/10 15:13:12 | 000,000,882 | ---- | C] () -- C:\WINDOWS\ORUN32.INI
[2004/08/10 15:08:08 | 000,397,552 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/10 15:03:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/10 15:02:16 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/10 12:08:26 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.BIN
[2004/08/10 12:08:26 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.DAT
[2004/08/04 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\MLANG.DAT
[2004/08/04 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\PERFI009.DAT
[2004/08/04 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\DSSEC.DAT
[2004/08/04 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\MIB.BIN
[2004/08/04 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\PERFD009.DAT
[2004/08/04 07:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\SECUPD.DAT
[2004/08/04 07:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 07:00:00 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\FXSPERF.INI
[2004/08/04 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\NOISE.DAT
[2004/07/19 18:01:02 | 000,045,056 | ---- | C] () -- C:\WINDOWS\SETPWRCG.EXE
[2004/07/03 22:08:04 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2003/12/13 22:40:42 | 001,003,520 | ---- | C] () -- C:\WINDOWS\System32\ltmm_n.dll
[2003/07/31 19:16:46 | 000,000,017 | -H-- | C] () -- C:\WINDOWS\System32\drivers\DVEMODEM.DAT
[2003/01/07 17:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/10/15 18:54:04 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[1997/08/23 12:33:24 | 000,022,064 | ---- | C] () -- C:\WINDOWS\System32\tntlvr.dll
[1997/06/13 21:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll
[1980/01/01 02:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll

========== LOP Check ==========

[2011/10/18 16:44:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2004/12/03 19:49:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2011/03/14 10:24:55 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2008/12/26 19:37:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2009/05/08 12:11:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FarmFrenzy-PizzaParty
[2007/09/08 10:45:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Internet debug mess great
[2007/12/03 22:18:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2009/02/27 14:33:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
[2010/10/01 18:23:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2008/05/04 15:32:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PrevxCSI
[2010/09/08 11:45:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\River Past G5
[2008/08/28 12:12:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SimCity Societies
[2011/07/02 17:45:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Solidshield
[2010/06/19 10:36:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sports Interactive
[2010/02/01 18:39:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
[2009/06/18 18:47:08 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\System Restore
[2005/01/08 11:46:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tavultesoft
[2009/05/08 12:11:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/10/11 11:53:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2007/03/19 12:07:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\MEGAUPLOADTOOLBAR
[2004/12/30 18:50:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mimi\Application Data\Leadertech
[2005/12/19 11:22:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mimi\Application Data\Seven Zip
[2005/10/01 17:26:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mimi\Application Data\STOIK
[2005/01/04 20:55:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mimi\Application Data\Visicom Media
[2005/01/08 11:13:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mimi\Application Data\VP-Software
[2007/05/16 19:56:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mimi II\Application Data\.BitTornado
[2009/11/30 12:05:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mimi II\Application Data\AVG9
[2008/12/26 19:38:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mimi II\Application Data\DAEMON Tools
[2008/12/26 19:38:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mimi II\Application Data\DAEMON Tools Lite
[2008/12/26 19:38:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mimi II\Application Data\DAEMON Tools Pro
[2008/02/06 16:02:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mimi II\Application Data\Design Science
[2011/02/15 19:15:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mimi II\Application Data\Dropbox
[2006/06/18 19:40:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mimi II\Application Data\FIFA2003CC
[2006/06/18 19:40:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mimi II\Application Data\GlobalSCAPE
[2007/11/23 20:40:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mimi II\Application Data\Grammatica
[2010/03/12 15:24:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mimi II\Application Data\gtk-2.0
[2006/06/18 19:39:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mimi II\Application Data\Leadertech
[2011/06/08 19:06:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mimi II\Application Data\Mael
[2008/09/15 13:17:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mimi II\Application Data\Maple
[2008/10/06 18:11:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mimi II\Application Data\My Games
[2010/10/01 18:23:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mimi II\Application Data\NCH Swift Sound
[2009/05/26 18:44:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mimi II\Application Data\Netscape
[2011/06/08 19:09:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mimi II\Application Data\Notepad++
[2009/03/16 20:11:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mimi II\Application Data\OpenOffice.org
[2007/07/24 16:23:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mimi II\Application Data\Panasonic
[2007/07/31 15:56:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mimi II\Application Data\ppstream
[2011/01/09 14:33:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mimi II\Application Data\RenPy
[2008/04/04 20:08:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mimi II\Application Data\River Past G5
[2009/02/13 19:09:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mimi II\Application Data\SendSpace Wizard
[2006/06/18 19:35:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mimi II\Application Data\Seven Zip
[2010/06/19 10:35:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mimi II\Application Data\Sports Interactive
[2006/06/18 19:35:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mimi II\Application Data\STOIK
[2011/09/11 18:51:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mimi II\Application Data\Ubisoft
[2007/11/30 21:58:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mimi II\Application Data\Uniblue
[2011/01/09 14:43:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mimi II\Application Data\Utherverse
[2006/06/18 19:34:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mimi II\Application Data\Visicom Media
[2010/08/18 12:00:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mimi II\Application Data\Vivox
[2006/06/18 19:34:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mimi II\Application Data\VP-Software
[2008/06/10 20:43:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mimi II\Application Data\Vso
[2011/09/16 18:30:43 | 000,000,282 | ---- | M] () -- C:\WINDOWS\Tasks\switchShakeIcon.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2011/10/13 20:26:30 | 000,302,592 | ---- | M] () -- C:\sbruso00.exe


< MD5 for: EXPLORER.EXE >
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\explorer.exe
[2007/06/13 07:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007/06/13 06:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2004/08/04 07:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/04/13 20:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ERDNT\cache\svchost.exe
[2008/04/13 20:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/13 20:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\svchost.exe
[2008/04/13 20:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\SYSTEM32\svchost.exe
[2004/08/04 07:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\I386\SVCHOST.EXE
[2004/08/04 07:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: USERINIT.EXE >
[2004/08/04 07:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\I386\USERINIT.EXE
[2004/08/04 07:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\userinit.exe
[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\SYSTEM32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004/08/04 07:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\I386\WINLOGON.EXE
[2004/08/04 07:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\SYSTEM32\winlogon.exe

< C:\Windows\assembly\tmp\U\*.* /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 159 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A5227364
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A73B0434

< End of report >

Edited by princessmimi, 25 October 2011 - 02:08 PM.

  • 0

#12
princessmimi
Posted 25 October 2011 - 02:06 PM

princessmimi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts
OTL Extras logfile created on: 10/25/2011 3:50:55 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Mimi II\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.07 Mb Total Physical Memory | 459.91 Mb Available Physical Memory | 45.00% Memory free
2.40 Gb Paging File | 1.91 Gb Available in Paging File | 79.69% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.68 Gb Total Space | 8.57 Gb Free Space | 11.96% Space Free | Partition Type: NTFS

Computer Name: D3T0R661 | User Name: Mimi II | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
.reg [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
.scr [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found

[HKEY_USERS\S-1-5-21-536494136-2410558530-2963846775-1008\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\Winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\Winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
"DisableMonitoring" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
"DisableMonitoring" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"4662:TCP" = 4662:TCP:*:Enabled:eMule port
"67:UDP" = 67:UDP:*:Enabled:DHCP Discovery Service
"4672:UDP" = 4672:UDP:*:Enabled:eMule port

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Netscape\Netscape\Netscp.exe" = C:\Program Files\Netscape\Netscape\Netscp.exe:*:Enabled:Netscape -- (Mozilla, Netscape)
"C:\Program Files\BitTornado\btdownloadgui.exe" = C:\Program Files\BitTornado\btdownloadgui.exe:*:Enabled:btdownloadgui -- ()
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\Java\jre6\bin\javaw.exe" = C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\eMule\emule.exe" = C:\Program Files\eMule\emule.exe:*:Enabled:eMule -- (http://www.emule-project.net)
"C:\Documents and Settings\Mimi II\Application Data\SopCast\adv\SopAdver.exe" = C:\Documents and Settings\Mimi II\Application Data\SopCast\adv\SopAdver.exe:*:Disabled:SopCast Adver -- (www.sopcast.com)
"C:\Program Files\Mozilla Firefox\FirefoxPortable\App\Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\FirefoxPortable\App\Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\Google\Google Earth\client\googleearth.exe" = C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)
"C:\Program Files\Ubisoft\Related Designs\ANNO 1404\Anno4.exe" = C:\Program Files\Ubisoft\Related Designs\ANNO 1404\Anno4.exe:*:Enabled:ANNO 1404 -- (Related Designs)
"C:\Program Files\Ubisoft\Related Designs\ANNO 1404\tools\Anno4Web.exe" = C:\Program Files\Ubisoft\Related Designs\ANNO 1404\tools\Anno4Web.exe:*:Enabled:ANNO 1404 Web -- ()
"C:\Program Files\AVG\AVG9\avgam.exe" = C:\Program Files\AVG\AVG9\avgam.exe:*:Enabled:avgam.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgdiagex.exe" = C:\Program Files\AVG\AVG9\avgdiagex.exe:*:Enabled:avgdiagex.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe" = C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:LocalSubNet,0.0.0.0/255.255.255.255:Enabled:Pure Networks Platform Service -- (Cisco Systems, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{03ADC8AB-C130-0C3D-1FF9-2C385DF25689}" = CCC Help Czech
"{053A7E07-3D44-4CDB-B79C-EE8755BFD7D6}" = Class_50_Content_Update
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{07021185-008D-ABF9-7716-475AC035F8B3}" = CCC Help Spanish
"{09CF6AF5-9206-4FD7-9B08-BA6819FB47E3}" = Anno 1404
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{0F8D0406-7755-AC37-6529-73AD649DBE32}" = Catalyst Control Center Graphics Previews Common
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{17334AAF-C9E7-483B-9F45-E3FCAF07FFA7}" = Intel® PROSet for Wired Connections
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{1B2DBF55-05D4-4072-87D8-689141E262BD}" = Creative ZEN
"{1BD07DF4-FB06-41BA-B896-B2DA59000C96}" = Windows Live Toolbar
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22072CC8-7230-96F8-52F4-05EAF3F906B6}" = CCC Help Polish
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2368ADBD-6FDF-4B9F-FE41-E20B4D78E79E}" = CCC Help Chinese Standard
"{25EF0DC4-B072-2E04-4581-A13C91423CE6}" = CCC Help Portuguese
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Dell Media Experience
"{26A24AE4-039D-4CA4-87B4-2F83216019FF}" = Java™ 6 Update 26
"{26F7855C-443B-00A6-F7B8-A97A5403F617}" = CCC Help Danish
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2CB4A925-48A7-DA65-DCEE-D4DE224B7D84}" = CCC Help English
"{2CDCCE7E-55D5-40CC-AEA0-ABA54713501F}" = LUMIX Simple Viewer
"{306D75B9-7FFF-FF65-0C76-57F2FE4FE1D6}" = Catalyst Control Center Core Implementation
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0150020}" = J2SE Runtime Environment 5.0 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0150040}" = J2SE Runtime Environment 5.0 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{32B12FE4-5A51-751A-1FB6-A14E97EBDD5C}" = CCC Help German
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{351512E5-01BD-E878-6F57-AA3E517D9ECE}" = Skins
"{354A387E-0374-21A3-6832-335674A6D7D1}" = CCC Help French
"{3C00BEE9-26D0-D9E0-A2D1-62F70D412A12}" = CCC Help Turkish
"{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = Modem On Hold
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4346F7AA-3D56-0941-424C-4454E04D37F6}" = CCC Help Italian
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CAE2F2C-75CD-A0DE-7520-449BCBBCC833}" = CCC Help Korean
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{57F7F0A5-8F22-8E63-E819-803B5C9CA3A5}" = CCC Help Dutch
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5EA437D2-7A57-B60E-E8F2-76BFAC0895A5}" = CCC Help Chinese Traditional
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{61AF4E75-050E-0304-3417-8BC16417FEB1}" = CCC Help Greek
"{632005DA-C291-5275-284C-5EE96B05C714}" = Catalyst Control Center HydraVision Full
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.3
"{6C72BE0C-3E25-CACD-0070-2FD9C02ABA14}" = ccc-core-preinstall
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{7148F0A8-6813-11D6-A77B-00B0D0142060}" = Java 2 Runtime Environment, SE v1.4.2_06
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{76EFFC7C-17A6-479D-9E47-8E658C1695AE}" = Windows Backup Utility
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{7A0EFAFB-AC4B-4B88-8C6B-6731BE88DB68}" = Modem Event Monitor
"{7AC0886A-CE48-4EB6-9CC3-4C56D427F2E1}" = Cisco Network Magic
"{7E6066E6-8B5B-4100-B0FA-1D9E9B663CBA}" = iTunes
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{7FCC4EDC-6EE2-4309-ABD7-85F2667A7B90}" = WebEx Support Manager for Internet Explorer
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{880BB617-914E-17E8-D877-A96BAC5794D2}" = Catalyst Control Center Graphics Full New
"{8897CF22-DB6C-8248-895C-12BFA2677F51}" = CCC Help Hungarian
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8EF1122E-E90C-4EE9-AB0C-7FDE2BA42C26}" = Musicmatch® Jukebox
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91130409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Basic Edition 2003
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{998D6972-F58E-479D-9248-8F179E55AE38}" = Java DB 10.4.1.3
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AC76BA86-7AD7-5670-0000-800000000003}" = Korean Fonts Support For Adobe Reader 8
"{AC76BA86-7AD7-5760-0000-800000000003}" = Japanese Fonts Support For Adobe Reader 8
"{AF710FDE-2815-8C8D-5281-8004C2654AA6}" = CCC Help Russian
"{AFF2D965-C6F2-A210-FBF7-532612AA1D23}" = CCC Help Swedish
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B21336EE-4AEF-9940-4AC7-EDB89854B8D3}" = CCC Help Thai
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BBA69346-61A1-BD34-E75A-4D81232DB1FE}" = Catalyst Control Center Localization All
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BF7C1B99-A250-45EF-B186-0C33B7308F95}" = SD40-2_Content_Update
"{BFD5ED08-F066-92D5-BE67-3B9AE5DCFF0C}" = CCC Help Japanese
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C4609F15-FB3C-D97E-BAA1-4F10815039C2}" = Catalyst Control Center Graphics Full Existing
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}" = Jasc Paint Shop Photo Album
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D01FAC3D-86B4-3A19-9D10-9156A0EB3EBE}" = CCC Help Finnish
"{D1696920-9794-4BBC-8A30-7A88763DE5A2}" = ABBYY FineReader 5.0 Sprint Plus
"{D73722C8-3F65-C75B-A631-5D36894DAB92}" = ccc-core-static
"{DB5F474C-B584-417F-810B-DEBBC1893C2A}" = TBS WMP Plug-in
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer
"{DDAD33B6-8C00-428D-087B-A7088355B9BE}" = Catalyst Control Center Graphics Light
"{E333F074-FC7F-596D-3D61-44F0EC28E8C0}" = ccc-utility
"{E3436EE2-D5CB-4249-840B-3A0140CC34C3}" = Classic PhoneTools
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E93E5EF6-D361-481E-849D-F16EF5C78EBC}" = Musicmatch for Windows Media Player
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F71C0208-1D32-439D-9257-F90F0BAACE6A}" = CM 03-04
"{FA38F9E4-BED7-E021-B660-8FDFF7EC6E1A}" = CCC Help Norwegian
"{FC467B61-F890-4E29-8585-365DAB66F13E}" = Pure Networks Platform
"Adobe Acrobat 4.0" = Adobe Acrobat 4.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"All ATI Software" = ATI - Software Uninstall Utility
"America Online ca" = AOL (Choose which version to remove)
"AOL Connectivity Services" = AOL Connectivity Services
"ATI Display Driver" = ATI Display Driver
"AVG9Uninstall" = AVG 9.0
"BitTornado" = BitTornado 0.3.17
"CCleaner" = CCleaner (remove only)
"Crossword Weaver 7.0" = Crossword Weaver 7.0
"dBpowerAMP Monkeys Audio Codec" = dBpowerAMP Monkeys Audio Codec
"dBpowerAMP Mp4 Codec" = dBpowerAMP Mp4 Codec
"dBpowerAMP Musepack Codec" = dBpowerAMP Musepack Codec
"dBpowerAMP Ogg Vorbis Codec" = dBpowerAMP Ogg Vorbis Codec
"Dell Photo AIO Printer 922" = Dell Photo AIO Printer 922
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX Setup
"dMC mp3PRO (CLI) Encoder" = dMC mp3PRO (CLI) Encoder
"DSMT6" = MathType 6
"eMule" = eMule
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{DB5F474C-B584-417F-810B-DEBBC1893C2A}" = TBS WMP Plug-in
"InstallShield_{F71C0208-1D32-439D-9257-F90F0BAACE6A}" = CM 03-04
"Intel® 537EP V9x DFV PCI Modem" = Intel® 537EP V9x DFV PCI Modem
"JDownloader" = JDownloader
"Keyman Package blackfoot" = Keyman Package - Blackfoot Practical Unicode
"Keyman Package cree_east_u" = Keyman Package - East Cree Unicode
"Keyman Package dakelh1_u" = Keyman Package - Dakelh I Unicode
"Keyman Package inuktitut_u" = Keyman Package - Inuktitut Unicode
"Keyman Package kmtip" = Keyman Package - Add-in for Text Services Framework
"Keyman Package naskapi_u" = Keyman Package - Naskapi Unicode
"Keyman Package ojibway_af_ww" = Keyman Package - Ojibway a-final West-w
"Keyman Package richedit" = Keyman Package - Add-in for Richedit Control
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 7.0 (x86 en-US)" = Mozilla Firefox 7.0 (x86 en-US)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Netscape (7.2)" = Netscape (7.2)
"Network MagicUninstall" = Network Magic
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PROSet" = Intel® PRO Network Adapters and Drivers
"ProTrain 1.1 US 1.1" = ProTrain 1.1 US 1.1
"PSSENSOR_ab977ca22ef595e0c55853eb3fbfffd950acc82c" = Windows Driver Package - PASCO Scientific (PASCO) USB 01/17/2004 1.9.0.0
"RadLight APE DirectShow filter" = RadLight APE DirectShow filter (remove only)
"RadLight TTA DirectShow filter" = RadLight TTA DirectShow filter (remove only)
"RealPlayer 12.0" = RealPlayer
"Switch" = Switch Sound File Converter
"SysInfo" = Creative System Information
"Tavultesoft Keyman 6.0" = Tavultesoft Keyman 6.0
"VLC media player" = VideoLAN VLC media player 0.8.6b
"VobSub" = VobSub v2.23 (Remove Only)
"vPod" = vPod (Remove Only)
"Winamp" = Winamp (remove only)
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WinZip" = WinZip
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xfire" = Xfire (remove only)
"ZENcast Organizer" = ZENcast Organizer

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-536494136-2410558530-2963846775-1007.bak\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GCalc 3 Beta" = GCalc 3 Beta

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-536494136-2410558530-2963846775-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Video4iPod Converter" = Video4iPod Converter

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/19/2011 7:46:06 PM | Computer Name = D3T0R661 | Source = ESENT | ID = 473
Description = Catalog Database (1208) Database C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb
was partially detached. Error -1032 encountered updating database headers.

Error - 10/22/2011 5:19:52 PM | Computer Name = D3T0R661 | Source = ESENT | ID = 490
Description = svchost (1212) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb"
for read / write access failed with system error 32 (0x00000020): "The process
cannot access the file because it is being used by another process. ". The open
file operation will fail with error -1032 (0xfffffbf8).

Error - 10/22/2011 5:19:52 PM | Computer Name = D3T0R661 | Source = ESENT | ID = 439
Description = Catalog Database (1212) Unable to write a shadowed header for file
C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb. Error
-1032.

Error - 10/22/2011 5:19:52 PM | Computer Name = D3T0R661 | Source = ESENT | ID = 470
Description = Catalog Database (1212) Database C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
is partially attached. Attachment stage: 1. Error: -1032.

Error - 10/23/2011 3:04:31 PM | Computer Name = D3T0R661 | Source = Application Hang | ID = 1002
Description = Hanging application , version 0.0.0.0, hang module hungapp, version
0.0.0.0, hang address 0x00000000.

Error - 10/24/2011 4:15:08 PM | Computer Name = D3T0R661 | Source = JavaQuickStarterService | ID = 1
Description =

Error - 10/24/2011 4:34:23 PM | Computer Name = D3T0R661 | Source = JavaQuickStarterService | ID = 1
Description =

Error - 10/24/2011 4:57:25 PM | Computer Name = D3T0R661 | Source = JavaQuickStarterService | ID = 1
Description =

Error - 10/24/2011 6:04:17 PM | Computer Name = D3T0R661 | Source = JavaQuickStarterService | ID = 1
Description =

Error - 10/25/2011 10:26:13 AM | Computer Name = D3T0R661 | Source = JavaQuickStarterService | ID = 1
Description =

[ System Events ]
Error - 10/25/2011 10:55:58 AM | Computer Name = D3T0R661 | Source = Service Control Manager | ID = 7001
Description = The Wireless Zero Configuration service depends on the NDIS Usermode
I/O Protocol service which failed to start because of the following error: %%1058

Error - 10/25/2011 10:55:58 AM | Computer Name = D3T0R661 | Source = Service Control Manager | ID = 7000
Description = The bsaspi32 service failed to start due to the following error: %%2

Error - 10/25/2011 10:55:58 AM | Computer Name = D3T0R661 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Apple Mobile Device service
to connect.

Error - 10/25/2011 10:55:58 AM | Computer Name = D3T0R661 | Source = Service Control Manager | ID = 7000
Description = The Apple Mobile Device service failed to start due to the following
error: %%1053

Error - 10/25/2011 10:55:58 AM | Computer Name = D3T0R661 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Bonjour Service service
to connect.

Error - 10/25/2011 10:55:58 AM | Computer Name = D3T0R661 | Source = Service Control Manager | ID = 7000
Description = The Bonjour Service service failed to start due to the following error:
%%1053

Error - 10/25/2011 10:55:58 AM | Computer Name = D3T0R661 | Source = Service Control Manager | ID = 7000
Description = The RPC Security service failed to start due to the following error:
%%2

Error - 10/25/2011 10:56:41 AM | Computer Name = D3T0R661 | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the service.

Error - 10/25/2011 10:57:11 AM | Computer Name = D3T0R661 | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the JavaQuickStarterService service.

Error - 10/25/2011 3:52:24 PM | Computer Name = D3T0R661 | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume C:.


< End of report >
  • 0

#13
Essexboy
Posted 25 October 2011 - 02:30 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Looks like there may be some dirty sectors on the disc

Dakeyras has a nice little tutorial on it here

THEN

Download RogueKiller to your desktop

  • Quit all running programs
  • For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
  • When prompted, type 6 and validate
  • The RKreport.txt shall be generated next to the executable.
  • If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe
Please post the contents of the RKreport.txt in your next Reply.

Continuing

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    SRV - File not found [Auto | Stopped] -- -- (winsocket)
    SRV - File not found [Auto | Stopped] -- -- (RPC Security)
    O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
    O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
    O3 - HKU\S-1-5-21-536494136-2410558530-2963846775-1007.bak\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
    O3 - HKU\S-1-5-21-536494136-2410558530-2963846775-1007.bak\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
    O4 - HKU\S-1-5-21-536494136-2410558530-2963846775-1007.bak..\Run: [irassync] C:\WINDOWS\system32\irasyncd.exe File not found
    O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
    [2011/10/13 20:26:30 | 000,302,592 | ---- | M] () -- C:\sbruso00.exe


    :Files
    ipconfig /flushdns /c
    xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C
    xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C
    xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C
    xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C

    :Commands
    [purity]
    [resethosts]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0

#14
princessmimi
Posted 26 October 2011 - 08:57 AM

princessmimi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts
After the Chksk (3 1/2 hours' worth), the desktop icons/system tray returned and everything seemed to be running perfectly. RogueKiller worked without any problems. However, after Rogue killer, I'm getting two .ini (in the form of text files) messages upon startup. They both read:
[.ShellClassInfo]
LocalizedResourceName=@%SystemRoot%\system32\shell32.dll,-21787

OTL hasn't gotten rid of the message, although the time it takes to startup isn't so long anymore (before the Chkdsk, it took a good 5 minutes for the welcome screen to show up)

Nonetheless, here's the RogueKiller log:

RogueKiller V6.1.4 [10/22/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-to...-Remontees.html
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Mimi II [Admin rights]
Mode: Shortcuts HJfix -- Date : 10/25/2011 20:56:23

Bad processes: 0

Driver: [LOADED]

File attributes restored:
Desktop: Success 0 / Fail 0
Quick launch: Success 1 / Fail 0
Programs: Success 24 / Fail 0
Start menu: Success 17 / Fail 0
User folder: Success 2355 / Fail 0
My documents: Success 188 / Fail 0
My favorites: Success 0 / Fail 0
My pictures: Success 0 / Fail 0
My music: Success 0 / Fail 0
My videos: Success 0 / Fail 0
Local drives: Success 1366 / Fail 0
Backup: [NOT FOUND]

Drives:
[C:] \Device\HarddiskVolume2 -- 0x3 --> Restored
[D:] \Device\CdRom0 -- 0x5 --> Skipped
[E:] \Device\CdRom1 -- 0x5 --> Skipped

Finished : << RKreport[1].txt >>
RKreport[1].txt
  • 0

#15
princessmimi
Posted 26 October 2011 - 08:58 AM

princessmimi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts
OTL log:

OTL logfile created on: 10/26/2011 10:34:06 AM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Mimi II\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.07 Mb Total Physical Memory | 370.63 Mb Available Physical Memory | 36.26% Memory free
2.40 Gb Paging File | 1.82 Gb Available in Paging File | 75.90% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.68 Gb Total Space | 8.49 Gb Free Space | 11.84% Space Free | Partition Type: NTFS

Computer Name: D3T0R661 | User Name: Mimi II | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/26 10:12:49 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
PRC - [2011/10/25 15:49:48 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mimi II\Desktop\OTL.exe
PRC - [2011/10/25 11:04:57 | 002,078,048 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2011/10/18 16:47:54 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2011/10/18 16:47:54 | 000,621,920 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2011/10/18 16:47:52 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2011/10/18 16:47:49 | 000,725,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2011/10/18 16:46:56 | 000,842,592 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgam.exe
PRC - [2011/10/18 16:46:54 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2011/10/18 16:46:14 | 000,596,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011/10/18 16:46:13 | 005,897,808 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2011/05/21 16:46:58 | 000,273,544 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2011/03/21 14:56:16 | 001,230,704 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2009/09/14 11:07:30 | 000,472,112 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Pure Networks\Network Magic\nmapp.exe
PRC - [2009/07/07 14:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/11/06 11:08:10 | 000,397,312 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe
PRC - [2006/09/29 11:55:14 | 000,057,344 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe
PRC - [2004/02/25 10:04:16 | 001,123,440 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
PRC - [2001/11/27 09:10:00 | 000,106,560 | ---- | M] (WinZip Computing, Inc.) -- C:\Program Files\WinZip\WZQKPICK.EXE


========== Modules (No Company Name) ==========

MOD - [2011/10/18 16:46:12 | 000,077,824 | ---- | M] () -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\boost_log-vc71-mt-1_32.dll
MOD - [2011/10/18 16:46:12 | 000,057,344 | ---- | M] () -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\boost_thread-vc71-mt-1_32.dll
MOD - [2011/10/13 19:32:06 | 000,771,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\36bf3d5f05a40c9e3cadca5789c8a469\System.Runtime.Remoting.ni.dll
MOD - [2011/10/13 19:31:56 | 011,800,576 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\60df958ca96c9b8945f836759b6abd34\System.Web.ni.dll
MOD - [2011/10/13 11:14:27 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\bce0720436dc6cb76006377f295ea365\System.Configuration.ni.dll
MOD - [2011/10/13 11:13:28 | 000,025,600 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\d86a3346c3d90ff12d0df9d7726f3ece\Accessibility.ni.dll
MOD - [2011/10/13 11:12:03 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\70cacc44f0b4257f6037eda7a59a0aeb\System.Xml.ni.dll
MOD - [2011/10/13 11:11:55 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\71a2ae9ad561a62181cbd9fb11e9de7a\System.Windows.Forms.ni.dll
MOD - [2011/10/13 11:11:37 | 001,587,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\c10bea3c4bb7ef654651141bf9419090\System.Drawing.ni.dll
MOD - [2011/10/13 11:08:33 | 007,950,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll
MOD - [2011/10/13 11:08:06 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
MOD - [2011/07/06 19:01:53 | 000,011,776 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.HydraVision.Runtime\2.0.3693.42552__90ba9c70f846762e\CLI.Caste.HydraVision.Runtime.dll
MOD - [2011/07/06 19:01:53 | 000,008,704 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.HydraVision.Shared\2.0.3693.42552__90ba9c70f846762e\CLI.Caste.HydraVision.Shared.dll
MOD - [2011/07/06 19:01:53 | 000,007,680 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.HydraVision.Wizard\2.0.3693.42556__90ba9c70f846762e\CLI.Caste.HydraVision.Wizard.dll
MOD - [2011/07/06 19:01:53 | 000,007,680 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.HydraVision.Dashboard\2.0.3693.42552__90ba9c70f846762e\CLI.Caste.HydraVision.Dashboard.dll
MOD - [2011/07/06 19:01:52 | 000,290,816 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3693.42442__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll
MOD - [2011/07/06 19:01:52 | 000,204,800 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3693.42461__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll
MOD - [2011/07/06 19:01:52 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3693.42456__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll
MOD - [2011/07/06 19:01:52 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3693.42451__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll
MOD - [2011/07/06 19:01:51 | 001,728,512 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3693.42460__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll
MOD - [2011/07/06 19:01:51 | 000,692,224 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Wizard\2.0.3693.42508__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Wizard.dll
MOD - [2011/07/06 19:01:51 | 000,491,520 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3693.42537__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll
MOD - [2011/07/06 19:01:51 | 000,364,544 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Wizard\2.0.3693.42522__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Wizard.dll
MOD - [2011/07/06 19:01:51 | 000,077,824 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3693.42517__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll
MOD - [2011/07/06 19:01:51 | 000,069,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3693.42499__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll
MOD - [2011/07/06 19:01:51 | 000,036,864 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3693.42486__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll
MOD - [2011/07/06 19:01:50 | 000,139,264 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3693.42537__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll
MOD - [2011/07/06 19:01:50 | 000,106,496 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Dashboard\2.0.3693.42461__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Dashboard.dll
MOD - [2011/07/06 19:01:50 | 000,073,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3693.42450__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll
MOD - [2011/07/06 19:01:49 | 000,364,544 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3693.42504__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll
MOD - [2011/07/06 19:01:49 | 000,094,208 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3693.42504__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll
MOD - [2011/07/06 19:01:49 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Runtime\2.0.3693.42460__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Runtime.dll
MOD - [2011/07/06 19:01:48 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3693.42503__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll
MOD - [2011/07/06 19:01:45 | 000,811,008 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3693.42488__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll
MOD - [2011/07/06 19:01:45 | 000,405,504 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3693.42512__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll
MOD - [2011/07/06 19:01:45 | 000,081,920 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3693.42487__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll
MOD - [2011/07/06 19:01:44 | 000,712,704 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3693.42452__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll
MOD - [2011/07/06 19:01:44 | 000,589,824 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3693.42462__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll
MOD - [2011/07/06 19:01:44 | 000,225,280 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3693.42462__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll
MOD - [2011/07/06 19:01:44 | 000,126,976 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3693.42496__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll
MOD - [2011/07/06 19:01:44 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3693.42466__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll
MOD - [2011/07/06 19:01:44 | 000,036,864 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3693.42496__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll
MOD - [2011/07/06 19:01:43 | 000,798,720 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Dashboard\2.0.3693.42518__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Dashboard.dll
MOD - [2011/07/06 19:01:43 | 000,450,560 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3693.42482__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll
MOD - [2011/07/06 19:01:43 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3693.42497__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll
MOD - [2011/07/06 19:01:42 | 000,675,840 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Dashboard\2.0.3693.42500__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Dashboard.dll
MOD - [2011/07/06 19:01:42 | 000,438,272 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3693.42487__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll
MOD - [2011/07/06 19:01:42 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3693.42486__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll
MOD - [2011/07/06 19:01:42 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3693.42487__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll
MOD - [2011/07/06 19:01:41 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3309.28617__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll
MOD - [2011/07/06 19:01:41 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3309.28608__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll
MOD - [2011/07/06 19:01:41 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3309.28629__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll
MOD - [2011/07/06 19:01:41 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3309.28645__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll
MOD - [2011/07/06 19:01:41 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3309.28647__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll
MOD - [2011/07/06 19:01:41 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3309.28627__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll
MOD - [2011/07/06 19:01:41 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3309.28647__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll
MOD - [2011/07/06 19:01:40 | 000,007,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll
MOD - [2011/07/06 19:01:39 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation\2.0.3309.28601__90ba9c70f846762e\LOG.Foundation.dll
MOD - [2011/07/06 19:01:39 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3309.28603__90ba9c70f846762e\NEWAEM.Foundation.dll
MOD - [2011/07/06 19:01:39 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.OS.I0602\2.0.3309.28630__90ba9c70f846762e\DEM.OS.I0602.dll
MOD - [2011/07/06 19:01:39 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\MOM.Foundation\2.0.3309.28626__90ba9c70f846762e\MOM.Foundation.dll
MOD - [2011/07/06 19:01:39 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.OS\2.0.3309.28645__90ba9c70f846762e\DEM.OS.dll
MOD - [2011/07/06 19:01:39 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll
MOD - [2011/07/06 19:01:38 | 000,073,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation\2.0.3309.28604__90ba9c70f846762e\CLI.Foundation.dll
MOD - [2011/07/06 19:01:38 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll
MOD - [2011/07/06 19:01:38 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3309.28669__90ba9c70f846762e\CLI.Foundation.XManifest.dll
MOD - [2011/07/06 19:01:38 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3309.28620__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll
MOD - [2011/07/06 19:01:38 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3309.28617__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll
MOD - [2011/07/06 19:01:38 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3309.28611__90ba9c70f846762e\CLI.Component.Client.Shared.dll
MOD - [2011/07/06 19:01:38 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics\2.0.3309.28630__90ba9c70f846762e\DEM.Graphics.dll
MOD - [2011/07/06 19:01:38 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll
MOD - [2011/07/06 19:01:38 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3309.28617__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll
MOD - [2011/07/06 19:01:37 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3309.28618__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll
MOD - [2011/07/06 19:01:37 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Shared\2.0.3309.28631__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Shared.dll
MOD - [2011/07/06 19:01:37 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3309.28631__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll
MOD - [2011/07/06 19:01:37 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3309.28630__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll
MOD - [2011/07/06 19:01:36 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3309.28644__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll
MOD - [2011/07/06 19:01:35 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3309.28636__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll
MOD - [2011/07/06 19:01:33 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3309.28636__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll
MOD - [2011/07/06 19:01:33 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3309.28634__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll
MOD - [2011/07/06 19:01:33 | 000,049,152 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3309.28634__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll
MOD - [2011/07/06 19:01:33 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3309.28636__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll
MOD - [2011/07/06 19:01:33 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3309.28624__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll
MOD - [2011/07/06 19:01:33 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3309.28632__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll
MOD - [2011/07/06 19:01:33 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3309.28630__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll
MOD - [2011/07/06 19:01:33 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3309.28635__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll
MOD - [2011/07/06 19:01:33 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3309.28630__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll
MOD - [2011/07/06 19:01:32 | 000,503,808 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ResourceManagement.Foundation.Implementation\2.0.3693.42564__90ba9c70f846762e\ResourceManagement.Foundation.Implementation.dll
MOD - [2011/07/06 19:01:32 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3309.28634__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll
MOD - [2011/07/06 19:01:32 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3693.42545__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll
MOD - [2011/07/06 19:01:32 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3309.28627__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll
MOD - [2011/07/06 19:01:32 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll
MOD - [2011/07/06 19:01:32 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\APM.Foundation\2.0.3309.28626__90ba9c70f846762e\APM.Foundation.dll
MOD - [2011/07/06 19:01:32 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3309.28617__90ba9c70f846762e\AEM.Server.Shared.dll
MOD - [2011/07/06 19:01:31 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3309.28612__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll
MOD - [2011/07/06 19:01:31 | 000,014,848 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll
MOD - [2011/07/06 19:01:31 | 000,013,312 | ---- | M] () -- C:\WINDOWS\assembly\GAC\Interop.WBOCXLib\1.0.0.0__90ba9c70f846762e\Interop.WBOCXLib.dll
MOD - [2011/07/06 19:01:31 | 000,007,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3693.42437__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll
MOD - [2011/07/06 19:01:30 | 000,544,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3693.42525__90ba9c70f846762e\CLI.Component.Systemtray.dll
MOD - [2011/07/06 19:01:30 | 000,405,504 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3693.42455__90ba9c70f846762e\CLI.Component.Wizard.dll
MOD - [2011/07/06 19:01:30 | 000,106,496 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\MOM.Implementation\2.0.3693.42531__90ba9c70f846762e\MOM.Implementation.dll
MOD - [2011/07/06 19:01:30 | 000,081,920 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3693.42440__90ba9c70f846762e\CLI.Component.Runtime.dll
MOD - [2011/07/06 19:01:30 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3693.42530__90ba9c70f846762e\LOG.Foundation.Implementation.dll
MOD - [2011/07/06 19:01:30 | 000,057,344 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3693.42441__90ba9c70f846762e\CLI.Component.SkinFactory.dll
MOD - [2011/07/06 19:01:30 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3309.28628__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll
MOD - [2011/07/06 19:01:30 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3309.28608__90ba9c70f846762e\CLI.Foundation.Private.dll
MOD - [2011/07/06 19:01:30 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3309.28614__90ba9c70f846762e\LOG.Foundation.Private.dll
MOD - [2011/07/06 19:01:30 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3309.28627__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll
MOD - [2011/07/06 19:01:30 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3309.28626__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll
MOD - [2011/07/06 19:01:28 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3309.28624__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll
MOD - [2011/07/06 19:01:26 | 001,142,784 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3693.42446__90ba9c70f846762e\CLI.Component.Dashboard.dll
MOD - [2011/07/06 19:01:25 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3309.28621__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll
MOD - [2011/07/06 19:01:25 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3309.28637__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll
MOD - [2011/07/06 19:01:24 | 000,081,920 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ATIDEMOS\2.0.3693.42440__90ba9c70f846762e\ATIDEMOS.dll
MOD - [2011/07/06 19:01:24 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll
MOD - [2011/07/06 19:01:24 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CCC.Implementation\2.0.3693.42531__90ba9c70f846762e\CCC.Implementation.dll
MOD - [2011/07/06 19:01:23 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\APM.Server\2.0.3693.42439__90ba9c70f846762e\APM.Server.dll
MOD - [2011/07/06 19:01:23 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Server\2.0.3693.42438__90ba9c70f846762e\AEM.Server.dll
MOD - [2011/03/21 14:57:34 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/03/21 14:56:16 | 001,230,704 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2010/08/10 00:01:06 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2009/11/24 13:36:36 | 000,016,384 | R--- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll
MOD - [2009/07/13 17:37:04 | 000,152,112 | ---- | M] () -- C:\Program Files\Common Files\Pure Networks Shared\Platform\CAntiVirusCOM.dll
MOD - [2004/06/18 11:29:44 | 000,007,680 | ---- | M] () -- C:\Program Files\Dell Photo AIO Printer 922\dlbtmcro.dll
MOD - [2004/06/18 11:27:50 | 000,065,536 | ---- | M] () -- C:\Program Files\Dell Photo AIO Printer 922\JetScan.dll
MOD - [2004/06/18 11:26:42 | 000,065,536 | ---- | M] () -- C:\Program Files\Dell Photo AIO Printer 922\JetImage.dll
MOD - [2004/06/18 11:26:18 | 000,028,672 | ---- | M] () -- C:\Program Files\Dell Photo AIO Printer 922\JetPDF.dll
MOD - [2004/06/18 11:25:56 | 000,036,864 | ---- | M] () -- C:\Program Files\Dell Photo AIO Printer 922\JetFunc.dll
MOD - [2004/03/29 12:45:52 | 000,075,264 | ---- | M] () -- C:\WINDOWS\SYSTEM32\SPOOL\PRTPROCS\W32X86\DLBTPP5C.DLL
MOD - [2004/03/10 10:36:24 | 000,061,440 | ---- | M] () -- C:\Program Files\Dell Photo AIO Printer 922\ConvDIB.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/10/26 10:35:27 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2011/10/18 16:46:54 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2011/10/18 16:46:13 | 005,897,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2008/04/13 20:12:02 | 000,105,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\p2pgasvc.dll -- (p2pgasvc)
SRV - [2008/04/13 20:11:55 | 000,035,328 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SYSTEM32\iprip.dll -- (Iprip)
SRV - [2007/03/07 15:47:46 | 000,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2004/03/16 16:33:24 | 000,421,888 | ---- | M] (Dell) [On_Demand | Stopped] -- C:\WINDOWS\System32\dlbtcoms.exe -- (dlbt_device)
SRV - [2004/02/25 10:04:16 | 001,123,440 | ---- | M] (America Online, Inc.) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -- (AOL ACS)


========== Driver Services (SafeList) ==========

DRV - [2011/10/18 16:52:24 | 000,029,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\avgmfx86.sys -- (AvgMfx86)
DRV - [2011/10/18 16:49:10 | 000,052,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\System32\Drivers\avgrkx86.sys -- (AvgRkx86)
DRV - [2011/10/18 16:49:10 | 000,025,168 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\AVGIDSxx.sys -- (AVGIDSErHrxpx)
DRV - [2011/10/18 16:49:09 | 000,243,152 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\avgtdix.sys -- (AvgTdiX)
DRV - [2011/10/18 16:48:58 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\avgldx86.sys -- (AvgLdx86)
DRV - [2011/10/18 16:46:16 | 000,122,448 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys -- (AVGIDSDriverxpx)
DRV - [2011/10/18 16:46:16 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys -- (AVGIDSFilterxpx)
DRV - [2011/10/18 16:46:15 | 000,026,192 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys -- (AVGIDSShimxpx)
DRV - [2010/02/11 08:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\tcpip6.sys -- (Tcpip6)
DRV - [2010/02/11 03:38:10 | 003,565,056 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ati2mtag.sys -- (ati2mtag)
DRV - [2010/01/01 14:07:51 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\atksgt.sys -- (atksgt)
DRV - [2010/01/01 14:07:50 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\lirsgt.sys -- (lirsgt)
DRV - [2009/07/07 14:48:44 | 000,026,672 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\purendis.sys -- (purendis)
DRV - [2009/07/07 14:48:44 | 000,025,392 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\pnarp.sys -- (pnarp)
DRV - [2008/06/27 12:09:32 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2007/08/01 22:47:26 | 000,102,664 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\tmcomm.sys -- (tmcomm)
DRV - [2007/02/25 12:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\dsunidrv.sys -- (dsunidrv)
DRV - [2006/10/05 16:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2006/09/05 12:03:16 | 000,003,968 | ---- | M] (GRISOFT, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\AvgAsCln.sys -- (AvgAsCln)
DRV - [2005/11/21 01:48:21 | 000,016,512 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ASPI32.SYS -- (ASPI32)
DRV - [2004/06/16 00:52:40 | 000,061,157 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC53.sys -- (IntelC53)
DRV - [2004/03/06 00:15:34 | 000,647,929 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC52.sys -- (IntelC52)
DRV - [2004/03/06 00:14:42 | 001,233,525 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC51.sys -- (IntelC51)
DRV - [2004/03/06 00:13:38 | 000,037,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mohfilt.sys -- (mohfilt)
DRV - [2003/08/28 20:58:40 | 000,004,272 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\bvrp_pci.sys -- (bvrp_pci)
DRV - [2003/06/13 10:53:06 | 000,015,232 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdrbsvsd.sys -- (cdrbsvsd)
DRV - [2003/01/10 18:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2002/11/08 15:45:06 | 000,017,217 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.hotmail.com"

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.647: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.647: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/05/21 16:47:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2011/10/18 16:55:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/23 00:28:29 | 000,134,104 | ---- | M] (Mozilla Foundation)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/28 12:06:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Netscape 7.2\Extensions\\Components: C:\Program Files\Netscape\Netscape\Components [2011/07/27 18:16:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Netscape 7.2\Extensions\\Plugins: C:\Program Files\Netscape\Netscape\Plugins [2011/07/01 10:28:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Netscape Navigator 9.0.0.6\extensions\\Components: C:\Program Files\Netscape\Navigator 9\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Netscape Navigator 9.0.0.6\extensions\\Plugins: C:\Program Files\Netscape\Navigator 9\plugins [2011/03/08 19:33:17 | 000,000,000 | ---D | M]

[2011/10/14 11:45:08 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mimi II\Application Data\Mozilla\Extensions
[2011/09/28 12:06:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/10 18:17:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/10/11 18:08:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/12/14 11:33:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/01/11 11:27:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/03/11 11:24:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/07/10 18:19:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2009/04/17 10:22:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\FirefoxPortable\App\Firefox\extensions
[2011/09/28 12:02:19 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\FirefoxPortable\App\Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2011/10/25 14:08:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\FirefoxPortable\Data\profile\extensions
[2010/07/13 11:27:20 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Program Files\Mozilla Firefox\FirefoxPortable\Data\profile\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/12/30 21:38:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\FirefoxPortable\Data\profile\extensions\{b80f591e-fe9a-46cf-a13e-180377240586}
[2010/11/17 19:05:10 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Program Files\Mozilla Firefox\FirefoxPortable\Data\profile\extensions\[email protected]
[2011/10/12 19:12:29 | 000,000,000 | ---D | M] (Canadian English Dictionary) -- C:\Program Files\Mozilla Firefox\FirefoxPortable\Data\profile\extensions\[email protected]
[2010/12/30 21:38:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\FirefoxPortable\Data\profile\extensions\[email protected]
[2011/03/04 11:10:35 | 000,000,000 | ---D | M] (Suomen kielen oikoluku) -- C:\Program Files\Mozilla Firefox\FirefoxPortable\Data\profile\extensions\[email protected]
[2011/10/12 11:30:57 | 000,000,000 | ---D | M] (Dictionnaire français «Moderne») -- C:\Program Files\Mozilla Firefox\FirefoxPortable\Data\profile\extensions\[email protected]
[2011/04/28 20:47:12 | 000,000,000 | ---D | M] (Icelandic Dictionary) -- C:\Program Files\Mozilla Firefox\FirefoxPortable\Data\profile\extensions\[email protected]
[2011/04/28 20:47:11 | 000,000,000 | ---D | M] (Dizionario italiano) -- C:\Program Files\Mozilla Firefox\FirefoxPortable\Data\profile\extensions\[email protected]
[2011/06/28 21:08:22 | 000,000,000 | ---D | M] (Norsk bokmĂ¥l ordliste) -- C:\Program Files\Mozilla Firefox\FirefoxPortable\Data\profile\extensions\[email protected]
[2011/07/01 11:16:54 | 000,000,000 | ---D | M] (Polski slownik poprawnej pisowni) -- C:\Program Files\Mozilla Firefox\FirefoxPortable\Data\profile\extensions\[email protected]
[2010/09/15 18:05:52 | 000,000,000 | ---D | M] (Russian spellchecking dictionary) -- C:\Program Files\Mozilla Firefox\FirefoxPortable\Data\profile\extensions\[email protected]
[2011/07/01 11:16:54 | 000,000,000 | ---D | M] (Svensk ordlista) -- C:\Program Files\Mozilla Firefox\FirefoxPortable\Data\profile\extensions\[email protected]
[2010/04/10 18:17:39 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2009/09/01 18:07:07 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/09/22 21:16:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/10/26 10:27:22 | 000,000,098 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\SYSTEM32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CTCheck] C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [nmapp] C:\Program Files\Pure Networks\Network Magic\nmapp.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe (America Online, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\LUMIX Simple Viewer.lnk = C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe (Matsushita Electric Industrial Co., Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoMovingBands = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCloseDragDropBands = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoToolbarsOnTaskbar = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmat...enWebRadio.html File not found
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Mimi II\Start Menu\Programs\IMVU\Run IMVU.lnk File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} http://housecall65.t...ivex/hcImpl.cab (Trend Micro ActiveX Scan Agent 6.6)
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} http://dl.tvunetworks.com/TVUAx.cab (CTVUAxCtrl Object)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail....es/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C7DEDA04-2FFF-4B81-AE66-0A0E0EF4AD2F} http://cameracanadap...PUploader57.cab (Image Uploader Control)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: Microsoft XML Parser for Java Reg Error: Value error. (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{08B6E02A-BBEA-450C-A110-EED00DD6157E}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\SYSTEM32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\avgrsstarter: DllName - (avgrsstx.dll) - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop WallPaper: C:\Documents and Settings\Mimi II\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Mimi II\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/10/26 10:26:12 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/10/25 20:51:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mimi II\Desktop\RK_Quarantine
[2011/10/25 15:49:47 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Mimi II\Desktop\OTL.exe
[2011/10/25 10:43:21 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/10/24 18:52:58 | 000,000,000 | --SD | C] -- C:\RECYCLER(2)
[2011/10/24 15:59:38 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/10/24 10:59:33 | 000,000,000 | ---D | C] -- C:\Program Files\Mam
[2011/10/18 16:49:10 | 000,025,168 | ---- | C] (AVG Technologies CZ, s.r.o. ) -- C:\WINDOWS\System32\drivers\AVGIDSxx.sys
[2011/10/18 16:49:10 | 000,012,536 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2011/10/18 16:49:09 | 000,052,872 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgrkx86.sys
[2011/10/18 16:49:07 | 000,243,152 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2011/10/18 16:48:57 | 000,216,400 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2011/10/18 16:48:55 | 000,029,712 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2011/10/18 16:48:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
[2011/10/18 16:00:21 | 000,000,000 | R-SD | C] -- C:\cmdcons
[2011/10/01 19:14:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/09/26 11:44:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NCH Software
[2011/09/26 11:44:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mimi II\Application Data\NCH Software
[2008/05/28 10:22:26 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Mimi II\Application Data\pcouffin.sys
[1980/01/01 02:00:00 | 000,151,552 | ---- | C] ( ) -- C:\WINDOWS\System32\ATIDEMGR.dll

========== Files - Modified Within 30 Days ==========

[2011/10/26 10:31:57 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-536494136-2410558530-2963846775-1008.job
[2011/10/26 10:31:45 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2011/10/26 10:31:43 | 1071,796,224 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/26 10:27:22 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\Hosts
[2011/10/26 10:21:41 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Mimi II\Local Settings\Application Data\prvlcl.dat
[2011/10/26 10:20:04 | 087,845,350 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2011/10/25 16:55:00 | 000,719,360 | ---- | M] () -- C:\Documents and Settings\Mimi II\Desktop\RogueKiller.exe
[2011/10/25 15:49:48 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mimi II\Desktop\OTL.exe
[2011/10/25 10:56:28 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2011/10/24 13:47:41 | 007,026,547 | ---- | M] () -- C:\Documents and Settings\Mimi II\My Documents\mapleville-1.psd
[2011/10/21 20:13:11 | 000,000,290 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-536494136-2410558530-2963846775-1008.job
[2011/10/21 11:15:41 | 000,397,552 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/10/20 13:47:17 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/10/18 18:07:50 | 000,000,956 | ---- | M] () -- C:\Documents and Settings\Mimi II\Desktop\Internet Explorer.lnk
[2011/10/18 18:06:28 | 000,001,499 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 9.0.lnk
[2011/10/18 16:52:24 | 000,029,712 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2011/10/18 16:49:12 | 000,012,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2011/10/18 16:49:10 | 000,052,872 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgrkx86.sys
[2011/10/18 16:49:10 | 000,025,168 | ---- | M] (AVG Technologies CZ, s.r.o. ) -- C:\WINDOWS\System32\drivers\AVGIDSxx.sys
[2011/10/18 16:49:09 | 000,243,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2011/10/18 16:48:58 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2011/10/18 16:48:55 | 000,113,461 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2011/10/18 16:00:25 | 000,000,327 | R-S- | M] () -- C:\BOOT.INI
[2011/10/18 11:05:48 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/10/16 22:54:11 | 000,000,986 | ---- | M] () -- C:\WINDOWS\dellstat.ini
[2011/10/15 18:00:32 | 000,014,198 | ---- | M] () -- C:\Documents and Settings\Mimi II\My Documents\fra.jpg
[2011/10/15 17:56:54 | 000,088,937 | ---- | M] () -- C:\Documents and Settings\Mimi II\My Documents\P1050761.jpg
[2011/10/15 17:56:17 | 000,106,359 | ---- | M] () -- C:\Documents and Settings\Mimi II\My Documents\P1050699.jpg
[2011/10/14 16:02:41 | 003,245,726 | ---- | M] () -- C:\Documents and Settings\Mimi II\My Documents\DSCF3212.jpg
[2011/10/14 16:02:24 | 003,943,057 | ---- | M] () -- C:\Documents and Settings\Mimi II\My Documents\DSCF3196.jpg
[2011/10/14 16:02:02 | 004,596,960 | ---- | M] () -- C:\Documents and Settings\Mimi II\My Documents\DSCF3110.jpg
[2011/10/14 16:01:48 | 004,469,231 | ---- | M] () -- C:\Documents and Settings\Mimi II\My Documents\DSCF3088.jpg
[2011/10/13 11:07:07 | 000,445,830 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2011/10/13 11:07:07 | 000,073,036 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[2011/10/12 17:02:58 | 000,316,170 | ---- | M] () -- C:\Documents and Settings\Mimi II\My Documents\_MG_8544.jpg
[2011/10/12 17:00:44 | 001,502,898 | ---- | M] () -- C:\Documents and Settings\Mimi II\My Documents\Henry_Burris_-_CFL_PHOTO_-_Peter_McCabe.jpg
[2011/10/04 19:33:39 | 000,014,998 | ---- | M] () -- C:\Documents and Settings\Mimi II\My Documents\DSCF2219.jpg
[2011/10/04 19:20:53 | 000,021,908 | ---- | M] () -- C:\Documents and Settings\Mimi II\My Documents\nor.jpg
[2011/09/28 12:10:02 | 000,001,776 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/09/28 12:06:48 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Mimi II\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/09/26 12:04:41 | 000,063,487 | ---- | M] () -- C:\Documents and Settings\Mimi II\My Documents\ss.jpg

========== Files Created - No Company Name ==========

[2011/10/25 16:54:59 | 000,719,360 | ---- | C] () -- C:\Documents and Settings\Mimi II\Desktop\RogueKiller.exe
[2011/10/18 18:07:32 | 000,000,956 | ---- | C] () -- C:\Documents and Settings\Mimi II\Desktop\Internet Explorer.lnk
[2011/10/18 16:49:13 | 000,001,499 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 9.0.lnk
[2011/10/18 16:48:55 | 000,113,461 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2011/10/18 16:48:34 | 087,845,350 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2011/10/18 16:00:25 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/10/18 16:00:23 | 000,260,272 | R-S- | C] () -- C:\cmldr
[2011/10/16 20:11:28 | 007,026,547 | ---- | C] () -- C:\Documents and Settings\Mimi II\My Documents\mapleville-1.psd
[2011/10/15 18:00:32 | 000,014,198 | ---- | C] () -- C:\Documents and Settings\Mimi II\My Documents\fra.jpg
[2011/10/15 17:56:53 | 000,088,937 | ---- | C] () -- C:\Documents and Settings\Mimi II\My Documents\P1050761.jpg
[2011/10/15 17:56:13 | 000,106,359 | ---- | C] () -- C:\Documents and Settings\Mimi II\My Documents\P1050699.jpg
[2011/10/12 17:02:57 | 000,316,170 | ---- | C] () -- C:\Documents and Settings\Mimi II\My Documents\_MG_8544.jpg
[2011/10/12 17:00:41 | 001,502,898 | ---- | C] () -- C:\Documents and Settings\Mimi II\My Documents\Henry_Burris_-_CFL_PHOTO_-_Peter_McCabe.jpg
[2011/10/04 19:30:12 | 000,014,998 | ---- | C] () -- C:\Documents and Settings\Mimi II\My Documents\DSCF2219.jpg
[2011/10/04 19:20:53 | 000,021,908 | ---- | C] () -- C:\Documents and Settings\Mimi II\My Documents\nor.jpg
[2011/09/30 11:09:40 | 003,245,726 | ---- | C] () -- C:\Documents and Settings\Mimi II\My Documents\DSCF3212.jpg
[2011/09/30 11:04:22 | 003,943,057 | ---- | C] () -- C:\Documents and Settings\Mimi II\My Documents\DSCF3196.jpg
[2011/09/30 10:20:20 | 004,596,960 | ---- | C] () -- C:\Documents and Settings\Mimi II\My Documents\DSCF3110.jpg
[2011/09/30 10:08:30 | 004,469,231 | ---- | C] () -- C:\Documents and Settings\Mimi II\My Documents\DSCF3088.jpg
[2011/09/28 12:06:47 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011/09/26 12:03:00 | 000,063,487 | ---- | C] () -- C:\Documents and Settings\Mimi II\My Documents\ss.jpg
[2011/07/06 19:09:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2011/07/06 18:58:54 | 000,593,920 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2011/02/27 15:50:22 | 000,000,003 | ---- | C] () -- C:\WINDOWS\treeskp.sys
[2011/02/27 15:50:22 | 000,000,003 | ---- | C] () -- C:\WINDOWS\sbacknt.bin
[2010/02/11 00:12:00 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2010/02/11 00:12:00 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2009/12/17 04:33:56 | 003,190,784 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2009/12/17 04:33:56 | 000,405,504 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2009/12/17 04:33:56 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\ff_libdts.dll
[2009/12/17 04:33:56 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll
[2009/12/17 04:33:56 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\ff_libmad.dll
[2009/12/17 04:33:56 | 000,097,280 | ---- | C] () -- C:\WINDOWS\System32\ff_realaac.dll
[2009/12/17 04:33:56 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ff_liba52.dll
[2009/12/17 04:33:56 | 000,038,400 | ---- | C] () -- C:\WINDOWS\System32\ff_unrar.dll
[2009/12/17 04:33:54 | 000,741,376 | ---- | C] () -- C:\WINDOWS\System32\audxlib.dll
[2009/12/17 04:33:54 | 000,662,016 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/12/17 04:33:54 | 000,511,488 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2009/12/17 04:33:54 | 000,245,760 | ---- | C] () -- C:\WINDOWS\System32\ff_libfaad2.dll
[2009/12/17 04:33:54 | 000,221,184 | ---- | C] () -- C:\WINDOWS\System32\ff_kernelDeint.dll
[2009/12/17 04:33:54 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2009/12/17 04:33:54 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\ff_samplerate.dll
[2009/12/17 04:33:54 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2009/12/17 04:33:54 | 000,079,872 | ---- | C] () -- C:\WINDOWS\System32\ff_tremor.dll
[2009/12/17 04:33:54 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2009/12/17 04:33:54 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/05/01 16:03:56 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Mimi II\Local Settings\Application Data\prvlcl.dat
[2009/04/23 18:29:16 | 000,189,051 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2009/04/16 11:24:06 | 008,892,928 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\atscie.msi
[2008/12/26 20:03:10 | 000,281,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2008/12/26 20:03:03 | 000,025,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2008/05/28 10:22:26 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Mimi II\Application Data\pcouffin.cat
[2008/05/28 10:22:26 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Mimi II\Application Data\pcouffin.inf
[2008/04/29 11:36:06 | 000,000,001 | ---- | C] () -- C:\WINDOWS\dedlat2.dll
[2008/01/30 17:10:46 | 000,274,432 | ---- | C] () -- C:\WINDOWS\System32\libcurl.dll
[2007/12/14 15:52:38 | 000,000,005 | ---- | C] () -- C:\WINDOWS\System32\SySVid.dat
[2007/12/14 15:51:39 | 000,003,082 | ---- | C] () -- C:\WINDOWS\System32\affv11300p4now.sys
[2007/12/13 15:15:14 | 000,000,206 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2007/12/05 18:06:04 | 000,000,335 | ---- | C] () -- C:\WINDOWS\mozregistry.dat
[2007/11/29 11:31:11 | 000,915,488 | --S- | C] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2007/11/29 11:31:11 | 000,058,144 | --S- | C] () -- C:\WINDOWS\System32\drivers\fidbox2.dat
[2007/11/17 19:53:56 | 000,001,578 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpowerAMP Mp4 Codec.dat
[2007/11/17 19:52:02 | 000,002,154 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpowerAMP Ogg Vorbis Codec.dat
[2007/11/17 19:51:08 | 000,002,467 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dMC mp3PRO (CLI) Encoder.dat
[2007/11/17 19:49:16 | 000,002,286 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpowerAMP Monkeys Audio Codec.dat
[2007/10/31 10:39:54 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\zlib1.dll
[2007/07/24 16:22:50 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2007/07/24 16:22:49 | 000,111,932 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2007/07/24 16:22:49 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2007/07/24 16:22:49 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2007/07/24 16:22:49 | 000,026,154 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2007/07/24 16:22:49 | 000,024,903 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2007/07/24 16:22:49 | 000,021,390 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2007/07/24 16:22:49 | 000,020,148 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2007/07/24 16:22:49 | 000,011,811 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2007/07/24 16:22:49 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2007/07/24 16:22:49 | 000,001,146 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_DU.dat
[2007/07/24 16:22:49 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2007/07/24 16:22:49 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2007/07/24 16:22:49 | 000,001,136 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2007/07/24 16:22:49 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2007/07/24 16:22:49 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2007/07/24 16:22:49 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_IT.dat
[2007/07/24 16:22:49 | 000,001,107 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_GE.dat
[2007/07/24 16:22:49 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2007/07/06 18:06:24 | 000,001,160 | ---- | C] () -- C:\WINDOWS\ARCHPR.INI
[2007/06/07 18:20:02 | 000,003,452 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpowerAMP Musepack Codec.dat
[2007/06/01 15:17:27 | 000,000,227 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2007/06/01 15:17:21 | 000,045,568 | ---- | C] () -- C:\WINDOWS\UniFish3.exe
[2007/05/17 13:58:10 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\libexpatw.dll
[2007/03/28 15:25:37 | 000,000,050 | ---- | C] () -- C:\WINDOWS\MegaManager.INI
[2007/03/22 16:47:35 | 000,046,344 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.EXE
[2007/02/20 18:14:20 | 000,194,133 | ---- | C] () -- C:\WINDOWS\patcher.exe
[2007/02/05 21:34:05 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\MP2enc.dll
[2007/01/19 12:34:39 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2007/01/19 12:34:39 | 000,000,341 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll
[2007/01/19 12:33:58 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll
[2007/01/19 12:33:58 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll
[2007/01/19 12:33:58 | 000,000,073 | ---- | C] () -- C:\WINDOWS\System32\ssprs.dll
[2007/01/19 12:33:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\nsprs.dll
[2006/11/20 12:04:59 | 000,014,848 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2006/11/06 15:30:38 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2006/06/18 19:47:49 | 000,161,280 | ---- | C] () -- C:\Documents and Settings\Mimi II\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/06/18 19:47:49 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\Mimi II\Local Settings\Application Data\fusioncache.dat
[2006/06/17 13:32:06 | 001,019,094 | R-S- | C] () -- C:\Program Files\serial.zip
[2006/06/17 13:32:06 | 001,019,094 | R-S- | C] () -- C:\Program Files\serial.tde
[2006/05/28 12:45:47 | 000,397,306 | R-S- | C] () -- C:\Program Files\wunauclt.zip
[2006/05/28 12:45:47 | 000,397,306 | R-S- | C] () -- C:\Program Files\wunauclt.tbe
[2006/05/01 19:19:24 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2006/04/15 10:38:42 | 000,001,067 | ---- | C] () -- C:\WINDOWS\ARPR.INI
[2006/02/11 21:14:57 | 000,000,004 | ---- | C] () -- C:\WINDOWS\System32\micr0st.dll
[2006/02/11 21:01:13 | 000,000,067 | ---- | C] () -- C:\WINDOWS\A1 DVD Ripper.INI
[2006/01/13 18:28:11 | 000,001,757 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2005/12/07 10:56:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\TempName.dll
[2005/12/06 21:05:32 | 000,000,072 | ---- | C] () -- C:\WINDOWS\System32\drivers\netfltConfig.dat
[2005/11/24 17:46:19 | 000,370,000 | R-S- | C] () -- C:\WINDOWS\aiiaacc.exe
[2005/11/24 17:46:19 | 000,000,007 | ---- | C] () -- C:\WINDOWS\wocnm.dat
[2005/11/24 17:46:19 | 000,000,001 | ---- | C] () -- C:\WINDOWS\isf.dat
[2005/11/01 13:51:23 | 000,001,290 | ---- | C] () -- C:\WINDOWS\AZPR3.INI
[2005/10/01 18:01:50 | 000,000,066 | ---- | C] () -- C:\WINDOWS\Aurora Video VCD_SVCD_DVD Creator.INI
[2005/10/01 17:33:25 | 000,000,067 | ---- | C] () -- C:\WINDOWS\VideoConvert.INI
[2005/10/01 17:31:01 | 000,000,066 | ---- | C] () -- C:\WINDOWS\#1 Video Converter.INI
[2005/09/11 18:06:16 | 000,000,287 | ---- | C] () -- C:\WINDOWS\EReg072.dat
[2005/06/22 21:37:51 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\FileOps.exe
[2005/05/13 12:41:24 | 000,167,424 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall.exe
[2005/05/13 12:14:11 | 000,000,005 | ---- | C] () -- C:\WINDOWS\System32\wincon.dat
[2005/03/10 14:40:28 | 000,000,339 | ---- | C] () -- C:\WINDOWS\ULEAD32.INI
[2005/03/07 12:25:55 | 000,099,965 | ---- | C] () -- C:\WINDOWS\UninstallFirefox.exe
[2005/03/02 18:36:38 | 000,105,168 | ---- | C] () -- C:\WINDOWS\NSUninst.exe
[2005/03/02 18:36:18 | 000,105,168 | ---- | C] () -- C:\WINDOWS\GREUninstall.exe
[2005/03/02 18:36:16 | 000,013,605 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2005/03/01 21:58:36 | 000,004,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\bvrp_pci.sys
[2005/02/27 10:56:58 | 000,000,819 | ---- | C] () -- C:\WINDOWS\jamkeys.ini
[2005/02/27 10:56:58 | 000,000,024 | ---- | C] () -- C:\WINDOWS\jam.ini
[2005/02/27 10:56:46 | 000,000,055 | ---- | C] () -- C:\WINDOWS\mediachk.ini
[2005/02/27 10:56:46 | 000,000,040 | ---- | C] () -- C:\WINDOWS\sndcheck.ini
[2005/02/27 10:56:42 | 000,025,440 | ---- | C] () -- C:\WINDOWS\VUNINSTL.DLL
[2005/02/27 10:56:38 | 000,304,128 | ---- | C] () -- C:\WINDOWS\VUNINSTL.EXE
[2005/02/27 10:55:33 | 000,000,395 | ---- | C] () -- C:\WINDOWS\VUNINSTL.INI
[2005/02/14 13:53:19 | 000,000,402 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2005/01/12 14:17:03 | 000,000,338 | ---- | C] () -- C:\WINDOWS\fontssg.ini
[2005/01/12 14:17:03 | 000,000,097 | ---- | C] () -- C:\WINDOWS\LMICD.INI
[2005/01/04 12:30:46 | 000,059,419 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2005/01/01 14:11:10 | 000,000,644 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2004/12/29 14:30:34 | 000,001,125 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2004/12/29 13:56:55 | 000,000,986 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2004/12/29 13:55:59 | 000,143,360 | R--- | C] () -- C:\WINDOWS\System32\dlbtcoin.dll
[2004/12/29 13:55:59 | 000,126,976 | R--- | C] () -- C:\WINDOWS\System32\dlbtsnls.dll
[2004/12/29 13:55:43 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlbtvs.dll
[2004/12/29 13:55:42 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\dlbtih.exe
[2004/12/29 13:55:39 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\dlbtcur.dll
[2004/12/29 13:55:39 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\dlbtcu.dll
[2004/12/29 13:55:34 | 000,557,056 | ---- | C] () -- C:\WINDOWS\System32\dlbtjswr.dll
[2004/12/29 13:55:26 | 000,401,408 | ---- | C] () -- C:\WINDOWS\System32\dlbtutil.dll
[2004/12/29 13:25:06 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2004/12/03 19:59:44 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/12/03 19:57:05 | 000,000,324 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2004/12/03 19:52:41 | 000,000,590 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/12/03 19:50:14 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2004/12/03 19:41:36 | 000,002,048 | --S- | C] () -- C:\WINDOWS\BOOTSTAT.DAT
[2004/12/03 19:40:54 | 000,445,830 | ---- | C] () -- C:\WINDOWS\System32\PERFH009.DAT
[2004/12/03 19:40:54 | 000,073,036 | ---- | C] () -- C:\WINDOWS\System32\PERFC009.DAT
[2004/12/03 19:27:50 | 000,000,519 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/10/26 18:39:05 | 003,375,104 | ---- | C] () -- C:\WINDOWS\System32\qt-mt331.dll
[2004/09/28 07:38:30 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\wmatimer.dll
[2004/09/16 00:03:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/10 15:13:12 | 000,000,882 | ---- | C] () -- C:\WINDOWS\ORUN32.INI
[2004/08/10 15:08:08 | 000,397,552 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/10 15:03:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/10 15:02:16 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/10 12:08:26 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.BIN
[2004/08/10 12:08:26 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.DAT
[2004/08/04 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\MLANG.DAT
[2004/08/04 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\PERFI009.DAT
[2004/08/04 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\DSSEC.DAT
[2004/08/04 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\MIB.BIN
[2004/08/04 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\PERFD009.DAT
[2004/08/04 07:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\SECUPD.DAT
[2004/08/04 07:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 07:00:00 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\FXSPERF.INI
[2004/08/04 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\NOISE.DAT
[2004/07/19 18:01:02 | 000,045,056 | ---- | C] () -- C:\WINDOWS\SETPWRCG.EXE
[2004/07/03 22:08:04 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2003/12/13 22:40:42 | 001,003,520 | ---- | C] () -- C:\WINDOWS\System32\ltmm_n.dll
[2003/07/31 19:16:46 | 000,000,017 | ---- | C] () -- C:\WINDOWS\System32\drivers\DVEMODEM.DAT
[2003/01/07 17:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/10/15 18:54:04 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[1997/08/23 12:33:24 | 000,022,064 | ---- | C] () -- C:\WINDOWS\System32\tntlvr.dll
[1997/06/13 21:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll
[1980/01/01 02:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll

========== LOP Check ==========

[2011/10/18 16:44:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2004/12/03 19:49:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2011/03/14 10:24:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2008/12/26 19:37:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2009/05/08 12:11:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FarmFrenzy-PizzaParty
[2007/09/08 10:45:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Internet debug mess great
[2007/12/03 22:18:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2009/02/27 14:33:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
[2010/10/01 18:23:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2008/05/04 15:32:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PrevxCSI
[2010/09/08 11:45:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\River Past G5
[2008/08/28 12:12:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SimCity Societies
[2011/07/02 17:45:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Solidshield
[2010/06/19 10:36:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sports Interactive
[2010/02/01 18:39:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
[2009/06/18 18:47:08 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\System Restore
[2005/01/08 11:46:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tavultesoft
[2009/05/08 12:11:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/10/11 11:53:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2007/05/16 19:56:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mimi II\Application Data\.BitTornado
[2009/11/30 12:05:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mimi II\Application Data\AVG9
[2008/12/26 19:38:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mimi II\Application Data\DAEMON Tools
[2008/12/26 19:38:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mimi II\Application Data\DAEMON Tools Lite
[2008/12/26 19:38:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mimi II\Application Data\DAEMON Tools Pro
[2008/02/06 16:02:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mimi II\Application Data\Design Science
[2011/02/15 19:15:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mimi II\Application Data\Dropbox
[2006/06/18 19:40:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mimi II\Application Data\FIFA2003CC
[2006/06/18 19:40:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mimi II\Application Data\GlobalSCAPE
[2007/11/23 20:40:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mimi II\Application Data\Grammatica
[2010/03/12 15:24:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mimi II\Application Data\gtk-2.0
[2006/06/18 19:39:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mimi II\Application Data\Leadertech
[2011/06/08 19:06:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mimi II\Application Data\Mael
[2008/09/15 13:17:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mimi II\Application Data\Maple
[2008/10/06 18:11:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mimi II\Application Data\My Games
[2010/10/01 18:23:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mimi II\Application Data\NCH Swift Sound
[2009/05/26 18:44:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mimi II\Application Data\Netscape
[2011/06/08 19:09:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mimi II\Application Data\Notepad++
[2009/03/16 20:11:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mimi II\Application Data\OpenOffice.org
[2007/07/24 16:23:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mimi II\Application Data\Panasonic
[2007/07/31 15:56:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mimi II\Application Data\ppstream
[2011/01/09 14:33:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mimi II\Application Data\RenPy
[2008/04/04 20:08:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mimi II\Application Data\River Past G5
[2009/02/13 19:09:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mimi II\Application Data\SendSpace Wizard
[2006/06/18 19:35:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mimi II\Application Data\Seven Zip
[2010/06/19 10:35:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mimi II\Application Data\Sports Interactive
[2006/06/18 19:35:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mimi II\Application Data\STOIK
[2011/09/11 18:51:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mimi II\Application Data\Ubisoft
[2007/11/30 21:58:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mimi II\Application Data\Uniblue
[2011/01/09 14:43:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mimi II\Application Data\Utherverse
[2006/06/18 19:34:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mimi II\Application Data\Visicom Media
[2010/08/18 12:00:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mimi II\Application Data\Vivox
[2006/06/18 19:34:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mimi II\Application Data\VP-Software
[2008/06/10 20:43:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mimi II\Application Data\Vso
[2011/09/16 18:30:43 | 000,000,282 | ---- | M] () -- C:\WINDOWS\Tasks\switchShakeIcon.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 159 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A5227364
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A73B0434

< End of report >
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP