Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Trojan Horse FakeAV.OMJ and Trojan Horse Crypt.ALYP


  • Please log in to reply

#1
confusedme

confusedme

    New Member

  • Member
  • Pip
  • 3 posts
New and NOT computer "geek". Simply put, AVG detected these as threats, virus vaulted them, "healed" or "fixed", but as I continue to surf the web I am redirected to erroneous sites. Help? I take instruction well.

Trojan Horse Crypt.ALYP and Trojan Horse FakeAV.OMJ

I can see that there are similar posts regarding this same issue; however, due to the redirect issue I can't see a bleeping thing when I click on the links except for cleaning service ads, yellow book pages, etc.

Thanks so much in advance.

**UPDATE**

Malwarebytes scan returned the following:

mbam-log-2011-11-11 (12-39-17).txt

Scan type: Quick scan
Objects scanned: 174783
Time elapsed: 7 minute(s), 9 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 4
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\Nikki\Local Settings\Application Data\qes.exe" -a "C:\Program Files\Internet Explorer\iexplore.exe") Good: (iexplore.exe) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Edited by confusedme, 11 November 2011 - 12:42 PM.

  • 0

Advertisements


#2
confusedme

confusedme

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
Now appears that I have lost all control over Windows Security Center. Received a warning that Automatic Updates has been disabled. I try to change the settings and nothing happens. Ugh. This is so frustrating.

Edited by confusedme, 11 November 2011 - 03:10 PM.

  • 0

#3
confusedme

confusedme

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
More info, if it matters...

Windows XP
Media Center Version
Service Pack 3

Pentium® 4 CPU 2.80 GHz
2.79 GHz, 0.99 GB of RAM

Computer is running incredibly slow.

**UPDATE**

Yet another threat...Trojan Horse Crypt.ALYQ found during regular AVG virus scan. File location is C:\System Volume Information\_restore...

It now seems that not every link clicked is redirected but most are.

***UPDATE 2***


So, it seems that progress is being made, just still luck in completely ridding my computer of this virus or malware-whatever it is. I have noticed that others having a similar problem have been asked to download and run OTL and post their "report" so I'll post mine. Also, I first experienced this problem while running FF. I switched over to IE just to test and the problem seems to be much worse when using that. Again, thanks to anyone who can help out a dummie. =D

OTL Report:

OTL logfile created on: 11/11/2011 4:19:39 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Nikki\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.07 Mb Total Physical Memory | 556.88 Mb Available Physical Memory | 54.92% Memory free
2.38 Gb Paging File | 1.95 Gb Available in Paging File | 81.93% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.33 Gb Total Space | 107.40 Gb Free Space | 74.41% Space Free | Partition Type: NTFS
Drive F: | 48.87 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: HOME | User Name: Nikki | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe ()
PRC - C:\Program Files\AVG Secure Search\vprot.exe ()
PRC - C:\Documents and Settings\Nikki\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe ()


========== Modules (No Company Name) ==========

MOD - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe ()
MOD - C:\Program Files\AVG Secure Search\vprot.exe ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\WINDOWS\system32\quartz.dll ()
MOD - C:\WINDOWS\system32\msdmo.dll ()
MOD - C:\WINDOWS\system32\devenum.dll ()
MOD - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe ()
MOD - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcnet.dll ()
MOD - C:\WINDOWS\system32\sbe.dll ()


========== Win32 Services (SafeList) ==========

SRV - (HidServ) -- File not found
SRV - (ACDaemon) -- File not found
SRV - (vToolbarUpdater) -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe ()
SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgwd) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (Symantec Core LC) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe ()
SRV - (MSCSPTISRV) -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe (Sony Corporation)
SRV - (SPTISRV) -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe (Sony Corporation)
SRV - (PACSPTISVR) -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe ()


========== Driver Services (SafeList) ==========

DRV - (Avgldx86) -- C:\WINDOWS\system32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSShim) -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgrkx86) -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgmfx86) -- C:\WINDOWS\system32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgtdix) -- C:\WINDOWS\system32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSFilter) -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSEH) -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSDriver) -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. )
DRV - (SMSIVZAM5) -- C:\Program Files\Verizon Wireless\VZAccess Manager\SMSIVZAM5.sys (Smith Micro Inc.)
DRV - (PTUMWVsp) -- C:\WINDOWS\system32\drivers\PTUMWVsp.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV - (PTUMWNSP) -- C:\WINDOWS\system32\drivers\PTUMWNSP.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV - (PTUMWNET) -- C:\WINDOWS\system32\drivers\PTUMWNET.sys (DEVGURU Co., LTD.)
DRV - (PTUMWMdm) -- C:\WINDOWS\system32\drivers\PTUMWMdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV - (PTUMWFLT) -- C:\WINDOWS\system32\drivers\PTUMWFLT.sys (DEVGURU Co., LTD.)
DRV - (PTUMWCSP) -- C:\WINDOWS\system32\drivers\PTUMWCSP.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV - (PTUMWCDF) -- C:\WINDOWS\system32\drivers\PTUMWCDF.sys (DEVGURU Co., LTD.)
DRV - (PTUMWBus) -- C:\WINDOWS\system32\drivers\PTUMWBus.sys (DEVGURU Co., LTD.)
DRV - (SQTECH913D) -- C:\WINDOWS\system32\drivers\Capt913D.sys (Service & Quality Technology.)
DRV - (Afc) -- C:\WINDOWS\system32\drivers\afc.sys (Arcsoft, Inc.)
DRV - (symlcbrd) -- C:\WINDOWS\system32\drivers\symlcbrd.sys (Symantec Corporation)
DRV - (ASCTRM) -- C:\WINDOWS\System32\drivers\asctrm.sys (Windows ® 2000 DDK provider)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (bvrp_pci) -- C:\WINDOWS\System32\drivers\bvrp_pci.sys ()
DRV - (HSFHWBS2) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = F4 97 CF 15 BE F9 5D 48 97 F8 6D 26 FA 24 14 AF [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.2.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.5
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1410
FF - prefs.js..extensions.enabledItems: [email protected]:7.008.031.001
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.24
FF - prefs.js..keyword.URL: "http://search.avg.co...s&lng=en-US&q="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2010/12/08 00:41:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2011/11/11 16:04:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.24\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/09 18:17:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.24\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/11/09 18:17:27 | 000,000,000 | ---D | M]

[2010/05/23 12:30:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Nikki\Application Data\Mozilla\Extensions
[2010/05/23 12:30:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Nikki\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2011/11/11 13:27:23 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Nikki\Application Data\Mozilla\Firefox\Profiles\qua1ulmy.default\extensions
[2011/06/23 23:54:57 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Nikki\Application Data\Mozilla\Firefox\Profiles\qua1ulmy.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/11/11 16:04:14 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\Documents and Settings\Nikki\Application Data\Mozilla\Firefox\Profiles\qua1ulmy.default\extensions\[email protected]
[2010/12/29 11:45:33 | 000,000,000 | ---D | M] (Locationbar²) -- C:\Documents and Settings\Nikki\Application Data\Mozilla\Firefox\Profiles\qua1ulmy.default\extensions\[email protected]
[2010/05/23 12:29:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/11/09 18:17:27 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
File not found (No name found) -- C:\PROGRAM FILES\AVG\AVG10\FIREFOX4
File not found (No name found) -- C:\PROGRAM FILES\AVG\AVG10\TOOLBAR\FIREFOX\[email protected]
[2011/11/09 18:17:24 | 000,025,560 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2011/11/09 18:17:24 | 000,140,760 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2011/05/10 13:53:53 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files\mozilla firefox\plugins\NPcol400.dll
[2011/05/10 13:53:53 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files\mozilla firefox\plugins\NPcol500.dll
[2011/03/18 12:32:12 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2011/03/18 12:32:14 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[2011/11/09 18:17:25 | 000,067,032 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2011/04/14 02:39:02 | 000,103,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2010/12/25 01:26:48 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2010/12/25 01:26:48 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2010/12/25 01:26:48 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2010/12/25 01:26:48 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2010/12/25 01:26:48 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2010/12/25 01:26:48 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2010/12/25 01:26:48 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2011/03/27 11:00:43 | 000,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2011/03/27 11:00:43 | 000,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2011/03/27 11:00:43 | 000,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2011/03/27 11:00:43 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2011/03/27 11:00:44 | 000,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2011/03/27 11:00:44 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2011/03/27 11:00:44 | 000,001,096 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: ([2011/11/11 11:41:14 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\8.0.0.40\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll (Google)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\8.0.0.40\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe (HP)
O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1151601.exe -Update -1151601 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; GTB7.1; .NET CLR 1.0.3705; .NET CLR 1.1.4322; Media Center PC 4.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)" -"http://www.freeonlin...-drifters.html" File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogOff = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1239913024519 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn...ro.cab34246.cab (ZoneIntro Class)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://zone.msn.com/...aploader_v6.cab (PopCapLoader Object)
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\8.0.1\ViProtocol.dll ()
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) -C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) -C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") -C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\crypt32chain: DllName - (crypt32.dll) - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - (cryptnet.dll) - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - (cscdll.dll) - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - (%SystemRoot%\System32\dimsntfy.dll) - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - (sclgntfy.dll) - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - (WlNotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\TPSvc: DllName - (TPSvc.dll) - File not found
O20 - Winlogon\Notify\WgaLogon: DllName - (WgaLogon.dll) - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Nikki\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Nikki\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O29 - HKLM SecurityProviders - (msapsspc.dll) -C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) -C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) -C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) -C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) -C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) -C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) -C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) -C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) -C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 04:43:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/08/21 09:39:48 | 000,000,074 | R--- | M] () - F:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun\command - "" = E:\setup.exe
O33 - MountPoints2\{a2617745-90ab-11e0-9e95-001320c239a3}\Shell - "" = AutoRun
O33 - MountPoints2\{a2617745-90ab-11e0-9e95-001320c239a3}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a2617745-90ab-11e0-9e95-001320c239a3}\Shell\AutoRun\command - "" = F:\VZAccess_Manager.exe -- [2010/03/29 04:09:32 | 002,312,312 | R--- | M] (Macrovision Corporation)
O33 - MountPoints2\{c6ca7c36-f2e2-11df-9e2e-b7afa5ae7d12}\Shell - "" = AutoRun
O33 - MountPoints2\{c6ca7c36-f2e2-11df-9e2e-b7afa5ae7d12}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c6ca7c36-f2e2-11df-9e2e-b7afa5ae7d12}\Shell\AutoRun\command - "" = F:\VZAccess_Manager.exe -- [2010/03/29 04:09:32 | 002,312,312 | R--- | M] (Macrovision Corporation)
O33 - MountPoints2\{da16d7f4-eee9-11df-9e22-001320c239a3}\Shell - "" = AutoRun
O33 - MountPoints2\{da16d7f4-eee9-11df-9e22-001320c239a3}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{da16d7f4-eee9-11df-9e22-001320c239a3}\Shell\AutoRun\command - "" = F:\VZAccess_Manager.exe -- [2010/03/29 04:09:32 | 002,312,312 | R--- | M] (Macrovision Corporation)
O33 - MountPoints2\{da16d7f6-eee9-11df-9e22-001320c239a3}\Shell - "" = AutoRun
O33 - MountPoints2\{da16d7f6-eee9-11df-9e22-001320c239a3}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{da16d7f6-eee9-11df-9e22-001320c239a3}\Shell\AutoRun\command - "" = F:\VZAccess_Manager.exe -- [2010/03/29 04:09:32 | 002,312,312 | R--- | M] (Macrovision Corporation)
O33 - MountPoints2\{e18336da-f364-11df-9e38-001320c239a3}\Shell - "" = AutoRun
O33 - MountPoints2\{e18336da-f364-11df-9e38-001320c239a3}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e18336da-f364-11df-9e38-001320c239a3}\Shell\AutoRun\command - "" = F:\VZAccess_Manager.exe -- [2010/03/29 04:09:32 | 002,312,312 | R--- | M] (Macrovision Corporation)
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/11/11 16:04:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG 2012
[2011/11/11 16:04:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nikki\Application Data\AVG Secure Search
[2011/11/11 16:03:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVG Secure Search
[2011/11/11 16:03:58 | 000,000,000 | ---D | C] -- C:\Program Files\AVG Secure Search
[2011/11/11 16:02:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nikki\Application Data\AVG2012
[2011/11/11 16:00:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2011/11/11 15:51:44 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Nikki\Desktop\OTL.exe
[2011/11/11 12:05:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nikki\Application Data\Malwarebytes
[2011/11/11 12:05:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/11/11 12:05:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/11/11 12:05:09 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/11/11 12:05:08 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/11/11 11:41:11 | 000,000,000 | ---D | C] -- C:\_OTM
[2011/11/11 08:49:11 | 000,000,000 | -H-D | C] -- C:\$AVG
[2011/11/08 10:55:37 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Nikki\Recent
[2011/10/14 17:12:11 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Nikki\Desktop\My Music

========== Files - Modified Within 30 Days ==========

[2011/11/11 16:12:18 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{577ADFC2-F067-4D36-B9D5-AC3DF72F76E1}.job
[2011/11/11 16:08:49 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/11/11 16:08:07 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/11/11 16:07:54 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/11/11 16:07:53 | 1063,407,616 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/11 16:04:20 | 000,000,702 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2012.lnk
[2011/11/11 15:52:00 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Nikki\Desktop\OTL.exe
[2011/11/11 15:46:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/11/11 12:22:53 | 006,553,600 | ---- | M] () -- C:\Documents and Settings\Nikki\ntuser.bak
[2011/11/11 12:05:13 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/11 11:53:15 | 001,564,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Nikki\Desktop\TDSSKiller.exe
[2011/11/11 11:41:14 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/11/11 08:47:55 | 000,000,004 | ---- | M] () -- C:\Documents and Settings\Nikki\Application Data\073edd0e
[2011/11/11 08:34:58 | 000,000,004 | ---- | M] () -- C:\Documents and Settings\Nikki\Application Data\e7e322f1
[2011/11/11 08:26:00 | 137,673,620 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/11/11 08:09:14 | 000,002,061 | ---- | M] () -- C:\Documents and Settings\Nikki\Application Data\f046aaf4
[2011/11/08 16:06:42 | 000,505,628 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/11/08 16:06:42 | 000,088,526 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

========== Files Created - No Company Name ==========

[2011/11/11 16:04:20 | 000,000,702 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 2012.lnk
[2011/11/11 12:05:13 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/10 21:26:42 | 000,002,061 | ---- | C] () -- C:\Documents and Settings\Nikki\Application Data\f046aaf4
[2011/11/10 20:57:42 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\Nikki\Application Data\e7e322f1
[2011/11/10 19:17:25 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\Nikki\Application Data\073edd0e
[2011/06/09 08:59:48 | 000,010,440 | ---- | C] () -- C:\WINDOWS\System32\ptumwcit.dll
[2011/05/08 22:29:17 | 000,017,480 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011/05/08 22:17:49 | 000,015,462 | -HS- | C] () -- C:\Documents and Settings\Nikki\Local Settings\Application Data\546axm1bq6w4k15myj8rx71osqyq4ruq04m17ypa01es
[2011/05/08 22:17:49 | 000,015,462 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\546axm1bq6w4k15myj8rx71osqyq4ruq04m17ypa01es
[2011/05/07 00:02:20 | 000,015,572 | -HS- | C] () -- C:\Documents and Settings\Nikki\Local Settings\Application Data\f78664742feys4n7kqrjq8v47
[2011/05/07 00:02:20 | 000,015,572 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\f78664742feys4n7kqrjq8v47
[2010/12/25 17:25:06 | 000,041,276 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/02/09 20:29:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PTWebCam.INI
[2008/12/29 20:05:59 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\PTTreeIcons.dll
[2008/09/02 16:32:43 | 000,000,045 | ---- | C] () -- C:\WINDOWS\mathb32.INI
[2007/12/13 21:00:56 | 000,004,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\bvrp_pci.sys
[2007/12/13 20:54:17 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\BJAXSecurityManager.dll
[2007/12/13 20:54:16 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\BJInstaller.dll
[2007/04/27 21:47:57 | 000,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2007/01/14 15:42:19 | 000,000,129 | ---- | C] () -- C:\WINDOWS\MBEDIT16.INI
[2007/01/14 14:56:08 | 000,000,455 | ---- | C] () -- C:\WINDOWS\mathb16.ini
[2007/01/14 14:55:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\rkeeper.ini
[2006/09/24 13:44:35 | 000,000,306 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2006/08/21 09:00:41 | 000,000,251 | ---- | C] () -- C:\Program Files\wt3d.ini
[2006/02/24 18:56:34 | 000,030,208 | ---- | C] () -- C:\Documents and Settings\Nikki\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/02/21 23:38:35 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Nikki\Application Data\PFP120JPR.{PB
[2006/02/21 23:38:35 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Nikki\Application Data\PFP120JCM.{PB
[2006/02/21 20:02:55 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/02/21 18:51:21 | 000,000,016 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2006/02/20 21:53:57 | 000,000,104 | RHS- | C] () -- C:\WINDOWS\System32\717B68EB1C.sys
[2006/02/20 21:53:48 | 000,005,018 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/02/20 21:40:19 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/02/20 21:36:05 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Nikki\Local Settings\Application Data\fusioncache.dat
[2006/02/17 11:07:14 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/02/17 10:58:49 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2006/02/17 10:55:03 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/02/17 10:53:49 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/02/17 10:30:56 | 000,049,152 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe
[2006/02/17 10:30:34 | 000,000,392 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/08/16 04:48:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/08/16 04:38:45 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/08/16 04:37:24 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/08/16 04:33:38 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/08/16 04:27:59 | 000,203,328 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/08/16 04:18:35 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2005/08/16 04:18:33 | 000,505,628 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2005/08/16 04:18:33 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2005/08/16 04:18:33 | 000,088,526 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2005/08/16 04:18:33 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2005/08/16 04:18:32 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2005/08/16 04:18:30 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/08/16 04:18:28 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2005/08/16 04:18:23 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2005/08/16 04:18:23 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2005/08/16 04:18:15 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2005/08/16 04:18:08 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2005/08/05 14:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2011/11/11 16:18:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2011/05/08 22:42:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2011/05/09 07:32:38 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2005/08/16 20:54:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DIGStream
[2009/07/30 17:53:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
[2011/05/08 22:35:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2011/11/11 15:33:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2008/09/02 16:45:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
[2006/02/20 22:10:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OLYMPUS
[2006/08/21 09:10:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Otto
[2006/05/19 15:34:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2011/05/09 11:26:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2009/11/21 04:41:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Temp
[2006/02/17 10:54:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/11/18 01:13:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WEngineLite
[2010/12/25 01:29:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/11/11 16:04:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nikki\Application Data\AVG Secure Search
[2011/11/11 16:02:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nikki\Application Data\AVG2012
[2011/05/10 13:53:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nikki\Application Data\Catalina Marketing Corp
[2009/07/11 16:58:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nikki\Application Data\Desktopicon
[2009/07/11 16:58:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nikki\Application Data\DMCache
[2010/11/18 03:53:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nikki\Application Data\ElevatedDiagnostics
[2007/06/23 18:51:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nikki\Application Data\InterTrust
[2006/02/20 22:10:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nikki\Application Data\Leadertech
[2006/05/13 21:49:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nikki\Application Data\MSNInstaller
[2006/08/21 09:10:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nikki\Application Data\Otto
[2008/01/26 14:54:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nikki\Application Data\PlayFirst
[2011/05/12 07:16:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nikki\Application Data\Smith Micro
[2011/11/11 16:12:18 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{577ADFC2-F067-4D36-B9D5-AC3DF72F76E1}.job

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2010/02/18 10:33:53 | 000,000,036 | ---- | M] ()(C:\WINDOWS\System32\??) -- C:\WINDOWS\System32\鹰Ÿ
[2010/02/18 10:33:53 | 000,000,036 | ---- | C] ()(C:\WINDOWS\System32\??) -- C:\WINDOWS\System32\鹰Ÿ

< End of report >

Edited by confusedme, 11 November 2011 - 04:42 PM.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP