Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

.exe files infected. Some apps are not working. Really my bad. Really


  • This topic is locked This topic is locked

#1
fubitzu

fubitzu

    Member

  • Member
  • PipPip
  • 23 posts
GoodDay Geek to Go sorry for my English grammar.

Few hours ago, my AVG Antivirus Resident Shield pop up and it says "Threat Removed" that just means to say that It detected a virus or something. This happened after I extracted files from a compressed file a winrar type. It is a .exe file which was removed by AVG. By the way that file is a download from the internet. When I look into the virus vault of AVG i didn't read the details but its related from the files I extracted before. Instead of deleting the files in the virus vault, I restored it. I just did that on purpose because I really wanted that program to work. If it is removed as a threat then I cannot launch the program with that file inside the virus vault. So I restored it. After that worse things happened. My AVG Resident Shield keeps on showing pop up message saying "Threat Removed". After that I knew I made a wrong decision on restoring that file. I stop from surfing the internet because I was alerted from the AVG resident shield popping up "threat removed". Then I looked in the "resident shield detection" on AVG, and I saw many files being detected. From 22 files to 433 files recorded in just a few hours. I didn't do anything like deleting the infection or healing it, because almost all the files with infected virus are .exe. By the way the infection names are the following:

1. Virus identified Win32/Tanatos.M
2. May be infected by unknown virus Win32/DH.CAFF8200D7
3. Trojan horse SpamTool.JFC
4. May be infected by unknown virus Win32/DH.CAFF82025D
5. Virus IDENTIFIED Win32/Vitru.G
6. Virus identified Worm/AutoRun.MB
7. Trojan horse Agent.AADR
8. Trojan horse SpamTool.JFC
9. Virus identified Win32/Vitru.Ma
10. Virus identified Worm/AutoRun.IT
11. Virus identified Win32/Vitru.D
12. Trojan horse BackDoor.Generic13.AJKM
13. Virus found Win32/Heur
14. Virus found Win32/NSAnti

every infection are paired to a program which has an .exe file on the last. It seems the virus target are the executable files.


My computer is a Lenovo3000N100 and running on OS Windows Xp. After these detection my computer gradually slow down. It takes a minute or more than to response on my command. Because of that I shut down the computer and wait for hours before I turned it on again. Current I'm doing nothing to removed the virus cause I know it will do some minor perhaps it could lead to serious damage to the system of the computer. I cannot run some of my programs and says something like

" the registry refers to a nonexistent Java Runtime Environment installation or the runtime is corrupted. The system cannot find the file specified." Google Chrome is not working which is my default browser. I'm using firefox for now.

I know i shouldn't restored an infected file just for the program to work. I just don't want to lose the time again to download it. I did restored the file because on my experience. Some site that i downloaded for the program except this "one" says that if the AVG or your antivirus program detected a virus, just disable or manage an exception so that it would work. Now you know why I did this thing. And here is my punishment. For now it seems my AVG Resident Shield stops from removing threat. While I'm typing this i disconnected from the internet. After finishing this I will connect again.

I will really appreciate the help Geek to Go. Somehow I manage to download the OTL.SCR and run it.

Here's the result of OTR

OTL logfile created on: 11/24/2011 23:04:54 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\johnnie fritz\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.11 Mb Total Physical Memory | 130.20 Mb Available Physical Memory | 12.74% Memory free
2.40 Gb Paging File | 1.49 Gb Available in Paging File | 62.34% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.33 Gb Total Space | 3.64 Gb Free Space | 5.25% Space Free | Partition Type: NTFS
Drive G: | 21.03 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: HOAH | User Name: johnnie fritz | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/24 23:04:33 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\johnnie fritz\Desktop\OTL.com
PRC - [2011/11/24 18:10:04 | 000,904,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/10/25 01:08:00 | 002,078,048 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/12/02 07:47:58 | 000,621,920 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/12/02 07:46:21 | 000,725,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/07/17 02:34:59 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/07/17 02:34:45 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/07/17 02:33:37 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/05/30 11:44:36 | 000,086,016 | ---- | M] () -- C:\Program Files\Sun Broadband Wireless\Sun Broadband Wireless.exe
PRC - [2010/05/10 11:33:42 | 000,110,592 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
PRC - [2010/05/10 11:32:36 | 001,858,048 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
PRC - [2010/05/10 11:32:06 | 000,482,304 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
PRC - [2008/04/14 08:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/05/20 01:39:16 | 000,057,344 | ---- | M] (Lenovo) -- C:\WINDOWS\system32\PMSveH.exe
PRC - [2006/04/18 04:13:00 | 000,094,208 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
PRC - [2006/04/18 04:12:28 | 000,151,552 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
PRC - [2006/04/18 04:12:26 | 000,040,960 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
PRC - [2006/04/18 04:09:10 | 000,409,600 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
PRC - [2006/04/18 03:59:10 | 000,098,304 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
PRC - [2006/02/28 15:20:44 | 002,076,672 | ---- | M] () -- C:\Program Files\Softex\OmniPass\scureapp.exe
PRC - [2006/02/28 15:20:02 | 000,013,312 | ---- | M] () -- C:\Program Files\Softex\OmniPass\OPXPApp.exe
PRC - [2006/02/28 15:18:32 | 000,032,768 | ---- | M] (Softex Inc.) -- C:\Program Files\Softex\OmniPass\OmniServ.exe
PRC - [2006/01/18 01:45:32 | 000,618,557 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
PRC - [2006/01/18 01:43:58 | 001,396,820 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\Lenovo\Bluetooth Software\BTStackServer.exe
PRC - [2006/01/18 01:37:24 | 000,266,295 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe
PRC - [2005/12/22 09:34:58 | 000,077,824 | ---- | M] () -- C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe
PRC - [2005/12/22 09:27:00 | 000,032,768 | ---- | M] () -- C:\Program Files\IBM ThinkVantage\Common\Logger\logmon.exe
PRC - [2005/12/22 09:20:56 | 001,384,448 | ---- | M] () -- C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
PRC - [2005/12/22 09:08:06 | 001,988,144 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauthe.exe
PRC - [2005/12/15 02:51:12 | 000,622,700 | ---- | M] (Diskeeper Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
PRC - [2005/12/07 16:00:00 | 000,106,496 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\LenovoCare\LPMGR.EXE
PRC - [2005/10/21 05:18:50 | 000,442,368 | ---- | M] (Sonix) -- C:\WINDOWS\vsnp2std.exe
PRC - [2005/08/02 08:32:40 | 000,040,960 | ---- | M] () -- C:\Program Files\ThinkVantage\SystemUpdate\UCLauncherService.exe
PRC - [2005/03/03 21:04:48 | 000,122,880 | R--- | M] () -- C:\Program Files\FarStone\VDPBS\Vhd\RDTask.exe


========== Modules (No Company Name) ==========

MOD - [2011/05/30 23:47:17 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\e0d56c0582316e9ecb4c18186e37217c\System.ServiceProcess.ni.dll
MOD - [2011/05/30 23:46:45 | 000,771,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\1d03df7f7548613e8beab2cc21e57910\System.Runtime.Remoting.ni.dll
MOD - [2011/05/30 23:46:43 | 000,627,712 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\ff5c7a52497d892f3a3206384d46b5e7\System.EnterpriseServices.ni.dll
MOD - [2011/05/30 23:46:41 | 000,627,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\990d96810a21e0fa95f916ffc66f3a94\System.Transactions.ni.dll
MOD - [2011/05/30 23:46:30 | 000,998,400 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\042658de519bb1e22ec5925092061892\System.Management.ni.dll
MOD - [2011/05/30 23:46:16 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d6b4509225efde2a4e3db77205f8a51\System.Configuration.ni.dll
MOD - [2011/05/30 23:41:36 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\b06e49ed8cbe07dbb90e313fa634b27b\System.Xml.ni.dll
MOD - [2011/05/30 23:40:36 | 006,616,576 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\1337829e3df6888464a17aab78bb9b8f\System.Data.ni.dll
MOD - [2011/05/30 23:38:35 | 002,933,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2011/05/30 23:38:16 | 000,261,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2011/05/30 23:36:17 | 007,949,824 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\f02cf6430a9fc77908a74ab6925cb73c\System.ni.dll
MOD - [2011/05/30 23:36:06 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\62d5f089dd51f18472a7caf1593d9f6b\mscorlib.ni.dll
MOD - [2010/07/17 06:24:45 | 001,015,768 | ---- | M] () -- C:\Program Files\Mozilla Firefox\js3250.dll
MOD - [2010/07/17 06:24:10 | 005,612,496 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2010/05/30 11:44:36 | 000,086,016 | ---- | M] () -- C:\Program Files\Sun Broadband Wireless\Sun Broadband Wireless.exe
MOD - [2010/05/10 11:32:36 | 001,858,048 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
MOD - [2010/05/10 11:32:06 | 000,482,304 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
MOD - [2010/03/15 11:28:22 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2008/06/30 16:19:48 | 000,397,312 | ---- | M] () -- C:\Program Files\Sun Broadband Wireless\atcomm.dll
MOD - [2008/06/30 16:19:48 | 000,135,168 | ---- | M] () -- C:\Program Files\Sun Broadband Wireless\SMSPlugin.dll
MOD - [2008/06/30 16:19:48 | 000,126,976 | ---- | M] () -- C:\Program Files\Sun Broadband Wireless\LocaleMgrPlugin.dll
MOD - [2008/06/30 16:19:48 | 000,122,880 | ---- | M] () -- C:\Program Files\Sun Broadband Wireless\DetectDev.dll
MOD - [2008/06/30 16:19:48 | 000,114,688 | ---- | M] () -- C:\Program Files\Sun Broadband Wireless\DeviceMgrUIPlugin.dll
MOD - [2008/06/30 16:19:48 | 000,098,304 | ---- | M] () -- C:\Program Files\Sun Broadband Wireless\NetInfoPlugin.dll
MOD - [2008/06/30 16:19:48 | 000,098,304 | ---- | M] () -- C:\Program Files\Sun Broadband Wireless\DeviceMgrPlugin.dll
MOD - [2008/06/30 16:19:48 | 000,090,112 | ---- | M] () -- C:\Program Files\Sun Broadband Wireless\FileManager.dll
MOD - [2008/06/30 16:19:48 | 000,086,016 | ---- | M] () -- C:\Program Files\Sun Broadband Wireless\DialUpPlugin.dll
MOD - [2008/06/30 16:19:48 | 000,057,344 | ---- | M] () -- C:\Program Files\Sun Broadband Wireless\ConfigFilePlugin.dll
MOD - [2008/06/30 16:19:48 | 000,036,864 | ---- | M] () -- C:\Program Files\Sun Broadband Wireless\XCodec.dll
MOD - [2008/06/30 16:19:48 | 000,032,768 | ---- | M] () -- C:\Program Files\Sun Broadband Wireless\NotifyServicePlugin.dll
MOD - [2008/06/30 16:19:48 | 000,025,600 | ---- | M] () -- C:\Program Files\Sun Broadband Wireless\DeviceOperate.dll
MOD - [2008/06/30 16:19:48 | 000,014,848 | ---- | M] () -- C:\Program Files\Sun Broadband Wireless\isaputrace.dll
MOD - [2006/04/18 04:13:16 | 000,192,512 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\AcGolan.dll
MOD - [2006/04/18 04:12:32 | 000,114,688 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\AcLocMigrator.dll
MOD - [2006/04/18 04:12:26 | 000,040,960 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
MOD - [2006/04/18 04:12:24 | 000,413,696 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvcHlpr.dll
MOD - [2006/04/18 04:12:22 | 000,077,824 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\AcAdaptersInfo.dll
MOD - [2006/04/18 04:12:18 | 000,532,480 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\ACon.dll
MOD - [2006/04/18 03:47:38 | 000,094,208 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\ThinQCon.dll
MOD - [2006/04/18 03:47:18 | 000,090,112 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvcStub.dll
MOD - [2006/04/18 03:44:32 | 000,007,680 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\ACTurinSupport.dll
MOD - [2006/04/18 03:44:28 | 000,143,360 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgr.dll
MOD - [2006/04/18 03:44:22 | 000,151,552 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\AcLocSettings.dll
MOD - [2006/04/18 03:43:44 | 000,077,824 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\AcCryptHlpr.dll
MOD - [2006/04/18 03:43:38 | 000,077,824 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\ACHelper.dll
MOD - [2006/02/28 15:21:50 | 000,025,024 | ---- | M] () -- C:\Program Files\Softex\OmniPass\hdddrv.dll
MOD - [2006/02/28 15:21:08 | 000,049,152 | ---- | M] () -- C:\Program Files\Softex\OmniPass\OPXPGina.dll
MOD - [2006/02/28 15:20:44 | 002,076,672 | ---- | M] () -- C:\Program Files\Softex\OmniPass\scureapp.exe
MOD - [2006/02/28 15:20:02 | 000,013,312 | ---- | M] () -- C:\Program Files\Softex\OmniPass\OPXPApp.exe
MOD - [2006/02/28 15:19:40 | 000,122,880 | ---- | M] () -- C:\Program Files\Softex\OmniPass\ginastub.dll
MOD - [2006/02/28 15:15:26 | 000,053,248 | ---- | M] () -- C:\Program Files\Softex\OmniPass\scuredll.dll
MOD - [2006/02/28 15:14:56 | 000,327,680 | ---- | M] () -- C:\Program Files\Softex\OmniPass\userdata.dll
MOD - [2006/02/28 15:14:46 | 000,061,440 | ---- | M] () -- C:\Program Files\Softex\OmniPass\opfsdll.dll
MOD - [2006/02/28 15:14:40 | 000,790,528 | ---- | M] () -- C:\Program Files\Softex\OmniPass\autheng.dll
MOD - [2006/02/28 15:14:30 | 000,012,288 | ---- | M] () -- C:\Program Files\Softex\OmniPass\cryptodll.dll
MOD - [2006/02/28 15:14:28 | 000,434,176 | ---- | M] () -- C:\Program Files\Softex\OmniPass\storeng.dll
MOD - [2006/02/28 15:14:12 | 000,010,752 | ---- | M] () -- C:\Program Files\Softex\OmniPass\SSPLogon.dll
MOD - [2006/02/28 15:10:46 | 002,179,504 | ---- | M] () -- C:\Program Files\Softex\OmniPass\sftxtgp.dll
MOD - [2006/01/18 01:46:48 | 000,053,248 | ---- | M] () -- C:\Program Files\Lenovo\Bluetooth Software\BTKeyInd.dll
MOD - [2005/12/29 03:11:34 | 000,876,544 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\Libeay32.dll
MOD - [2005/12/29 03:11:34 | 000,208,965 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\iWMSProv.dll
MOD - [2005/12/29 03:11:34 | 000,053,322 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\IntStngs.dll
MOD - [2005/12/22 09:34:58 | 000,077,824 | ---- | M] () -- C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe
MOD - [2005/12/22 09:27:00 | 000,032,768 | ---- | M] () -- C:\Program Files\IBM ThinkVantage\Common\Logger\logmon.exe
MOD - [2005/12/22 09:23:06 | 000,139,264 | ---- | M] () -- C:\Program Files\IBM ThinkVantage\Rescue and Recovery\CDRecord.dll
MOD - [2005/12/22 09:20:56 | 001,384,448 | ---- | M] () -- C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
MOD - [2005/12/22 09:19:10 | 000,155,648 | ---- | M] () -- C:\Program Files\IBM ThinkVantage\Rescue and Recovery\ui.dll
MOD - [2005/12/22 09:19:02 | 000,069,632 | ---- | M] () -- C:\Program Files\IBM ThinkVantage\Rescue and Recovery\zlib.dll
MOD - [2005/12/22 09:15:14 | 000,671,744 | ---- | M] () -- C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rr_res.dll
MOD - [2005/12/21 11:46:04 | 000,024,576 | ---- | M] () -- C:\WINDOWS\system32\tphklock.dll
MOD - [2005/12/07 16:00:00 | 000,057,344 | ---- | M] () -- C:\Program Files\Lenovo\LenovoCare\US\LPRESMGR.DLL
MOD - [2005/12/05 08:33:00 | 000,466,944 | ---- | M] () -- C:\WINDOWS\system32\nvshell.dll
MOD - [2005/08/16 16:14:36 | 000,401,408 | R--- | M] () -- C:\Program Files\FarStone\VDPBS\DVDCreator\CDBLib.dll
MOD - [2005/08/13 00:53:12 | 000,106,496 | ---- | M] () -- C:\Program Files\FarStone\VDPBS\Vhd\RDTask_RC.dll
MOD - [2005/08/13 00:52:46 | 000,028,672 | ---- | M] () -- C:\WINDOWS\system32\ComRc.dll
MOD - [2005/08/09 18:35:12 | 000,655,360 | R--- | M] () -- C:\Program Files\FarStone\VDPBS\DVDCreator\UdfFormat.dll
MOD - [2005/08/04 00:43:28 | 000,122,880 | R--- | M] () -- C:\Program Files\FarStone\VDPBS\DVDCreator\UDFGen.dll
MOD - [2005/08/02 08:32:40 | 000,040,960 | ---- | M] () -- C:\Program Files\ThinkVantage\SystemUpdate\UCLauncherService.exe
MOD - [2005/08/02 08:32:36 | 000,147,456 | ---- | M] () -- C:\Program Files\ThinkVantage\SystemUpdate\UCLauncherCommon.dll
MOD - [2005/07/22 21:14:32 | 000,122,940 | R--- | M] () -- C:\Program Files\FarStone\VDPBS\DVDCreator\ListCtrl.dll
MOD - [2005/07/20 18:34:28 | 000,126,976 | ---- | M] () -- C:\Program Files\ThinkVantage\AMSG\ahlprunl.dll
MOD - [2005/07/16 22:54:46 | 000,081,920 | ---- | M] () -- C:\Program Files\FarStone\VDPBS\VDP\VDExt900.dll
MOD - [2005/07/01 17:45:42 | 000,049,152 | R--- | M] () -- C:\Program Files\FarStone\VDPBS\DVDCreator\BurnInterface.dll
MOD - [2005/06/30 18:54:50 | 000,180,224 | ---- | M] () -- C:\Program Files\ThinkVantage\AMSG\AcpPollingEngine.dll
MOD - [2005/06/01 22:35:58 | 000,020,480 | R--- | M] () -- C:\Program Files\FarStone\VDPBS\DVDCreator\WriteLog.dll
MOD - [2005/06/01 22:35:48 | 000,131,130 | R--- | M] () -- C:\Program Files\FarStone\VDPBS\DVDCreator\CDInfo.dll
MOD - [2005/04/27 22:47:04 | 000,065,536 | R--- | M] () -- C:\Program Files\FarStone\VDPBS\DVDCreator\ExportFile.dll
MOD - [2005/03/03 21:04:48 | 000,122,880 | R--- | M] () -- C:\Program Files\FarStone\VDPBS\Vhd\RDTask.exe
MOD - [2005/03/03 21:04:46 | 000,077,824 | R--- | M] () -- C:\Program Files\FarStone\VDPBS\Vhd\RDrv2KInterface.dll
MOD - [2004/08/11 00:23:46 | 000,077,824 | R--- | M] () -- C:\Program Files\FarStone\VDPBS\DVDCreator\LogDLL.dll
MOD - [2004/08/11 00:23:44 | 000,024,576 | R--- | M] () -- C:\Program Files\FarStone\VDPBS\DVDCreator\FsLodLib.dll
MOD - [2004/06/29 01:03:56 | 000,028,672 | R--- | M] () -- C:\Program Files\FarStone\VDPBS\Vhd\RDrvInterface.dll
MOD - [2003/06/06 23:57:02 | 000,024,576 | R--- | M] () -- C:\Program Files\FarStone\VDPBS\Vhd\FsLodLib.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (PsaSrv)
SRV - File not found [On_Demand | Stopped] -- -- (AVG Security Toolbar Service)
SRV - [2010/07/17 02:34:45 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/05/10 11:33:42 | 000,110,592 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
SRV - [2010/05/10 11:32:36 | 001,858,048 | ---- | M] () [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe -- (WDFME)
SRV - [2010/05/10 11:32:06 | 000,482,304 | ---- | M] () [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe -- (WDSC)
SRV - [2008/07/04 12:52:18 | 000,014,336 | ---- | M] (Vodafone) [Disabled | Stopped] -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe -- (VMCService)
SRV - [2006/11/03 18:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2006/05/20 01:39:16 | 000,057,344 | ---- | M] (Lenovo) [Auto | Running] -- C:\WINDOWS\system32\PMSveH.exe -- (PMSveH)
SRV - [2006/04/18 04:12:28 | 000,151,552 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe -- (AcSvc)
SRV - [2006/04/18 04:12:26 | 000,040,960 | ---- | M] () [Auto | Running] -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)
SRV - [2006/02/28 15:18:32 | 000,032,768 | ---- | M] (Softex Inc.) [Auto | Running] -- C:\Program Files\Softex\OmniPass\OmniServ.exe -- (omniserv)
SRV - [2006/01/18 01:37:24 | 000,266,295 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe -- (btwdins)
SRV - [2005/12/22 09:34:58 | 000,077,824 | ---- | M] () [Auto | Running] -- C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe -- (TVT Scheduler)
SRV - [2005/12/22 09:20:56 | 001,384,448 | ---- | M] () [Auto | Running] -- C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe -- (TVT Backup Service)
SRV - [2005/12/15 02:51:12 | 000,622,700 | ---- | M] (Diskeeper Corporation) [Auto | Running] -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper)
SRV - [2005/08/02 08:32:40 | 000,040,960 | ---- | M] () [Auto | Running] -- C:\Program Files\ThinkVantage\SystemUpdate\UCLauncherService.exe -- (UCLauncherService)


========== Driver Services (SafeList) ==========

DRV - [2011/09/30 15:55:44 | 000,029,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2011/05/31 01:10:17 | 000,243,152 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2011/03/19 00:08:54 | 000,025,240 | ---- | M] (Almico Software) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)
DRV - [2010/07/17 02:33:44 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/06/03 19:23:14 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010/05/30 05:12:40 | 000,016,256 | ---- | M] (Lenovo) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd)
DRV - [2009/02/13 12:02:52 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2008/11/12 13:50:52 | 000,110,080 | R--- | M] (ZTE Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbnet.sys -- (ZTEusbnet)
DRV - [2008/11/12 13:50:52 | 000,105,344 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2008/11/12 13:50:52 | 000,104,960 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\zteusbvoice.sys -- (ZTEusbvoice)
DRV - [2008/11/12 13:50:52 | 000,104,960 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2008/11/12 13:50:52 | 000,104,960 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2008/11/12 13:50:52 | 000,007,680 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\massfilter.sys -- (massfilter)
DRV - [2008/09/26 18:01:12 | 000,113,664 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbnet.sys -- (ewusbnet)
DRV - [2008/09/26 18:01:00 | 000,101,376 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2008/09/09 14:35:08 | 000,119,936 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sshsmdm.sys -- (sshsmdm)
DRV - [2008/09/09 14:35:08 | 000,091,776 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sshsbus.sys -- (sshsbus) SAMSUNG Mobile USB Multi-Device driver (WDM)
DRV - [2008/09/09 14:35:08 | 000,014,976 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sshsmdfl.sys -- (sshsmdfl)
DRV - [2006/04/17 09:58:12 | 000,048,896 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2006/02/27 20:46:20 | 000,081,408 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2006/01/18 01:21:52 | 000,328,061 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2006/01/18 01:18:22 | 000,850,474 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2006/01/18 01:15:36 | 000,030,459 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2006/01/18 01:14:52 | 000,065,688 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2006/01/18 01:11:56 | 000,148,900 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2006/01/13 15:33:22 | 000,006,016 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\IBMBLDID.sys -- (IBMTPCHK)
DRV - [2006/01/11 17:42:00 | 000,007,168 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS -- (TSMAPIP)
DRV - [2005/12/29 04:22:08 | 000,013,568 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2005/12/22 08:14:58 | 000,012,544 | ---- | M] (IBM) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ibmfilter.sys -- (ibmfilter)
DRV - [2005/12/22 05:09:50 | 000,010,240 | ---- | M] (Lenovo ) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\PMHler.sys -- (PMHler)
DRV - [2005/12/13 07:08:44 | 001,124,097 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2005/12/05 15:55:30 | 001,428,096 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel®
DRV - [2005/11/17 11:28:32 | 000,028,928 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2005/11/09 00:27:20 | 000,011,520 | ---- | M] (IBM Corp.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ANC.sys -- (ANC)
DRV - [2005/11/02 09:08:00 | 000,308,992 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2005/11/02 08:54:50 | 000,051,584 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2005/10/18 07:16:50 | 010,446,592 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\snp2sxp.sys -- (SNP2STD) USB2.0 PC Camera (SNP2STD)
DRV - [2005/08/10 23:01:34 | 000,020,864 | R--- | M] () [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DVDRC.sys -- (DVDRC)
DRV - [2005/08/06 01:41:12 | 000,138,496 | ---- | M] (Farstone Corporation) [File_System | Boot | Running] -- C:\WINDOWS\System32\drivers\fsUdf.sys -- (FsUdf)
DRV - [2005/07/16 00:07:00 | 000,064,868 | R--- | M] (FarStone Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\fvdscsi.sys -- (fvdscsi)
DRV - [2005/03/30 09:02:22 | 000,116,594 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ATSwpDrv.sys -- (ATSWPDRV) AuthenTec TruePrint USB Driver (AES2500)
DRV - [2005/01/08 08:07:16 | 000,145,920 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService)
DRV - [2004/09/22 03:46:26 | 000,037,409 | R--- | M] (FarStone) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\fsRamDsk.sys -- (fsRamDsk)
DRV - [2003/08/06 16:46:12 | 000,010,899 | R--- | M] (FarStone Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\fcdabus.sys -- (fcdabus)
DRV - [1996/04/04 03:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoo...earchTerms}&f=4

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.facemoods.com/?a=ddr
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
FF - prefs.js..browser.startup.homepage: "http://start.facemoo...ods.com/?a=ddr"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.911
FF - prefs.js..extensions.enabledItems: [email protected]:7.007.026.001
FF - prefs.js..extensions.enabledItems: {4BBDD651-70CF-4821-84F8-2B918CF89CA3}:6.3.3.2
FF - prefs.js..extensions.enabledItems: {DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}:1.0
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.3.0.6
FF - prefs.js..extensions.enabledItems: {02450954-cdd9-410f-b1da-db804e18c671}:0.96.3
FF - prefs.js..extensions.enabledItems: [email protected]:1.8.17.30
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.1.2.5
FF - prefs.js..extensions.enabledItems: [email protected]:4.5.6
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.7
FF - prefs.js..extensions.enabledItems: [email protected]:1.9.1
FF - prefs.js..extensions.enabledItems: {c50ca3c4-5656-43c2-a061-13e717f73fc8}:4.1.3
FF - prefs.js..extensions.enabledItems: [email protected]:2.4.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: [email protected]:1.2.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.7.0.8773
FF - prefs.js..extensions.enabledItems: {33e0daa6-3af3-d8b5-6752-10e949c61516}:1.1
FF - prefs.js..extensions.enabledItems: {75656794-AB59-4712-BFBC-5D816D56F3BC}:1.1.7
FF - prefs.js..keyword.URL: "http://search.avg.co...s&lng=en-US&q="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Documents and Settings\johnnie fritz\Application Data\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\johnnie fritz\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\johnnie fritz\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2011/09/30 21:00:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVG\AVG9\Toolbar\Firefox\[email protected] [2011/08/16 01:47:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\Firefox [2010/06/14 20:49:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\FlashCatch\firefox [2010/06/16 15:55:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/06/25 07:54:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/28 21:55:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/30 18:33:14 | 000,000,000 | ---D | M]

[2010/06/13 15:41:39 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\johnnie fritz\Application Data\Mozilla\Extensions
[2011/11/24 22:51:05 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\johnnie fritz\Application Data\Mozilla\Firefox\Profiles\6vx66vga.default\extensions
[2010/06/14 11:03:40 | 000,000,000 | ---D | M] (Screengrab) -- C:\Documents and Settings\johnnie fritz\Application Data\Mozilla\Firefox\Profiles\6vx66vga.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
[2011/08/31 11:58:46 | 000,000,000 | ---D | M] (FlashGot) -- C:\Documents and Settings\johnnie fritz\Application Data\Mozilla\Firefox\Profiles\6vx66vga.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2011/11/18 21:41:18 | 000,000,000 | ---D | M] (Complitly - Speed up your search with your personal search suggestions tool) -- C:\Documents and Settings\johnnie fritz\Application Data\Mozilla\Firefox\Profiles\6vx66vga.default\extensions\{33e0daa6-3af3-d8b5-6752-10e949c61516}
[2010/06/14 09:39:19 | 000,000,000 | ---D | M] (FEBE) -- C:\Documents and Settings\johnnie fritz\Application Data\Mozilla\Firefox\Profiles\6vx66vga.default\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}
[2011/08/16 00:46:31 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\johnnie fritz\Application Data\Mozilla\Firefox\Profiles\6vx66vga.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2011/11/18 21:40:00 | 000,000,000 | ---D | M] (WebScout FileBulldog Toolbar) -- C:\Documents and Settings\johnnie fritz\Application Data\Mozilla\Firefox\Profiles\6vx66vga.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}
[2011/08/31 11:58:45 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\johnnie fritz\Application Data\Mozilla\Firefox\Profiles\6vx66vga.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/08/31 11:58:17 | 000,000,000 | ---D | M] (Fast Video Download (with SearchMenu)) -- C:\Documents and Settings\johnnie fritz\Application Data\Mozilla\Firefox\Profiles\6vx66vga.default\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}
[2010/07/29 06:51:45 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Documents and Settings\johnnie fritz\Application Data\Mozilla\Firefox\Profiles\6vx66vga.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2010/06/14 10:36:43 | 000,000,000 | ---D | M] (flashget3 Extension) -- C:\Documents and Settings\johnnie fritz\Application Data\Mozilla\Firefox\Profiles\6vx66vga.default\extensions\{DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}
[2011/08/31 11:58:15 | 000,000,000 | ---D | M] (Ant Video Downloader) -- C:\Documents and Settings\johnnie fritz\Application Data\Mozilla\Firefox\Profiles\6vx66vga.default\extensions\[email protected]
[2011/09/30 18:25:11 | 000,000,000 | ---D | M] (Facemoods) -- C:\Documents and Settings\johnnie fritz\Application Data\Mozilla\Firefox\Profiles\6vx66vga.default\extensions\[email protected]
[2011/08/31 11:58:24 | 000,000,000 | ---D | M] ("NetVideoHunter") -- C:\Documents and Settings\johnnie fritz\Application Data\Mozilla\Firefox\Profiles\6vx66vga.default\extensions\[email protected]
[2010/06/14 11:13:56 | 000,000,000 | ---D | M] (ScrapBook Plus) -- C:\Documents and Settings\johnnie fritz\Application Data\Mozilla\Firefox\Profiles\6vx66vga.default\extensions\[email protected]
[2011/08/31 11:58:39 | 000,000,000 | ---D | M] (FastestFox) -- C:\Documents and Settings\johnnie fritz\Application Data\Mozilla\Firefox\Profiles\6vx66vga.default\extensions\[email protected]
[2011/11/24 22:51:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/11/21 16:53:52 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011/09/30 18:33:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/09/30 21:00:04 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG9\FIREFOX
[2011/08/16 01:47:41 | 000,000,000 | ---D | M] ("urn:mozilla:install-manifest" em:id="[email protected]" em:name="AVG Security Toolbar" em:version="7.007.026.001" em:displayname="AVG Security Toolbar" em:iconURL="chrome://tavgp/skin/logo.ico" em:creator="AVG Technologies" em:description="AVG Security Toolbar" em:homepageURL="http://www.avg.com" >) -- C:\PROGRAM FILES\AVG\AVG9\TOOLBAR\FIREFOX\[email protected]
[2011/09/30 18:32:52 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010/07/17 11:03:50 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/09/30 18:32:49 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/09/30 18:25:28 | 000,002,046 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrchddr.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\johnnie fritz\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U22 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\johnnie fritz\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\johnnie fritz\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\pdf.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Facebook Plugin (Enabled) = C:\Documents and Settings\johnnie fritz\Application Data\Facebook\npfbplugin_1_0_3.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\johnnie fritz\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Bing Bar (Enabled) = C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Complitly plugin for chrome = C:\Documents and Settings\johnnie fritz\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dlfienamagdnkekbbbocojppncdambda\1.1_0\
CHR - Extension: Gears of War 3 Marcus Theme (1280 x 1024) = C:\Documents and Settings\johnnie fritz\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dopmcmgofkgjegfnegcnempkikpkdccb\1_0\
CHR - Extension: Facemoods = C:\Documents and Settings\johnnie fritz\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ihflimipbcaljfnojhhknppphnnciiif\1.4.0_0\
CHR - Extension: Skype Click to Call = C:\Documents and Settings\johnnie fritz\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.7.0.8773_0\
CHR - Extension: WebScout = C:\Documents and Settings\johnnie fritz\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mpcknfcdcgpffjddjeceioobdelceffo\1.0.0\
CHR - Extension: WebScout = C:\Documents and Settings\johnnie fritz\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mpcknfcdcgpffjddjeceioobdelceffo\1.0.0\.svn\text-base\.svn-base

O1 HOSTS File: ([2010/12/03 04:39:15 | 000,426,615 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 14694 more lines...
O2 - BHO: (Complitly) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Documents and Settings\johnnie fritz\Application Data\Complitly\Complitly.dll (SimplyGen)
O2 - BHO: (FGCatchUrl) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll File not found
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files\facemoods.com\facemoods\1.4.17.5\bh\facemoods.dll (facemoods.com BHO)
O2 - BHO: (FlashCatchBHO Class) - {88618A96-6D8A-42E7-B932-9073D5B2080F} - C:\Program Files\FlashCatch\flashcatch.dll (Level 9 Technology, Inc.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (FlashGetBHO) - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Documents and Settings\johnnie fritz\Application Data\FlashGetBHO\FlashGetBHO3.dll (Trend Media Group)
O2 - BHO: (FlashGet GetFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll (www.flashget.com)
O2 - BHO: (SMTTB2009 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\WebScout FileBulldog Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (FlashCatch) - {10CECF4F-A96E-4803-8AC2-F565FB29FF47} - C:\Program Files\FlashCatch\flashcatch.dll (Level 9 Technology, Inc.)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (WebScout FileBulldog Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files\WebScout FileBulldog Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files\facemoods.com\facemoods\1.4.17.5\facemoodsTlbr.dll (facemoods.com)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (FlashCatch) - {10CECF4F-A96E-4803-8AC2-F565FB29FF47} - C:\Program Files\FlashCatch\flashcatch.dll (Level 9 Technology, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe (Lenovo)
O4 - HKLM..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe File not found
O4 - HKLM..\Run: [cssauthe] C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauthe.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe" File not found
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe File not found
O4 - HKLM..\Run: [LPManager] C:\Program Files\Lenovo\LenovoCare\LPMGR.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] nwiz.exe /install File not found
O4 - HKLM..\Run: [OmniPass] C:\Program Files\Softex\OmniPass\scureapp.exe ()
O4 - HKLM..\Run: [RAMDrive] C:\Program Files\FarStone\VDPBS\VHD\RDTask.exe ()
O4 - HKLM..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe (Sonix)
O4 - HKLM..\Run: [suScheduler] C:\Program Files\ThinkVantage\SystemUpdate\UCLauncher.exe ()
O4 - HKLM..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPHKMGR.exe ()
O4 - HKLM..\Run: [TPWAUDAP] C:\Program Files\Lenovo\HOTKEY\TpWAudAp.exe ()
O4 - HKLM..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide File not found
O4 - HKCU..\Run: [Google Update] "C:\Documents and Settings\johnnie fritz\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 4192
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\JC_ALL.HTM ()
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\JC_LINK.HTM ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Download all by FlashGet3 - C:\Documents and Settings\johnnie fritz\Application Data\FlashGetBHO\GetAllUrl.htm ()
O8 - Extra context menu item: Download by FlashGet3 - C:\Documents and Settings\johnnie fritz\Application Data\FlashGetBHO\GetUrl.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O9 - Extra Button: PDFill PDF Editor - {FB858B22-55E2-413f-87F5-30ADC5552151} - C:\Program Files\PlotSoft\PDFill\DownloadPDF.exe (PlotSoft LLC)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E19395AC-2F3B-404C-B80B-4A9F01CAFB4F}: NameServer = 202.126.40.5 222.127.143.5
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) -C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\ACNotify: DllName - (ACNotify.dll) - C:\PROGRAM FILES\THINKPAD\CONNECTUTILITIES\ACNotify.dll (Lenovo)
O20 - Winlogon\Notify\avgrsstarter: DllName - (avgrsstx.dll) - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\OPXPGina: DllName - (C:\Program Files\Softex\OmniPass\opxpgina.dll) - C:\Program Files\Softex\OmniPass\OPXPGina.dll ()
O20 - Winlogon\Notify\tphotkey: DllName - (tphklock.dll) - C:\WINDOWS\System32\tphklock.dll ()
O22 - SharedTaskScheduler: {1984DD45-52CF-49cd-AB77-18F378FEA264} - FencesShellExt - C:\Program Files\Stardock\Fences\FencesMenu.dll (Stardock)
O24 - Desktop WallPaper: C:\Documents and Settings\johnnie fritz\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\johnnie fritz\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/05/30 05:37:36 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/04/24 21:44:40 | 000,114,688 | R--- | M] (Huawei Technologies Co., Ltd.) - G:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2007/11/07 23:41:52 | 000,000,047 | R--- | M] () - G:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{19b219fa-7a82-11df-86a7-000fb0c995c2}\Shell - "" = AutoRun
O33 - MountPoints2\{19b219fa-7a82-11df-86a7-000fb0c995c2}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{19b219fa-7a82-11df-86a7-000fb0c995c2}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{4644f3de-8878-11df-86ba-000fb0c995c2}\Shell - "" = AutoRun
O33 - MountPoints2\{4644f3de-8878-11df-86ba-000fb0c995c2}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{4644f3de-8878-11df-86ba-000fb0c995c2}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{62c1bd8c-7077-11df-8685-000fb0c995c2}\Shell\AutoRun\command - "" = F:\setupSNK.exe
O33 - MountPoints2\{759e0ed6-89f1-11e0-8706-000fb0c995c2}\Shell - "" = AutoRun
O33 - MountPoints2\{759e0ed6-89f1-11e0-8706-000fb0c995c2}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{759e0ed6-89f1-11e0-8706-000fb0c995c2}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{8958d8a5-9ee4-11df-86c1-000fb0c995c2}\Shell - "" = AutoRun
O33 - MountPoints2\{8958d8a5-9ee4-11df-86c1-000fb0c995c2}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{8958d8a5-9ee4-11df-86c1-000fb0c995c2}\Shell\AutoRun\command - "" = F:\unlock.exe autoplay=true
O33 - MountPoints2\{91c1ab5d-f81e-11df-86d4-0016cef3369d}\Shell - "" = AutoRun
O33 - MountPoints2\{91c1ab5d-f81e-11df-86d4-0016cef3369d}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{91c1ab5d-f81e-11df-86d4-0016cef3369d}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{935e9975-7a04-11df-86a6-000fb0c995c2}\Shell - "" = AutoRun
O33 - MountPoints2\{935e9975-7a04-11df-86a6-000fb0c995c2}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{935e9975-7a04-11df-86a6-000fb0c995c2}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{935e9978-7a04-11df-86a6-000fb0c995c2}\Shell - "" = AutoRun
O33 - MountPoints2\{935e9978-7a04-11df-86a6-000fb0c995c2}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{935e9978-7a04-11df-86a6-000fb0c995c2}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{9f161925-6b9c-11df-8664-000fb0c995c2}\Shell - "" = AutoRun
O33 - MountPoints2\{9f161925-6b9c-11df-8664-000fb0c995c2}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9f161925-6b9c-11df-8664-000fb0c995c2}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{9f161928-6b9c-11df-8664-000fb0c995c2}\Shell - "" = AutoRun
O33 - MountPoints2\{9f161928-6b9c-11df-8664-000fb0c995c2}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9f161928-6b9c-11df-8664-000fb0c995c2}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{b9da1279-97f8-11e0-8738-0016cef3369d}\Shell - "" = AutoRun
O33 - MountPoints2\{b9da1279-97f8-11e0-8738-0016cef3369d}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b9da1279-97f8-11e0-8738-0016cef3369d}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2008/04/24 21:44:40 | 000,114,688 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{d151807a-0817-11e1-88e2-0016cef3369d}\Shell - "" = AutoRun
O33 - MountPoints2\{d151807a-0817-11e1-88e2-0016cef3369d}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{d151807a-0817-11e1-88e2-0016cef3369d}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{d151807b-0817-11e1-88e2-0016cef3369d}\Shell - "" = AutoRun
O33 - MountPoints2\{d151807b-0817-11e1-88e2-0016cef3369d}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{d151807b-0817-11e1-88e2-0016cef3369d}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{e3b758ec-c16c-11e0-87b1-0016cef3369d}\Shell - "" = AutoRun
O33 - MountPoints2\{e3b758ec-c16c-11e0-87b1-0016cef3369d}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e3b758ec-c16c-11e0-87b1-0016cef3369d}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2008/04/24 21:44:40 | 000,114,688 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{e3b758ef-c16c-11e0-87b1-0016cef3369d}\Shell - "" = AutoRun
O33 - MountPoints2\{e3b758ef-c16c-11e0-87b1-0016cef3369d}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e3b758ef-c16c-11e0-87b1-0016cef3369d}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2008/04/24 21:44:40 | 000,114,688 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{fbe95d76-ffde-11e0-88ba-0016cef3369d}\Shell - "" = AutoRun
O33 - MountPoints2\{fbe95d76-ffde-11e0-88ba-0016cef3369d}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{fbe95d76-ffde-11e0-88ba-0016cef3369d}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2008/04/24 21:44:40 | 000,114,688 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{ff66b365-fe55-11df-86d6-0016cef3369d}\Shell - "" = AutoRun
O33 - MountPoints2\{ff66b365-fe55-11df-86d6-0016cef3369d}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ff66b365-fe55-11df-86d6-0016cef3369d}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2008/04/24 21:44:40 | 000,114,688 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/24 23:09:00 | 000,057,344 | ---- | C] (Agere Systems) -- C:\WINDOWS\3e370e72-fbf2-46cc-a609-7ef67ad8ed55
[2011/11/24 23:04:23 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\johnnie fritz\Desktop\OTL.com
[2011/11/24 23:03:24 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\johnnie fritz\Desktop\OTL.scr
[2011/11/24 17:16:12 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\johnnie fritz\Desktop\OTL.exe
[2011/11/24 16:39:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\johnnie fritz\Desktop\Please help! Infected with Win32 Heur and Win32 Tanatos.M [RESOLVE - Geeks to Go Forums - Page 2_files
[2011/11/24 16:22:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\johnnie fritz\Desktop\Please help! Infected with Win32 Heur and Win32 Tanatos.M [RESOLVE - Geeks to Go Forums_files
[2011/11/23 22:53:06 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\johnnie fritz\Recent
[2011/11/23 18:49:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\johnnie fritz\My Documents\Gerald Games 2011
[2011/11/22 12:49:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\microsoft
[2011/11/22 12:37:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\xlive
[2011/11/22 12:37:43 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Games for Windows - LIVE
[2011/11/22 12:32:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Zuxxez
[2011/11/22 12:25:31 | 000,000,000 | ---D | C] -- C:\Program Files\Zuxxez
[2011/11/21 23:47:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\johnnie fritz\Start Menu\Programs\LIMBO
[2011/11/21 23:47:01 | 000,000,000 | ---D | C] -- C:\Program Files\LIMBO
[2011/11/21 16:53:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\johnnie fritz\Application Data\Skype
[2011/11/21 16:51:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[2011/11/21 16:51:58 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2011/11/21 16:51:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2011/11/21 16:51:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Skype
[2011/11/21 13:46:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\johnnie fritz\Desktop\Review
[2011/11/21 12:10:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\johnnie fritz\Saved Games
[2011/11/21 12:05:08 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft XNA
[2011/11/21 12:04:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WB Games
[2011/11/21 11:54:07 | 000,000,000 | ---D | C] -- C:\Program Files\WB Games
[2011/11/19 10:02:38 | 000,000,000 | ---D | C] -- C:\Program Files\Frozen Synapse
[2011/11/19 00:02:28 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\johnnie fritz\Application Data\pcouffin.sys
[2011/11/19 00:02:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\johnnie fritz\My Documents\PcSetup
[2011/11/18 23:50:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\johnnie fritz\Application Data\Vso
[2011/11/18 22:25:49 | 000,000,000 | ---D | C] -- C:\Program Files\SystemRequirementsLab
[2011/11/18 22:23:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\johnnie fritz\Application Data\SystemRequirementsLab
[2011/11/18 22:22:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2011/11/18 21:41:05 | 000,000,000 | ---D | C] -- C:\Program Files\Complitly
[2011/11/18 21:41:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\johnnie fritz\Application Data\Complitly
[2011/11/18 21:40:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\johnnie fritz\Application Data\Toolbar4
[2011/11/18 21:40:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\johnnie fritz\Local Settings\Application Data\Somoto
[2011/11/18 21:39:39 | 000,000,000 | ---D | C] -- C:\Program Files\WebScout FileBulldog Toolbar
[2011/11/18 21:39:13 | 000,000,000 | ---D | C] -- C:\Program Files\WireBooster
[2011/11/15 22:54:56 | 000,000,000 | ---D | C] -- C:\Program Files\Ultra PSP Movie Converter
[2011/11/15 11:39:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\johnnie fritz\Application Data\vlc
[2011/11/15 11:38:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\VideoLAN
[2011/11/13 21:56:17 | 000,000,000 | ---D | C] -- C:\Program Files\CDisplay
[2011/11/13 21:56:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CDisplay
[2011/11/07 14:25:31 | 000,000,000 | ---D | C] -- C:\Program Files\SpeedFan
[2011/11/06 20:23:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\johnnie fritz\Start Menu\Programs\The KMPlayer
[2011/11/06 20:23:11 | 000,000,000 | ---D | C] -- C:\Program Files\The KMPlayer
[2011/11/06 12:27:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\johnnie fritz\Desktop\beast mode
[2011/11/06 09:35:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\johnnie fritz\Desktop\3 Idiots 2009 Hindi DVDRip XviD E-SuB xRG
[2011/10/31 12:11:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\johnnie fritz\Desktop\Kingston
[2011/10/31 11:51:38 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2011/10/29 19:49:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\johnnie fritz\My Documents\Rhiannon - Big Fish Edition
[2011/10/29 15:55:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\johnnie fritz\My Documents\ProjectBlackSun
[2011/10/29 15:53:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\johnnie fritz\Start Menu\Programs\Project Black Sun
[2011/10/29 15:53:44 | 000,000,000 | ---D | C] -- C:\Program Files\Project Black Sun
[2011/10/29 04:00:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\johnnie fritz\My Documents\My Saved Games
[2011/10/29 03:58:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Gemini Rue
[2011/10/29 03:57:12 | 000,000,000 | ---D | C] -- C:\Program Files\Gemini Rue
[2010/05/30 04:44:48 | 000,122,880 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnp2std.dll
[2010/05/30 04:44:48 | 000,061,440 | ---- | C] ( ) -- C:\WINDOWS\System32\csnp2std.dll
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/11/24 23:12:24 | 000,058,880 | ---- | M] () -- C:\Documents and Settings\johnnie fritz\My Documents\flashgetfor ie8.exe
[2011/11/24 23:08:59 | 000,057,344 | ---- | M] (Agere Systems) -- C:\WINDOWS\3e370e72-fbf2-46cc-a609-7ef67ad8ed55
[2011/11/24 23:04:33 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\johnnie fritz\Desktop\OTL.com
[2011/11/24 23:01:17 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\johnnie fritz\Desktop\OTL.scr
[2011/11/24 22:45:43 | 000,043,616 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011/11/24 22:45:30 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/11/24 22:44:02 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/11/24 22:43:58 | 1071,828,992 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/24 17:24:01 | 000,001,010 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1379659331-1222129270-24395848-1005UA.job
[2011/11/24 16:45:47 | 089,524,648 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2011/11/24 16:36:56 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\johnnie fritz\Desktop\OTL.exe
[2011/11/24 01:56:03 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/11/23 18:24:05 | 000,000,958 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1379659331-1222129270-24395848-1005Core.job
[2011/11/23 15:36:43 | 000,000,786 | ---- | M] () -- C:\Documents and Settings\johnnie fritz\Desktop\Bastion.lnk
[2011/11/23 04:21:04 | 000,084,480 | ---- | M] () -- C:\Documents and Settings\johnnie fritz\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/11/22 12:55:59 | 000,000,889 | ---- | M] () -- C:\Documents and Settings\johnnie fritz\Desktop\ Battle vs. Chess.lnk
[2011/11/22 01:09:43 | 000,000,946 | ---- | M] () -- C:\Documents and Settings\johnnie fritz\Desktop\Terraria.lnk
[2011/11/22 00:58:29 | 000,505,328 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/11/22 00:58:29 | 000,088,626 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/11/21 23:47:10 | 000,000,649 | ---- | M] () -- C:\Documents and Settings\johnnie fritz\Desktop\LIMBO.lnk
[2011/11/21 18:41:32 | 000,001,878 | ---- | M] () -- C:\Documents and Settings\johnnie fritz\Application Data\Microsoft\Internet Explorer\Quick Launch\Skype.lnk
[2011/11/21 16:51:59 | 000,001,878 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011/11/21 16:32:34 | 000,001,730 | -H-- | M] () -- C:\Documents and Settings\johnnie fritz\My Documents\Default.rdp
[2011/11/20 23:04:07 | 000,001,582 | ---- | M] () -- C:\Documents and Settings\johnnie fritz\Desktop\VisualBoy Advance.lnk
[2011/11/19 10:04:50 | 000,000,760 | ---- | M] () -- C:\Documents and Settings\johnnie fritz\Desktop\Frozen Synapse.lnk
[2011/11/19 00:02:28 | 000,047,360 | ---- | M] (VSO Software) -- C:\Documents and Settings\johnnie fritz\Application Data\pcouffin.sys
[2011/11/19 00:02:28 | 000,007,887 | ---- | M] () -- C:\Documents and Settings\johnnie fritz\Application Data\pcouffin.cat
[2011/11/19 00:02:28 | 000,001,144 | ---- | M] () -- C:\Documents and Settings\johnnie fritz\Application Data\pcouffin.inf
[2011/11/19 00:02:05 | 000,001,185 | ---- | M] () -- C:\Documents and Settings\johnnie fritz\Application Data\vso_ts_preview.xml
[2011/11/17 22:20:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2011/11/16 01:30:58 | 000,000,161 | ---- | M] () -- C:\WINDOWS\System32\temp_0000_85-18.aok
[2011/11/16 01:30:13 | 000,000,162 | ---- | M] () -- C:\WINDOWS\System32\test.aok
[2011/11/15 11:49:53 | 000,000,730 | ---- | M] () -- C:\Documents and Settings\johnnie fritz\Application Data\Microsoft\Internet Explorer\Quick Launch\VLC media player.lnk
[2011/11/15 11:38:07 | 000,000,730 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2011/11/13 21:56:17 | 000,000,641 | ---- | M] () -- C:\Documents and Settings\johnnie fritz\Desktop\CDisplay.lnk
[2011/11/13 21:24:05 | 000,000,873 | ---- | M] () -- C:\Documents and Settings\johnnie fritz\Desktop\Sun Broadband.lnk
[2011/11/07 14:25:29 | 000,000,045 | ---- | M] () -- C:\WINDOWS\System32\initdebug.nfo
[2011/11/07 00:46:41 | 000,000,721 | ---- | M] () -- C:\Documents and Settings\johnnie fritz\Application Data\Microsoft\Internet Explorer\Quick Launch\KMPlayer.lnk
[2011/11/06 20:24:32 | 000,000,721 | ---- | M] () -- C:\Documents and Settings\johnnie fritz\Desktop\KMPlayer.lnk
[2011/11/06 17:27:02 | 011,873,864 | ---- | M] () -- C:\Documents and Settings\johnnie fritz\My Documents\vlc-1.1.11-win32.exe
[2011/11/02 02:45:42 | 000,001,342 | ---- | M] () -- C:\Documents and Settings\johnnie fritz\Desktop\Rhiannon.lnk
[2011/10/29 15:53:47 | 000,000,791 | ---- | M] () -- C:\Documents and Settings\johnnie fritz\Desktop\Project Black Sun.lnk
[2011/10/29 03:59:20 | 000,000,717 | ---- | M] () -- C:\Documents and Settings\johnnie fritz\Desktop\Gemini Rue.lnk
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/11/23 15:36:43 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\johnnie fritz\Desktop\Bastion.lnk
[2011/11/22 12:55:59 | 000,000,889 | ---- | C] () -- C:\Documents and Settings\johnnie fritz\Desktop\ Battle vs. Chess.lnk
[2011/11/22 01:09:43 | 000,000,946 | ---- | C] () -- C:\Documents and Settings\johnnie fritz\Desktop\Terraria.lnk
[2011/11/21 23:47:10 | 000,000,649 | ---- | C] () -- C:\Documents and Settings\johnnie fritz\Desktop\LIMBO.lnk
[2011/11/21 18:41:32 | 000,001,878 | ---- | C] () -- C:\Documents and Settings\johnnie fritz\Application Data\Microsoft\Internet Explorer\Quick Launch\Skype.lnk
[2011/11/21 16:51:59 | 000,001,878 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011/11/21 13:24:42 | 000,001,342 | ---- | C] () -- C:\Documents and Settings\johnnie fritz\Desktop\Rhiannon.lnk
[2011/11/21 13:24:42 | 000,000,791 | ---- | C] () -- C:\Documents and Settings\johnnie fritz\Desktop\Project Black Sun.lnk
[2011/11/21 13:24:42 | 000,000,717 | ---- | C] () -- C:\Documents and Settings\johnnie fritz\Desktop\Gemini Rue.lnk
[2011/11/21 13:23:29 | 000,000,760 | ---- | C] () -- C:\Documents and Settings\johnnie fritz\Desktop\Frozen Synapse.lnk
[2011/11/19 00:02:28 | 000,169,528 | ---- | C] () -- C:\Documents and Settings\johnnie fritz\Application Data\inst.exe
[2011/11/19 00:02:28 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\johnnie fritz\Application Data\pcouffin.cat
[2011/11/19 00:02:28 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\johnnie fritz\Application Data\pcouffin.inf
[2011/11/18 23:50:32 | 000,001,185 | ---- | C] () -- C:\Documents and Settings\johnnie fritz\Application Data\vso_ts_preview.xml
[2011/11/15 23:13:43 | 000,000,161 | ---- | C] () -- C:\WINDOWS\System32\temp_0000_85-18.aok
[2011/11/15 23:12:09 | 000,000,162 | ---- | C] () -- C:\WINDOWS\System32\test.aok
[2011/11/15 11:49:53 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\johnnie fritz\Application Data\Microsoft\Internet Explorer\Quick Launch\VLC media player.lnk
[2011/11/15 11:38:07 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2011/11/13 21:56:17 | 000,000,641 | ---- | C] () -- C:\Documents and Settings\johnnie fritz\Desktop\CDisplay.lnk
[2011/11/13 21:24:05 | 000,000,873 | ---- | C] () -- C:\Documents and Settings\johnnie fritz\Desktop\Sun Broadband.lnk
[2011/11/07 14:25:27 | 000,000,045 | ---- | C] () -- C:\WINDOWS\System32\initdebug.nfo
[2011/11/07 00:46:41 | 000,000,721 | ---- | C] () -- C:\Documents and Settings\johnnie fritz\Application Data\Microsoft\Internet Explorer\Quick Launch\KMPlayer.lnk
[2011/11/06 20:24:32 | 000,000,721 | ---- | C] () -- C:\Documents and Settings\johnnie fritz\Desktop\KMPlayer.lnk
[2011/11/06 17:21:35 | 011,873,864 | ---- | C] () -- C:\Documents and Settings\johnnie fritz\My Documents\vlc-1.1.11-win32.exe
[2011/10/14 11:53:56 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2011/10/02 23:28:01 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2011/10/02 23:28:01 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2011/10/02 23:28:01 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2011/08/26 20:51:35 | 000,001,195 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2011/08/10 10:40:02 | 000,000,046 | ---- | C] () -- C:\WINDOWS\KeySkill.ini
[2011/08/10 10:38:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Sunburst Internet Installer.ini
[2011/06/05 13:16:17 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2011/06/05 13:16:17 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2011/05/26 12:50:41 | 000,008,192 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2010/08/08 09:53:30 | 000,373,600 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/08/02 19:24:12 | 000,000,145 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
[2010/07/14 11:21:42 | 000,061,440 | ---- | C] () -- C:\WINDOWS\eject_proj.exe
[2010/07/14 11:21:42 | 000,006,656 | ---- | C] () -- C:\WINDOWS\ewalkrun.exe
[2010/06/22 12:52:54 | 000,000,232 | ---- | C] () -- C:\WINDOWS\Mgr.INI
[2010/06/22 12:51:49 | 000,000,105 | ---- | C] () -- C:\WINDOWS\System32\config.ini
[2010/06/22 12:23:50 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\VDPross.dat
[2010/06/22 12:22:42 | 000,014,496 | R--- | C] () -- C:\WINDOWS\System32\VDI08X.dat
[2010/06/22 12:20:04 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\unVHDDrvExe.exe
[2010/06/22 12:20:04 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\inVHDDrvExe.exe
[2010/06/14 10:36:12 | 000,001,744 | ---- | C] () -- C:\WINDOWS\System32\secustat.dat
[2010/06/14 10:34:38 | 000,010,267 | ---- | C] () -- C:\WINDOWS\System32\secushr.dat
[2010/06/14 10:33:03 | 000,000,025 | ---- | C] () -- C:\WINDOWS\libem.INI
[2010/06/13 15:41:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/05/30 18:02:09 | 000,000,319 | ---- | C] () -- C:\WINDOWS\game.ini
[2010/05/30 05:59:17 | 000,084,480 | ---- | C] () -- C:\Documents and Settings\johnnie fritz\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/30 05:37:36 | 000,009,089 | R--- | C] () -- C:\WINDOWS\System32\Mfcuiz32.dll
[2010/05/30 05:37:36 | 000,006,925 | R--- | C] () -- C:\WINDOWS\System32\Wpwizapi.dll
[2010/05/30 05:37:36 | 000,004,726 | R--- | C] () -- C:\WINDOWS\System32\Dpxsockw.dll
[2010/05/30 05:37:31 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\johnnie fritz\Local Settings\Application Data\fusioncache.dat
[2010/05/30 05:16:58 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2010/05/30 05:16:15 | 000,006,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\IBMBLDID.sys
[2010/05/30 05:12:40 | 000,032,256 | ---- | C] () -- C:\WINDOWS\System32\drivers\psasrv.exe
[2010/05/30 05:01:26 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2010/05/30 05:01:25 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2010/05/30 05:01:25 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2010/05/30 05:01:25 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2010/05/30 05:01:25 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2010/05/30 05:01:25 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2010/05/30 05:00:58 | 000,114,688 | ---- | C] () -- C:\WINDOWS\desktopset.exe
[2010/05/30 05:00:43 | 000,028,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
[2010/05/30 04:58:55 | 000,000,032 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2010/05/30 04:44:49 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\tsnp2std.exe
[2010/05/30 04:44:49 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\SNCTRL.exe
[2010/05/30 04:44:48 | 010,446,592 | ---- | C] () -- C:\WINDOWS\System32\drivers\snp2sxp.sys
[2010/05/30 04:44:48 | 000,015,497 | ---- | C] () -- C:\WINDOWS\snp2std.ini
[2010/05/30 04:44:47 | 000,020,480 | ---- | C] () -- C:\WINDOWS\usnp2std.exe
[2010/05/30 04:28:52 | 000,002,481 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2010/05/30 04:05:38 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\tphklock.dll
[2010/05/29 23:45:42 | 000,000,137 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\fusioncache.dat
[2010/04/02 17:17:34 | 000,179,091 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2008/06/23 13:02:02 | 000,097,410 | R--- | C] () -- C:\Documents and Settings\All Users\Application Data\DeviceManager.xml.rc4
[2008/05/23 17:48:50 | 000,020,270 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\DeviceInstaller.xml
[2006/05/21 01:42:18 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\PMEBLib.dll
[2006/02/09 00:42:14 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\PMHlerIO.dll
[2006/01/20 03:46:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/01/18 01:31:30 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2005/08/13 00:52:46 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\ComRc.dll
[2005/08/10 23:01:34 | 000,020,864 | R--- | C] () -- C:\WINDOWS\System32\drivers\DVDRC.sys
[2005/05/23 23:22:24 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.BIN
[2005/05/23 23:22:24 | 000,004,547 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.DAT
[2004/08/11 00:23:46 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\mp3dec.dll
[2004/08/10 02:03:43 | 000,000,885 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 02:01:40 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/10 01:51:56 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/10 01:46:20 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/10 01:45:31 | 000,326,704 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/02/04 18:05:40 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\VDExt800.dll
[2003/09/19 00:03:12 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\GDExt800.dll
[2003/09/04 03:49:42 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\VDExt712.dll
[2003/08/15 17:52:42 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\GDExt712.dll
[2003/07/29 17:19:24 | 000,006,397 | R--- | C] () -- C:\WINDOWS\System32\drivers\SmartCd.sys
[2003/06/06 23:57:02 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\FsLodLib.dll
[2003/05/31 02:23:56 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\dcmesbox.dll
[2003/02/14 00:56:14 | 000,016,384 | ---- | C] () -- C:\WINDOWS\FSRunCmd.exe
[2001/11/15 03:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
[2001/05/05 01:55:32 | 000,232,448 | ---- | C] () -- C:\WINDOWS\System32\UNLHA32.DLL
[1996/04/04 03:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys
[1980/01/01 15:00:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[1980/01/01 15:00:00 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[1980/01/01 15:00:00 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[1980/01/01 15:00:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[1980/01/01 15:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[1980/01/01 15:00:00 | 000,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[1980/01/01 15:00:00 | 000,505,328 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[1980/01/01 15:00:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[1980/01/01 15:00:00 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[1980/01/01 15:00:00 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[1980/01/01 15:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[1980/01/01 15:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[1980/01/01 15:00:00 | 000,157,836 | ---- | C] () -- C:\WINDOWS\AGRSMMSG.exe
[1980/01/01 15:00:00 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[1980/01/01 15:00:00 | 000,088,626 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[1980/01/01 15:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[1980/01/01 15:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[1980/01/01 15:00:00 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[1980/01/01 15:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[1980/01/01 15:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[1980/01/01 15:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2010/06/14 20:58:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2011/11/24 23:07:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/05/30 04:56:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Borland
[2011/08/15 20:55:58 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2011/05/31 04:08:35 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2010/06/03 19:22:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2011/06/01 16:43:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GarenaMessenger
[2010/12/09 20:56:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Growl
[2011/06/01 18:22:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Individual Software
[2011/09/01 20:57:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2010/05/30 05:01:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lenovo
[2010/11/11 18:28:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCDr
[2010/06/05 18:17:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlotSoft
[2011/08/17 00:53:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SlySoft
[2011/08/08 18:37:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/05/30 05:38:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ThinkVantage
[2010/07/28 14:10:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Vodafone
[2010/08/02 19:24:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Western Digital
[2010/05/31 18:08:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/12/09 20:38:06 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{A3A26C56-02C3-4F76-A033-12EE2FB52AE6}
[2011/08/22 21:30:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\johnnie fritz\Application Data\.minecraft
[2010/12/09 21:01:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\johnnie fritz\Application Data\AnvSoft
[2011/07/16 20:59:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\johnnie fritz\Application Data\AVG9
[2011/10/14 16:10:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\johnnie fritz\Application Data\BITS
[2011/11/18 21:41:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\johnnie fritz\Application Data\Complitly
[2010/06/03 19:32:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\johnnie fritz\Application Data\DAEMON Tools Lite
[2010/06/17 21:22:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\johnnie fritz\Application Data\Facebook
[2011/09/30 21:02:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\johnnie fritz\Application Data\facemoods.com
[2010/06/22 12:30:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\johnnie fritz\Application Data\FarStone
[2010/06/14 10:32:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\johnnie fritz\Application Data\FlashGet
[2010/06/14 10:32:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\johnnie fritz\Application Data\FlashGetBHO
[2010/05/30 04:59:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\johnnie fritz\Application Data\IBM
[2010/05/30 20:23:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\johnnie fritz\Application Data\InterVideo
[2010/05/30 20:13:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\johnnie fritz\Application Data\Leadertech
[2011/09/04 10:19:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\johnnie fritz\Application Data\PSPDocMaker
[2011/08/13 18:07:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\johnnie fritz\Application Data\Rovio
[2010/12/09 20:38:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\johnnie fritz\Application Data\Stardock
[2011/11/18 22:23:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\johnnie fritz\Application Data\SystemRequirementsLab
[2011/01/17 19:27:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\johnnie fritz\Application Data\TeamViewer
[2010/05/30 05:38:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\johnnie fritz\Application Data\ThinkVantage
[2011/11/18 21:40:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\johnnie fritz\Application Data\Toolbar4
[2011/11/22 14:22:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\johnnie fritz\Application Data\uTorrent
[2010/07/07 15:11:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\johnnie fritz\Application Data\Vodafone
[2011/11/19 00:02:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\johnnie fritz\Application Data\Vso
[2011/11/17 22:20:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job
[2011/11/24 01:56:03 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

< End of report >

Thanks.
  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Looks to be a file infector - so lets start with an AV scan outside of windows

Please download the following programmes to your desktop:

Dr Web Live CD

ImgBurn

Install IMGBurn
  • Double click Dr Web
  • IMGBurn will open
  • Burn the ISO to a cd
  • Reboot the infected computer with the CD in the drive
  • Ensure that the first boot device is CD - If you are not sure about that then see this page for instructions
  • As loading starts, a dialogue window will prompt you to choose between the standard and safe modes.

    Posted Image
  • Use arrow keys to select DrWeb-LiveCD (Default)
  • When the system is loaded, check the disks or folders you want to scan, and click on “Start”.

    Posted Image
  • The programme will now scan for and cure/delete any malware that it finds. Allow it to do so
  • Once completed reboot to normal windows
  • No log is produced so once in normal windows run a fresh OTL scan and let me know if the problems persist

  • 0

#3
fubitzu

fubitzu

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Thanks for the instruction esexboy.

I manage to install Dr.Web Live CD, scanned C Folder for 16hrs. 26min. 47sec. Took almost a day.
Here some brief report:
Scan Finished
Object Scanned: 682662 Threats Detected: 124 Infected: 115
Unable to Scan: 7008 Threats Neutralized: 0 Malicious: 7
Suspicious: 1

here are the list of threat detected during and after the scan

win32.Sector.10
Trojan.MulDrop.origin
Win32.HLLW.Lime.1808
Trojan.AVKill.2
Archive OLE- threat detected
probably infected with SCRIPT.VIRUS
Archive INNO SETUP
packed by UPX - threat detected
Archive ZIP
Archive 7ZIP
Contain an advertising software Adware.Searcher.1222
Trojan.Siggen4.20406
Archive RAR
Archive GZIP - threat detected
Trojan.Siggen2.53473
packed by BINARYES
archive NSIS
Trojan.Siggen2.49530
Archive ISO

some files were quarantined, cured, deleted/removed.

There is no problem booting to normal mode. My Fences seem to working just fine even though there is a
message box saying that "Fences.exe - Application Error The application failed to initialize properly
(0xc000007b). Click o OK to terminate the application." This message is not here before the virus arrived.
I checked my files and went to my folder and then another message box appeared saying "threat removed".
It happened for three times and I think the virus is still inside the system. I checked my task manager
and its not working, pressed ctrl+alt+del but taskmanager is not available. I tried opening some of my
games and still not working but there is one game does worked.

My Firefox and internet explorer is not working due its .exe file were removed by the AVG Resident
Shield to virus vault. I tried restoring the firefox.exe but when I was opening the firefox.exe
from its folder, the AVG Resident Shield automatically removed it due to its a threat. I tried
it for two times but I stop it due to risk of the virus could spread again. I could use the Google Chrome for internet
but I couldn't download the OTL.com/exe/scr I tried downloading from the mirror sites and it worked. I think the Dr.Web
worked somehow because before I couldn't launch Google Chrome which is my default browser. Thanks to Dr.Web.


After downloading OTL.com I runned a quick scan. I thought its not gonna work so I click the interface
many times and then suddenly it said "Not Responding" but I waited for several minutes and it worked.

so here's the fresh quick scan from the OTL:
OTL logfile created on: 11/26/2011 16:37:25 - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\johnnie fritz\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.11 Mb Total Physical Memory | 224.81 Mb Available Physical Memory | 22.00% Memory free
2.40 Gb Paging File | 1.24 Gb Available in Paging File | 51.91% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.33 Gb Total Space | 3.56 Gb Free Space | 5.13% Space Free | Partition Type: NTFS

Computer Name: HOAH | User Name: johnnie fritz | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/26 16:36:49 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\johnnie fritz\My Documents\Downloads\OTL.com
PRC - [2011/11/24 23:09:14 | 000,024,064 | ---- | M] () -- C:\Program Files\Lenovo\HOTKEY\TpWAudAp.exe
PRC - [2011/11/24 22:31:19 | 001,030,656 | ---- | M] (Google Inc.) -- C:\Documents and Settings\johnnie fritz\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2011/10/25 01:08:00 | 002,078,048 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/12/02 07:47:58 | 000,621,920 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/12/02 07:46:21 | 000,725,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/07/17 02:34:59 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/07/17 02:34:45 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/07/17 02:33:37 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/05/10 11:33:42 | 000,110,592 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
PRC - [2010/05/10 11:32:36 | 001,858,048 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
PRC - [2010/05/10 11:32:06 | 000,482,304 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
PRC - [2008/04/14 08:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/05/20 01:39:16 | 000,057,344 | ---- | M] (Lenovo) -- C:\WINDOWS\system32\PMSveH.exe
PRC - [2006/04/18 04:13:00 | 000,094,208 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
PRC - [2006/04/18 04:12:28 | 000,151,552 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
PRC - [2006/04/18 04:12:26 | 000,040,960 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
PRC - [2006/04/18 04:09:10 | 000,409,600 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
PRC - [2006/04/18 03:59:10 | 000,098,304 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
PRC - [2006/02/28 15:20:44 | 002,076,672 | ---- | M] () -- C:\Program Files\Softex\OmniPass\scureapp.exe
PRC - [2006/02/28 15:20:02 | 000,013,312 | ---- | M] () -- C:\Program Files\Softex\OmniPass\OPXPApp.exe
PRC - [2006/02/28 15:18:32 | 000,032,768 | ---- | M] (Softex Inc.) -- C:\Program Files\Softex\OmniPass\OmniServ.exe
PRC - [2006/01/18 01:45:32 | 000,618,557 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
PRC - [2006/01/18 01:37:24 | 000,266,295 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe
PRC - [2005/12/29 02:52:32 | 000,397,381 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
PRC - [2005/12/22 09:34:58 | 000,077,824 | ---- | M] () -- C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe
PRC - [2005/12/22 09:27:00 | 000,032,768 | ---- | M] () -- C:\Program Files\IBM ThinkVantage\Common\Logger\logmon.exe
PRC - [2005/12/22 09:20:56 | 001,384,448 | ---- | M] () -- C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
PRC - [2005/12/22 09:08:06 | 001,988,144 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauthe.exe
PRC - [2005/12/15 02:51:12 | 000,622,700 | ---- | M] (Diskeeper Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
PRC - [2005/10/21 05:18:50 | 000,442,368 | ---- | M] (Sonix) -- C:\WINDOWS\vsnp2std.exe
PRC - [2005/08/02 08:32:40 | 000,040,960 | ---- | M] () -- C:\Program Files\ThinkVantage\SystemUpdate\UCLauncherService.exe
PRC - [2005/03/03 21:04:48 | 000,122,880 | R--- | M] () -- C:\Program Files\FarStone\VDPBS\Vhd\RDTask.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/24 23:09:14 | 000,024,064 | ---- | M] () -- C:\Program Files\Lenovo\HOTKEY\TpWAudAp.exe
MOD - [2011/11/15 13:39:54 | 000,420,920 | ---- | M] () -- C:\Documents and Settings\johnnie fritz\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\ppgooglenaclpluginchrome.dll
MOD - [2011/11/15 13:39:53 | 003,702,840 | ---- | M] () -- C:\Documents and Settings\johnnie fritz\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\pdf.dll
MOD - [2011/11/15 13:38:16 | 000,122,952 | ---- | M] () -- C:\Documents and Settings\johnnie fritz\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\avutil-51.dll
MOD - [2011/11/15 13:38:15 | 000,222,280 | ---- | M] () -- C:\Documents and Settings\johnnie fritz\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\avformat-53.dll
MOD - [2011/11/15 13:38:14 | 001,746,504 | ---- | M] () -- C:\Documents and Settings\johnnie fritz\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\avcodec-53.dll
MOD - [2011/11/15 10:36:18 | 008,593,056 | ---- | M] () -- C:\Documents and Settings\johnnie fritz\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\gcswf32.dll
MOD - [2011/05/30 23:47:17 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\e0d56c0582316e9ecb4c18186e37217c\System.ServiceProcess.ni.dll
MOD - [2011/05/30 23:46:45 | 000,771,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\1d03df7f7548613e8beab2cc21e57910\System.Runtime.Remoting.ni.dll
MOD - [2011/05/30 23:46:43 | 000,627,712 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\ff5c7a52497d892f3a3206384d46b5e7\System.EnterpriseServices.ni.dll
MOD - [2011/05/30 23:46:41 | 000,627,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\990d96810a21e0fa95f916ffc66f3a94\System.Transactions.ni.dll
MOD - [2011/05/30 23:46:30 | 000,998,400 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\042658de519bb1e22ec5925092061892\System.Management.ni.dll
MOD - [2011/05/30 23:46:16 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d6b4509225efde2a4e3db77205f8a51\System.Configuration.ni.dll
MOD - [2011/05/30 23:41:36 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\b06e49ed8cbe07dbb90e313fa634b27b\System.Xml.ni.dll
MOD - [2011/05/30 23:40:36 | 006,616,576 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\1337829e3df6888464a17aab78bb9b8f\System.Data.ni.dll
MOD - [2011/05/30 23:38:35 | 002,933,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2011/05/30 23:38:16 | 000,261,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2011/05/30 23:36:17 | 007,949,824 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\f02cf6430a9fc77908a74ab6925cb73c\System.ni.dll
MOD - [2011/05/30 23:36:06 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\62d5f089dd51f18472a7caf1593d9f6b\mscorlib.ni.dll
MOD - [2010/05/10 11:32:36 | 001,858,048 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
MOD - [2010/05/10 11:32:06 | 000,482,304 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
MOD - [2006/04/18 04:13:16 | 000,192,512 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\AcGolan.dll
MOD - [2006/04/18 04:12:32 | 000,114,688 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\AcLocMigrator.dll
MOD - [2006/04/18 04:12:26 | 000,040,960 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
MOD - [2006/04/18 04:12:24 | 000,413,696 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvcHlpr.dll
MOD - [2006/04/18 04:12:22 | 000,077,824 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\AcAdaptersInfo.dll
MOD - [2006/04/18 04:12:18 | 000,532,480 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\ACon.dll
MOD - [2006/04/18 03:47:38 | 000,094,208 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\ThinQCon.dll
MOD - [2006/04/18 03:47:18 | 000,090,112 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvcStub.dll
MOD - [2006/04/18 03:44:32 | 000,007,680 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\ACTurinSupport.dll
MOD - [2006/04/18 03:44:28 | 000,143,360 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgr.dll
MOD - [2006/04/18 03:44:22 | 000,151,552 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\AcLocSettings.dll
MOD - [2006/04/18 03:43:44 | 000,077,824 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\AcCryptHlpr.dll
MOD - [2006/04/18 03:43:38 | 000,077,824 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\ACHelper.dll
MOD - [2006/02/28 15:21:50 | 000,025,024 | ---- | M] () -- C:\Program Files\Softex\OmniPass\hdddrv.dll
MOD - [2006/02/28 15:21:08 | 000,049,152 | ---- | M] () -- C:\Program Files\Softex\OmniPass\OPXPGina.dll
MOD - [2006/02/28 15:20:44 | 002,076,672 | ---- | M] () -- C:\Program Files\Softex\OmniPass\scureapp.exe
MOD - [2006/02/28 15:20:02 | 000,013,312 | ---- | M] () -- C:\Program Files\Softex\OmniPass\OPXPApp.exe
MOD - [2006/02/28 15:19:40 | 000,122,880 | ---- | M] () -- C:\Program Files\Softex\OmniPass\ginastub.dll
MOD - [2006/02/28 15:15:26 | 000,053,248 | ---- | M] () -- C:\Program Files\Softex\OmniPass\scuredll.dll
MOD - [2006/02/28 15:14:56 | 000,327,680 | ---- | M] () -- C:\Program Files\Softex\OmniPass\userdata.dll
MOD - [2006/02/28 15:14:40 | 000,790,528 | ---- | M] () -- C:\Program Files\Softex\OmniPass\autheng.dll
MOD - [2006/02/28 15:14:30 | 000,012,288 | ---- | M] () -- C:\Program Files\Softex\OmniPass\cryptodll.dll
MOD - [2006/02/28 15:14:28 | 000,434,176 | ---- | M] () -- C:\Program Files\Softex\OmniPass\storeng.dll
MOD - [2006/02/28 15:14:12 | 000,010,752 | ---- | M] () -- C:\Program Files\Softex\OmniPass\SSPLogon.dll
MOD - [2006/02/28 15:10:46 | 002,179,504 | ---- | M] () -- C:\Program Files\Softex\OmniPass\sftxtgp.dll
MOD - [2006/01/18 01:46:48 | 000,053,248 | ---- | M] () -- C:\Program Files\Lenovo\Bluetooth Software\BTKeyInd.dll
MOD - [2005/12/29 03:11:34 | 000,876,544 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\Libeay32.dll
MOD - [2005/12/29 03:11:34 | 000,208,965 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\iWMSProv.dll
MOD - [2005/12/29 03:11:34 | 000,053,322 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\IntStngs.dll
MOD - [2005/12/22 09:34:58 | 000,077,824 | ---- | M] () -- C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe
MOD - [2005/12/22 09:27:00 | 000,032,768 | ---- | M] () -- C:\Program Files\IBM ThinkVantage\Common\Logger\logmon.exe
MOD - [2005/12/22 09:23:06 | 000,139,264 | ---- | M] () -- C:\Program Files\IBM ThinkVantage\Rescue and Recovery\CDRecord.dll
MOD - [2005/12/22 09:20:56 | 001,384,448 | ---- | M] () -- C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
MOD - [2005/12/22 09:19:10 | 000,155,648 | ---- | M] () -- C:\Program Files\IBM ThinkVantage\Rescue and Recovery\ui.dll
MOD - [2005/12/22 09:19:02 | 000,069,632 | ---- | M] () -- C:\Program Files\IBM ThinkVantage\Rescue and Recovery\zlib.dll
MOD - [2005/12/22 09:15:14 | 000,671,744 | ---- | M] () -- C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rr_res.dll
MOD - [2005/12/21 11:46:04 | 000,024,576 | ---- | M] () -- C:\WINDOWS\system32\tphklock.dll
MOD - [2005/12/10 23:28:40 | 000,045,056 | ---- | M] () -- C:\Program Files\Lenovo\HOTKEY\TpWAudHk.dll
MOD - [2005/12/05 08:33:00 | 000,466,944 | ---- | M] () -- C:\WINDOWS\system32\nvshell.dll
MOD - [2005/11/17 01:05:08 | 000,970,862 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\acAuth.dll
MOD - [2005/08/13 00:53:12 | 000,106,496 | ---- | M] () -- C:\Program Files\FarStone\VDPBS\Vhd\RDTask_RC.dll
MOD - [2005/08/02 08:32:40 | 000,040,960 | ---- | M] () -- C:\Program Files\ThinkVantage\SystemUpdate\UCLauncherService.exe
MOD - [2005/08/02 08:32:36 | 000,147,456 | ---- | M] () -- C:\Program Files\ThinkVantage\SystemUpdate\UCLauncherCommon.dll
MOD - [2005/07/20 18:34:28 | 000,126,976 | ---- | M] () -- C:\Program Files\ThinkVantage\AMSG\ahlprunl.dll
MOD - [2005/06/30 18:54:50 | 000,180,224 | ---- | M] () -- C:\Program Files\ThinkVantage\AMSG\AcpPollingEngine.dll
MOD - [2005/03/03 21:04:48 | 000,122,880 | R--- | M] () -- C:\Program Files\FarStone\VDPBS\Vhd\RDTask.exe
MOD - [2005/03/03 21:04:46 | 000,077,824 | R--- | M] () -- C:\Program Files\FarStone\VDPBS\Vhd\RDrv2KInterface.dll
MOD - [2004/06/29 01:03:56 | 000,028,672 | R--- | M] () -- C:\Program Files\FarStone\VDPBS\Vhd\RDrvInterface.dll
MOD - [2003/06/06 23:57:02 | 000,024,576 | R--- | M] () -- C:\Program Files\FarStone\VDPBS\Vhd\FsLodLib.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (PsaSrv)
SRV - File not found [On_Demand | Stopped] -- -- (AVG Security Toolbar Service)
SRV - [2010/07/17 02:34:45 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/05/10 11:33:42 | 000,110,592 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
SRV - [2010/05/10 11:32:36 | 001,858,048 | ---- | M] () [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe -- (WDFME)
SRV - [2010/05/10 11:32:06 | 000,482,304 | ---- | M] () [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe -- (WDSC)
SRV - [2008/07/04 12:52:18 | 000,014,336 | ---- | M] (Vodafone) [Disabled | Stopped] -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe -- (VMCService)
SRV - [2006/11/03 18:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2006/05/20 01:39:16 | 000,057,344 | ---- | M] (Lenovo) [Auto | Running] -- C:\WINDOWS\system32\PMSveH.exe -- (PMSveH)
SRV - [2006/04/18 04:12:28 | 000,151,552 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe -- (AcSvc)
SRV - [2006/04/18 04:12:26 | 000,040,960 | ---- | M] () [Auto | Running] -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)
SRV - [2006/02/28 15:18:32 | 000,032,768 | ---- | M] (Softex Inc.) [Auto | Running] -- C:\Program Files\Softex\OmniPass\OmniServ.exe -- (omniserv)
SRV - [2006/01/18 01:37:24 | 000,266,295 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe -- (btwdins)
SRV - [2005/12/22 09:34:58 | 000,077,824 | ---- | M] () [Auto | Running] -- C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe -- (TVT Scheduler)
SRV - [2005/12/22 09:20:56 | 001,384,448 | ---- | M] () [Auto | Running] -- C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe -- (TVT Backup Service)
SRV - [2005/12/15 02:51:12 | 000,622,700 | ---- | M] (Diskeeper Corporation) [Auto | Running] -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper)
SRV - [2005/08/02 08:32:40 | 000,040,960 | ---- | M] () [Auto | Running] -- C:\Program Files\ThinkVantage\SystemUpdate\UCLauncherService.exe -- (UCLauncherService)


========== Driver Services (SafeList) ==========

DRV - [2011/09/30 15:55:44 | 000,029,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2011/05/31 01:10:17 | 000,243,152 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2011/03/19 00:08:54 | 000,025,240 | ---- | M] (Almico Software) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)
DRV - [2010/07/17 02:33:44 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/06/03 19:23:14 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010/05/30 05:12:40 | 000,016,256 | ---- | M] (Lenovo) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd)
DRV - [2009/02/13 12:02:52 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2008/11/12 13:50:52 | 000,110,080 | R--- | M] (ZTE Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbnet.sys -- (ZTEusbnet)
DRV - [2008/11/12 13:50:52 | 000,105,344 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2008/11/12 13:50:52 | 000,104,960 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\zteusbvoice.sys -- (ZTEusbvoice)
DRV - [2008/11/12 13:50:52 | 000,104,960 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2008/11/12 13:50:52 | 000,104,960 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2008/11/12 13:50:52 | 000,007,680 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\massfilter.sys -- (massfilter)
DRV - [2008/09/26 18:01:12 | 000,113,664 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbnet.sys -- (ewusbnet)
DRV - [2008/09/26 18:01:00 | 000,101,376 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2008/09/09 14:35:08 | 000,119,936 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sshsmdm.sys -- (sshsmdm)
DRV - [2008/09/09 14:35:08 | 000,091,776 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sshsbus.sys -- (sshsbus) SAMSUNG Mobile USB Multi-Device driver (WDM)
DRV - [2008/09/09 14:35:08 | 000,014,976 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sshsmdfl.sys -- (sshsmdfl)
DRV - [2006/04/17 09:58:12 | 000,048,896 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2006/02/27 20:46:20 | 000,081,408 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2006/01/18 01:21:52 | 000,328,061 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2006/01/18 01:18:22 | 000,850,474 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2006/01/18 01:15:36 | 000,030,459 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2006/01/18 01:14:52 | 000,065,688 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2006/01/18 01:11:56 | 000,148,900 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2006/01/13 15:33:22 | 000,006,016 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\IBMBLDID.sys -- (IBMTPCHK)
DRV - [2006/01/11 17:42:00 | 000,007,168 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS -- (TSMAPIP)
DRV - [2005/12/29 04:22:08 | 000,013,568 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2005/12/22 08:14:58 | 000,012,544 | ---- | M] (IBM) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ibmfilter.sys -- (ibmfilter)
DRV - [2005/12/22 05:09:50 | 000,010,240 | ---- | M] (Lenovo ) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\PMHler.sys -- (PMHler)
DRV - [2005/12/13 07:08:44 | 001,124,097 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2005/12/05 15:55:30 | 001,428,096 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel®
DRV - [2005/11/17 11:28:32 | 000,028,928 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2005/11/09 00:27:20 | 000,011,520 | ---- | M] (IBM Corp.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ANC.sys -- (ANC)
DRV - [2005/11/02 09:08:00 | 000,308,992 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2005/11/02 08:54:50 | 000,051,584 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2005/10/18 07:16:50 | 010,446,592 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\snp2sxp.sys -- (SNP2STD) USB2.0 PC Camera (SNP2STD)
DRV - [2005/08/10 23:01:34 | 000,020,864 | R--- | M] () [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DVDRC.sys -- (DVDRC)
DRV - [2005/08/06 01:41:12 | 000,138,496 | ---- | M] (Farstone Corporation) [File_System | Boot | Running] -- C:\WINDOWS\System32\drivers\fsUdf.sys -- (FsUdf)
DRV - [2005/07/16 00:07:00 | 000,064,868 | R--- | M] (FarStone Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\fvdscsi.sys -- (fvdscsi)
DRV - [2005/03/30 09:02:22 | 000,116,594 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ATSwpDrv.sys -- (ATSWPDRV) AuthenTec TruePrint USB Driver (AES2500)
DRV - [2005/01/08 08:07:16 | 000,145,920 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService)
DRV - [2004/09/22 03:46:26 | 000,037,409 | R--- | M] (FarStone) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\fsRamDsk.sys -- (fsRamDsk)
DRV - [2003/08/06 16:46:12 | 000,010,899 | R--- | M] (FarStone Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\fcdabus.sys -- (fcdabus)
DRV - [1996/04/04 03:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoo...earchTerms}&f=4

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.facemoods.com/?a=ddr
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
FF - prefs.js..browser.startup.homepage: "http://start.facemoo...ods.com/?a=ddr"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.911
FF - prefs.js..extensions.enabledItems: [email protected]:7.007.026.001
FF - prefs.js..extensions.enabledItems: {4BBDD651-70CF-4821-84F8-2B918CF89CA3}:6.3.3.2
FF - prefs.js..extensions.enabledItems: {DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}:1.0
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.3.0.6
FF - prefs.js..extensions.enabledItems: {02450954-cdd9-410f-b1da-db804e18c671}:0.96.3
FF - prefs.js..extensions.enabledItems: [email protected]:1.8.17.30
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.1.2.5
FF - prefs.js..extensions.enabledItems: [email protected]:4.5.6
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.7
FF - prefs.js..extensions.enabledItems: [email protected]:1.9.1
FF - prefs.js..extensions.enabledItems: {c50ca3c4-5656-43c2-a061-13e717f73fc8}:4.1.3
FF - prefs.js..extensions.enabledItems: [email protected]:2.4.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: [email protected]:1.2.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.7.0.8773
FF - prefs.js..extensions.enabledItems: {33e0daa6-3af3-d8b5-6752-10e949c61516}:1.1
FF - prefs.js..extensions.enabledItems: {75656794-AB59-4712-BFBC-5D816D56F3BC}:1.1.7
FF - prefs.js..keyword.URL: "http://search.avg.co...s&lng=en-US&q="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Documents and Settings\johnnie fritz\Application Data\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\johnnie fritz\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\johnnie fritz\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2011/09/30 21:00:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVG\AVG9\Toolbar\Firefox\[email protected] [2011/08/16 01:47:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\Firefox [2010/06/14 20:49:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\FlashCatch\firefox [2010/06/16 15:55:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/06/25 07:54:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/28 21:55:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/30 18:33:14 | 000,000,000 | ---D | M]

[2010/06/13 15:41:39 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\johnnie fritz\Application Data\Mozilla\Extensions
[2011/11/25 09:20:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\johnnie fritz\Application Data\Mozilla\Firefox\Profiles\6vx66vga.default\extensions
[2010/06/14 11:03:40 | 000,000,000 | ---D | M] (Screengrab) -- C:\Documents and Settings\johnnie fritz\Application Data\Mozilla\Firefox\Profiles\6vx66vga.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
[2011/08/31 11:58:46 | 000,000,000 | ---D | M] (FlashGot) -- C:\Documents and Settings\johnnie fritz\Application Data\Mozilla\Firefox\Profiles\6vx66vga.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2011/11/26 12:34:21 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\johnnie fritz\Application Data\Mozilla\Firefox\Profiles\6vx66vga.default\extensions\{33e0daa6-3af3-d8b5-6752-10e949c61516}
[2010/06/14 09:39:19 | 000,000,000 | ---D | M] (FEBE) -- C:\Documents and Settings\johnnie fritz\Application Data\Mozilla\Firefox\Profiles\6vx66vga.default\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}
[2011/08/16 00:46:31 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\johnnie fritz\Application Data\Mozilla\Firefox\Profiles\6vx66vga.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2011/11/18 21:40:00 | 000,000,000 | ---D | M] (WebScout FileBulldog Toolbar) -- C:\Documents and Settings\johnnie fritz\Application Data\Mozilla\Firefox\Profiles\6vx66vga.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}
[2011/08/31 11:58:45 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\johnnie fritz\Application Data\Mozilla\Firefox\Profiles\6vx66vga.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/08/31 11:58:17 | 000,000,000 | ---D | M] (Fast Video Download (with SearchMenu)) -- C:\Documents and Settings\johnnie fritz\Application Data\Mozilla\Firefox\Profiles\6vx66vga.default\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}
[2010/07/29 06:51:45 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Documents and Settings\johnnie fritz\Application Data\Mozilla\Firefox\Profiles\6vx66vga.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2010/06/14 10:36:43 | 000,000,000 | ---D | M] (flashget3 Extension) -- C:\Documents and Settings\johnnie fritz\Application Data\Mozilla\Firefox\Profiles\6vx66vga.default\extensions\{DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}
[2011/08/31 11:58:15 | 000,000,000 | ---D | M] (Ant Video Downloader) -- C:\Documents and Settings\johnnie fritz\Application Data\Mozilla\Firefox\Profiles\6vx66vga.default\extensions\[email protected]
[2011/09/30 18:25:11 | 000,000,000 | ---D | M] (Facemoods) -- C:\Documents and Settings\johnnie fritz\Application Data\Mozilla\Firefox\Profiles\6vx66vga.default\extensions\[email protected]
[2011/08/31 11:58:24 | 000,000,000 | ---D | M] ("NetVideoHunter") -- C:\Documents and Settings\johnnie fritz\Application Data\Mozilla\Firefox\Profiles\6vx66vga.default\extensions\[email protected]
[2010/06/14 11:13:56 | 000,000,000 | ---D | M] (ScrapBook Plus) -- C:\Documents and Settings\johnnie fritz\Application Data\Mozilla\Firefox\Profiles\6vx66vga.default\extensions\[email protected]
[2011/08/31 11:58:39 | 000,000,000 | ---D | M] (FastestFox) -- C:\Documents and Settings\johnnie fritz\Application Data\Mozilla\Firefox\Profiles\6vx66vga.default\extensions\[email protected]
[2011/11/24 22:51:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/11/21 16:53:52 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011/09/30 18:33:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/09/30 21:00:04 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG9\FIREFOX
[2011/08/16 01:47:41 | 000,000,000 | ---D | M] ("urn:mozilla:install-manifest" em:id="[email protected]" em:name="AVG Security Toolbar" em:version="7.007.026.001" em:displayname="AVG Security Toolbar" em:iconURL="chrome://tavgp/skin/logo.ico" em:creator="AVG Technologies" em:description="AVG Security Toolbar" em:homepageURL="http://www.avg.com" >) -- C:\PROGRAM FILES\AVG\AVG9\TOOLBAR\FIREFOX\[email protected]
[2011/09/30 18:32:52 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010/07/17 11:03:50 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/09/30 18:32:49 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/09/30 18:25:28 | 000,002,046 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrchddr.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\johnnie fritz\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U22 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\johnnie fritz\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\johnnie fritz\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\pdf.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Documents and Settings\johnnie fritz\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.7.0.8773_0\npSkypeChromePlugin.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Facebook Plugin (Enabled) = C:\Documents and Settings\johnnie fritz\Application Data\Facebook\npfbplugin_1_0_3.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\johnnie fritz\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Bing Bar (Enabled) = C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Complitly plugin for chrome = C:\Documents and Settings\johnnie fritz\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dlfienamagdnkekbbbocojppncdambda\1.1_0\
CHR - Extension: Facemoods = C:\Documents and Settings\johnnie fritz\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ihflimipbcaljfnojhhknppphnnciiif\1.4.0_0\
CHR - Extension: Skype Click to Call = C:\Documents and Settings\johnnie fritz\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.7.0.8773_0\

O1 HOSTS File: ([2010/12/03 04:39:15 | 000,426,615 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 14694 more lines...
O2 - BHO: (Complitly) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Documents and Settings\johnnie fritz\Application Data\Complitly\Complitly.dll File not found
O2 - BHO: (FGCatchUrl) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll File not found
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files\facemoods.com\facemoods\1.4.17.5\bh\facemoods.dll (facemoods.com BHO)
O2 - BHO: (FlashCatchBHO Class) - {88618A96-6D8A-42E7-B932-9073D5B2080F} - C:\Program Files\FlashCatch\flashcatch.dll (Level 9 Technology, Inc.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (FlashGetBHO) - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Documents and Settings\johnnie fritz\Application Data\FlashGetBHO\FlashGetBHO3.dll (Trend Media Group)
O2 - BHO: (FlashGet GetFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll (www.flashget.com)
O2 - BHO: (SMTTB2009 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\WebScout FileBulldog Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (FlashCatch) - {10CECF4F-A96E-4803-8AC2-F565FB29FF47} - C:\Program Files\FlashCatch\flashcatch.dll (Level 9 Technology, Inc.)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (WebScout FileBulldog Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files\WebScout FileBulldog Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files\facemoods.com\facemoods\1.4.17.5\facemoodsTlbr.dll (facemoods.com)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (FlashCatch) - {10CECF4F-A96E-4803-8AC2-F565FB29FF47} - C:\Program Files\FlashCatch\flashcatch.dll (Level 9 Technology, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe (Lenovo)
O4 - HKLM..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe File not found
O4 - HKLM..\Run: [cssauthe] C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauthe.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe" File not found
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe File not found
O4 - HKLM..\Run: [LPManager] C:\Program Files\Lenovo\LenovoCare\LPMGR.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] nwiz.exe /install File not found
O4 - HKLM..\Run: [OmniPass] C:\Program Files\Softex\OmniPass\scureapp.exe ()
O4 - HKLM..\Run: [RAMDrive] C:\Program Files\FarStone\VDPBS\VHD\RDTask.exe ()
O4 - HKLM..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe (Sonix)
O4 - HKLM..\Run: [suScheduler] C:\Program Files\ThinkVantage\SystemUpdate\UCLauncher.exe ()
O4 - HKLM..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPHKMGR.exe File not found
O4 - HKLM..\Run: [TPWAUDAP] C:\Program Files\Lenovo\HOTKEY\TpWAudAp.exe ()
O4 - HKLM..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide File not found
O4 - HKCU..\Run: [Google Update] "C:\Documents and Settings\johnnie fritz\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c File not found
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 4192
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\JC_ALL.HTM ()
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\JC_LINK.HTM ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Download all by FlashGet3 - C:\Documents and Settings\johnnie fritz\Application Data\FlashGetBHO\GetAllUrl.htm ()
O8 - Extra context menu item: Download by FlashGet3 - C:\Documents and Settings\johnnie fritz\Application Data\FlashGetBHO\GetUrl.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O9 - Extra Button: PDFill PDF Editor - {FB858B22-55E2-413f-87F5-30ADC5552151} - C:\Program Files\PlotSoft\PDFill\DownloadPDF.exe (PlotSoft LLC)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 124.106.6.2 124.106.5.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CE8D2926-F69A-462D-9521-217249D9C6E7}: DhcpNameServer = 124.106.6.2 124.106.5.2
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) -C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\ACNotify: DllName - (ACNotify.dll) - C:\PROGRAM FILES\THINKPAD\CONNECTUTILITIES\ACNotify.dll (Lenovo)
O20 - Winlogon\Notify\avgrsstarter: DllName - (avgrsstx.dll) - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\OPXPGina: DllName - (C:\Program Files\Softex\OmniPass\opxpgina.dll) - C:\Program Files\Softex\OmniPass\OPXPGina.dll ()
O20 - Winlogon\Notify\tphotkey: DllName - (tphklock.dll) - C:\WINDOWS\System32\tphklock.dll ()
O22 - SharedTaskScheduler: {1984DD45-52CF-49cd-AB77-18F378FEA264} - FencesShellExt - C:\Program Files\Stardock\Fences\FencesMenu.dll (Stardock)
O24 - Desktop WallPaper: C:\Documents and Settings\johnnie fritz\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\johnnie fritz\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/05/30 05:37:36 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{19b219fa-7a82-11df-86a7-000fb0c995c2}\Shell - "" = AutoRun
O33 - MountPoints2\{19b219fa-7a82-11df-86a7-000fb0c995c2}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{19b219fa-7a82-11df-86a7-000fb0c995c2}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{4644f3de-8878-11df-86ba-000fb0c995c2}\Shell - "" = AutoRun
O33 - MountPoints2\{4644f3de-8878-11df-86ba-000fb0c995c2}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{4644f3de-8878-11df-86ba-000fb0c995c2}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{62c1bd8c-7077-11df-8685-000fb0c995c2}\Shell\AutoRun\command - "" = F:\setupSNK.exe
O33 - MountPoints2\{759e0ed6-89f1-11e0-8706-000fb0c995c2}\Shell - "" = AutoRun
O33 - MountPoints2\{759e0ed6-89f1-11e0-8706-000fb0c995c2}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{759e0ed6-89f1-11e0-8706-000fb0c995c2}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{8958d8a5-9ee4-11df-86c1-000fb0c995c2}\Shell - "" = AutoRun
O33 - MountPoints2\{8958d8a5-9ee4-11df-86c1-000fb0c995c2}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{8958d8a5-9ee4-11df-86c1-000fb0c995c2}\Shell\AutoRun\command - "" = F:\unlock.exe autoplay=true
O33 - MountPoints2\{91c1ab5d-f81e-11df-86d4-0016cef3369d}\Shell - "" = AutoRun
O33 - MountPoints2\{91c1ab5d-f81e-11df-86d4-0016cef3369d}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{91c1ab5d-f81e-11df-86d4-0016cef3369d}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{935e9975-7a04-11df-86a6-000fb0c995c2}\Shell - "" = AutoRun
O33 - MountPoints2\{935e9975-7a04-11df-86a6-000fb0c995c2}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{935e9975-7a04-11df-86a6-000fb0c995c2}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{935e9978-7a04-11df-86a6-000fb0c995c2}\Shell - "" = AutoRun
O33 - MountPoints2\{935e9978-7a04-11df-86a6-000fb0c995c2}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{935e9978-7a04-11df-86a6-000fb0c995c2}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{9f161925-6b9c-11df-8664-000fb0c995c2}\Shell - "" = AutoRun
O33 - MountPoints2\{9f161925-6b9c-11df-8664-000fb0c995c2}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9f161925-6b9c-11df-8664-000fb0c995c2}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{9f161928-6b9c-11df-8664-000fb0c995c2}\Shell - "" = AutoRun
O33 - MountPoints2\{9f161928-6b9c-11df-8664-000fb0c995c2}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9f161928-6b9c-11df-8664-000fb0c995c2}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{b9da1279-97f8-11e0-8738-0016cef3369d}\Shell - "" = AutoRun
O33 - MountPoints2\{b9da1279-97f8-11e0-8738-0016cef3369d}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b9da1279-97f8-11e0-8738-0016cef3369d}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{d151807a-0817-11e1-88e2-0016cef3369d}\Shell - "" = AutoRun
O33 - MountPoints2\{d151807a-0817-11e1-88e2-0016cef3369d}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{d151807a-0817-11e1-88e2-0016cef3369d}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{d151807b-0817-11e1-88e2-0016cef3369d}\Shell - "" = AutoRun
O33 - MountPoints2\{d151807b-0817-11e1-88e2-0016cef3369d}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{d151807b-0817-11e1-88e2-0016cef3369d}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{e3b758ec-c16c-11e0-87b1-0016cef3369d}\Shell - "" = AutoRun
O33 - MountPoints2\{e3b758ec-c16c-11e0-87b1-0016cef3369d}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e3b758ec-c16c-11e0-87b1-0016cef3369d}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{fbe95d76-ffde-11e0-88ba-0016cef3369d}\Shell - "" = AutoRun
O33 - MountPoints2\{fbe95d76-ffde-11e0-88ba-0016cef3369d}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{fbe95d76-ffde-11e0-88ba-0016cef3369d}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{ff66b365-fe55-11df-86d6-0016cef3369d}\Shell - "" = AutoRun
O33 - MountPoints2\{ff66b365-fe55-11df-86d6-0016cef3369d}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ff66b365-fe55-11df-86d6-0016cef3369d}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/26 15:28:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\johnnie fritz\Application Data\Malwarebytes
[2011/11/26 15:28:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/11/26 15:28:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/11/26 15:28:07 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/11/26 15:28:06 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/11/26 14:31:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\johnnie fritz\Desktop\exehelper
[2011/11/26 14:31:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\johnnie fritz\Desktop\rkill
[2011/11/25 09:56:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\johnnie fritz\Application Data\ImgBurn
[2011/11/25 09:54:48 | 000,000,000 | ---D | C] -- C:\Program Files\ImgBurn
[2011/11/25 09:54:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ImgBurn
[2011/11/25 09:52:19 | 006,055,875 | ---- | C] (LIGHTNING UK!) -- C:\Documents and Settings\johnnie fritz\Desktop\SetupImgBurn_2.5.6.0.exe
[2011/11/24 16:39:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\johnnie fritz\Desktop\Please help! Infected with Win32 Heur and Win32 Tanatos.M [RESOLVE - Geeks to Go Forums - Page 2_files
[2011/11/24 16:22:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\johnnie fritz\Desktop\Please help! Infected with Win32 Heur and Win32 Tanatos.M [RESOLVE - Geeks to Go Forums_files
[2011/11/23 22:53:06 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\johnnie fritz\Recent
[2011/11/23 18:49:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\johnnie fritz\My Documents\Gerald Games 2011
[2011/11/22 12:49:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\microsoft
[2011/11/22 12:37:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\xlive
[2011/11/22 12:37:43 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Games for Windows - LIVE
[2011/11/22 12:32:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Zuxxez
[2011/11/22 12:25:31 | 000,000,000 | ---D | C] -- C:\Program Files\Zuxxez
[2011/11/21 23:47:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\johnnie fritz\Start Menu\Programs\LIMBO
[2011/11/21 23:47:01 | 000,000,000 | ---D | C] -- C:\Program Files\LIMBO
[2011/11/21 16:53:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\johnnie fritz\Application Data\Skype
[2011/11/21 16:51:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[2011/11/21 16:51:58 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2011/11/21 16:51:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2011/11/21 16:51:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Skype
[2011/11/21 13:46:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\johnnie fritz\Desktop\Review
[2011/11/21 12:10:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\johnnie fritz\Saved Games
[2011/11/21 12:05:08 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft XNA
[2011/11/21 12:04:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WB Games
[2011/11/21 11:54:07 | 000,000,000 | ---D | C] -- C:\Program Files\WB Games
[2011/11/19 10:02:38 | 000,000,000 | ---D | C] -- C:\Program Files\Frozen Synapse
[2011/11/19 00:02:28 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\johnnie fritz\Application Data\pcouffin.sys
[2011/11/19 00:02:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\johnnie fritz\My Documents\PcSetup
[2011/11/18 23:50:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\johnnie fritz\Application Data\Vso
[2011/11/18 22:25:49 | 000,000,000 | ---D | C] -- C:\Program Files\SystemRequirementsLab
[2011/11/18 22:23:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\johnnie fritz\Application Data\SystemRequirementsLab
[2011/11/18 22:22:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2011/11/18 21:41:05 | 000,000,000 | ---D | C] -- C:\Program Files\Complitly
[2011/11/18 21:41:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\johnnie fritz\Application Data\Complitly
[2011/11/18 21:40:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\johnnie fritz\Application Data\Toolbar4
[2011/11/18 21:40:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\johnnie fritz\Local Settings\Application Data\Somoto
[2011/11/18 21:39:39 | 000,000,000 | ---D | C] -- C:\Program Files\WebScout FileBulldog Toolbar
[2011/11/18 21:39:13 | 000,000,000 | ---D | C] -- C:\Program Files\WireBooster
[2011/11/15 22:54:56 | 000,000,000 | ---D | C] -- C:\Program Files\Ultra PSP Movie Converter
[2011/11/15 11:39:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\johnnie fritz\Application Data\vlc
[2011/11/15 11:38:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\VideoLAN
[2011/11/13 21:56:17 | 000,000,000 | ---D | C] -- C:\Program Files\CDisplay
[2011/11/13 21:56:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CDisplay
[2011/11/07 14:25:31 | 000,000,000 | ---D | C] -- C:\Program Files\SpeedFan
[2011/11/06 20:23:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\johnnie fritz\Start Menu\Programs\The KMPlayer
[2011/11/06 20:23:11 | 000,000,000 | ---D | C] -- C:\Program Files\The KMPlayer
[2011/11/06 12:27:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\johnnie fritz\Desktop\beast mode
[2011/11/06 09:35:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\johnnie fritz\Desktop\3 Idiots 2009 Hindi DVDRip XviD E-SuB xRG
[2011/10/31 12:11:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\johnnie fritz\Desktop\Kingston
[2011/10/31 11:51:38 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2011/10/29 19:49:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\johnnie fritz\My Documents\Rhiannon - Big Fish Edition
[2011/10/29 15:55:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\johnnie fritz\My Documents\ProjectBlackSun
[2011/10/29 15:53:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\johnnie fritz\Start Menu\Programs\Project Black Sun
[2011/10/29 15:53:44 | 000,000,000 | ---D | C] -- C:\Program Files\Project Black Sun
[2011/10/29 04:00:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\johnnie fritz\My Documents\My Saved Games
[2011/10/29 03:58:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Gemini Rue
[2011/10/29 03:57:12 | 000,000,000 | ---D | C] -- C:\Program Files\Gemini Rue
[2010/05/30 04:44:48 | 000,122,880 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnp2std.dll
[2010/05/30 04:44:48 | 000,061,440 | ---- | C] ( ) -- C:\WINDOWS\System32\csnp2std.dll
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/11/26 16:24:00 | 000,001,010 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1379659331-1222129270-24395848-1005UA.job
[2011/11/26 15:28:20 | 000,000,795 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/26 13:40:21 | 000,000,637 | ---- | M] () -- C:\Documents and Settings\johnnie fritz\Desktop\LIMBO.lnk
[2011/11/26 11:40:14 | 089,604,012 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2011/11/26 11:28:02 | 000,043,616 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011/11/26 11:27:33 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/11/26 11:25:29 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/11/26 11:25:25 | 1071,828,992 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/25 09:55:01 | 000,001,557 | ---- | M] () -- C:\Documents and Settings\johnnie fritz\Application Data\Microsoft\Internet Explorer\Quick Launch\ImgBurn.lnk
[2011/11/25 09:55:01 | 000,001,539 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ImgBurn.lnk
[2011/11/25 09:52:54 | 006,055,875 | ---- | M] (LIGHTNING UK!) -- C:\Documents and Settings\johnnie fritz\Desktop\SetupImgBurn_2.5.6.0.exe
[2011/11/25 09:50:29 | 189,118,464 | ---- | M] () -- C:\Documents and Settings\johnnie fritz\Desktop\drweb-livecd-600.iso
[2011/11/25 08:31:05 | 000,001,653 | ---- | M] () -- C:\Documents and Settings\johnnie fritz\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/11/25 03:28:44 | 000,086,528 | ---- | M] () -- C:\Documents and Settings\johnnie fritz\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/11/25 01:56:03 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/11/25 00:13:59 | 002,790,414 | ---- | M] () -- C:\Documents and Settings\johnnie fritz\Desktop\AVGdetected.bmp
[2011/11/23 18:24:05 | 000,000,958 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1379659331-1222129270-24395848-1005Core.job
[2011/11/23 15:36:43 | 000,000,786 | ---- | M] () -- C:\Documents and Settings\johnnie fritz\Desktop\Bastion.lnk
[2011/11/22 12:55:59 | 000,000,889 | ---- | M] () -- C:\Documents and Settings\johnnie fritz\Desktop\ Battle vs. Chess.lnk
[2011/11/22 01:09:43 | 000,000,946 | ---- | M] () -- C:\Documents and Settings\johnnie fritz\Desktop\Terraria.lnk
[2011/11/22 00:58:29 | 000,505,328 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/11/22 00:58:29 | 000,088,626 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/11/21 18:41:32 | 000,001,878 | ---- | M] () -- C:\Documents and Settings\johnnie fritz\Application Data\Microsoft\Internet Explorer\Quick Launch\Skype.lnk
[2011/11/21 16:51:59 | 000,001,878 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011/11/21 16:32:34 | 000,001,730 | -H-- | M] () -- C:\Documents and Settings\johnnie fritz\My Documents\Default.rdp
[2011/11/20 23:04:07 | 000,001,582 | ---- | M] () -- C:\Documents and Settings\johnnie fritz\Desktop\VisualBoy Advance.lnk
[2011/11/19 10:04:50 | 000,000,760 | ---- | M] () -- C:\Documents and Settings\johnnie fritz\Desktop\Frozen Synapse.lnk
[2011/11/19 00:02:28 | 000,047,360 | ---- | M] (VSO Software) -- C:\Documents and Settings\johnnie fritz\Application Data\pcouffin.sys
[2011/11/19 00:02:28 | 000,007,887 | ---- | M] () -- C:\Documents and Settings\johnnie fritz\Application Data\pcouffin.cat
[2011/11/19 00:02:28 | 000,001,144 | ---- | M] () -- C:\Documents and Settings\johnnie fritz\Application Data\pcouffin.inf
[2011/11/19 00:02:05 | 000,001,185 | ---- | M] () -- C:\Documents and Settings\johnnie fritz\Application Data\vso_ts_preview.xml
[2011/11/17 22:20:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2011/11/16 01:30:58 | 000,000,161 | ---- | M] () -- C:\WINDOWS\System32\temp_0000_85-18.aok
[2011/11/16 01:30:13 | 000,000,162 | ---- | M] () -- C:\WINDOWS\System32\test.aok
[2011/11/15 11:49:53 | 000,000,730 | ---- | M] () -- C:\Documents and Settings\johnnie fritz\Application Data\Microsoft\Internet Explorer\Quick Launch\VLC media player.lnk
[2011/11/15 11:38:07 | 000,000,730 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2011/11/13 21:56:17 | 000,000,641 | ---- | M] () -- C:\Documents and Settings\johnnie fritz\Desktop\CDisplay.lnk
[2011/11/13 21:24:05 | 000,000,873 | ---- | M] () -- C:\Documents and Settings\johnnie fritz\Desktop\Sun Broadband.lnk
[2011/11/07 14:25:29 | 000,000,045 | ---- | M] () -- C:\WINDOWS\System32\initdebug.nfo
[2011/11/07 00:46:41 | 000,000,721 | ---- | M] () -- C:\Documents and Settings\johnnie fritz\Application Data\Microsoft\Internet Explorer\Quick Launch\KMPlayer.lnk
[2011/11/06 20:24:32 | 000,000,721 | ---- | M] () -- C:\Documents and Settings\johnnie fritz\Desktop\KMPlayer.lnk
[2011/11/06 17:27:02 | 011,873,864 | ---- | M] () -- C:\Documents and Settings\johnnie fritz\My Documents\vlc-1.1.11-win32.exe
[2011/11/02 02:45:42 | 000,001,342 | ---- | M] () -- C:\Documents and Settings\johnnie fritz\Desktop\Rhiannon.lnk
[2011/10/29 15:53:47 | 000,000,791 | ---- | M] () -- C:\Documents and Settings\johnnie fritz\Desktop\Project Black Sun.lnk
[2011/10/29 03:59:20 | 000,000,717 | ---- | M] () -- C:\Documents and Settings\johnnie fritz\Desktop\Gemini Rue.lnk
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/11/26 15:28:20 | 000,000,795 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/25 09:55:01 | 000,001,557 | ---- | C] () -- C:\Documents and Settings\johnnie fritz\Application Data\Microsoft\Internet Explorer\Quick Launch\ImgBurn.lnk
[2011/11/25 09:55:01 | 000,001,539 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ImgBurn.lnk
[2011/11/25 09:28:21 | 189,118,464 | ---- | C] () -- C:\Documents and Settings\johnnie fritz\Desktop\drweb-livecd-600.iso
[2011/11/25 00:13:58 | 002,790,414 | ---- | C] () -- C:\Documents and Settings\johnnie fritz\Desktop\AVGdetected.bmp
[2011/11/23 15:36:43 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\johnnie fritz\Desktop\Bastion.lnk
[2011/11/22 12:55:59 | 000,000,889 | ---- | C] () -- C:\Documents and Settings\johnnie fritz\Desktop\ Battle vs. Chess.lnk
[2011/11/22 01:09:43 | 000,000,946 | ---- | C] () -- C:\Documents and Settings\johnnie fritz\Desktop\Terraria.lnk
[2011/11/21 23:47:10 | 000,000,637 | ---- | C] () -- C:\Documents and Settings\johnnie fritz\Desktop\LIMBO.lnk
[2011/11/21 18:41:32 | 000,001,878 | ---- | C] () -- C:\Documents and Settings\johnnie fritz\Application Data\Microsoft\Internet Explorer\Quick Launch\Skype.lnk
[2011/11/21 16:51:59 | 000,001,878 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011/11/21 13:24:42 | 000,001,342 | ---- | C] () -- C:\Documents and Settings\johnnie fritz\Desktop\Rhiannon.lnk
[2011/11/21 13:24:42 | 000,000,791 | ---- | C] () -- C:\Documents and Settings\johnnie fritz\Desktop\Project Black Sun.lnk
[2011/11/21 13:24:42 | 000,000,717 | ---- | C] () -- C:\Documents and Settings\johnnie fritz\Desktop\Gemini Rue.lnk
[2011/11/21 13:23:29 | 000,000,760 | ---- | C] () -- C:\Documents and Settings\johnnie fritz\Desktop\Frozen Synapse.lnk
[2011/11/19 00:02:28 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\johnnie fritz\Application Data\pcouffin.cat
[2011/11/19 00:02:28 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\johnnie fritz\Application Data\pcouffin.inf
[2011/11/18 23:50:32 | 000,001,185 | ---- | C] () -- C:\Documents and Settings\johnnie fritz\Application Data\vso_ts_preview.xml
[2011/11/15 23:13:43 | 000,000,161 | ---- | C] () -- C:\WINDOWS\System32\temp_0000_85-18.aok
[2011/11/15 23:12:09 | 000,000,162 | ---- | C] () -- C:\WINDOWS\System32\test.aok
[2011/11/15 11:49:53 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\johnnie fritz\Application Data\Microsoft\Internet Explorer\Quick Launch\VLC media player.lnk
[2011/11/15 11:38:07 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2011/11/13 21:56:17 | 000,000,641 | ---- | C] () -- C:\Documents and Settings\johnnie fritz\Desktop\CDisplay.lnk
[2011/11/13 21:24:05 | 000,000,873 | ---- | C] () -- C:\Documents and Settings\johnnie fritz\Desktop\Sun Broadband.lnk
[2011/11/07 14:25:27 | 000,000,045 | ---- | C] () -- C:\WINDOWS\System32\initdebug.nfo
[2011/11/07 00:46:41 | 000,000,721 | ---- | C] () -- C:\Documents and Settings\johnnie fritz\Application Data\Microsoft\Internet Explorer\Quick Launch\KMPlayer.lnk
[2011/11/06 20:24:32 | 000,000,721 | ---- | C] () -- C:\Documents and Settings\johnnie fritz\Desktop\KMPlayer.lnk
[2011/11/06 17:21:35 | 011,873,864 | ---- | C] () -- C:\Documents and Settings\johnnie fritz\My Documents\vlc-1.1.11-win32.exe
[2011/10/14 11:53:56 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2011/10/02 23:28:01 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2011/10/02 23:28:01 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2011/10/02 23:28:01 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2011/08/26 20:51:35 | 000,001,195 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2011/08/10 10:40:02 | 000,000,046 | ---- | C] () -- C:\WINDOWS\KeySkill.ini
[2011/08/10 10:38:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Sunburst Internet Installer.ini
[2011/06/05 13:16:17 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2011/06/05 13:16:17 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2011/05/26 12:50:41 | 000,008,192 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2010/08/08 09:53:30 | 000,373,600 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/08/02 19:24:12 | 000,000,145 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
[2010/07/14 11:21:42 | 000,061,440 | ---- | C] () -- C:\WINDOWS\eject_proj.exe
[2010/07/14 11:21:42 | 000,006,656 | ---- | C] () -- C:\WINDOWS\ewalkrun.exe
[2010/06/22 12:52:54 | 000,000,232 | ---- | C] () -- C:\WINDOWS\Mgr.INI
[2010/06/22 12:51:49 | 000,000,105 | ---- | C] () -- C:\WINDOWS\System32\config.ini
[2010/06/22 12:23:50 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\VDPross.dat
[2010/06/22 12:22:42 | 000,014,496 | R--- | C] () -- C:\WINDOWS\System32\VDI08X.dat
[2010/06/22 12:20:04 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\unVHDDrvExe.exe
[2010/06/22 12:20:04 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\inVHDDrvExe.exe
[2010/06/14 10:36:12 | 000,001,744 | ---- | C] () -- C:\WINDOWS\System32\secustat.dat
[2010/06/14 10:34:38 | 000,010,267 | ---- | C] () -- C:\WINDOWS\System32\secushr.dat
[2010/06/14 10:33:03 | 000,000,025 | ---- | C] () -- C:\WINDOWS\libem.INI
[2010/06/13 15:41:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/05/30 18:02:09 | 000,000,319 | ---- | C] () -- C:\WINDOWS\game.ini
[2010/05/30 05:59:17 | 000,086,528 | ---- | C] () -- C:\Documents and Settings\johnnie fritz\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/30 05:37:36 | 000,009,089 | R--- | C] () -- C:\WINDOWS\System32\Mfcuiz32.dll
[2010/05/30 05:37:36 | 000,006,925 | R--- | C] () -- C:\WINDOWS\System32\Wpwizapi.dll
[2010/05/30 05:37:36 | 000,004,726 | R--- | C] () -- C:\WINDOWS\System32\Dpxsockw.dll
[2010/05/30 05:37:31 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\johnnie fritz\Local Settings\Application Data\fusioncache.dat
[2010/05/30 05:16:58 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2010/05/30 05:16:15 | 000,006,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\IBMBLDID.sys
[2010/05/30 05:12:40 | 000,032,256 | ---- | C] () -- C:\WINDOWS\System32\drivers\psasrv.exe
[2010/05/30 05:01:26 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2010/05/30 05:01:25 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2010/05/30 05:01:25 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2010/05/30 05:01:25 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2010/05/30 05:01:25 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2010/05/30 05:01:25 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2010/05/30 05:00:58 | 000,114,688 | ---- | C] () -- C:\WINDOWS\desktopset.exe
[2010/05/30 05:00:43 | 000,028,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
[2010/05/30 04:58:55 | 000,000,032 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2010/05/30 04:44:49 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\tsnp2std.exe
[2010/05/30 04:44:49 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\SNCTRL.exe
[2010/05/30 04:44:48 | 010,446,592 | ---- | C] () -- C:\WINDOWS\System32\drivers\snp2sxp.sys
[2010/05/30 04:44:48 | 000,015,497 | ---- | C] () -- C:\WINDOWS\snp2std.ini
[2010/05/30 04:44:47 | 000,020,480 | ---- | C] () -- C:\WINDOWS\usnp2std.exe
[2010/05/30 04:28:52 | 000,002,481 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2010/05/30 04:05:38 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\tphklock.dll
[2010/05/29 23:45:42 | 000,000,137 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\fusioncache.dat
[2010/04/02 17:17:34 | 000,179,091 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2008/06/23 13:02:02 | 000,097,410 | R--- | C] () -- C:\Documents and Settings\All Users\Application Data\DeviceManager.xml.rc4
[2008/05/23 17:48:50 | 000,020,270 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\DeviceInstaller.xml
[2006/05/21 01:42:18 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\PMEBLib.dll
[2006/02/09 00:42:14 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\PMHlerIO.dll
[2006/01/20 03:46:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/01/18 01:31:30 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2005/08/13 00:52:46 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\ComRc.dll
[2005/08/10 23:01:34 | 000,020,864 | R--- | C] () -- C:\WINDOWS\System32\drivers\DVDRC.sys
[2005/05/23 23:22:24 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.BIN
[2005/05/23 23:22:24 | 000,004,547 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.DAT
[2004/08/11 00:23:46 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\mp3dec.dll
[2004/08/10 02:03:43 | 000,000,885 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 02:01:40 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/10 01:51:56 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/10 01:46:20 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/10 01:45:31 | 000,326,704 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/02/04 18:05:40 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\VDExt800.dll
[2003/09/19 00:03:12 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\GDExt800.dll
[2003/09/04 03:49:42 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\VDExt712.dll
[2003/08/15 17:52:42 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\GDExt712.dll
[2003/07/29 17:19:24 | 000,006,397 | R--- | C] () -- C:\WINDOWS\System32\drivers\SmartCd.sys
[2003/06/06 23:57:02 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\FsLodLib.dll
[2003/05/31 02:23:56 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\dcmesbox.dll
[2003/02/14 00:56:14 | 000,016,384 | ---- | C] () -- C:\WINDOWS\FSRunCmd.exe
[2001/11/15 03:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
[2001/05/05 01:55:32 | 000,232,448 | ---- | C] () -- C:\WINDOWS\System32\UNLHA32.DLL
[1996/04/04 03:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys
[1980/01/01 15:00:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[1980/01/01 15:00:00 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[1980/01/01 15:00:00 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[1980/01/01 15:00:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[1980/01/01 15:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[1980/01/01 15:00:00 | 000,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[1980/01/01 15:00:00 | 000,505,328 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[1980/01/01 15:00:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[1980/01/01 15:00:00 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[1980/01/01 15:00:00 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[1980/01/01 15:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[1980/01/01 15:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[1980/01/01 15:00:00 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[1980/01/01 15:00:00 | 000,088,626 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[1980/01/01 15:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[1980/01/01 15:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[1980/01/01 15:00:00 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[1980/01/01 15:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[1980/01/01 15:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[1980/01/01 15:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2010/06/14 20:58:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2011/11/26 11:45:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/05/30 04:56:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Borland
[2011/08/15 20:55:58 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2011/05/31 04:08:35 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2010/06/03 19:22:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2011/06/01 16:43:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GarenaMessenger
[2010/12/09 20:56:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Growl
[2011/06/01 18:22:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Individual Software
[2011/09/01 20:57:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2010/05/30 05:01:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lenovo
[2010/11/11 18:28:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCDr
[2010/06/05 18:17:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlotSoft
[2011/08/17 00:53:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SlySoft
[2011/08/08 18:37:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/05/30 05:38:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ThinkVantage
[2010/07/28 14:10:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Vodafone
[2010/08/02 19:24:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Western Digital
[2010/05/31 18:08:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/12/09 20:38:06 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{A3A26C56-02C3-4F76-A033-12EE2FB52AE6}
[2011/08/22 21:30:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\johnnie fritz\Application Data\.minecraft
[2010/12/09 21:01:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\johnnie fritz\Application Data\AnvSoft
[2011/07/16 20:59:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\johnnie fritz\Application Data\AVG9
[2011/10/14 16:10:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\johnnie fritz\Application Data\BITS
[2011/11/26 12:33:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\johnnie fritz\Application Data\Complitly
[2010/06/03 19:32:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\johnnie fritz\Application Data\DAEMON Tools Lite
[2010/06/17 21:22:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\johnnie fritz\Application Data\Facebook
[2011/09/30 21:02:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\johnnie fritz\Application Data\facemoods.com
[2010/06/22 12:30:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\johnnie fritz\Application Data\FarStone
[2010/06/14 10:32:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\johnnie fritz\Application Data\FlashGet
[2010/06/14 10:32:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\johnnie fritz\Application Data\FlashGetBHO
[2010/05/30 04:59:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\johnnie fritz\Application Data\IBM
[2011/11/25 09:56:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\johnnie fritz\Application Data\ImgBurn
[2010/05/30 20:23:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\johnnie fritz\Application Data\InterVideo
[2010/05/30 20:13:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\johnnie fritz\Application Data\Leadertech
[2011/09/04 10:19:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\johnnie fritz\Application Data\PSPDocMaker
[2011/08/13 18:07:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\johnnie fritz\Application Data\Rovio
[2010/12/09 20:38:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\johnnie fritz\Application Data\Stardock
[2011/11/18 22:23:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\johnnie fritz\Application Data\SystemRequirementsLab
[2011/01/17 19:27:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\johnnie fritz\Application Data\TeamViewer
[2010/05/30 05:38:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\johnnie fritz\Application Data\ThinkVantage
[2011/11/18 21:40:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\johnnie fritz\Application Data\Toolbar4
[2011/11/22 14:22:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\johnnie fritz\Application Data\uTorrent
[2010/07/07 15:11:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\johnnie fritz\Application Data\Vodafone
[2011/11/19 00:02:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\johnnie fritz\Application Data\Vso
[2011/11/17 22:20:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job
[2011/11/25 01:56:03 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

< End of report >

Sir question. Can I insert a USB just in case I cannot download again from this sick computer, would it not
effect or transfer the virus to another computer from that usb? Just to clarify things, if the .exe of an application
move into the virus vault for example AVG Antivirus. Would I be still recover it? Or at least to recover most of them.
Because when I looked into it, it seems there are many important application mostly .exe files are in there. And of course
to remove the virus completely. Will be waiting for your instructions.

Many many THANKS SIR!
  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
I would not recommend that you restore any file from the virus chest as that will re-initialise the infection.. You are better off reinstalling the affected programmes afresh

Lets protect the USB drive and the Host computer first... On the clean computer that you will be using for the file download/transfer download and run the following programme, ensuring that the USB drive you are going to be using is vaccinated as well

Download and run Panda Vaccinate usage instructions are on the download page

Once you have done that then transfer to the infected machines desktop the following:

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks, and allow the installation of the recovery console

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.


Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
  • 0

#5
fubitzu

fubitzu

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Good Day Sir.

I'm really sorry for quick the reply but I just wanna make sure that I understand fully your
instructions. Here's the list in numbered form in order from what I understand in your instructions.

1. Do not attempt to cure or restore files from the virus vault.
2. Reinstall the programs affected by the virus.
3. Protect the sick computer especially the USB drive which is one way of getting and spreading
the virus.
4. On the clean computer which I will be using for download/transfer files. I will install
PANDA VACCINATE to ensure the USB DRIVE I will use is vaccinated.
5. Download combo fix from the clean computer, transfer it into the sick computer via USB which
is supposed to be vaccinated.
6. Save Combofix.exe to the desktop of the sick computer.
7. Disable Antivirus and Antispyware application as it could hinder Combofix.
8. Run Combo fix and follow the prompts.
9. Submit to you the report of what happened with the combofix log.

I'm just confuse with your second sentence which is my number two on the list. Would you rephrase it again
in simple words I will start the procedure maybe tomorrow. I'm not in the house and using my brother's
computer. I will left the sick computer here. Hopefully I could start tomorrow. Really bad understanding English :help:

Many THANKS AGAIN.
  • 0

#6
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
That is not a problem and do not hesitate to ask if anything is unclear

For that point I would recommend that you download and reinstall any programme where the exe file has been compromised. For example Firefox and Internet explorer. The files placed in the quarantine by AVG are infected and are best left alone
  • 0

#7
fubitzu

fubitzu

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Good day Sir

So far so good. My task manager now is back. No threat. No pop up message from
my AVG Resident Shield saying "Threat Removed". I didn't put this to my previous post but
if you remember from my last two post I think I told you that I cannot download OTl.exe/
scr/com because it was interrupted by something from the Google Chrome but I was able to
download OTL from the mirror sites. Actually before I discovered the mirror copy for OTL,
I tried to run Malwarebytes'Anti-Malware (MBAM) and I even used different RKILL and EXEHELPER
applications. I runned MBAM, rkill and exeHelper. But nothing happens, no changes, until I discovered
OTL mirror site which I didn't notice before. Haha my bad. Because of that I don't have to
install VIPRE RESCUE and SASPS. And I notice I can download file except the OTL only. MBAM did discovered
something from my registry and quarantined it. Thanks to Dr.Web and MBAM for rescuing my Google Chrome and
Task Manager.

Going back, umm I guess the virus had calmed down for a while. I tried running some applications
games, office and not all are working as expected. Uninstall some nonworking programs but not yet
reinstall them I suppose it was inside the AVG Virus Vault. So that's why you recommended that I reinstall
my applications affected by the virus. I looked into the resident shield detection and saw 448 files.
Some files were healed, moved to virus vault and infected. I uninstalled MBAM Spywareblaster and
disable AVG Resident Shield and run ComboFix.exe. In the middle of the installation a message box
appeared and it said that it requires the Microsoft Recovery Console to be update so I agree and
the ComboFix installed and it started scanning yet in the middle of the process of scanning a
message box appeared that tells that my Windows application blah blah. I didn't do anything and
just wait as it might compromise the scan. I waited for several minutes and ComboFix did it
just have to do.

Here's the log for OTL


OTL logfile created on: 11/27/2011 20:16:21 - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\johnnie fritz\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.11 Mb Total Physical Memory | 259.27 Mb Available Physical Memory | 25.37% Memory free
2.40 Gb Paging File | 1.35 Gb Available in Paging File | 56.31% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.33 Gb Total Space | 4.31 Gb Free Space | 6.21% Space Free | Partition Type: NTFS

Computer Name: HOAH | User Name: johnnie fritz | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/26 16:36:49 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\johnnie fritz\Desktop\OTL.com
PRC - [2011/11/24 23:09:14 | 000,024,064 | ---- | M] () -- C:\Program Files\Lenovo\HOTKEY\TpWAudAp.exe
PRC - [2011/11/24 22:31:19 | 001,030,656 | ---- | M] (Google Inc.) -- C:\Documents and Settings\johnnie fritz\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2011/11/24 17:53:06 | 004,104,192 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgui.exe
PRC - [2011/10/25 01:08:00 | 002,078,048 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/12/02 07:47:58 | 000,621,920 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/12/02 07:46:21 | 000,725,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/07/17 02:34:59 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/07/17 02:34:45 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/07/17 02:33:37 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/05/10 11:33:42 | 000,110,592 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
PRC - [2010/05/10 11:32:36 | 001,858,048 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
PRC - [2010/05/10 11:32:06 | 000,482,304 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
PRC - [2008/04/14 08:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/05/20 01:39:16 | 000,057,344 | ---- | M] (Lenovo) -- C:\WINDOWS\system32\PMSveH.exe
PRC - [2006/04/18 04:13:00 | 000,094,208 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
PRC - [2006/04/18 04:12:28 | 000,151,552 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
PRC - [2006/04/18 04:12:26 | 000,040,960 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
PRC - [2006/04/18 04:09:10 | 000,409,600 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
PRC - [2006/04/18 03:59:10 | 000,098,304 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
PRC - [2006/02/28 15:20:44 | 002,076,672 | ---- | M] () -- C:\Program Files\Softex\OmniPass\scureapp.exe
PRC - [2006/02/28 15:20:02 | 000,013,312 | ---- | M] () -- C:\Program Files\Softex\OmniPass\OPXPApp.exe
PRC - [2006/02/28 15:18:32 | 000,032,768 | ---- | M] (Softex Inc.) -- C:\Program Files\Softex\OmniPass\OmniServ.exe
PRC - [2006/01/18 01:45:32 | 000,618,557 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
PRC - [2006/01/18 01:43:58 | 001,396,820 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\Lenovo\Bluetooth Software\BTStackServer.exe
PRC - [2006/01/18 01:37:24 | 000,266,295 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe
PRC - [2005/12/29 02:52:32 | 000,397,381 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
PRC - [2005/12/22 09:34:58 | 000,077,824 | ---- | M] () -- C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe
PRC - [2005/12/22 09:27:00 | 000,032,768 | ---- | M] () -- C:\Program Files\IBM ThinkVantage\Common\Logger\logmon.exe
PRC - [2005/12/22 09:20:56 | 001,384,448 | ---- | M] () -- C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
PRC - [2005/12/22 09:08:06 | 001,988,144 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauthe.exe
PRC - [2005/12/15 02:51:12 | 000,622,700 | ---- | M] (Diskeeper Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
PRC - [2005/12/07 16:00:00 | 000,106,496 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\LenovoCare\LPMGR.EXE
PRC - [2005/10/21 05:18:50 | 000,442,368 | ---- | M] (Sonix) -- C:\WINDOWS\vsnp2std.exe
PRC - [2005/08/02 08:32:40 | 000,040,960 | ---- | M] () -- C:\Program Files\ThinkVantage\SystemUpdate\UCLauncherService.exe
PRC - [2005/03/03 21:04:48 | 000,122,880 | R--- | M] () -- C:\Program Files\FarStone\VDPBS\Vhd\RDTask.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/24 23:09:14 | 000,024,064 | ---- | M] () -- C:\Program Files\Lenovo\HOTKEY\TpWAudAp.exe
MOD - [2011/11/15 13:39:54 | 000,420,920 | ---- | M] () -- C:\Documents and Settings\johnnie fritz\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\ppgooglenaclpluginchrome.dll
MOD - [2011/11/15 13:39:53 | 003,702,840 | ---- | M] () -- C:\Documents and Settings\johnnie fritz\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\pdf.dll
MOD - [2011/11/15 13:38:16 | 000,122,952 | ---- | M] () -- C:\Documents and Settings\johnnie fritz\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\avutil-51.dll
MOD - [2011/11/15 13:38:15 | 000,222,280 | ---- | M] () -- C:\Documents and Settings\johnnie fritz\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\avformat-53.dll
MOD - [2011/11/15 13:38:14 | 001,746,504 | ---- | M] () -- C:\Documents and Settings\johnnie fritz\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\avcodec-53.dll
MOD - [2011/11/15 10:36:18 | 008,593,056 | ---- | M] () -- C:\Documents and Settings\johnnie fritz\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\gcswf32.dll
MOD - [2011/05/30 23:47:17 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\e0d56c0582316e9ecb4c18186e37217c\System.ServiceProcess.ni.dll
MOD - [2011/05/30 23:46:45 | 000,771,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\1d03df7f7548613e8beab2cc21e57910\System.Runtime.Remoting.ni.dll
MOD - [2011/05/30 23:46:43 | 000,627,712 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\ff5c7a52497d892f3a3206384d46b5e7\System.EnterpriseServices.ni.dll
MOD - [2011/05/30 23:46:41 | 000,627,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\990d96810a21e0fa95f916ffc66f3a94\System.Transactions.ni.dll
MOD - [2011/05/30 23:46:30 | 000,998,400 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\042658de519bb1e22ec5925092061892\System.Management.ni.dll
MOD - [2011/05/30 23:46:16 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d6b4509225efde2a4e3db77205f8a51\System.Configuration.ni.dll
MOD - [2011/05/30 23:41:36 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\b06e49ed8cbe07dbb90e313fa634b27b\System.Xml.ni.dll
MOD - [2011/05/30 23:40:36 | 006,616,576 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\1337829e3df6888464a17aab78bb9b8f\System.Data.ni.dll
MOD - [2011/05/30 23:38:35 | 002,933,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2011/05/30 23:38:16 | 000,261,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2011/05/30 23:36:17 | 007,949,824 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\f02cf6430a9fc77908a74ab6925cb73c\System.ni.dll
MOD - [2011/05/30 23:36:06 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\62d5f089dd51f18472a7caf1593d9f6b\mscorlib.ni.dll
MOD - [2010/05/10 11:32:36 | 001,858,048 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
MOD - [2010/05/10 11:32:06 | 000,482,304 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
MOD - [2006/04/18 04:13:16 | 000,192,512 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\AcGolan.dll
MOD - [2006/04/18 04:12:32 | 000,114,688 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\AcLocMigrator.dll
MOD - [2006/04/18 04:12:26 | 000,040,960 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
MOD - [2006/04/18 04:12:24 | 000,413,696 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvcHlpr.dll
MOD - [2006/04/18 04:12:22 | 000,077,824 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\AcAdaptersInfo.dll
MOD - [2006/04/18 04:12:18 | 000,532,480 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\ACon.dll
MOD - [2006/04/18 03:47:38 | 000,094,208 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\ThinQCon.dll
MOD - [2006/04/18 03:47:18 | 000,090,112 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvcStub.dll
MOD - [2006/04/18 03:44:32 | 000,007,680 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\ACTurinSupport.dll
MOD - [2006/04/18 03:44:28 | 000,143,360 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgr.dll
MOD - [2006/04/18 03:44:22 | 000,151,552 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\AcLocSettings.dll
MOD - [2006/04/18 03:43:44 | 000,077,824 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\AcCryptHlpr.dll
MOD - [2006/04/18 03:43:38 | 000,077,824 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\ACHelper.dll
MOD - [2006/02/28 15:21:50 | 000,025,024 | ---- | M] () -- C:\Program Files\Softex\OmniPass\hdddrv.dll
MOD - [2006/02/28 15:21:08 | 000,049,152 | ---- | M] () -- C:\Program Files\Softex\OmniPass\OPXPGina.dll
MOD - [2006/02/28 15:20:44 | 002,076,672 | ---- | M] () -- C:\Program Files\Softex\OmniPass\scureapp.exe
MOD - [2006/02/28 15:20:02 | 000,013,312 | ---- | M] () -- C:\Program Files\Softex\OmniPass\OPXPApp.exe
MOD - [2006/02/28 15:19:40 | 000,122,880 | ---- | M] () -- C:\Program Files\Softex\OmniPass\ginastub.dll
MOD - [2006/02/28 15:15:26 | 000,053,248 | ---- | M] () -- C:\Program Files\Softex\OmniPass\scuredll.dll
MOD - [2006/02/28 15:14:56 | 000,327,680 | ---- | M] () -- C:\Program Files\Softex\OmniPass\userdata.dll
MOD - [2006/02/28 15:14:40 | 000,790,528 | ---- | M] () -- C:\Program Files\Softex\OmniPass\autheng.dll
MOD - [2006/02/28 15:14:30 | 000,012,288 | ---- | M] () -- C:\Program Files\Softex\OmniPass\cryptodll.dll
MOD - [2006/02/28 15:14:28 | 000,434,176 | ---- | M] () -- C:\Program Files\Softex\OmniPass\storeng.dll
MOD - [2006/02/28 15:14:12 | 000,010,752 | ---- | M] () -- C:\Program Files\Softex\OmniPass\SSPLogon.dll
MOD - [2006/02/28 15:10:46 | 002,179,504 | ---- | M] () -- C:\Program Files\Softex\OmniPass\sftxtgp.dll
MOD - [2006/01/18 01:46:48 | 000,053,248 | ---- | M] () -- C:\Program Files\Lenovo\Bluetooth Software\BTKeyInd.dll
MOD - [2005/12/29 03:11:34 | 000,876,544 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\Libeay32.dll
MOD - [2005/12/29 03:11:34 | 000,208,965 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\iWMSProv.dll
MOD - [2005/12/29 03:11:34 | 000,053,322 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\IntStngs.dll
MOD - [2005/12/22 09:34:58 | 000,077,824 | ---- | M] () -- C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe
MOD - [2005/12/22 09:27:00 | 000,032,768 | ---- | M] () -- C:\Program Files\IBM ThinkVantage\Common\Logger\logmon.exe
MOD - [2005/12/22 09:23:06 | 000,139,264 | ---- | M] () -- C:\Program Files\IBM ThinkVantage\Rescue and Recovery\CDRecord.dll
MOD - [2005/12/22 09:20:56 | 001,384,448 | ---- | M] () -- C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
MOD - [2005/12/22 09:19:10 | 000,155,648 | ---- | M] () -- C:\Program Files\IBM ThinkVantage\Rescue and Recovery\ui.dll
MOD - [2005/12/22 09:19:02 | 000,069,632 | ---- | M] () -- C:\Program Files\IBM ThinkVantage\Rescue and Recovery\zlib.dll
MOD - [2005/12/22 09:15:14 | 000,671,744 | ---- | M] () -- C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rr_res.dll
MOD - [2005/12/21 11:46:04 | 000,024,576 | ---- | M] () -- C:\WINDOWS\system32\tphklock.dll
MOD - [2005/12/10 23:28:40 | 000,045,056 | ---- | M] () -- C:\Program Files\Lenovo\HOTKEY\TpWAudHk.dll
MOD - [2005/12/07 16:00:00 | 000,057,344 | ---- | M] () -- C:\Program Files\Lenovo\LenovoCare\US\LPRESMGR.DLL
MOD - [2005/12/05 08:33:00 | 000,466,944 | ---- | M] () -- C:\WINDOWS\system32\nvshell.dll
MOD - [2005/11/17 01:05:08 | 000,970,862 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\acAuth.dll
MOD - [2005/08/13 00:53:12 | 000,106,496 | ---- | M] () -- C:\Program Files\FarStone\VDPBS\Vhd\RDTask_RC.dll
MOD - [2005/08/02 08:32:40 | 000,040,960 | ---- | M] () -- C:\Program Files\ThinkVantage\SystemUpdate\UCLauncherService.exe
MOD - [2005/08/02 08:32:36 | 000,147,456 | ---- | M] () -- C:\Program Files\ThinkVantage\SystemUpdate\UCLauncherCommon.dll
MOD - [2005/07/20 18:34:28 | 000,126,976 | ---- | M] () -- C:\Program Files\ThinkVantage\AMSG\ahlprunl.dll
MOD - [2005/06/30 18:54:50 | 000,180,224 | ---- | M] () -- C:\Program Files\ThinkVantage\AMSG\AcpPollingEngine.dll
MOD - [2005/03/03 21:04:48 | 000,122,880 | R--- | M] () -- C:\Program Files\FarStone\VDPBS\Vhd\RDTask.exe
MOD - [2005/03/03 21:04:46 | 000,077,824 | R--- | M] () -- C:\Program Files\FarStone\VDPBS\Vhd\RDrv2KInterface.dll
MOD - [2004/06/29 01:03:56 | 000,028,672 | R--- | M] () -- C:\Program Files\FarStone\VDPBS\Vhd\RDrvInterface.dll
MOD - [2003/06/06 23:57:02 | 000,024,576 | R--- | M] () -- C:\Program Files\FarStone\VDPBS\Vhd\FsLodLib.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (PsaSrv)
SRV - File not found [On_Demand | Stopped] -- -- (AVG Security Toolbar Service)
SRV - [2010/07/17 02:34:45 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/05/10 11:33:42 | 000,110,592 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
SRV - [2010/05/10 11:32:36 | 001,858,048 | ---- | M] () [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe -- (WDFME)
SRV - [2010/05/10 11:32:06 | 000,482,304 | ---- | M] () [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe -- (WDSC)
SRV - [2008/07/04 12:52:18 | 000,014,336 | ---- | M] (Vodafone) [Disabled | Stopped] -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe -- (VMCService)
SRV - [2006/11/03 18:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2006/05/20 01:39:16 | 000,057,344 | ---- | M] (Lenovo) [Auto | Running] -- C:\WINDOWS\system32\PMSveH.exe -- (PMSveH)
SRV - [2006/04/18 04:12:28 | 000,151,552 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe -- (AcSvc)
SRV - [2006/04/18 04:12:26 | 000,040,960 | ---- | M] () [Auto | Running] -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)
SRV - [2006/02/28 15:18:32 | 000,032,768 | ---- | M] (Softex Inc.) [Auto | Running] -- C:\Program Files\Softex\OmniPass\OmniServ.exe -- (omniserv)
SRV - [2006/01/18 01:37:24 | 000,266,295 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe -- (btwdins)
SRV - [2005/12/22 09:34:58 | 000,077,824 | ---- | M] () [Auto | Running] -- C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe -- (TVT Scheduler)
SRV - [2005/12/22 09:20:56 | 001,384,448 | ---- | M] () [Auto | Running] -- C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe -- (TVT Backup Service)
SRV - [2005/12/15 02:51:12 | 000,622,700 | ---- | M] (Diskeeper Corporation) [Auto | Running] -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper)
SRV - [2005/08/02 08:32:40 | 000,040,960 | ---- | M] () [Auto | Running] -- C:\Program Files\ThinkVantage\SystemUpdate\UCLauncherService.exe -- (UCLauncherService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
DRV - [2011/09/30 15:55:44 | 000,029,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2011/05/31 01:10:17 | 000,243,152 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2011/03/19 00:08:54 | 000,025,240 | ---- | M] (Almico Software) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)
DRV - [2010/07/17 02:33:44 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/06/03 19:23:14 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010/05/30 05:12:40 | 000,016,256 | ---- | M] (Lenovo) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd)
DRV - [2009/02/13 12:02:52 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2008/11/12 13:50:52 | 000,110,080 | R--- | M] (ZTE Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbnet.sys -- (ZTEusbnet)
DRV - [2008/11/12 13:50:52 | 000,105,344 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2008/11/12 13:50:52 | 000,104,960 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\zteusbvoice.sys -- (ZTEusbvoice)
DRV - [2008/11/12 13:50:52 | 000,104,960 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2008/11/12 13:50:52 | 000,104,960 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2008/11/12 13:50:52 | 000,007,680 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\massfilter.sys -- (massfilter)
DRV - [2008/09/26 18:01:12 | 000,113,664 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbnet.sys -- (ewusbnet)
DRV - [2008/09/26 18:01:00 | 000,101,376 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2008/09/09 14:35:08 | 000,119,936 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sshsmdm.sys -- (sshsmdm)
DRV - [2008/09/09 14:35:08 | 000,091,776 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sshsbus.sys -- (sshsbus) SAMSUNG Mobile USB Multi-Device driver (WDM)
DRV - [2008/09/09 14:35:08 | 000,014,976 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sshsmdfl.sys -- (sshsmdfl)
DRV - [2006/04/17 09:58:12 | 000,048,896 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2006/02/27 20:46:20 | 000,081,408 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2006/01/18 01:21:52 | 000,328,061 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2006/01/18 01:18:22 | 000,850,474 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2006/01/18 01:15:36 | 000,030,459 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2006/01/18 01:14:52 | 000,065,688 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2006/01/18 01:11:56 | 000,148,900 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2006/01/13 15:33:22 | 000,006,016 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\IBMBLDID.sys -- (IBMTPCHK)
DRV - [2006/01/11 17:42:00 | 000,007,168 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS -- (TSMAPIP)
DRV - [2005/12/29 04:22:08 | 000,013,568 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2005/12/22 08:14:58 | 000,012,544 | ---- | M] (IBM) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ibmfilter.sys -- (ibmfilter)
DRV - [2005/12/22 05:09:50 | 000,010,240 | ---- | M] (Lenovo ) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\PMHler.sys -- (PMHler)
DRV - [2005/12/13 07:08:44 | 001,124,097 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2005/12/05 15:55:30 | 001,428,096 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel®
DRV - [2005/11/17 11:28:32 | 000,028,928 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2005/11/09 00:27:20 | 000,011,520 | ---- | M] (IBM Corp.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ANC.sys -- (ANC)
DRV - [2005/11/02 09:08:00 | 000,308,992 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2005/11/02 08:54:50 | 000,051,584 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2005/10/18 07:16:50 | 010,446,592 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\snp2sxp.sys -- (SNP2STD) USB2.0 PC Camera (SNP2STD)
DRV - [2005/08/10 23:01:34 | 000,020,864 | R--- | M] () [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DVDRC.sys -- (DVDRC)
DRV - [2005/08/06 01:41:12 | 000,138,496 | ---- | M] (Farstone Corporation) [File_System | Boot | Running] -- C:\WINDOWS\System32\drivers\fsUdf.sys -- (FsUdf)
DRV - [2005/07/16 00:07:00 | 000,064,868 | R--- | M] (FarStone Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\fvdscsi.sys -- (fvdscsi)
DRV - [2005/03/30 09:02:22 | 000,116,594 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ATSwpDrv.sys -- (ATSWPDRV) AuthenTec TruePrint USB Driver (AES2500)
DRV - [2005/01/08 08:07:16 | 000,145,920 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService)
DRV - [2004/09/22 03:46:26 | 000,037,409 | R--- | M] (FarStone) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\fsRamDsk.sys -- (fsRamDsk)
DRV - [2003/08/06 16:46:12 | 000,010,899 | R--- | M] (FarStone Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\fcdabus.sys -- (fcdabus)
DRV - [1996/04/04 03:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.facemoods.com/?a=ddr
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Documents and Settings\johnnie fritz\Application Data\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\johnnie fritz\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\johnnie fritz\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2011/09/30 21:00:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVG\AVG9\Toolbar\Firefox\[email protected] [2011/08/16 01:47:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\Firefox [2010/06/14 20:49:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\FlashCatch\firefox [2010/06/16 15:55:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/06/25 07:54:23 | 000,000,000 | ---D | M]

[2011/11/27 15:31:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/11/21 16:53:52 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011/09/30 18:33:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/09/30 18:32:49 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/09/30 18:25:28 | 000,002,046 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrchddr.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\johnnie fritz\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U22 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\johnnie fritz\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\johnnie fritz\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\pdf.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Documents and Settings\johnnie fritz\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.7.0.8773_0\npSkypeChromePlugin.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Facebook Plugin (Enabled) = C:\Documents and Settings\johnnie fritz\Application Data\Facebook\npfbplugin_1_0_3.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\johnnie fritz\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Bing Bar (Enabled) = C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Complitly plugin for chrome = C:\Documents and Settings\johnnie fritz\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dlfienamagdnkekbbbocojppncdambda\1.1_0\
CHR - Extension: Skype Click to Call = C:\Documents and Settings\johnnie fritz\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.7.0.8773_0\

O1 HOSTS File: ([2011/11/27 18:56:53 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Complitly) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Documents and Settings\johnnie fritz\Application Data\Complitly\Complitly.dll File not found
O2 - BHO: (FGCatchUrl) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll File not found
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (FlashCatchBHO Class) - {88618A96-6D8A-42E7-B932-9073D5B2080F} - C:\Program Files\FlashCatch\flashcatch.dll (Level 9 Technology, Inc.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (FlashGetBHO) - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Documents and Settings\johnnie fritz\Application Data\FlashGetBHO\FlashGetBHO3.dll (Trend Media Group)
O2 - BHO: (FlashGet GetFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll (www.flashget.com)
O2 - BHO: (SMTTB2009 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\WebScout FileBulldog Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (FlashCatch) - {10CECF4F-A96E-4803-8AC2-F565FB29FF47} - C:\Program Files\FlashCatch\flashcatch.dll (Level 9 Technology, Inc.)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (FlashCatch) - {10CECF4F-A96E-4803-8AC2-F565FB29FF47} - C:\Program Files\FlashCatch\flashcatch.dll (Level 9 Technology, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe (Lenovo)
O4 - HKLM..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [cssauthe] C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauthe.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [LPManager] C:\Program Files\Lenovo\LenovoCare\LPMGR.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [OmniPass] C:\Program Files\Softex\OmniPass\scureapp.exe ()
O4 - HKLM..\Run: [RAMDrive] C:\Program Files\FarStone\VDPBS\VHD\RDTask.exe ()
O4 - HKLM..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe (Sonix)
O4 - HKLM..\Run: [suScheduler] C:\Program Files\ThinkVantage\SystemUpdate\UCLauncher.exe ()
O4 - HKLM..\Run: [TPWAUDAP] C:\Program Files\Lenovo\HOTKEY\TpWAudAp.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\JC_ALL.HTM ()
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\JC_LINK.HTM ()
O8 - Extra context menu item: Download all by FlashGet3 - C:\Documents and Settings\johnnie fritz\Application Data\FlashGetBHO\GetAllUrl.htm ()
O8 - Extra context menu item: Download by FlashGet3 - C:\Documents and Settings\johnnie fritz\Application Data\FlashGetBHO\GetUrl.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O9 - Extra Button: PDFill PDF Editor - {FB858B22-55E2-413f-87F5-30ADC5552151} - C:\Program Files\PlotSoft\PDFill\DownloadPDF.exe (PlotSoft LLC)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 124.106.6.2 124.106.5.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CE8D2926-F69A-462D-9521-217249D9C6E7}: DhcpNameServer = 124.106.6.2 124.106.5.2
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - (avgrsstx.dll) - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\OPXPGina: DllName - (C:\Program Files\Softex\OmniPass\opxpgina.dll) - C:\Program Files\Softex\OmniPass\OPXPGina.dll ()
O20 - Winlogon\Notify\tphotkey: DllName - (tphklock.dll) - C:\WINDOWS\System32\tphklock.dll ()
O24 - Desktop WallPaper: C:\Documents and Settings\johnnie fritz\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\johnnie fritz\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/05/30 05:37:36 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/27 19:09:31 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/11/27 18:35:13 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/11/27 18:29:17 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/11/27 18:29:17 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/11/27 18:29:17 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/11/27 18:29:17 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/11/27 18:29:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/11/27 18:29:03 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/11/27 18:24:09 | 004,307,937 | R--- | C] (Swearware) -- C:\Documents and Settings\johnnie fritz\Desktop\ComboFix.exe
[2011/11/27 18:23:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\johnnie fritz\Desktop\instal
[2011/11/27 15:44:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\johnnie fritz\Desktop\New Folder
[2011/11/26 18:46:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\johnnie fritz\Desktop\antivir
[2011/11/26 18:39:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\johnnie fritz\Desktop\t
[2011/11/26 16:36:05 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\johnnie fritz\Desktop\OTL.com
[2011/11/26 15:28:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\johnnie fritz\Application Data\Malwarebytes
[2011/11/26 15:28:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/11/26 14:31:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\johnnie fritz\Desktop\exehelper
[2011/11/26 14:31:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\johnnie fritz\Desktop\rkill
[2011/11/25 09:56:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\johnnie fritz\Application Data\ImgBurn
[2011/11/25 09:54:48 | 000,000,000 | ---D | C] -- C:\Program Files\ImgBurn
[2011/11/25 09:54:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ImgBurn
[2011/11/24 16:39:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\johnnie fritz\Desktop\Please help! Infected with Win32 Heur and Win32 Tanatos.M [RESOLVE - Geeks to Go Forums - Page 2_files
[2011/11/24 16:22:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\johnnie fritz\Desktop\Please help! Infected with Win32 Heur and Win32 Tanatos.M [RESOLVE - Geeks to Go Forums_files
[2011/11/23 22:53:06 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\johnnie fritz\Recent
[2011/11/23 18:49:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\johnnie fritz\My Documents\Gerald Games 2011
[2011/11/22 12:49:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\microsoft
[2011/11/22 12:37:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\xlive
[2011/11/22 12:37:43 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Games for Windows - LIVE
[2011/11/22 12:32:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Zuxxez
[2011/11/22 12:25:31 | 000,000,000 | ---D | C] -- C:\Program Files\Zuxxez
[2011/11/21 23:47:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\johnnie fritz\Start Menu\Programs\LIMBO
[2011/11/21 23:47:01 | 000,000,000 | ---D | C] -- C:\Program Files\LIMBO
[2011/11/21 16:53:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\johnnie fritz\Application Data\Skype
[2011/11/21 16:51:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[2011/11/21 16:51:58 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2011/11/21 16:51:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2011/11/21 16:51:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Skype
[2011/11/21 13:46:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\johnnie fritz\Desktop\Review
[2011/11/21 12:10:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\johnnie fritz\Saved Games
[2011/11/21 12:05:08 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft XNA
[2011/11/21 11:54:07 | 000,000,000 | ---D | C] -- C:\Program Files\WB Games
[2011/11/19 10:02:38 | 000,000,000 | ---D | C] -- C:\Program Files\Frozen Synapse
[2011/11/19 00:02:28 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\johnnie fritz\Application Data\pcouffin.sys
[2011/11/19 00:02:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\johnnie fritz\My Documents\PcSetup
[2011/11/18 23:50:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\johnnie fritz\Application Data\Vso
[2011/11/18 22:25:49 | 000,000,000 | ---D | C] -- C:\Program Files\SystemRequirementsLab
[2011/11/18 22:23:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\johnnie fritz\Application Data\SystemRequirementsLab
[2011/11/18 22:22:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2011/11/18 21:41:05 | 000,000,000 | ---D | C] -- C:\Program Files\Complitly
[2011/11/18 21:41:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\johnnie fritz\Application Data\Complitly
[2011/11/18 21:40:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\johnnie fritz\Local Settings\Application Data\Somoto
[2011/11/18 21:39:39 | 000,000,000 | ---D | C] -- C:\Program Files\WebScout FileBulldog Toolbar
[2011/11/18 21:39:13 | 000,000,000 | ---D | C] -- C:\Program Files\WireBooster
[2011/11/15 22:54:56 | 000,000,000 | ---D | C] -- C:\Program Files\Ultra PSP Movie Converter
[2011/11/15 11:39:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\johnnie fritz\Application Data\vlc
[2011/11/15 11:38:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\VideoLAN
[2011/11/13 21:56:17 | 000,000,000 | ---D | C] -- C:\Program Files\CDisplay
[2011/11/13 21:56:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CDisplay
[2011/11/07 14:25:31 | 000,000,000 | ---D | C] -- C:\Program Files\SpeedFan
[2011/11/06 20:23:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\johnnie fritz\Start Menu\Programs\The KMPlayer
[2011/11/06 20:23:11 | 000,000,000 | ---D | C] -- C:\Program Files\The KMPlayer
[2011/11/06 12:27:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\johnnie fritz\Desktop\beast mode
[2011/11/06 09:35:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\johnnie fritz\Desktop\3 Idiots 2009 Hindi DVDRip XviD E-SuB xRG
[2011/10/31 12:11:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\johnnie fritz\Desktop\Kingston
[2011/10/31 11:51:38 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2011/10/29 19:49:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\johnnie fritz\My Documents\Rhiannon - Big Fish Edition
[2011/10/29 15:55:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\johnnie fritz\My Documents\ProjectBlackSun
[2011/10/29 15:53:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\johnnie fritz\Start Menu\Programs\Project Black Sun
[2011/10/29 15:53:44 | 000,000,000 | ---D | C] -- C:\Program Files\Project Black Sun
[2011/10/29 04:00:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\johnnie fritz\My Documents\My Saved Games
[2011/10/29 03:58:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Gemini Rue
[2011/10/29 03:57:12 | 000,000,000 | ---D | C] -- C:\Program Files\Gemini Rue
[2010/05/30 04:44:48 | 000,122,880 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnp2std.dll
[2010/05/30 04:44:48 | 000,061,440 | ---- | C] ( ) -- C:\WINDOWS\System32\csnp2std.dll
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/11/27 19:29:17 | 000,110,998 | ---- | M] () -- C:\Documents and Settings\johnnie fritz\Desktop\afterblackscreen.JPG
[2011/11/27 19:27:36 | 003,044,214 | ---- | M] () -- C:\Documents and Settings\johnnie fritz\Desktop\blackscreen.bmp
[2011/11/27 18:57:29 | 000,043,616 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011/11/27 18:56:53 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/11/27 18:56:45 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/11/27 18:54:40 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/11/27 18:54:36 | 1071,828,992 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/27 18:35:20 | 000,000,310 | RHS- | M] () -- C:\BOOT.INI
[2011/11/27 16:49:48 | 000,001,449 | ---- | M] () -- C:\Documents and Settings\johnnie fritz\Desktop\Yuri's Revenge.lnk
[2011/11/27 14:45:25 | 089,655,648 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2011/11/26 21:19:38 | 004,307,937 | R--- | M] (Swearware) -- C:\Documents and Settings\johnnie fritz\Desktop\ComboFix.exe
[2011/11/26 16:36:49 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\johnnie fritz\Desktop\OTL.com
[2011/11/26 15:28:20 | 000,000,795 | ---- | M] () -- C:\Documents and Settings\johnnie fritz\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/26 13:40:21 | 000,000,637 | ---- | M] () -- C:\Documents and Settings\johnnie fritz\Desktop\LIMBO.lnk
[2011/11/25 09:55:01 | 000,001,557 | ---- | M] () -- C:\Documents and Settings\johnnie fritz\Application Data\Microsoft\Internet Explorer\Quick Launch\ImgBurn.lnk
[2011/11/25 09:55:01 | 000,001,539 | ---- | M] () -- C:\Documents and Settings\johnnie fritz\Desktop\ImgBurn.lnk
[2011/11/25 03:28:44 | 000,086,528 | ---- | M] () -- C:\Documents and Settings\johnnie fritz\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/11/25 01:56:03 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/11/23 15:36:43 | 000,000,786 | ---- | M] () -- C:\Documents and Settings\johnnie fritz\Desktop\Bastion.lnk
[2011/11/22 12:55:59 | 000,000,889 | ---- | M] () -- C:\Documents and Settings\johnnie fritz\Desktop\ Battle vs. Chess.lnk
[2011/11/22 01:09:43 | 000,000,946 | ---- | M] () -- C:\Documents and Settings\johnnie fritz\Desktop\Terraria.lnk
[2011/11/22 00:58:29 | 000,505,328 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/11/22 00:58:29 | 000,088,626 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/11/21 18:41:32 | 000,001,878 | ---- | M] () -- C:\Documents and Settings\johnnie fritz\Application Data\Microsoft\Internet Explorer\Quick Launch\Skype.lnk
[2011/11/21 16:51:59 | 000,001,878 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011/11/21 16:32:34 | 000,001,730 | -H-- | M] () -- C:\Documents and Settings\johnnie fritz\My Documents\Default.rdp
[2011/11/20 23:04:07 | 000,001,582 | ---- | M] () -- C:\Documents and Settings\johnnie fritz\Desktop\VisualBoy Advance.lnk
[2011/11/19 10:04:50 | 000,000,760 | ---- | M] () -- C:\Documents and Settings\johnnie fritz\Desktop\Frozen Synapse.lnk
[2011/11/19 00:02:28 | 000,047,360 | ---- | M] (VSO Software) -- C:\Documents and Settings\johnnie fritz\Application Data\pcouffin.sys
[2011/11/19 00:02:28 | 000,007,887 | ---- | M] () -- C:\Documents and Settings\johnnie fritz\Application Data\pcouffin.cat
[2011/11/19 00:02:28 | 000,001,144 | ---- | M] () -- C:\Documents and Settings\johnnie fritz\Application Data\pcouffin.inf
[2011/11/16 01:30:58 | 000,000,161 | ---- | M] () -- C:\WINDOWS\System32\temp_0000_85-18.aok
[2011/11/16 01:30:13 | 000,000,162 | ---- | M] () -- C:\WINDOWS\System32\test.aok
[2011/11/15 11:49:53 | 000,000,730 | ---- | M] () -- C:\Documents and Settings\johnnie fritz\Application Data\Microsoft\Internet Explorer\Quick Launch\VLC media player.lnk
[2011/11/15 11:38:07 | 000,000,730 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2011/11/13 21:56:17 | 000,000,641 | ---- | M] () -- C:\Documents and Settings\johnnie fritz\Desktop\CDisplay.lnk
[2011/11/13 21:24:05 | 000,000,873 | ---- | M] () -- C:\Documents and Settings\johnnie fritz\Desktop\Sun Broadband.lnk
[2011/11/07 14:25:29 | 000,000,045 | ---- | M] () -- C:\WINDOWS\System32\initdebug.nfo
[2011/11/07 00:46:41 | 000,000,721 | ---- | M] () -- C:\Documents and Settings\johnnie fritz\Application Data\Microsoft\Internet Explorer\Quick Launch\KMPlayer.lnk
[2011/11/06 20:24:32 | 000,000,721 | ---- | M] () -- C:\Documents and Settings\johnnie fritz\Desktop\KMPlayer.lnk
[2011/11/06 17:27:02 | 011,873,864 | ---- | M] () -- C:\Documents and Settings\johnnie fritz\My Documents\vlc-1.1.11-win32.exe
[2011/11/02 02:45:42 | 000,001,342 | ---- | M] () -- C:\Documents and Settings\johnnie fritz\Desktop\Rhiannon.lnk
[2011/10/29 15:53:47 | 000,000,791 | ---- | M] () -- C:\Documents and Settings\johnnie fritz\Desktop\Project Black Sun.lnk
[2011/10/29 03:59:20 | 000,000,717 | ---- | M] () -- C:\Documents and Settings\johnnie fritz\Desktop\Gemini Rue.lnk
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/11/27 19:29:17 | 000,110,998 | ---- | C] () -- C:\Documents and Settings\johnnie fritz\Desktop\afterblackscreen.JPG
[2011/11/27 19:27:35 | 003,044,214 | ---- | C] () -- C:\Documents and Settings\johnnie fritz\Desktop\blackscreen.bmp
[2011/11/27 18:35:20 | 000,000,194 | ---- | C] () -- C:\Boot.bak
[2011/11/27 18:35:15 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/11/27 18:29:17 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/11/27 18:29:17 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/11/27 18:29:17 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/11/27 18:29:17 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/11/27 18:29:17 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/11/26 18:46:48 | 000,001,539 | ---- | C] () -- C:\Documents and Settings\johnnie fritz\Desktop\ImgBurn.lnk
[2011/11/26 18:46:48 | 000,000,795 | ---- | C] () -- C:\Documents and Settings\johnnie fritz\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/25 09:55:01 | 000,001,557 | ---- | C] () -- C:\Documents and Settings\johnnie fritz\Application Data\Microsoft\Internet Explorer\Quick Launch\ImgBurn.lnk
[2011/11/23 15:36:43 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\johnnie fritz\Desktop\Bastion.lnk
[2011/11/22 12:55:59 | 000,000,889 | ---- | C] () -- C:\Documents and Settings\johnnie fritz\Desktop\ Battle vs. Chess.lnk
[2011/11/22 01:09:43 | 000,000,946 | ---- | C] () -- C:\Documents and Settings\johnnie fritz\Desktop\Terraria.lnk
[2011/11/21 23:47:10 | 000,000,637 | ---- | C] () -- C:\Documents and Settings\johnnie fritz\Desktop\LIMBO.lnk
[2011/11/21 18:41:32 | 000,001,878 | ---- | C] () -- C:\Documents and Settings\johnnie fritz\Application Data\Microsoft\Internet Explorer\Quick Launch\Skype.lnk
[2011/11/21 16:51:59 | 000,001,878 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011/11/21 13:24:42 | 000,001,342 | ---- | C] () -- C:\Documents and Settings\johnnie fritz\Desktop\Rhiannon.lnk
[2011/11/21 13:24:42 | 000,000,791 | ---- | C] () -- C:\Documents and Settings\johnnie fritz\Desktop\Project Black Sun.lnk
[2011/11/21 13:24:42 | 000,000,717 | ---- | C] () -- C:\Documents and Settings\johnnie fritz\Desktop\Gemini Rue.lnk
[2011/11/21 13:23:29 | 000,000,760 | ---- | C] () -- C:\Documents and Settings\johnnie fritz\Desktop\Frozen Synapse.lnk
[2011/11/19 00:02:28 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\johnnie fritz\Application Data\pcouffin.cat
[2011/11/19 00:02:28 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\johnnie fritz\Application Data\pcouffin.inf
[2011/11/15 23:13:43 | 000,000,161 | ---- | C] () -- C:\WINDOWS\System32\temp_0000_85-18.aok
[2011/11/15 23:12:09 | 000,000,162 | ---- | C] () -- C:\WINDOWS\System32\test.aok
[2011/11/15 11:49:53 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\johnnie fritz\Application Data\Microsoft\Internet Explorer\Quick Launch\VLC media player.lnk
[2011/11/15 11:38:07 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2011/11/13 21:56:17 | 000,000,641 | ---- | C] () -- C:\Documents and Settings\johnnie fritz\Desktop\CDisplay.lnk
[2011/11/13 21:24:05 | 000,000,873 | ---- | C] () -- C:\Documents and Settings\johnnie fritz\Desktop\Sun Broadband.lnk
[2011/11/07 14:25:27 | 000,000,045 | ---- | C] () -- C:\WINDOWS\System32\initdebug.nfo
[2011/11/07 00:46:41 | 000,000,721 | ---- | C] () -- C:\Documents and Settings\johnnie fritz\Application Data\Microsoft\Internet Explorer\Quick Launch\KMPlayer.lnk
[2011/11/06 20:24:32 | 000,000,721 | ---- | C] () -- C:\Documents and Settings\johnnie fritz\Desktop\KMPlayer.lnk
[2011/11/06 17:21:35 | 011,873,864 | ---- | C] () -- C:\Documents and Settings\johnnie fritz\My Documents\vlc-1.1.11-win32.exe
[2011/10/14 11:53:56 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2011/10/02 23:28:01 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2011/10/02 23:28:01 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2011/10/02 23:28:01 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2011/08/26 20:51:35 | 000,001,195 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2011/08/10 10:40:02 | 000,000,046 | ---- | C] () -- C:\WINDOWS\KeySkill.ini
[2011/08/10 10:38:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Sunburst Internet Installer.ini
[2011/06/05 13:16:17 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2011/06/05 13:16:17 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2011/05/26 12:50:41 | 000,008,192 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2010/08/08 09:53:30 | 000,373,600 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/08/02 19:24:12 | 000,000,145 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
[2010/07/14 11:21:42 | 000,061,440 | ---- | C] () -- C:\WINDOWS\eject_proj.exe
[2010/07/14 11:21:42 | 000,006,656 | ---- | C] () -- C:\WINDOWS\ewalkrun.exe
[2010/06/22 12:52:54 | 000,000,232 | ---- | C] () -- C:\WINDOWS\Mgr.INI
[2010/06/22 12:23:50 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\VDPross.dat
[2010/06/22 12:22:42 | 000,014,496 | R--- | C] () -- C:\WINDOWS\System32\VDI08X.dat
[2010/06/22 12:20:04 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\unVHDDrvExe.exe
[2010/06/22 12:20:04 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\inVHDDrvExe.exe
[2010/06/14 10:36:12 | 000,001,744 | ---- | C] () -- C:\WINDOWS\System32\secustat.dat
[2010/06/14 10:34:38 | 000,010,267 | ---- | C] () -- C:\WINDOWS\System32\secushr.dat
[2010/06/14 10:33:03 | 000,000,025 | ---- | C] () -- C:\WINDOWS\libem.INI
[2010/06/13 15:41:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/05/30 18:02:09 | 000,000,319 | ---- | C] () -- C:\WINDOWS\game.ini
[2010/05/30 05:59:17 | 000,086,528 | ---- | C] () -- C:\Documents and Settings\johnnie fritz\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/30 05:37:36 | 000,009,089 | R--- | C] () -- C:\WINDOWS\System32\Mfcuiz32.dll
[2010/05/30 05:37:36 | 000,006,925 | R--- | C] () -- C:\WINDOWS\System32\Wpwizapi.dll
[2010/05/30 05:37:36 | 000,004,726 | R--- | C] () -- C:\WINDOWS\System32\Dpxsockw.dll
[2010/05/30 05:37:31 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\johnnie fritz\Local Settings\Application Data\fusioncache.dat
[2010/05/30 05:16:58 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2010/05/30 05:16:15 | 000,006,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\IBMBLDID.sys
[2010/05/30 05:12:40 | 000,032,256 | ---- | C] () -- C:\WINDOWS\System32\drivers\psasrv.exe
[2010/05/30 05:01:26 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2010/05/30 05:01:25 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2010/05/30 05:01:25 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2010/05/30 05:01:25 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2010/05/30 05:01:25 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2010/05/30 05:01:25 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2010/05/30 05:00:58 | 000,114,688 | ---- | C] () -- C:\WINDOWS\desktopset.exe
[2010/05/30 05:00:43 | 000,028,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
[2010/05/30 04:58:55 | 000,000,032 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2010/05/30 04:44:49 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\tsnp2std.exe
[2010/05/30 04:44:49 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\SNCTRL.exe
[2010/05/30 04:44:48 | 010,446,592 | ---- | C] () -- C:\WINDOWS\System32\drivers\snp2sxp.sys
[2010/05/30 04:44:48 | 000,015,497 | ---- | C] () -- C:\WINDOWS\snp2std.ini
[2010/05/30 04:44:47 | 000,020,480 | ---- | C] () -- C:\WINDOWS\usnp2std.exe
[2010/05/30 04:28:52 | 000,002,481 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2010/05/30 04:05:38 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\tphklock.dll
[2010/05/29 23:45:42 | 000,000,137 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\fusioncache.dat
[2010/04/02 17:17:34 | 000,179,091 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2008/06/23 13:02:02 | 000,097,410 | R--- | C] () -- C:\Documents and Settings\All Users\Application Data\DeviceManager.xml.rc4
[2008/05/23 17:48:50 | 000,020,270 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\DeviceInstaller.xml
[2006/05/21 01:42:18 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\PMEBLib.dll
[2006/02/09 00:42:14 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\PMHlerIO.dll
[2006/01/20 03:46:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/01/18 01:31:30 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2005/08/13 00:52:46 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\ComRc.dll
[2005/08/10 23:01:34 | 000,020,864 | R--- | C] () -- C:\WINDOWS\System32\drivers\DVDRC.sys
[2005/05/23 23:22:24 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.BIN
[2005/05/23 23:22:24 | 000,004,547 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.DAT
[2004/08/11 00:23:46 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\mp3dec.dll
[2004/08/10 02:03:43 | 000,000,885 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 02:01:40 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/10 01:51:56 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/10 01:46:20 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/10 01:45:31 | 000,326,704 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/02/04 18:05:40 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\VDExt800.dll
[2003/09/19 00:03:12 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\GDExt800.dll
[2003/09/04 03:49:42 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\VDExt712.dll
[2003/08/15 17:52:42 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\GDExt712.dll
[2003/07/29 17:19:24 | 000,006,397 | R--- | C] () -- C:\WINDOWS\System32\drivers\SmartCd.sys
[2003/06/06 23:57:02 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\FsLodLib.dll
[2003/05/31 02:23:56 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\dcmesbox.dll
[2003/02/14 00:56:14 | 000,016,384 | ---- | C] () -- C:\WINDOWS\FSRunCmd.exe
[2001/11/15 03:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
[2001/05/05 01:55:32 | 000,232,448 | ---- | C] () -- C:\WINDOWS\System32\UNLHA32.DLL
[1996/04/04 03:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys
[1980/01/01 15:00:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[1980/01/01 15:00:00 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[1980/01/01 15:00:00 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[1980/01/01 15:00:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[1980/01/01 15:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[1980/01/01 15:00:00 | 000,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[1980/01/01 15:00:00 | 000,505,328 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[1980/01/01 15:00:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[1980/01/01 15:00:00 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[1980/01/01 15:00:00 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[1980/01/01 15:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[1980/01/01 15:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[1980/01/01 15:00:00 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[1980/01/01 15:00:00 | 000,088,626 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[1980/01/01 15:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[1980/01/01 15:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[1980/01/01 15:00:00 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[1980/01/01 15:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[1980/01/01 15:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[1980/01/01 15:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2010/06/14 20:58:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2011/11/26 18:03:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/05/30 04:56:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Borland
[2011/08/15 20:55:58 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2011/05/31 04:08:35 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2010/06/03 19:22:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2011/06/01 16:43:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GarenaMessenger
[2010/12/09 20:56:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Growl
[2011/06/01 18:22:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Individual Software
[2011/09/01 20:57:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2010/05/30 05:01:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lenovo
[2010/11/11 18:28:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCDr
[2010/06/05 18:17:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlotSoft
[2011/08/17 00:53:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SlySoft
[2010/05/30 05:38:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ThinkVantage
[2010/07/28 14:10:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Vodafone
[2010/08/02 19:24:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Western Digital
[2010/05/31 18:08:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/08/22 21:30:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\johnnie fritz\Application Data\.minecraft
[2010/12/09 21:01:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\johnnie fritz\Application Data\AnvSoft
[2011/07/16 20:59:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\johnnie fritz\Application Data\AVG9
[2011/10/14 16:10:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\johnnie fritz\Application Data\BITS
[2011/11/26 12:33:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\johnnie fritz\Application Data\Complitly
[2010/06/03 19:32:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\johnnie fritz\Application Data\DAEMON Tools Lite
[2010/06/17 21:22:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\johnnie fritz\Application Data\Facebook
[2010/06/22 12:30:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\johnnie fritz\Application Data\FarStone
[2010/06/14 10:32:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\johnnie fritz\Application Data\FlashGet
[2010/06/14 10:32:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\johnnie fritz\Application Data\FlashGetBHO
[2010/05/30 04:59:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\johnnie fritz\Application Data\IBM
[2011/11/25 09:56:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\johnnie fritz\Application Data\ImgBurn
[2010/05/30 20:23:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\johnnie fritz\Application Data\InterVideo
[2010/05/30 20:13:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\johnnie fritz\Application Data\Leadertech
[2011/09/04 10:19:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\johnnie fritz\Application Data\PSPDocMaker
[2011/08/13 18:07:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\johnnie fritz\Application Data\Rovio
[2010/12/09 20:38:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\johnnie fritz\Application Data\Stardock
[2011/11/18 22:23:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\johnnie fritz\Application Data\SystemRequirementsLab
[2011/01/17 19:27:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\johnnie fritz\Application Data\TeamViewer
[2010/05/30 05:38:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\johnnie fritz\Application Data\ThinkVantage
[2011/11/22 14:22:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\johnnie fritz\Application Data\uTorrent
[2010/07/07 15:11:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\johnnie fritz\Application Data\Vodafone
[2011/11/19 00:02:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\johnnie fritz\Application Data\Vso
[2011/11/25 01:56:03 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========



< End of report >



for the ComboFix



ComboFix 11-11-26.01 - johnnie fritz 11/27/2011 18:38:20.1.2 - x86
Running from: c:\documents and settings\johnnie fritz\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\johnnie fritz\Application Data\facemoods.com
c:\documents and settings\johnnie fritz\Application Data\Toolbar4
c:\documents and settings\johnnie fritz\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\affid.dat
c:\documents and settings\johnnie fritz\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\basis.xml
c:\documents and settings\johnnie fritz\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\icons.bmp
c:\documents and settings\johnnie fritz\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\info.txt
c:\documents and settings\johnnie fritz\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\install.ico
c:\documents and settings\johnnie fritz\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\mbback.bmp
c:\documents and settings\johnnie fritz\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\mbbigopen.bmp
c:\documents and settings\johnnie fritz\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\mbclose.bmp
c:\documents and settings\johnnie fritz\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\mbfwd.bmp
c:\documents and settings\johnnie fritz\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\mbsep.bmp
c:\documents and settings\johnnie fritz\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\nav1c.bmp
c:\documents and settings\johnnie fritz\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\tbcore3.inf
c:\documents and settings\johnnie fritz\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\TbHelper2.exe
c:\documents and settings\johnnie fritz\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\uninstall.exe
c:\documents and settings\johnnie fritz\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\UninstallToolbar.exe
c:\documents and settings\johnnie fritz\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\update.exe
c:\documents and settings\johnnie fritz\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\version.txt
c:\documents and settings\johnnie fritz\Application Data\vso_ts_preview.xml
c:\documents and settings\johnnie fritz\WINDOWS
c:\program files\facemoods.com
c:\program files\facemoods.com\facemoods\1.4.17.5\bh\facemoods.dll
c:\program files\facemoods.com\facemoods\1.4.17.5\facemoods.crx
c:\program files\facemoods.com\facemoods\1.4.17.5\facemoods.png
c:\program files\facemoods.com\facemoods\1.4.17.5\facemoodsApp.dll
c:\program files\facemoods.com\facemoods\1.4.17.5\facemoodsEng.dll
c:\program files\facemoods.com\facemoods\1.4.17.5\facemoodssrv.exe
c:\program files\facemoods.com\facemoods\1.4.17.5\facemoodsTlbr.dll
c:\program files\facemoods.com\facemoods\1.4.17.5\uninstall.exe
c:\program files\WebScout FileBulldog Toolbar\tbHElper.dll
c:\windows\CSC\d6
c:\windows\ST6UNST.000
c:\windows\system32\Config.ini
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_dac970nt
-------\Service_NPF
.
.
((((((((((((((((((((((((( Files Created from 2011-10-27 to 2011-11-27 )))))))))))))))))))))))))))))))
.
.
2011-11-27 10:54 . 2011-11-27 10:54 23327 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\COMBOBOX.JS
2011-11-27 10:54 . 2011-11-27 10:54 8782 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\BUTTON.JS
2011-11-27 10:54 . 2011-11-27 10:54 7271 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\CHECKBOX.JS
2011-11-27 07:30 . 2010-07-16 22:24 17880 ----a-w- c:\program files\Mozilla Firefox\nsw4A.tmp\xpcom.dll
2011-11-26 07:28 . 2011-11-26 07:28 -------- d-----w- c:\documents and settings\johnnie fritz\Application Data\Malwarebytes
2011-11-26 07:28 . 2011-11-26 07:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-11-25 01:56 . 2011-11-25 01:56 -------- d-----w- c:\documents and settings\johnnie fritz\Application Data\ImgBurn
2011-11-25 01:54 . 2011-11-25 01:54 -------- d-----w- c:\program files\ImgBurn
2011-11-24 15:09 . 2011-11-24 15:08 57344 ----a-w- c:\windows\AGRSMMSG.exe
2011-11-22 04:37 . 2011-11-22 04:38 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
2011-11-22 04:37 . 2011-11-22 04:37 -------- d-----w- c:\windows\system32\xlive
2011-11-22 04:25 . 2011-11-22 04:25 -------- d-----w- c:\program files\Zuxxez
2011-11-21 15:47 . 2011-11-24 09:13 -------- d-----w- c:\program files\LIMBO
2011-11-21 08:53 . 2011-11-26 07:04 -------- d-----w- c:\documents and settings\johnnie fritz\Application Data\Skype
2011-11-21 08:51 . 2011-11-21 08:53 -------- d-----r- c:\program files\Skype
2011-11-21 08:51 . 2011-11-21 08:51 -------- d-----w- c:\program files\Common Files\Skype
2011-11-21 08:51 . 2011-11-21 08:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2011-11-21 04:10 . 2011-11-21 04:10 -------- d-----w- c:\documents and settings\johnnie fritz\Saved Games
2011-11-21 04:05 . 2011-11-21 04:05 -------- d-----w- c:\program files\Microsoft XNA
2011-11-21 03:54 . 2011-11-21 03:54 -------- d-----w- c:\program files\WB Games
2011-11-19 02:02 . 2011-11-24 09:13 -------- d-----w- c:\program files\Frozen Synapse
2011-11-18 16:02 . 2011-11-18 16:02 47360 ----a-w- c:\documents and settings\johnnie fritz\Application Data\pcouffin.sys
2011-11-18 15:50 . 2011-11-18 16:02 -------- d-----w- c:\documents and settings\johnnie fritz\Application Data\Vso
2011-11-18 14:25 . 2011-11-18 14:25 -------- d-----w- c:\program files\SystemRequirementsLab
2011-11-18 14:23 . 2011-11-18 14:23 -------- d-----w- c:\documents and settings\johnnie fritz\Application Data\SystemRequirementsLab
2011-11-18 14:22 . 2011-11-18 14:22 -------- d-----w- c:\windows\Sun
2011-11-18 13:41 . 2011-11-26 04:33 -------- d-----w- c:\documents and settings\johnnie fritz\Application Data\Complitly
2011-11-18 13:41 . 2011-11-18 13:41 -------- d-----w- c:\program files\Complitly
2011-11-18 13:40 . 2011-11-26 04:41 -------- d-----w- c:\documents and settings\johnnie fritz\Local Settings\Application Data\Somoto
2011-11-18 13:39 . 2011-11-27 10:49 -------- d-----w- c:\program files\WebScout FileBulldog Toolbar
2011-11-18 13:39 . 2011-11-24 08:27 -------- d-----w- c:\program files\WireBooster
2011-11-15 14:54 . 2011-11-16 09:39 -------- d-----w- c:\program files\Ultra PSP Movie Converter
2011-11-15 03:39 . 2011-11-18 15:48 -------- d-----w- c:\documents and settings\johnnie fritz\Application Data\vlc
2011-11-14 01:27 . 2011-11-14 01:27 4335776 ----a-w- c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
2011-11-13 13:56 . 2011-11-13 13:56 -------- d-----w- c:\program files\CDisplay
2011-11-07 06:25 . 2011-11-09 04:24 -------- d-----w- c:\program files\SpeedFan
2011-11-06 12:23 . 2011-11-14 15:39 -------- d-----w- c:\program files\The KMPlayer
2011-10-31 03:51 . 2011-10-31 03:51 -------- d--h--w- c:\windows\PIF
2011-10-29 07:53 . 2011-11-24 09:44 -------- d-----w- c:\program files\Project Black Sun
2011-10-28 19:57 . 2011-11-24 08:02 -------- d-----w- c:\program files\Gemini Rue
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-27 06:39 . 2010-05-29 21:13 5427 ----a-w- c:\windows\system32\EGATHDRV.SYS
2011-11-24 09:55 . 2010-06-15 05:54 253952 -c--a-w- c:\windows\Setup1.exe
2011-10-14 03:56 . 2011-10-14 03:53 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2011-10-03 14:34 . 2011-10-02 15:28 21840 ----atw- c:\windows\system32\SIntfNT.dll
2011-10-03 14:34 . 2011-10-02 15:28 17212 ----atw- c:\windows\system32\SIntf32.dll
2011-10-03 14:34 . 2011-10-02 15:28 12067 ----atw- c:\windows\system32\SIntf16.dll
2011-09-30 10:32 . 2011-09-30 10:33 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-09-30 10:32 . 2011-09-30 10:33 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-09-30 07:55 . 2010-06-13 13:15 29712 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-05-30 05:26 . 2010-06-15 02:16 119808 -c----w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2011-05-30 2495816]
.
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2011-05-30 03:33 2495816 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2011-05-30 2495816]
.
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2011-05-30 2495816]
.
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-12-05 7340032]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2011-11-24 761856]
"TPWAUDAP"="c:\program files\Lenovo\HOTKEY\TpWAudAp.exe" [2011-11-24 24064]
"AGRSMMSG"="AGRSMMSG.exe" [2011-11-24 57344]
"snp2std"="c:\windows\vsnp2std.exe" [2005-10-20 442368]
"suScheduler"="c:\program files\ThinkVantage\SystemUpdate\UCLauncher.exe" [2011-11-24 40960]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-10 86960]
"OmniPass"="c:\program files\Softex\OmniPass\scureapp.exe" [2006-02-28 2076672]
"AMSG"="c:\program files\ThinkVantage\AMSG\Amsg.exe" [2005-11-23 507904]
"LPManager"="c:\progra~1\Lenovo\LENOVO~2\LPMGR.exe" [2005-12-07 106496]
"cssauthe"="c:\program files\IBM ThinkVantage\Client Security Solution\cssauthe.exe" [2005-12-22 1988144]
"ACTray"="c:\program files\ThinkPad\ConnectUtilities\ACTray.exe" [2006-04-17 409600]
"ACWLIcon"="c:\program files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2006-04-17 98304]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2011-11-24 221184]
"Bing Bar"="c:\program files\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe" [2010-04-27 243544]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"RAMDrive"="c:\program files\FarStone\VDPBS\VHD\RDTask.exe" [2005-03-03 122880]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2011-10-24 2078048]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-03 435096]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\Lenovo\Bluetooth Software\BTTray.exe [2006-1-18 618557]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-07-16 18:34 12536 ------w- c:\windows\system32\avgrsstx.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina]
2006-02-28 07:21 49152 ------w- c:\program files\Softex\OmniPass\OPXPGina.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2005-12-21 03:46 24576 ------w- c:\windows\system32\tphklock.dll
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WDDMStatus.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WDDMStatus.lnk
backup=c:\windows\pss\WDDMStatus.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^johnnie fritz^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\documents and settings\johnnie fritz\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2010-05-30 04:58 30192 ------w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 03:44 31072 ------w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2011-11-24 10:05 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-11-24 09:51 214528 -c--a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MobileConnect]
2008-07-04 04:52 2072576 ----a-w- c:\program files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RAMDrive]
2005-03-03 13:04 122880 -c----r- c:\program files\FarStone\VDPBS\Vhd\RDTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 08:07 2260480 -csh--r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-11-24 09:44 320512 -c--a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualDrive]
2005-08-09 10:36 143360 -c----r- c:\program files\FarStone\VDPBS\VDP\vdtask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2006-10-18 12:05 204288 ------w- c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"VMCService"=2 (0x2)
"iPod Service"=3 (0x3)
"gusvc"=3 (0x3)
"GoogleDesktopManager-110309-193829"=3 (0x3)
"Apple Mobile Device"=2 (0x2)
"wuauserv"=2 (0x2)
"helpsvc"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\FlashGet\\flashget.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Growl for Windows\\Growl.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\IBM\\Java142\\jre\\bin\\javaw.exe"=
.
R0 FsUdf;FsUdf;c:\windows\system32\drivers\fsUdf.sys [8/6/2005 01:41 138496]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [6/3/2010 19:23 691696]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [6/13/2010 21:15 216400]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [6/13/2010 21:15 243152]
R1 PMHler;PMHler;c:\windows\system32\drivers\PMHler.sys [12/22/2005 05:09 10240]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [7/17/2010 02:34 308136]
R2 smi2;smi2;c:\program files\SMI2\smi2.sys [12/22/2005 07:45 3968]
R2 WDDMService;WD SmartWare Drive Manager;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [5/10/2010 11:33 110592]
R2 WDFME;WD File Management Engine;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [5/10/2010 11:32 1858048]
R2 WDSC;WD File Management Shadow Engine;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [5/10/2010 11:32 482304]
R3 fvdscsi;fvdscsi;c:\windows\system32\drivers\fvdscsi.sys [6/22/2010 12:22 64868]
S0 ANCSQ;ANCSQ;c:\windows\system32\drivers\ANCSQ.sys --> c:\windows\system32\drivers\ANCSQ.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 13:16 130384]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 18:19 13592]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG9\Toolbar\ToolbarBroker.exe --> c:\program files\AVG\AVG9\Toolbar\ToolbarBroker.exe [?]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [8/8/2011 11:19 113664]
S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys --> c:\windows\system32\DRIVERS\ewusbdev.sys [?]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [7/7/2010 15:10 7680]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 PEEK5;PEEK5 Protocol Driver;\??\c:\docume~1\gerald\MYDOCU~1\GERALD~1\HONGME~1\sid\internet\network\AIRCRA~2.1\PEEK5.SYS --> c:\docume~1\gerald\MYDOCU~1\GERALD~1\HONGME~1\sid\internet\network\AIRCRA~2.1\PEEK5.SYS [?]
S3 sshsbus;SAMSUNG Mobile USB Multi-Device driver (WDM);c:\windows\system32\drivers\sshsbus.sys [7/14/2010 11:19 91776]
S3 sshsmdfl;SAMSUNG CMCC MMS Filter;c:\windows\system32\drivers\sshsmdfl.sys [7/14/2010 11:22 14976]
S3 sshsmdm;SAMSUNG CMCC MMS Drivers;c:\windows\system32\drivers\sshsmdm.sys [7/14/2010 11:22 119936]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [8/2/2010 19:23 11520]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 13:16 753504]
S3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\system32\drivers\ZTEusbnet.sys [7/7/2010 15:11 110080]
S3 ZTEusbvoice;ZTE VoUSB Port;c:\windows\system32\drivers\zteusbvoice.sys [7/7/2010 15:11 104960]
S4 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [5/30/2010 05:15 30192]
S4 VMCService;Vodafone Mobile Connect Service;c:\program files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [7/4/2008 12:52 14336]
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-24 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 10:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://start.facemoods.com/?a=ddr
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Download All with FlashGet - c:\program files\FlashGet\jc_all.htm
IE: &Download with FlashGet - c:\program files\FlashGet\jc_link.htm
IE: Download all by FlashGet3 - c:\documents and settings\johnnie fritz\Application Data\FlashGetBHO\GetAllUrl.htm
IE: Download by FlashGet3 - c:\documents and settings\johnnie fritz\Application Data\FlashGetBHO\GetUrl.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
TCP: DhcpNameServer = 124.106.6.2 124.106.5.2
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-nwiz - nwiz.exe
HKLM-Run-High Definition Audio Property Page Shortcut - HDAShCut.exe
HKLM-Run-TPHOTKEY - c:\program files\Lenovo\HOTKEY\TPHKMGR.exe
HKLM-Run-DiskeeperSystray - c:\program files\Diskeeper Corporation\Diskeeper\DkIcon.exe
HKLM-Run-Microsoft Default Manager - c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe
HKLM-Run-Corel Photo Downloader - c:\program files\Corel\Corel Photo Album 6\MediaDetect.exe
SharedTaskScheduler-{1984DD45-52CF-49cd-AB77-18F378FEA264} - c:\program files\Stardock\Fences\FencesMenu.dll
Notify-ACNotify - ACNotify.dll
MSConfigStartUp-Adobe ARM - c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
MSConfigStartUp-ccApp - c:\program files\Common Files\Symantec Shared\ccApp.exe
MSConfigStartUp-DVDCTray - c:\program files\FarStone\VDPBS\dvdcreator\DVDCTrayIconShl.exe
MSConfigStartUp-facemoods - c:\program files\facemoods.com\facemoods\1.4.17.5\facemoodssrv.exe
MSConfigStartUp-Google Update - c:\documents and settings\johnnie fritz\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
MSConfigStartUp-Messenger (Yahoo!) - c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe
MSConfigStartUp-MSMSGS - c:\program files\Messenger\msmsgs.exe
MSConfigStartUp-Picasa Media Detector - c:\program files\Picasa2\PicasaMediaDetector.exe
MSConfigStartUp-PMHandler - c:\windows\system32\PMHandler.exe
MSConfigStartUp-QuickTime Task - c:\program files\QuickTime\qttask.exe
AddRemove-facemoods - c:\program files\facemoods.com\facemoods\1.4.17.5\uninstall.exe
AddRemove-Globe Broadband - c:\program files\Globe Broadband\uninst.exe
AddRemove-InstallShield_{06F80017-8F98-4C94-B868-52358569FC32} - c:\progra~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe
AddRemove-InstallShield_{C11DFB24-1018-4722-917C-5288E18A46CF} - c:\progra~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe
AddRemove-InstallShield_{E922961C-6DB6-41DE-9FEA-426DF3E9F81C} - c:\progra~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe
AddRemove-InstallShield_{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1} - c:\progra~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe
AddRemove-uTorrent - c:\program files\uTorrent\uTorrent.exe
AddRemove-VLC media player - c:\program files\VideoLAN\VLC\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-27 18:57
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1004)
c:\program files\THINKPAD\CONNECTUTILITIES\ACNotify.dll
c:\program files\THINKPAD\CONNECTUTILITIES\AcSvcStub.dll
c:\program files\THINKPAD\CONNECTUTILITIES\AcLocSettings.dll
c:\program files\THINKPAD\CONNECTUTILITIES\ACHelper.dll
c:\program files\Softex\OmniPass\opxpgina.dll
c:\windows\system32\tphklock.dll
.
- - - - - - - > 'explorer.exe'(4028)
c:\windows\system32\WININET.dll
c:\program files\Softex\OmniPass\SCUREDLL.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_179798c8\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Lenovo\Bluetooth Software\bin\btwdins.exe
c:\program files\Diskeeper Corporation\Diskeeper\DkService.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Softex\OmniPass\Omniserv.exe
c:\windows\system32\PMSveH.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
c:\program files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe
c:\program files\ThinkVantage\SystemUpdate\UCLauncherService.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Windows Media Player\WMPNetwk.exe
c:\program files\ThinkPad\ConnectUtilities\AcSvc.exe
c:\program files\Softex\OmniPass\OPXPApp.exe
c:\program files\IBM ThinkVantage\Common\Logger\logmon.exe
c:\program files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\wscntfy.exe
c:\progra~1\Intel\Wireless\Bin\Dot1XCfg.exe
c:\windows\AGRSMMSG.exe
c:\progra~1\Lenovo\BLUETO~1\BTSTAC~1.EXE
.
**************************************************************************
.
Completion time: 2011-11-27 19:04:17 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-27 11:04
.
Pre-Run: 4,751,937,536 bytes free
Post-Run: 4,598,697,984 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect
.
- - End Of File - - CA1CACB39CE4694B0526B367763FE4D6

Sir question. The system looks like running well now, but still not sure if everything is up and
working. I don't know what test should be done for the computer to test if everything is working.
Maybe you can give an advice for this matter.

Many great thanks sir.
  • 0

#8
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
The logs look good now :)

So I would now like you to run all your normal programmes to ensure they work
Check windows updates to confirm that is working
Do some random searches on the we to ensure that you go to the right place

Once done could you let me know of any problems remaining please
  • 0

#9
fubitzu

fubitzu

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
That's a good news sir. For now I'm running an Automatic Update and its working. Went to
different websites and no problem. No pop-up message. Runned some application like Windows
Media Player, VLC, Calculator and Paint and no problem except for those application infected by the virus and require a reinstallation. So far so good sir and I feel the process of removing the virus and fixing the computer is almost complete. For now I'm waiting for the Windows updates to be finish. I think its gonna take for a while. Currently using other computer while typing this. After that I'm gonna run again some random check. And will inform you and address some issues/problems/question if something comes up.

:happy:happy THANKS
  • 0

#10
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Grand :thumbsup:

Once you are totally happy I will remove my tools and tidy up
  • 0

Advertisements


#11
fubitzu

fubitzu

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Previous hours the Microsoft Windows update able to download updates completely. After that the installation but
did not complete and stop from 33 to 44. I tried canceling but no response so I used task manager to end task the
windows update. The Windows Update closed but computer don't shut down even though I commanded it to. Restart is
not responding too. So I decided to force shut down the computer by holding the power button.

Five Minutes before I turn on the computer. But this time I saw a prompt like for a two second, something like
selecting OS. I don't have that prompt before. I think its because of the Combofix. I think I've read it somewherein this forum. I'm not sure. But I know I saw something. It took the computer to boot longer in the startup. Much slower than before. What do you think is the problem? Maybe the windows update? Not sure but even
I did have the virus the boot is much more faster before than now. What could be the problem.

After the boot I manage to finished the Windows Update and a message appeared saying that there is one or two
failed to install. Maybe this is an error from the Microsoft Windows update itself. But one thing surprise me again. I thought I would never see this message again but the AVG Resident Shield pops up and said "Threat Removed". I looked into the resident shield detection. From the history I saw three new threat removed which I
didn't notice before. Before I told you that there 448 recorded in the list now its 451 recorded now. I thought
the virus was already gone. These are the threat removed recorded earlier:

Infection OBject Result Detection Time
Virus identified C:\Program Files\AVG\Notification Moved to Virus Vault 11/28/2011 2:54:47 AM
Win32/Tanatos.M \SPChecker1.exe

May be infected by C:\Documents and Settings\johnniefritz\ Moved to Virus Vault 11/28/2011 2:54:19 AM
unknown virus Win32/ application data\facebook\uninstall.exe
DH.CAFF82025D

Virus found C:\Program Files\Microsoft Office\Office12 Moved to Virus Vault 11/28/2011 12:43:28 AM
Win32\Heur MSPUB.exe

It look like the virus is starting to manifest again if we don't do something asap. haha. Very competetive.


Please me give an instruction here sir. I think we almost got it. Do you think I need to run some scans again?
I uninstall my MBAM. Should I reinstall this it? Let completely remove this virus once and for all. :angry:
  • 0

#12
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Re-run Dr Web again - I feel they were just remnants that were missed first time round

Once the updates have completed the reboots should be faster
  • 0

#13
fubitzu

fubitzu

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Ok will do it :thumbsup: That's my plan from the beginning. After my last post I ran myself the AVG scan. It detected 30+ virus infecting .exe as expected. Virus Tanatos.M Vitru.? as usual. Some were healed and removed. Its going take for almost a day so I'll be bringing the sick computer back home. I think I'll be gone out in this thread for a day or two days. I'll be back soon as the scan and random checks is done.

Thanks for continuous support sir :happy:
  • 0

#14
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
You might consider at this stage whether or not to a reformat and re-install as there is no real guarantee that we can kill it as it appears fairly deeply embedded. Let me know your thoughts on this
  • 0

#15
fubitzu

fubitzu

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
After I got home I uninstalled all the program I could see that don't work
Application and games. While doing this my AVG Resident Shield keeps popping
up message saying "Threat Removed" same location and same place sir. Taskmanager
is not available again. So what I did is run OTL here's the log




OTL logfile created on: 11/28/2011 13:42:21 - Run 4
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\johnnie fritz\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.11 Mb Total Physical Memory | 252.64 Mb Available Physical Memory | 24.72% Memory free
2.40 Gb Paging File | 1.64 Gb Available in Paging File | 68.43% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.33 Gb Total Space | 10.05 Gb Free Space | 14.50% Space Free | Partition Type: NTFS

Computer Name: HOAH | User Name: johnnie fritz | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/28 13:34:09 | 000,126,464 | ---- | M] () -- C:\Program Files\Lenovo\HOTKEY\TpWAudAp.exe
PRC - [2011/11/26 16:36:49 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\johnnie fritz\Desktop\OTL.com
PRC - [2011/10/25 01:08:00 | 002,078,048 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/12/02 07:47:58 | 000,621,920 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/12/02 07:46:21 | 000,725,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/07/17 02:34:59 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/07/17 02:34:45 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/07/17 02:33:37 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/05/10 11:33:42 | 000,110,592 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
PRC - [2010/05/10 11:32:36 | 001,858,048 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
PRC - [2010/05/10 11:32:06 | 000,482,304 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
PRC - [2008/04/14 08:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/05/20 01:39:16 | 000,057,344 | ---- | M] (Lenovo) -- C:\WINDOWS\system32\PMSveH.exe
PRC - [2006/04/18 04:13:00 | 000,094,208 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
PRC - [2006/04/18 04:12:28 | 000,151,552 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
PRC - [2006/04/18 04:12:26 | 000,040,960 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
PRC - [2006/04/18 04:09:10 | 000,409,600 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
PRC - [2006/04/18 03:59:10 | 000,098,304 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
PRC - [2006/02/28 15:20:44 | 002,076,672 | ---- | M] () -- C:\Program Files\Softex\OmniPass\scureapp.exe
PRC - [2006/02/28 15:20:02 | 000,013,312 | ---- | M] () -- C:\Program Files\Softex\OmniPass\OPXPApp.exe
PRC - [2006/02/28 15:18:32 | 000,032,768 | ---- | M] (Softex Inc.) -- C:\Program Files\Softex\OmniPass\OmniServ.exe
PRC - [2006/01/18 01:45:32 | 000,618,557 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
PRC - [2006/01/18 01:43:58 | 001,396,820 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\Lenovo\Bluetooth Software\BTStackServer.exe
PRC - [2006/01/18 01:37:24 | 000,266,295 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe
PRC - [2005/12/29 02:52:32 | 000,397,381 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
PRC - [2005/12/22 09:34:58 | 000,077,824 | ---- | M] () -- C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe
PRC - [2005/12/22 09:27:00 | 000,032,768 | ---- | M] () -- C:\Program Files\IBM ThinkVantage\Common\Logger\logmon.exe
PRC - [2005/12/22 09:20:56 | 001,384,448 | ---- | M] () -- C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
PRC - [2005/12/22 09:08:06 | 001,988,144 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauthe.exe
PRC - [2005/12/15 02:51:12 | 000,622,700 | ---- | M] (Diskeeper Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
PRC - [2005/12/07 16:00:00 | 000,106,496 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\LenovoCare\LPMGR.EXE
PRC - [2005/10/21 05:18:50 | 000,442,368 | ---- | M] (Sonix) -- C:\WINDOWS\vsnp2std.exe
PRC - [2005/08/02 08:32:40 | 000,040,960 | ---- | M] () -- C:\Program Files\ThinkVantage\SystemUpdate\UCLauncherService.exe
PRC - [2005/03/03 21:04:48 | 000,122,880 | R--- | M] () -- C:\Program Files\FarStone\VDPBS\Vhd\RDTask.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/28 13:34:09 | 000,126,464 | ---- | M] () -- C:\Program Files\Lenovo\HOTKEY\TpWAudAp.exe
MOD - [2011/11/28 03:59:07 | 000,627,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\846dd505f97805f00999ee26aec9bf75\System.Transactions.ni.dll
MOD - [2011/11/28 03:58:54 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\70a1400affdc775d7c7398e036359286\System.ServiceProcess.ni.dll
MOD - [2011/11/28 03:57:47 | 000,998,400 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\6e563a58e6fc0117070d5b8fd59e4e1b\System.Management.ni.dll
MOD - [2011/11/28 03:57:06 | 000,627,712 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\75f452279422a7898e840ee5768c9d2e\System.EnterpriseServices.ni.dll
MOD - [2011/11/28 03:53:14 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\77df2cd21a5b85a1605b335aa9ad9d44\System.Configuration.ni.dll
MOD - [2011/11/28 03:15:02 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\10154dcad2d62f226af2fd4211460a4b\System.Xml.ni.dll
MOD - [2011/11/28 03:14:06 | 006,616,576 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\db2d84e279807592a680ef4135e9fe9a\System.Data.ni.dll
MOD - [2011/11/28 03:08:15 | 007,950,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e6c79e1d71b0c9000afd7e5e439b5c54\System.ni.dll
MOD - [2011/11/28 03:08:05 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll
MOD - [2011/11/28 03:06:15 | 002,933,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2011/11/28 03:05:54 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2011/11/28 03:05:49 | 000,261,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2010/05/10 11:32:36 | 001,858,048 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
MOD - [2010/05/10 11:32:06 | 000,482,304 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
MOD - [2006/04/18 04:13:16 | 000,192,512 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\AcGolan.dll
MOD - [2006/04/18 04:12:32 | 000,114,688 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\AcLocMigrator.dll
MOD - [2006/04/18 04:12:26 | 000,040,960 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
MOD - [2006/04/18 04:12:24 | 000,413,696 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvcHlpr.dll
MOD - [2006/04/18 04:12:22 | 000,077,824 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\AcAdaptersInfo.dll
MOD - [2006/04/18 04:12:18 | 000,532,480 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\ACon.dll
MOD - [2006/04/18 03:47:38 | 000,094,208 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\ThinQCon.dll
MOD - [2006/04/18 03:47:18 | 000,090,112 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvcStub.dll
MOD - [2006/04/18 03:44:32 | 000,007,680 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\ACTurinSupport.dll
MOD - [2006/04/18 03:44:28 | 000,143,360 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgr.dll
MOD - [2006/04/18 03:44:22 | 000,151,552 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\AcLocSettings.dll
MOD - [2006/04/18 03:43:44 | 000,077,824 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\AcCryptHlpr.dll
MOD - [2006/04/18 03:43:38 | 000,077,824 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\ACHelper.dll
MOD - [2006/02/28 15:21:50 | 000,025,024 | ---- | M] () -- C:\Program Files\Softex\OmniPass\hdddrv.dll
MOD - [2006/02/28 15:21:08 | 000,049,152 | ---- | M] () -- C:\Program Files\Softex\OmniPass\OPXPGina.dll
MOD - [2006/02/28 15:20:44 | 002,076,672 | ---- | M] () -- C:\Program Files\Softex\OmniPass\scureapp.exe
MOD - [2006/02/28 15:20:02 | 000,013,312 | ---- | M] () -- C:\Program Files\Softex\OmniPass\OPXPApp.exe
MOD - [2006/02/28 15:19:40 | 000,122,880 | ---- | M] () -- C:\Program Files\Softex\OmniPass\ginastub.dll
MOD - [2006/02/28 15:15:26 | 000,053,248 | ---- | M] () -- C:\Program Files\Softex\OmniPass\scuredll.dll
MOD - [2006/02/28 15:14:56 | 000,327,680 | ---- | M] () -- C:\Program Files\Softex\OmniPass\userdata.dll
MOD - [2006/02/28 15:14:46 | 000,061,440 | ---- | M] () -- C:\Program Files\Softex\OmniPass\opfsdll.dll
MOD - [2006/02/28 15:14:40 | 000,790,528 | ---- | M] () -- C:\Program Files\Softex\OmniPass\autheng.dll
MOD - [2006/02/28 15:14:30 | 000,012,288 | ---- | M] () -- C:\Program Files\Softex\OmniPass\cryptodll.dll
MOD - [2006/02/28 15:14:28 | 000,434,176 | ---- | M] () -- C:\Program Files\Softex\OmniPass\storeng.dll
MOD - [2006/02/28 15:14:12 | 000,010,752 | ---- | M] () -- C:\Program Files\Softex\OmniPass\SSPLogon.dll
MOD - [2006/02/28 15:10:46 | 002,179,504 | ---- | M] () -- C:\Program Files\Softex\OmniPass\sftxtgp.dll
MOD - [2006/01/18 01:46:48 | 000,053,248 | ---- | M] () -- C:\Program Files\Lenovo\Bluetooth Software\BTKeyInd.dll
MOD - [2005/12/29 03:11:34 | 000,876,544 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\Libeay32.dll
MOD - [2005/12/29 03:11:34 | 000,208,965 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\iWMSProv.dll
MOD - [2005/12/29 03:11:34 | 000,053,322 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\IntStngs.dll
MOD - [2005/12/22 09:34:58 | 000,077,824 | ---- | M] () -- C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe
MOD - [2005/12/22 09:27:00 | 000,032,768 | ---- | M] () -- C:\Program Files\IBM ThinkVantage\Common\Logger\logmon.exe
MOD - [2005/12/22 09:23:06 | 000,139,264 | ---- | M] () -- C:\Program Files\IBM ThinkVantage\Rescue and Recovery\CDRecord.dll
MOD - [2005/12/22 09:20:56 | 001,384,448 | ---- | M] () -- C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
MOD - [2005/12/22 09:19:10 | 000,155,648 | ---- | M] () -- C:\Program Files\IBM ThinkVantage\Rescue and Recovery\ui.dll
MOD - [2005/12/22 09:19:02 | 000,069,632 | ---- | M] () -- C:\Program Files\IBM ThinkVantage\Rescue and Recovery\zlib.dll
MOD - [2005/12/22 09:15:14 | 000,671,744 | ---- | M] () -- C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rr_res.dll
MOD - [2005/12/21 11:46:04 | 000,024,576 | ---- | M] () -- C:\WINDOWS\system32\tphklock.dll
MOD - [2005/12/10 23:28:40 | 000,045,056 | ---- | M] () -- C:\Program Files\Lenovo\HOTKEY\TpWAudHk.dll
MOD - [2005/12/07 16:00:00 | 000,057,344 | ---- | M] () -- C:\Program Files\Lenovo\LenovoCare\US\LPRESMGR.DLL
MOD - [2005/12/05 08:33:00 | 000,466,944 | ---- | M] () -- C:\WINDOWS\system32\nvshell.dll
MOD - [2005/08/16 16:14:36 | 000,401,408 | R--- | M] () -- C:\Program Files\FarStone\VDPBS\DVDCreator\CDBLib.dll
MOD - [2005/08/13 00:53:12 | 000,106,496 | ---- | M] () -- C:\Program Files\FarStone\VDPBS\Vhd\RDTask_RC.dll
MOD - [2005/08/13 00:52:46 | 000,028,672 | ---- | M] () -- C:\WINDOWS\system32\ComRc.dll
MOD - [2005/08/09 18:35:12 | 000,655,360 | R--- | M] () -- C:\Program Files\FarStone\VDPBS\DVDCreator\UdfFormat.dll
MOD - [2005/08/04 00:43:28 | 000,122,880 | R--- | M] () -- C:\Program Files\FarStone\VDPBS\DVDCreator\UDFGen.dll
MOD - [2005/08/02 08:32:40 | 000,040,960 | ---- | M] () -- C:\Program Files\ThinkVantage\SystemUpdate\UCLauncherService.exe
MOD - [2005/08/02 08:32:36 | 000,147,456 | ---- | M] () -- C:\Program Files\ThinkVantage\SystemUpdate\UCLauncherCommon.dll
MOD - [2005/07/22 21:14:32 | 000,122,940 | R--- | M] () -- C:\Program Files\FarStone\VDPBS\DVDCreator\ListCtrl.dll
MOD - [2005/07/20 18:34:28 | 000,126,976 | ---- | M] () -- C:\Program Files\ThinkVantage\AMSG\ahlprunl.dll
MOD - [2005/07/16 22:54:46 | 000,081,920 | ---- | M] () -- C:\Program Files\FarStone\VDPBS\VDP\VDExt900.dll
MOD - [2005/07/01 17:45:42 | 000,049,152 | R--- | M] () -- C:\Program Files\FarStone\VDPBS\DVDCreator\BurnInterface.dll
MOD - [2005/06/30 18:54:50 | 000,180,224 | ---- | M] () -- C:\Program Files\ThinkVantage\AMSG\AcpPollingEngine.dll
MOD - [2005/06/01 22:35:58 | 000,020,480 | R--- | M] () -- C:\Program Files\FarStone\VDPBS\DVDCreator\WriteLog.dll
MOD - [2005/06/01 22:35:48 | 000,131,130 | R--- | M] () -- C:\Program Files\FarStone\VDPBS\DVDCreator\CDInfo.dll
MOD - [2005/04/27 22:47:04 | 000,065,536 | R--- | M] () -- C:\Program Files\FarStone\VDPBS\DVDCreator\ExportFile.dll
MOD - [2005/03/03 21:04:48 | 000,122,880 | R--- | M] () -- C:\Program Files\FarStone\VDPBS\Vhd\RDTask.exe
MOD - [2005/03/03 21:04:46 | 000,077,824 | R--- | M] () -- C:\Program Files\FarStone\VDPBS\Vhd\RDrv2KInterface.dll
MOD - [2004/08/11 00:23:46 | 000,077,824 | R--- | M] () -- C:\Program Files\FarStone\VDPBS\DVDCreator\LogDLL.dll
MOD - [2004/08/11 00:23:44 | 000,024,576 | R--- | M] () -- C:\Program Files\FarStone\VDPBS\DVDCreator\FsLodLib.dll
MOD - [2004/06/29 01:03:56 | 000,028,672 | R--- | M] () -- C:\Program Files\FarStone\VDPBS\Vhd\RDrvInterface.dll
MOD - [2003/06/06 23:57:02 | 000,024,576 | R--- | M] () -- C:\Program Files\FarStone\VDPBS\Vhd\FsLodLib.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (PsaSrv)
SRV - File not found [On_Demand | Stopped] -- -- (AVG Security Toolbar Service)
SRV - [2010/07/17 02:34:45 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/05/10 11:33:42 | 000,110,592 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
SRV - [2010/05/10 11:32:36 | 001,858,048 | ---- | M] () [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe -- (WDFME)
SRV - [2010/05/10 11:32:06 | 000,482,304 | ---- | M] () [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe -- (WDSC)
SRV - [2008/07/04 12:52:18 | 000,014,336 | ---- | M] (Vodafone) [Disabled | Stopped] -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe -- (VMCService)
SRV - [2006/11/03 18:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2006/05/20 01:39:16 | 000,057,344 | ---- | M] (Lenovo) [Auto | Running] -- C:\WINDOWS\system32\PMSveH.exe -- (PMSveH)
SRV - [2006/04/18 04:12:28 | 000,151,552 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe -- (AcSvc)
SRV - [2006/04/18 04:12:26 | 000,040,960 | ---- | M] () [Auto | Running] -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)
SRV - [2006/02/28 15:18:32 | 000,032,768 | ---- | M] (Softex Inc.) [Auto | Running] -- C:\Program Files\Softex\OmniPass\OmniServ.exe -- (omniserv)
SRV - [2006/01/18 01:37:24 | 000,266,295 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe -- (btwdins)
SRV - [2005/12/22 09:34:58 | 000,077,824 | ---- | M] () [Auto | Running] -- C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe -- (TVT Scheduler)
SRV - [2005/12/22 09:20:56 | 001,384,448 | ---- | M] () [Auto | Running] -- C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe -- (TVT Backup Service)
SRV - [2005/12/15 02:51:12 | 000,622,700 | ---- | M] (Diskeeper Corporation) [Auto | Running] -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper)
SRV - [2005/08/02 08:32:40 | 000,040,960 | ---- | M] () [Auto | Running] -- C:\Program Files\ThinkVantage\SystemUpdate\UCLauncherService.exe -- (UCLauncherService)


========== Driver Services (SafeList) ==========

DRV - [2011/09/30 15:55:44 | 000,029,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2011/05/31 01:10:17 | 000,243,152 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/07/17 02:33:44 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/06/03 19:23:14 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010/05/30 05:12:40 | 000,016,256 | ---- | M] (Lenovo) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd)
DRV - [2009/02/13 12:02:52 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2008/11/12 13:50:52 | 000,110,080 | R--- | M] (ZTE Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbnet.sys -- (ZTEusbnet)
DRV - [2008/11/12 13:50:52 | 000,105,344 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2008/11/12 13:50:52 | 000,104,960 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\zteusbvoice.sys -- (ZTEusbvoice)
DRV - [2008/11/12 13:50:52 | 000,104,960 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2008/11/12 13:50:52 | 000,104,960 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2008/11/12 13:50:52 | 000,007,680 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\massfilter.sys -- (massfilter)
DRV - [2008/09/26 18:01:12 | 000,113,664 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbnet.sys -- (ewusbnet)
DRV - [2008/09/26 18:01:00 | 000,101,376 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2008/09/09 14:35:08 | 000,119,936 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sshsmdm.sys -- (sshsmdm)
DRV - [2008/09/09 14:35:08 | 000,091,776 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sshsbus.sys -- (sshsbus) SAMSUNG Mobile USB Multi-Device driver (WDM)
DRV - [2008/09/09 14:35:08 | 000,014,976 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sshsmdfl.sys -- (sshsmdfl)
DRV - [2006/04/17 09:58:12 | 000,048,896 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2006/02/27 20:46:20 | 000,081,408 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2006/01/18 01:21:52 | 000,328,061 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2006/01/18 01:18:22 | 000,850,474 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2006/01/18 01:15:36 | 000,030,459 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2006/01/18 01:14:52 | 000,065,688 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2006/01/18 01:11:56 | 000,148,900 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2006/01/13 15:33:22 | 000,006,016 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\IBMBLDID.sys -- (IBMTPCHK)
DRV - [2006/01/11 17:42:00 | 000,007,168 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS -- (TSMAPIP)
DRV - [2005/12/29 04:22:08 | 000,013,568 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2005/12/22 08:14:58 | 000,012,544 | ---- | M] (IBM) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ibmfilter.sys -- (ibmfilter)
DRV - [2005/12/22 05:09:50 | 000,010,240 | ---- | M] (Lenovo ) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\PMHler.sys -- (PMHler)
DRV - [2005/12/13 07:08:44 | 001,124,097 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2005/12/05 15:55:30 | 001,428,096 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel®
DRV - [2005/11/17 11:28:32 | 000,028,928 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2005/11/09 00:27:20 | 000,011,520 | ---- | M] (IBM Corp.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ANC.sys -- (ANC)
DRV - [2005/11/02 09:08:00 | 000,308,992 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2005/11/02 08:54:50 | 000,051,584 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2005/10/18 07:16:50 | 010,446,592 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\snp2sxp.sys -- (SNP2STD) USB2.0 PC Camera (SNP2STD)
DRV - [2005/08/10 23:01:34 | 000,020,864 | R--- | M] () [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DVDRC.sys -- (DVDRC)
DRV - [2005/08/06 01:41:12 | 000,138,496 | ---- | M] (Farstone Corporation) [File_System | Boot | Running] -- C:\WINDOWS\System32\drivers\fsUdf.sys -- (FsUdf)
DRV - [2005/07/16 00:07:00 | 000,064,868 | R--- | M] (FarStone Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\fvdscsi.sys -- (fvdscsi)
DRV - [2005/03/30 09:02:22 | 000,116,594 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ATSwpDrv.sys -- (ATSWPDRV) AuthenTec TruePrint USB Driver (AES2500)
DRV - [2005/01/08 08:07:16 | 000,145,920 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService)
DRV - [2004/09/22 03:46:26 | 000,037,409 | R--- | M] (FarStone) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\fsRamDsk.sys -- (fsRamDsk)
DRV - [2003/08/06 16:46:12 | 000,010,899 | R--- | M] (FarStone Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\fcdabus.sys -- (fcdabus)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.facemoods.com/?a=ddr
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Documents and Settings\johnnie fritz\Application Data\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\johnnie fritz\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\johnnie fritz\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2011/09/30 21:00:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVG\AVG9\Toolbar\Firefox\[email protected] [2011/08/16 01:47:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\Firefox [2010/06/14 20:49:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\FlashCatch\firefox [2010/06/16 15:55:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/06/25 07:54:23 | 000,000,000 | ---D | M]

[2011/11/27 15:31:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/11/21 16:53:52 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011/09/30 18:33:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/09/30 18:32:49 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/09/30 18:25:28 | 000,002,046 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrchddr.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\johnnie fritz\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U22 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\johnnie fritz\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\johnnie fritz\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\pdf.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Documents and Settings\johnnie fritz\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.7.0.8773_0\npSkypeChromePlugin.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Facebook Plugin (Enabled) = C:\Documents and Settings\johnnie fritz\Application Data\Facebook\npfbplugin_1_0_3.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\johnnie fritz\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Bing Bar (Enabled) = C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Complitly plugin for chrome = C:\Documents and Settings\johnnie fritz\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dlfienamagdnkekbbbocojppncdambda\1.1_0\
CHR - Extension: Skype Click to Call = C:\Documents and Settings\johnnie fritz\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.7.0.8773_0\

O1 HOSTS File: ([2011/11/27 18:56:53 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Complitly) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Documents and Settings\johnnie fritz\Application Data\Complitly\Complitly.dll File not found
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (FlashCatchBHO Class) - {88618A96-6D8A-42E7-B932-9073D5B2080F} - C:\Program Files\FlashCatch\flashcatch.dll (Level 9 Technology, Inc.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (FlashCatch) - {10CECF4F-A96E-4803-8AC2-F565FB29FF47} - C:\Program Files\FlashCatch\flashcatch.dll (Level 9 Technology, Inc.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (FlashCatch) - {10CECF4F-A96E-4803-8AC2-F565FB29FF47} - C:\Program Files\FlashCatch\flashcatch.dll (Level 9 Technology, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe (Lenovo)
O4 - HKLM..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [cssauthe] C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauthe.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [LPManager] C:\Program Files\Lenovo\LenovoCare\LPMGR.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [OmniPass] C:\Program Files\Softex\OmniPass\scureapp.exe ()
O4 - HKLM..\Run: [RAMDrive] C:\Program Files\FarStone\VDPBS\VHD\RDTask.exe ()
O4 - HKLM..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe (Sonix)
O4 - HKLM..\Run: [suScheduler] C:\Program Files\ThinkVantage\SystemUpdate\UCLauncher.exe ()
O4 - HKLM..\Run: [TPWAUDAP] C:\Program Files\Lenovo\HOTKEY\TpWAudAp.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - (avgrsstx.dll) - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\OPXPGina: DllName - (C:\Program Files\Softex\OmniPass\opxpgina.dll) - C:\Program Files\Softex\OmniPass\OPXPGina.dll ()
O20 - Winlogon\Notify\tphotkey: DllName - (tphklock.dll) - C:\WINDOWS\System32\tphklock.dll ()
O24 - Desktop WallPaper: C:\Documents and Settings\johnnie fritz\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\johnnie fritz\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/05/30 05:37:36 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/28 13:42:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\johnnie fritz\Desktop\t2
[2011/11/28 01:21:37 | 000,000,000 | ---D | C] -- C:\44e66634bdce4a94f54e2e01f1
[2011/11/27 21:37:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\johnnie fritz\Application Data\Toolbar4
[2011/11/27 19:09:31 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/11/27 18:35:13 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/11/27 18:29:17 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/11/27 18:29:17 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/11/27 18:29:17 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/11/27 18:29:17 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/11/27 18:29:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/11/27 18:29:03 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/11/27 18:23:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\johnnie fritz\Desktop\instal
[2011/11/26 18:46:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\johnnie fritz\Desktop\antivir
[2011/11/26 18:39:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\johnnie fritz\Desktop\t
[2011/11/26 16:36:05 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\johnnie fritz\Desktop\OTL.com
[2011/11/26 15:28:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\johnnie fritz\Application Data\Malwarebytes
[2011/11/26 15:28:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/11/26 14:31:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\johnnie fritz\Desktop\exehelper
[2011/11/26 14:31:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\johnnie fritz\Desktop\rkill
[2011/11/25 09:56:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\johnnie fritz\Application Data\ImgBurn
[2011/11/25 09:54:48 | 000,000,000 | ---D | C] -- C:\Program Files\ImgBurn
[2011/11/25 09:54:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ImgBurn
[2011/11/23 22:53:06 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\johnnie fritz\Recent
[2011/11/23 18:49:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\johnnie fritz\My Documents\Gerald Games 2011
[2011/11/22 12:49:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\microsoft
[2011/11/22 12:37:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\xlive
[2011/11/22 12:37:43 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Games for Windows - LIVE
[2011/11/21 23:47:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\johnnie fritz\Start Menu\Programs\LIMBO
[2011/11/21 23:47:01 | 000,000,000 | ---D | C] -- C:\Program Files\LIMBO
[2011/11/21 16:53:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\johnnie fritz\Application Data\Skype
[2011/11/21 16:51:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[2011/11/21 16:51:58 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2011/11/21 16:51:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2011/11/21 16:51:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Skype
[2011/11/21 13:46:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\johnnie fritz\Desktop\Review
[2011/11/21 12:10:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\johnnie fritz\Saved Games
[2011/11/21 12:05:08 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft XNA
[2011/11/21 11:54:07 | 000,000,000 | ---D | C] -- C:\Program Files\WB Games
[2011/11/19 10:02:38 | 000,000,000 | ---D | C] -- C:\Program Files\Frozen Synapse
[2011/11/19 00:02:28 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\johnnie fritz\Application Data\pcouffin.sys
[2011/11/19 00:02:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\johnnie fritz\My Documents\PcSetup
[2011/11/18 23:50:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\johnnie fritz\Application Data\Vso
[2011/11/18 22:25:49 | 000,000,000 | ---D | C] -- C:\Program Files\SystemRequirementsLab
[2011/11/18 22:23:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\johnnie fritz\Application Data\SystemRequirementsLab
[2011/11/18 22:22:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2011/11/18 21:41:05 | 000,000,000 | ---D | C] -- C:\Program Files\Complitly
[2011/11/18 21:41:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\johnnie fritz\Application Data\Complitly
[2011/11/18 21:40:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\johnnie fritz\Local Settings\Application Data\Somoto
[2011/11/15 22:54:56 | 000,000,000 | ---D | C] -- C:\Program Files\Ultra PSP Movie Converter
[2011/11/15 11:39:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\johnnie fritz\Application Data\vlc
[2011/11/15 11:38:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\VideoLAN
[2011/11/13 21:56:17 | 000,000,000 | ---D | C] -- C:\Program Files\CDisplay
[2011/11/13 21:56:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CDisplay
[2011/11/06 20:23:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\johnnie fritz\Start Menu\Programs\The KMPlayer
[2011/11/06 20:23:11 | 000,000,000 | ---D | C] -- C:\Program Files\The KMPlayer
[2011/11/06 12:27:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\johnnie fritz\Desktop\beast mode
[2011/11/06 09:35:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\johnnie fritz\Desktop\3 Idiots 2009 Hindi DVDRip XviD E-SuB xRG
[2011/10/31 12:11:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\johnnie fritz\Desktop\Kingston
[2011/10/31 11:51:38 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2011/10/29 19:49:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\johnnie fritz\My Documents\Rhiannon - Big Fish Edition
[2011/10/29 15:55:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\johnnie fritz\My Documents\ProjectBlackSun
[2010/05/30 04:44:48 | 000,122,880 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnp2std.dll
[2010/05/30 04:44:48 | 000,061,440 | ---- | C] ( ) -- C:\WINDOWS\System32\csnp2std.dll
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/11/28 13:39:03 | 000,043,616 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011/11/28 13:38:43 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/11/28 13:36:02 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/11/28 13:35:58 | 1071,828,992 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/28 03:06:48 | 000,470,778 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/11/28 03:06:48 | 000,082,138 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/11/28 02:59:59 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/11/28 02:25:07 | 000,326,704 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/11/28 01:56:01 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/11/27 22:53:01 | 089,681,381 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2011/11/27 19:29:17 | 000,110,998 | ---- | M] () -- C:\Documents and Settings\johnnie fritz\Desktop\afterblackscreen.JPG
[2011/11/27 19:27:36 | 003,044,214 | ---- | M] () -- C:\Documents and Settings\johnnie fritz\Desktop\blackscreen.bmp
[2011/11/27 18:56:53 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/11/27 18:35:20 | 000,000,310 | RHS- | M] () -- C:\BOOT.INI
[2011/11/26 16:36:49 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\johnnie fritz\Desktop\OTL.com
[2011/11/26 13:40:21 | 000,000,637 | ---- | M] () -- C:\Documents and Settings\johnnie fritz\Desktop\LIMBO.lnk
[2011/11/25 09:55:01 | 000,001,557 | ---- | M] () -- C:\Documents and Settings\johnnie fritz\Application Data\Microsoft\Internet Explorer\Quick Launch\ImgBurn.lnk
[2011/11/25 09:55:01 | 000,001,539 | ---- | M] () -- C:\Documents and Settings\johnnie fritz\Desktop\ImgBurn.lnk
[2011/11/25 03:28:44 | 000,086,528 | ---- | M] () -- C:\Documents and Settings\johnnie fritz\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/11/22 01:09:43 | 000,000,946 | ---- | M] () -- C:\Documents and Settings\johnnie fritz\Desktop\Terraria.lnk
[2011/11/21 18:41:32 | 000,001,878 | ---- | M] () -- C:\Documents and Settings\johnnie fritz\Application Data\Microsoft\Internet Explorer\Quick Launch\Skype.lnk
[2011/11/21 16:51:59 | 000,001,878 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011/11/21 16:32:34 | 000,001,730 | -H-- | M] () -- C:\Documents and Settings\johnnie fritz\My Documents\Default.rdp
[2011/11/20 23:04:07 | 000,001,582 | ---- | M] () -- C:\Documents and Settings\johnnie fritz\Desktop\VisualBoy Advance.lnk
[2011/11/19 00:02:28 | 000,047,360 | ---- | M] (VSO Software) -- C:\Documents and Settings\johnnie fritz\Application Data\pcouffin.sys
[2011/11/19 00:02:28 | 000,007,887 | ---- | M] () -- C:\Documents and Settings\johnnie fritz\Application Data\pcouffin.cat
[2011/11/19 00:02:28 | 000,001,144 | ---- | M] () -- C:\Documents and Settings\johnnie fritz\Application Data\pcouffin.inf
[2011/11/16 01:30:58 | 000,000,161 | ---- | M] () -- C:\WINDOWS\System32\temp_0000_85-18.aok
[2011/11/16 01:30:13 | 000,000,162 | ---- | M] () -- C:\WINDOWS\System32\test.aok
[2011/11/15 11:49:53 | 000,000,730 | ---- | M] () -- C:\Documents and Settings\johnnie fritz\Application Data\Microsoft\Internet Explorer\Quick Launch\VLC media player.lnk
[2011/11/15 11:38:07 | 000,000,730 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2011/11/13 21:56:17 | 000,000,641 | ---- | M] () -- C:\Documents and Settings\johnnie fritz\Desktop\CDisplay.lnk
[2011/11/13 21:24:05 | 000,000,873 | ---- | M] () -- C:\Documents and Settings\johnnie fritz\Desktop\Sun Broadband.lnk
[2011/11/07 14:25:29 | 000,000,045 | ---- | M] () -- C:\WINDOWS\System32\initdebug.nfo
[2011/11/07 00:46:41 | 000,000,721 | ---- | M] () -- C:\Documents and Settings\johnnie fritz\Application Data\Microsoft\Internet Explorer\Quick Launch\KMPlayer.lnk
[2011/11/06 20:24:32 | 000,000,721 | ---- | M] () -- C:\Documents and Settings\johnnie fritz\Desktop\KMPlayer.lnk
[2011/11/06 17:27:02 | 011,873,864 | ---- | M] () -- C:\Documents and Settings\johnnie fritz\My Documents\vlc-1.1.11-win32.exe
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/11/27 19:29:17 | 000,110,998 | ---- | C] () -- C:\Documents and Settings\johnnie fritz\Desktop\afterblackscreen.JPG
[2011/11/27 19:27:35 | 003,044,214 | ---- | C] () -- C:\Documents and Settings\johnnie fritz\Desktop\blackscreen.bmp
[2011/11/27 18:35:20 | 000,000,194 | ---- | C] () -- C:\Boot.bak
[2011/11/27 18:35:15 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/11/27 18:29:17 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/11/27 18:29:17 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/11/27 18:29:17 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/11/27 18:29:17 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/11/27 18:29:17 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/11/26 18:46:48 | 000,001,539 | ---- | C] () -- C:\Documents and Settings\johnnie fritz\Desktop\ImgBurn.lnk
[2011/11/25 09:55:01 | 000,001,557 | ---- | C] () -- C:\Documents and Settings\johnnie fritz\Application Data\Microsoft\Internet Explorer\Quick Launch\ImgBurn.lnk
[2011/11/22 01:09:43 | 000,000,946 | ---- | C] () -- C:\Documents and Settings\johnnie fritz\Desktop\Terraria.lnk
[2011/11/21 23:47:10 | 000,000,637 | ---- | C] () -- C:\Documents and Settings\johnnie fritz\Desktop\LIMBO.lnk
[2011/11/21 18:41:32 | 000,001,878 | ---- | C] () -- C:\Documents and Settings\johnnie fritz\Application Data\Microsoft\Internet Explorer\Quick Launch\Skype.lnk
[2011/11/21 16:51:59 | 000,001,878 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011/11/21 13:24:42 | 000,000,717 | ---- | C] () -- C:\Documents and Settings\johnnie fritz\Desktop\Gemini Rue.lnk
[2011/11/19 00:02:28 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\johnnie fritz\Application Data\pcouffin.cat
[2011/11/19 00:02:28 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\johnnie fritz\Application Data\pcouffin.inf
[2011/11/15 23:13:43 | 000,000,161 | ---- | C] () -- C:\WINDOWS\System32\temp_0000_85-18.aok
[2011/11/15 23:12:09 | 000,000,162 | ---- | C] () -- C:\WINDOWS\System32\test.aok
[2011/11/15 11:49:53 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\johnnie fritz\Application Data\Microsoft\Internet Explorer\Quick Launch\VLC media player.lnk
[2011/11/15 11:38:07 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2011/11/13 21:56:17 | 000,000,641 | ---- | C] () -- C:\Documents and Settings\johnnie fritz\Desktop\CDisplay.lnk
[2011/11/13 21:24:05 | 000,000,873 | ---- | C] () -- C:\Documents and Settings\johnnie fritz\Desktop\Sun Broadband.lnk
[2011/11/07 14:25:27 | 000,000,045 | ---- | C] () -- C:\WINDOWS\System32\initdebug.nfo
[2011/11/07 00:46:41 | 000,000,721 | ---- | C] () -- C:\Documents and Settings\johnnie fritz\Application Data\Microsoft\Internet Explorer\Quick Launch\KMPlayer.lnk
[2011/11/06 20:24:32 | 000,000,721 | ---- | C] () -- C:\Documents and Settings\johnnie fritz\Desktop\KMPlayer.lnk
[2011/11/06 17:21:35 | 011,873,864 | ---- | C] () -- C:\Documents and Settings\johnnie fritz\My Documents\vlc-1.1.11-win32.exe
[2011/10/14 11:53:56 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2011/10/02 23:28:01 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2011/10/02 23:28:01 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2011/10/02 23:28:01 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2011/08/26 20:51:35 | 000,001,195 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2011/08/10 10:40:02 | 000,000,046 | ---- | C] () -- C:\WINDOWS\KeySkill.ini
[2011/08/10 10:38:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Sunburst Internet Installer.ini
[2011/06/05 13:16:17 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2011/06/05 13:16:17 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2011/05/26 12:50:41 | 000,008,192 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2010/10/10 21:29:36 | 000,376,832 | ---- | C] () -- C:\WINDOWS\uninst.exe
[2010/08/08 09:53:30 | 000,373,600 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/08/02 19:24:12 | 000,000,145 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
[2010/07/14 11:21:42 | 000,061,440 | ---- | C] () -- C:\WINDOWS\eject_proj.exe
[2010/07/14 11:21:42 | 000,006,656 | ---- | C] () -- C:\WINDOWS\ewalkrun.exe
[2010/06/22 12:52:54 | 000,000,232 | ---- | C] () -- C:\WINDOWS\Mgr.INI
[2010/06/22 12:23:50 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\VDPross.dat
[2010/06/22 12:22:42 | 000,014,496 | R--- | C] () -- C:\WINDOWS\System32\VDI08X.dat
[2010/06/22 12:20:04 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\unVHDDrvExe.exe
[2010/06/22 12:20:04 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\inVHDDrvExe.exe
[2010/06/15 13:54:41 | 000,146,944 | ---- | C] () -- C:\WINDOWS\ST6UNST.EXE
[2010/06/14 10:36:12 | 000,001,744 | ---- | C] () -- C:\WINDOWS\System32\secustat.dat
[2010/06/14 10:34:38 | 000,010,267 | ---- | C] () -- C:\WINDOWS\System32\secushr.dat
[2010/06/14 10:33:03 | 000,000,025 | ---- | C] () -- C:\WINDOWS\libem.INI
[2010/06/13 15:41:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/05/30 18:02:09 | 000,000,319 | ---- | C] () -- C:\WINDOWS\game.ini
[2010/05/30 05:59:17 | 000,086,528 | ---- | C] () -- C:\Documents and Settings\johnnie fritz\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/30 05:37:36 | 000,009,089 | R--- | C] () -- C:\WINDOWS\System32\Mfcuiz32.dll
[2010/05/30 05:37:36 | 000,006,925 | R--- | C] () -- C:\WINDOWS\System32\Wpwizapi.dll
[2010/05/30 05:37:36 | 000,004,726 | R--- | C] () -- C:\WINDOWS\System32\Dpxsockw.dll
[2010/05/30 05:37:31 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\johnnie fritz\Local Settings\Application Data\fusioncache.dat
[2010/05/30 05:16:58 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2010/05/30 05:16:15 | 000,006,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\IBMBLDID.sys
[2010/05/30 05:12:40 | 000,032,256 | ---- | C] () -- C:\WINDOWS\System32\drivers\psasrv.exe
[2010/05/30 05:01:26 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2010/05/30 05:01:25 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2010/05/30 05:01:25 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2010/05/30 05:01:25 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2010/05/30 05:01:25 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2010/05/30 05:01:25 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2010/05/30 05:00:58 | 000,114,688 | ---- | C] () -- C:\WINDOWS\desktopset.exe
[2010/05/30 05:00:43 | 000,028,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
[2010/05/30 04:58:55 | 000,000,032 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2010/05/30 04:44:49 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\tsnp2std.exe
[2010/05/30 04:44:49 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\SNCTRL.exe
[2010/05/30 04:44:48 | 010,446,592 | ---- | C] () -- C:\WINDOWS\System32\drivers\snp2sxp.sys
[2010/05/30 04:44:48 | 000,015,497 | ---- | C] () -- C:\WINDOWS\snp2std.ini
[2010/05/30 04:44:47 | 000,020,480 | ---- | C] () -- C:\WINDOWS\usnp2std.exe
[2010/05/30 04:28:52 | 000,002,481 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2010/05/30 04:05:38 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\tphklock.dll
[2010/05/29 23:45:42 | 000,000,137 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\fusioncache.dat
[2010/04/02 17:17:34 | 000,179,091 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2008/06/23 13:02:02 | 000,097,410 | R--- | C] () -- C:\Documents and Settings\All Users\Application Data\DeviceManager.xml.rc4
[2008/05/23 17:48:50 | 000,020,270 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\DeviceInstaller.xml
[2006/05/21 01:42:18 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\PMEBLib.dll
[2006/02/09 00:42:14 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\PMHlerIO.dll
[2006/01/20 03:46:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/01/18 01:31:30 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2005/08/13 00:52:46 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\ComRc.dll
[2005/08/10 23:01:34 | 000,020,864 | R--- | C] () -- C:\WINDOWS\System32\drivers\DVDRC.sys
[2005/05/23 23:22:24 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.BIN
[2005/05/23 23:22:24 | 000,004,547 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.DAT
[2004/08/11 00:23:46 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\mp3dec.dll
[2004/08/10 02:03:43 | 000,000,885 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 02:01:40 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/10 01:51:56 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/10 01:46:20 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/10 01:45:31 | 000,326,704 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/02/04 18:05:40 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\VDExt800.dll
[2003/09/19 00:03:12 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\GDExt800.dll
[2003/09/04 03:49:42 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\VDExt712.dll
[2003/08/15 17:52:42 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\GDExt712.dll
[2003/07/29 17:19:24 | 000,006,397 | R--- | C] () -- C:\WINDOWS\System32\drivers\SmartCd.sys
[2003/06/06 23:57:02 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\FsLodLib.dll
[2003/05/31 02:23:56 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\dcmesbox.dll
[2003/02/14 00:56:14 | 000,016,384 | ---- | C] () -- C:\WINDOWS\FSRunCmd.exe
[2001/11/15 03:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
[2001/05/05 01:55:32 | 000,232,448 | ---- | C] () -- C:\WINDOWS\System32\UNLHA32.DLL
[1996/04/04 03:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys
[1980/01/01 15:00:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[1980/01/01 15:00:00 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[1980/01/01 15:00:00 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[1980/01/01 15:00:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[1980/01/01 15:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[1980/01/01 15:00:00 | 000,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[1980/01/01 15:00:00 | 000,470,778 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[1980/01/01 15:00:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[1980/01/01 15:00:00 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[1980/01/01 15:00:00 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[1980/01/01 15:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[1980/01/01 15:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[1980/01/01 15:00:00 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[1980/01/01 15:00:00 | 000,082,138 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[1980/01/01 15:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[1980/01/01 15:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[1980/01/01 15:00:00 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[1980/01/01 15:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[1980/01/01 15:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[1980/01/01 15:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2010/06/14 20:58:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2011/11/28 13:45:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/05/30 04:56:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Borland
[2011/08/15 20:55:58 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2011/05/31 04:08:35 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2010/06/03 19:22:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2011/06/01 16:43:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GarenaMessenger
[2010/12/09 20:56:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Growl
[2011/06/01 18:22:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Individual Software
[2011/09/01 20:57:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2010/05/30 05:01:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lenovo
[2010/11/11 18:28:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCDr
[2011/08/17 00:53:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SlySoft
[2010/05/30 05:38:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ThinkVantage
[2010/07/28 14:10:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Vodafone
[2010/08/02 19:24:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Western Digital
[2010/05/31 18:08:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/08/22 21:30:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\johnnie fritz\Application Data\.minecraft
[2010/12/09 21:01:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\johnnie fritz\Application Data\AnvSoft
[2011/07/16 20:59:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\johnnie fritz\Application Data\AVG9
[2011/10/14 16:10:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\johnnie fritz\Application Data\BITS
[2011/11/26 12:33:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\johnnie fritz\Application Data\Complitly
[2010/06/03 19:32:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\johnnie fritz\Application Data\DAEMON Tools Lite
[2011/11/28 02:54:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\johnnie fritz\Application Data\Facebook
[2010/06/22 12:30:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\johnnie fritz\Application Data\FarStone
[2010/06/14 10:32:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\johnnie fritz\Application Data\FlashGet
[2010/06/14 10:32:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\johnnie fritz\Application Data\FlashGetBHO
[2010/05/30 04:59:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\johnnie fritz\Application Data\IBM
[2011/11/25 09:56:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\johnnie fritz\Application Data\ImgBurn
[2010/05/30 20:23:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\johnnie fritz\Application Data\InterVideo
[2010/05/30 20:13:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\johnnie fritz\Application Data\Leadertech
[2011/09/04 10:19:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\johnnie fritz\Application Data\PSPDocMaker
[2011/08/13 18:07:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\johnnie fritz\Application Data\Rovio
[2010/12/09 20:38:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\johnnie fritz\Application Data\Stardock
[2011/11/18 22:23:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\johnnie fritz\Application Data\SystemRequirementsLab
[2011/01/17 19:27:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\johnnie fritz\Application Data\TeamViewer
[2010/05/30 05:38:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\johnnie fritz\Application Data\ThinkVantage
[2011/11/28 12:38:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\johnnie fritz\Application Data\Toolbar4
[2011/11/22 14:22:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\johnnie fritz\Application Data\uTorrent
[2010/07/07 15:11:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\johnnie fritz\Application Data\Vodafone
[2011/11/19 00:02:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\johnnie fritz\Application Data\Vso
[2011/11/28 01:56:01 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========



< End of report >









as you can my free space now is 10.5G result of uninstalling application. I scan now the computer using Dr.Web

After the scan here I was able to export the result from the journal. Here the scan results and after treatment.










Scannig Finished

Scaning duration 14hrs 34mins 1sec

Objects scanned: 596764 Threat detected: 37 Infected: 33
Unable to Scan 7008 Threat neutralized: 0 Malicious: 2
Suspicious: 2
2011-11-28 02:26:46 PM Control Center Info Updater failed

2011-11-28 02:28:35 PM Scanner Info Scanning started

2011-11-28 06:27:24 PM Scanner Info threat has been found /win/C:/Program Files/Common Files/InstallShield/UpdateService/ISUSPM.exe - infected Win32.Sector.10

2011-11-28 06:34:57 PM Scanner Info threat has been found /win/C:/Program Files/Common Files/Sonic Shared/Sonic Central/Main/Mediahub.exe - infected Win32.Sector.10

2011-11-28 06:40:36 PM Scanner Info threat has been found /win/C:/Program Files/ThinkVantage/SystemUpdate/UCLauncher.exe - infected Win32.Sector.10

2011-11-28 07:03:29 PM Scanner Info threat has been found /win/C:/Program Files/VideoLAN/VLC/vlc-cache-gen.exe - infected Win32.Sector.10

2011-11-28 08:03:06 PM Scanner Info threat has been found /win/C:/Program Files/Microsoft Office/Office12/OIS.EXE - infected Win32.Sector.10

2011-11-28 08:03:40 PM Scanner Info threat has been found /win/C:/Program Files/Microsoft Office/Office12/ONENOTEM.EXE - infected Win32.Sector.10

2011-11-28 08:04:16 PM Scanner Info threat has been found /win/C:/Program Files/Microsoft Office/Office12/WINWORD.EXE - infected Win32.Sector.10

2011-11-28 08:19:58 PM Scanner Info threat has been found /win/C:/Program Files/Microsoft Silverlight/4.0.60831.0/coregen.exe - infected Win32.Sector.10

2011-11-28 08:21:28 PM Scanner Info threat has been found /win/C:/Program Files/EA Games/Command & Conquer Generals Zero Hour/game.dat - infected Win32.Sector.10

2011-11-28 08:21:54 PM Scanner Info threat has been found /win/C:/Program Files/EA Games/Command & Conquer Generals Zero Hour/support/Command and Conquer Generals Zero Hour_uninst.exe - infected Win32.Sector.10

2011-11-28 08:21:58 PM Scanner Info threat has been found /win/C:/Program Files/EA Games/Command and Conquer Generals/game.dat - infected Win32.Sector.10

2011-11-28 08:22:01 PM Scanner Info threat has been found /win/C:/Program Files/EA Games/Command and Conquer Generals/patchget.dat - infected Win32.Sector.10

2011-11-28 08:22:23 PM Scanner Info threat has been found /win/C:/Program Files/EA Games/Command and Conquer Generals/support/Generals_uninst.exe - infected Win32.Sector.10

2011-11-28 08:32:07 PM Scanner Info threat has been found /win/C:/Program Files/Growl for Windows/Growl.exe - infected Win32.Sector.10

2011-11-28 09:14:52 PM Scanner Info threat has been found /win/C:/Program Files/Mozilla Firefox/firefox.exe.old - infected Win32.Sector.10

2011-11-29 01:19:30 AM Scanner Info threat has been found /win/C:/Documents and Settings/All Users/Application Data/Adobe/Setup/{AC76BA86-7AD7-1033-7B44-AA1000000001}/setup.exe - infected Win32.Sector.10

2011-11-29 01:23:18 AM Scanner Info threat has been found /win/C:/Documents and Settings/All Users/Application Data/AVG Security Toolbar/Update/igt10E.tmp.dir/ToolbarBroker.exe - infected Win32.Sector.10

2011-11-29 01:36:49 AM Scanner Info threat has been found /win/C:/Documents and Settings/All Users/Application Data/NOS/Adobe_Downloads/install_flash_player_ax.exe - infected Win32.Sector.10

2011-11-29 01:37:00 AM Scanner Info threat has been found /win/C:/Documents and Settings/All Users/Application Data/Spybot - Search & Destroy/Backups/regLocal.reg - suspicious SCRIPT.Virus

2011-11-29 02:44:38 AM Scanner Info threat has been found /win/C:/Documents and Settings/johnnie fritz/Desktop/exehelper/explorer.exe - infected Win32.Sector.10

2011-11-29 02:44:38 AM Scanner Info threat has been found /win/C:/Documents and Settings/johnnie fritz/Desktop/exehelper/exeHelper (1).com - infected Win32.Sector.10

2011-11-29 02:44:38 AM Scanner Info threat has been found /win/C:/Documents and Settings/johnnie fritz/Desktop/OTL.com - infected Trojan.Siggen3.20406

2011-11-29 02:55:56 AM Scanner Info threat has been found /win/C:/Documents and Settings/johnnie fritz/Desktop/antivir/OTL.com - infected Trojan.Siggen3.20406

2011-11-29 02:58:12 AM Scanner Info threat has been found /win/C:/Documents and Settings/johnnie fritz/Desktop/rkill/rkill.com - infected Win32.Sector.10

2011-11-29 02:58:13 AM Scanner Info threat has been found /win/C:/Documents and Settings/johnnie fritz/Desktop/rkill/rkill.exe - infected Win32.Sector.10

2011-11-29 02:58:14 AM Scanner Info threat has been found /win/C:/Documents and Settings/johnnie fritz/Desktop/rkill/WiNlOgOn.exe - infected Win32.Sector.10

2011-11-29 02:58:14 AM Scanner Info threat has been found /win/C:/Documents and Settings/johnnie fritz/Desktop/rkill/uSeRiNiT.exe - infected Win32.Sector.10

2011-11-29 03:00:48 AM Scanner Info threat has been found /win/C:/Documents and Settings/johnnie fritz/Desktop/instal/OTL.exe - infected Trojan.Siggen3.20406

2011-11-29 03:07:09 AM Scanner Info threat has been found /win/C:/Documents and Settings/johnnie fritz/Local Settings/Application Data/Google/Chrome/User Data/Default/old_Cache_001/f_00118c - suspicious SCRIPT.Virus

2011-11-29 03:09:04 AM Scanner Info threat has been found /win/C:/Documents and Settings/johnnie fritz/Local Settings/Application Data/Google/Chrome/User Data/Default/old_Cache_001/f_00134f - infected Trojan.Siggen3.20406

2011-11-29 03:26:11 AM Scanner Info threat has been found /win/C:/Documents and Settings/johnnie fritz/Local Settings/Temp/Set63.tmp - infected Win32.Sector.10

2011-11-29 03:26:12 AM Scanner Info threat has been found /win/C:/Documents and Settings/johnnie fritz/Local Settings/Temp/Set91.tmp - infected Win32.Sector.10

2011-11-29 03:26:12 AM Scanner Info threat has been found /win/C:/Documents and Settings/johnnie fritz/Local Settings/Temp/Set90.tmp - infected Win32.Sector.10

2011-11-29 04:46:26 AM Scanner Info threat has been found /win/C:/Documents and Settings/johnnie fritz/My Documents/Downloads/OTL.com - infected Trojan.Siggen3.20406

2011-11-29 04:47:30 AM Scanner Info threat has been found /win/C:/Documents and Settings/johnnie fritz/My Documents/Downloads/vlc-1.1.11-win32.exe - infected Win32.Sector.10

2011-11-29 05:02:51 AM Scanner Info Scanning finished

2011-11-29 09:47:19 AM Scanner Info /win/C:/Program Files/Common Files/InstallShield/UpdateService/ISUSPM.exe - cured

2011-11-29 09:47:19 AM Scanner Info /win/C:/Program Files/Common Files/InstallShield/UpdateService/ISUSPM.exe - cured

2011-11-29 09:47:45 AM Scanner Info /win/C:/Program Files/Common Files/Sonic Shared/Sonic Central/Main/Mediahub.exe - cured

2011-11-29 09:47:45 AM Scanner Info /win/C:/Program Files/Common Files/Sonic Shared/Sonic Central/Main/Mediahub.exe - cured

2011-11-29 09:47:51 AM Scanner Info cured 2 files: /win/C:/Program Files/Common Files/InstallShield/UpdateService/ISUSPM.exe, /win/C:/Program Files/Common Files/Sonic Shared/Sonic Central/Main/Mediahub.exe;

2011-11-29 09:49:54 AM Scanner Info /win/C:/Program Files/ThinkVantage/SystemUpdate/UCLauncher.exe - cured

2011-11-29 09:49:54 AM Scanner Info /win/C:/Program Files/ThinkVantage/SystemUpdate/UCLauncher.exe - cured

2011-11-29 09:49:59 AM Scanner Info cured 1 files: /win/C:/Program Files/ThinkVantage/SystemUpdate/UCLauncher.exe;

2011-11-29 09:50:28 AM Scanner Info /win/C:/Program Files/VideoLAN/VLC/vlc-cache-gen.exe - cured
2
2011-11-29 09:50:28 AM Scanner Info /win/C:/Program Files/VideoLAN/VLC/vlc-cache-gen.exe - cured

2011-11-29 09:50:32 AM Scanner Info cured 1 files: /win/C:/Program Files/VideoLAN/VLC/vlc-cache-gen.exe;

2011-11-29 09:50:50 AM Scanner Info /win/C:/Program Files/Microsoft Office/Office12/OIS.EXE - cured

2011-11-29 09:50:55 AM Scanner Info cured 1 files: /win/C:/Program Files/Microsoft Office/Office12/OIS.EXE;

2011-11-29 09:51:08 AM Scanner Info /win/C:/Program Files/Microsoft Office/Office12/ONENOTEM.EXE - cured

2011-11-29 09:51:12 AM Scanner Info cured 1 files: /win/C:/Program Files/Microsoft Office/Office12/ONENOTEM.EXE;

2011-11-29 09:51:25 AM Scanner Info /win/C:/Program Files/Microsoft Office/Office12/WINWORD.EXE - cured

2011-11-29 09:51:25 AM Scanner Info /win/C:/Program Files/Microsoft Office/Office12/WINWORD.EXE - cured

2011-11-29 09:51:29 AM Scanner Info cured 1 files: /win/C:/Program Files/Microsoft Office/Office12/WINWORD.EXE;

2011-11-29 09:51:44 AM Scanner Info /win/C:/Program Files/Microsoft Silverlight/4.0.60831.0/coregen.exe - cured

2011-11-29 09:51:44 AM Scanner Info /win/C:/Program Files/Microsoft Silverlight/4.0.60831.0/coregen.exe - cured

2011-11-29 09:51:47 AM Scanner Info cured 1 files: /win/C:/Program Files/Microsoft Silverlight/4.0.60831.0/coregen.exe;

2011-11-29 09:52:05 AM Scanner Info /win/C:/Program Files/EA Games/Command & Conquer Generals Zero Hour/game.dat - cured

2011-11-29 09:52:09 AM Scanner Info cured 1 files: /win/C:/Program Files/EA Games/Command & Conquer Generals Zero Hour/game.dat;

2011-11-29 09:52:40 AM Scanner Info /win/C:/Program Files/EA Games/Command & Conquer Generals Zero Hour/support/Command and Conquer Generals Zero Hour_uninst.exe - cured

2011-11-29 09:52:40 AM Scanner Info /win/C:/Program Files/EA Games/Command & Conquer Generals Zero Hour/support/Command and Conquer Generals Zero Hour_uninst.exe - cured

2011-11-29 09:52:44 AM Scanner Info cured 1 files: /win/C:/Program Files/EA Games/Command & Conquer Generals Zero Hour/support/Command and Conquer Generals Zero Hour_uninst.exe;

2011-11-29 09:53:31 AM Scanner Info /win/C:/Program Files/EA Games/Command and Conquer Generals/game.dat - cured

2011-11-29 09:53:36 AM Scanner Info cured 1 files: /win/C:/Program Files/EA Games/Command and Conquer Generals/game.dat;

2011-11-29 09:54:07 AM Scanner Info /win/C:/Program Files/EA Games/Command and Conquer Generals/patchget.dat - cured

2011-11-29 09:54:11 AM Scanner Info cured 1 files: /win/C:/Program Files/EA Games/Command and Conquer Generals/patchget.dat;

2011-11-29 09:54:45 AM Scanner Info /win/C:/Program Files/EA Games/Command and Conquer Generals/support/Generals_uninst.exe - cured

2011-11-29 09:54:45 AM Scanner Info /win/C:/Program Files/EA Games/Command and Conquer Generals/support/Generals_uninst.exe - cured

2011-11-29 09:54:49 AM Scanner Info cured 1 files: /win/C:/Program Files/EA Games/Command and Conquer Generals/support/Generals_uninst.exe;

2011-11-29 09:54:56 AM Scanner Info /win/C:/Program Files/Growl for Windows/Growl.exe - cured

2011-11-29 09:54:56 AM Scanner Info /win/C:/Program Files/Growl for Windows/Growl.exe - cured

2011-11-29 09:55:01 AM Scanner Info cured 1 files: /win/C:/Program Files/Growl for Windows/Growl.exe;

2011-11-29 09:55:09 AM Scanner Info /win/C:/Program Files/Mozilla Firefox/firefox.exe.old - cured

2011-11-29 09:55:09 AM Scanner Info /win/C:/Program Files/Mozilla Firefox/firefox.exe.old - cured

2011-11-29 09:55:13 AM Scanner Info cured 1 files: /win/C:/Program Files/Mozilla Firefox/firefox.exe.old;

2011-11-29 09:55:47 AM Scanner Info /win/C:/Documents and Settings/All Users/Application Data/Adobe/Setup/{AC76BA86-7AD7-1033-7B44-AA1000000001}/setup.exe - cured

2011-11-29 09:55:52 AM Scanner Info cured 1 files: /win/C:/Documents and Settings/All Users/Application Data/Adobe/Setup/{AC76BA86-7AD7-1033-7B44-AA1000000001}/setup.exe;

2011-11-29 09:56:00 AM Scanner Info /win/C:/Documents and Settings/All Users/Application Data/AVG Security Toolbar/Update/igt10E.tmp.dir/ToolbarBroker.exe - cured

2011-11-29 09:56:00 AM Scanner Info /win/C:/Documents and Settings/All Users/Application Data/AVG Security Toolbar/Update/igt10E.tmp.dir/ToolbarBroker.exe - cured

2011-11-29 09:56:03 AM Scanner Info cured 1 files: /win/C:/Documents and Settings/All Users/Application Data/AVG Security Toolbar/Update/igt10E.tmp.dir/ToolbarBroker.exe;

2011-11-29 09:56:22 AM Scanner Info /win/C:/Documents and Settings/All Users/Application Data/NOS/Adobe_Downloads/install_flash_player_ax.exe - cured

2011-11-29 09:56:27 AM Scanner Info cured 1 files: /win/C:/Documents and Settings/All Users/Application Data/NOS/Adobe_Downloads/install_flash_player_ax.exe;

2011-11-29 09:59:08 AM Scanner Info /win/C:/Documents and Settings/johnnie fritz/Desktop/OTL.com - deleted

2011-11-29 09:59:08 AM Scanner Info /win/C:/Documents and Settings/johnnie fritz/Desktop/OTL.com - deleted

2011-11-29 09:59:12 AM Scanner Info removed 1 files: /win/C:/Documents and Settings/johnnie fritz/Desktop/OTL.com;

2011-11-29 09:59:31 AM Scanner Info /win/C:/Documents and Settings/johnnie fritz/Desktop/exehelper/exeHelper (1).com - cured

2011-11-29 09:59:31 AM Scanner Info /win/C:/Documents and Settings/johnnie fritz/Desktop/exehelper/exeHelper (1).com - cured

2011-11-29 09:59:35 AM Scanner Info cured 1 files: /win/C:/Documents and Settings/johnnie fritz/Desktop/exehelper/exeHelper (1).com;

2011-11-29 09:59:53 AM Scanner Info /win/C:/Documents and Settings/johnnie fritz/Desktop/exehelper/explorer.exe - cured

2011-11-29 09:59:53 AM Scanner Info /win/C:/Documents and Settings/johnnie fritz/Desktop/exehelper/explorer.exe - cured

2011-11-29 09:59:57 AM Scanner Info cured 1 files: /win/C:/Documents and Settings/johnnie fritz/Desktop/exehelper/explorer.exe;

2011-11-29 10:01:56 AM Scanner Info /win/C:/Documents and Settings/johnnie fritz/Desktop/antivir/OTL.com - deleted

2011-11-29 10:01:56 AM Scanner Info /win/C:/Documents and Settings/johnnie fritz/Desktop/antivir/OTL.com - deleted

2011-11-29 10:02:00 AM Scanner Info removed 1 files: /win/C:/Documents and Settings/johnnie fritz/Desktop/antivir/OTL.com;

2011-11-29 10:02:10 AM Scanner Info /win/C:/Documents and Settings/johnnie fritz/Desktop/rkill/rkill.com - cured

2011-11-29 10:02:14 AM Scanner Info cured 1 files: /win/C:/Documents and Settings/johnnie fritz/Desktop/rkill/rkill.com;

2011-11-29 10:02:23 AM Scanner Info /win/C:/Documents and Settings/johnnie fritz/Desktop/rkill/rkill.com - cured

2011-11-29 10:02:26 AM Scanner Info cured 1 files: /win/C:/Documents and Settings/johnnie fritz/Desktop/rkill/rkill.com;

2011-11-29 10:02:37 AM Scanner Info /win/C:/Documents and Settings/johnnie fritz/Desktop/rkill/rkill.exe - cured

2011-11-29 10:02:41 AM Scanner Info cured 1 files: /win/C:/Documents and Settings/johnnie fritz/Desktop/rkill/rkill.exe;

2011-11-29 10:02:49 AM Scanner Info /win/C:/Documents and Settings/johnnie fritz/Desktop/rkill/rkill.exe - cured

2011-11-29 10:03:28 AM Scanner Info /win/C:/Documents and Settings/johnnie fritz/Desktop/rkill/uSeRiNiT.exe - cured

2011-11-29 10:03:32 AM Scanner Info cured 2 files: /win/C:/Documents and Settings/johnnie fritz/Desktop/rkill/rkill.exe, /win/C:/Documents and Settings/johnnie fritz/Desktop/rkill/uSeRiNiT.exe;

2011-11-29 10:03:40 AM Scanner Info /win/C:/Documents and Settings/johnnie fritz/Desktop/rkill/uSeRiNiT.exe - cured

2011-11-29 10:03:53 AM Scanner Info /win/C:/Documents and Settings/johnnie fritz/Desktop/rkill/WiNlOgOn.exe - cured

2011-11-29 10:03:58 AM Scanner Info cured 2 files: /win/C:/Documents and Settings/johnnie fritz/Desktop/rkill/WiNlOgOn.exe, /win/C:/Documents and Settings/johnnie fritz/Desktop/rkill/uSeRiNiT.exe;

2011-11-29 10:04:06 AM Scanner Info /win/C:/Documents and Settings/johnnie fritz/Desktop/rkill/WiNlOgOn.exe - cured

2011-11-29 10:04:32 AM Scanner Info /win/C:/Documents and Settings/johnnie fritz/Desktop/instal/OTL.exe - deleted

2011-11-29 10:04:32 AM Scanner Info /win/C:/Documents and Settings/johnnie fritz/Desktop/instal/OTL.exe - deleted

2011-11-29 10:04:37 AM Scanner Info cured 1 files: /win/C:/Documents and Settings/johnnie fritz/Desktop/rkill/WiNlOgOn.exe;removed 1 files: /win/C:/Documents and Settings/johnnie fritz/Desktop/instal/OTL.exe;

2011-11-29 10:05:15 AM Scanner Info /win/C:/Documents and Settings/johnnie fritz/Local Settings/Application Data/Google/Chrome/User Data/Default/old_Cache_001/f_00134f - deleted

2011-11-29 10:05:15 AM Scanner Info /win/C:/Documents and Settings/johnnie fritz/Local Settings/Application Data/Google/Chrome/User Data/Default/old_Cache_001/f_00134f - deleted

2011-11-29 10:05:19 AM Scanner Info removed 1 files: /win/C:/Documents and Settings/johnnie fritz/Local Settings/Application Data/Google/Chrome/User Data/Default/old_Cache_001/f_00134f;

2011-11-29 10:06:16 AM Scanner Info /win/C:/Documents and Settings/johnnie fritz/Local Settings/Temp/Set63.tmp - cured

2011-11-29 10:06:16 AM Scanner Info /win/C:/Documents and Settings/johnnie fritz/Local Settings/Temp/Set63.tmp - cured

2011-11-29 10:06:20 AM Scanner Info cured 1 files: /win/C:/Documents and Settings/johnnie fritz/Local Settings/Temp/Set63.tmp;

2011-11-29 10:06:32 AM Scanner Info /win/C:/Documents and Settings/johnnie fritz/Local Settings/Temp/Set91.tmp - cured

2011-11-29 10:06:32 AM Scanner Info /win/C:/Documents and Settings/johnnie fritz/Local Settings/Temp/Set91.tmp - cured

2011-11-29 10:06:36 AM Scanner Info cured 1 files: /win/C:/Documents and Settings/johnnie fritz/Local Settings/Temp/Set91.tmp;

2011-11-29 10:06:50 AM Scanner Info /win/C:/Documents and Settings/johnnie fritz/Local Settings/Temp/Set90.tmp - cured

2011-11-29 10:06:50 AM Scanner Info /win/C:/Documents and Settings/johnnie fritz/Local Settings/Temp/Set90.tmp - cured

2011-11-29 10:06:54 AM Scanner Info cured 1 files: /win/C:/Documents and Settings/johnnie fritz/Local Settings/Temp/Set90.tmp;

2011-11-29 10:07:22 AM Scanner Info /win/C:/Documents and Settings/johnnie fritz/My Documents/Downloads/OTL.com - deleted

2011-11-29 10:07:22 AM Scanner Info /win/C:/Documents and Settings/johnnie fritz/My Documents/Downloads/OTL.com - deleted

2011-11-29 10:07:27 AM Scanner Info removed 1 files: /win/C:/Documents and Settings/johnnie fritz/My Documents/Downloads/OTL.com;

2011-11-29 10:07:38 AM Scanner Info /win/C:/Documents and Settings/johnnie fritz/My Documents/Downloads/vlc-1.1.11-win32.exe - cured

2011-11-29 10:07:38 AM Scanner Info /win/C:/Documents and Settings/johnnie fritz/My Documents/Downloads/vlc-1.1.11-win32.exe - cured

2011-11-29 10:07:42 AM Scanner Info cured 1 files: /win/C:/Documents and Settings/johnnie fritz/My Documents/Downloads/vlc-1.1.11-win32.exe;




I cured everthing i see infected. I think there were 4 or 5 were deleted. You can check above. Please check if anything unusual.
From my observation it took less 2 hours to finished unlike before. And the threats detected are lower also by 100 threats.
Sorry for the bother but I did all I could do to inform you about what's happening to the computer.No problem rebooting the computer.
It took several minutes on the startup. On my desktop. run some application and uninstall some programs whose not working anymore.
And then another "Threat Removed" by AVG Resident Shield. This time another virus found named

"Downloader.Banload" infecting my C:\Documents and Settings/johnniefritz/Deskto/exehelper/explorer.exe
"Win32/tanatos.M" C:\Program Files\Microsoft Office\Office12\OIS.exe

there were 2 threat detected as of now.










I will run again a fresh OTL.





OTL logfile created on: 11/29/2011 11:56:41 - Run 5
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\johnnie fritz\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.11 Mb Total Physical Memory | 275.59 Mb Available Physical Memory | 26.96% Memory free
2.40 Gb Paging File | 1.67 Gb Available in Paging File | 69.49% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.33 Gb Total Space | 10.21 Gb Free Space | 14.72% Space Free | Partition Type: NTFS

Computer Name: HOAH | User Name: johnnie fritz | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/28 13:34:09 | 000,126,464 | ---- | M] () -- C:\Program Files\Lenovo\HOTKEY\TpWAudAp.exe
PRC - [2011/11/26 16:15:12 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\johnnie fritz\Desktop\OTL.exe
PRC - [2011/10/25 01:08:00 | 002,078,048 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/12/02 07:47:58 | 000,621,920 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/12/02 07:46:21 | 000,725,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/07/17 02:34:59 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/07/17 02:34:45 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/07/17 02:33:37 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/05/10 11:33:42 | 000,110,592 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
PRC - [2010/05/10 11:32:36 | 001,858,048 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
PRC - [2010/05/10 11:32:06 | 000,482,304 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
PRC - [2008/04/14 08:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/05/20 01:39:16 | 000,057,344 | ---- | M] (Lenovo) -- C:\WINDOWS\system32\PMSveH.exe
PRC - [2006/04/18 04:13:00 | 000,094,208 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
PRC - [2006/04/18 04:12:28 | 000,151,552 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
PRC - [2006/04/18 04:12:26 | 000,040,960 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
PRC - [2006/04/18 04:09:10 | 000,409,600 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
PRC - [2006/04/18 03:59:10 | 000,098,304 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
PRC - [2006/02/28 15:20:44 | 002,076,672 | ---- | M] () -- C:\Program Files\Softex\OmniPass\scureapp.exe
PRC - [2006/02/28 15:20:02 | 000,013,312 | ---- | M] () -- C:\Program Files\Softex\OmniPass\OPXPApp.exe
PRC - [2006/02/28 15:18:32 | 000,032,768 | ---- | M] (Softex Inc.) -- C:\Program Files\Softex\OmniPass\OmniServ.exe
PRC - [2006/01/18 01:45:32 | 000,618,557 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
PRC - [2006/01/18 01:43:58 | 001,396,820 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\Lenovo\Bluetooth Software\BTStackServer.exe
PRC - [2006/01/18 01:37:24 | 000,266,295 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe
PRC - [2005/12/29 02:52:32 | 000,397,381 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
PRC - [2005/12/22 09:34:58 | 000,077,824 | ---- | M] () -- C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe
PRC - [2005/12/22 09:27:00 | 000,032,768 | ---- | M] () -- C:\Program Files\IBM ThinkVantage\Common\Logger\logmon.exe
PRC - [2005/12/22 09:20:56 | 001,384,448 | ---- | M] () -- C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
PRC - [2005/12/22 09:08:06 | 001,988,144 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauthe.exe
PRC - [2005/12/15 02:51:12 | 000,622,700 | ---- | M] (Diskeeper Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
PRC - [2005/12/07 16:00:00 | 000,106,496 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\LenovoCare\LPMGR.EXE
PRC - [2005/10/21 05:18:50 | 000,442,368 | ---- | M] (Sonix) -- C:\WINDOWS\vsnp2std.exe
PRC - [2005/08/02 08:32:40 | 000,040,960 | ---- | M] () -- C:\Program Files\ThinkVantage\SystemUpdate\UCLauncherService.exe
PRC - [2005/03/03 21:04:48 | 000,122,880 | R--- | M] () -- C:\Program Files\FarStone\VDPBS\Vhd\RDTask.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/28 13:34:09 | 000,126,464 | ---- | M] () -- C:\Program Files\Lenovo\HOTKEY\TpWAudAp.exe
MOD - [2011/11/28 03:59:07 | 000,627,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\846dd505f97805f00999ee26aec9bf75\System.Transactions.ni.dll
MOD - [2011/11/28 03:58:54 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\70a1400affdc775d7c7398e036359286\System.ServiceProcess.ni.dll
MOD - [2011/11/28 03:57:47 | 000,998,400 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\6e563a58e6fc0117070d5b8fd59e4e1b\System.Management.ni.dll
MOD - [2011/11/28 03:57:06 | 000,627,712 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\75f452279422a7898e840ee5768c9d2e\System.EnterpriseServices.ni.dll
MOD - [2011/11/28 03:53:14 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\77df2cd21a5b85a1605b335aa9ad9d44\System.Configuration.ni.dll
MOD - [2011/11/28 03:15:02 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\10154dcad2d62f226af2fd4211460a4b\System.Xml.ni.dll
MOD - [2011/11/28 03:14:06 | 006,616,576 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\db2d84e279807592a680ef4135e9fe9a\System.Data.ni.dll
MOD - [2011/11/28 03:08:15 | 007,950,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e6c79e1d71b0c9000afd7e5e439b5c54\System.ni.dll
MOD - [2011/11/28 03:08:05 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll
MOD - [2011/11/28 03:06:15 | 002,933,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2011/11/28 03:05:54 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2011/11/28 03:05:49 | 000,261,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2010/05/10 11:32:36 | 001,858,048 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
MOD - [2010/05/10 11:32:06 | 000,482,304 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
MOD - [2006/04/18 04:13:16 | 000,192,512 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\AcGolan.dll
MOD - [2006/04/18 04:12:32 | 000,114,688 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\AcLocMigrator.dll
MOD - [2006/04/18 04:12:26 | 000,040,960 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
MOD - [2006/04/18 04:12:24 | 000,413,696 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvcHlpr.dll
MOD - [2006/04/18 04:12:22 | 000,077,824 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\AcAdaptersInfo.dll
MOD - [2006/04/18 04:12:18 | 000,532,480 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\ACon.dll
MOD - [2006/04/18 03:47:38 | 000,094,208 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\ThinQCon.dll
MOD - [2006/04/18 03:47:18 | 000,090,112 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvcStub.dll
MOD - [2006/04/18 03:44:32 | 000,007,680 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\ACTurinSupport.dll
MOD - [2006/04/18 03:44:28 | 000,143,360 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgr.dll
MOD - [2006/04/18 03:44:22 | 000,151,552 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\AcLocSettings.dll
MOD - [2006/04/18 03:43:44 | 000,077,824 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\AcCryptHlpr.dll
MOD - [2006/04/18 03:43:38 | 000,077,824 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\ACHelper.dll
MOD - [2006/02/28 15:21:50 | 000,025,024 | ---- | M] () -- C:\Program Files\Softex\OmniPass\hdddrv.dll
MOD - [2006/02/28 15:21:08 | 000,049,152 | ---- | M] () -- C:\Program Files\Softex\OmniPass\OPXPGina.dll
MOD - [2006/02/28 15:20:44 | 002,076,672 | ---- | M] () -- C:\Program Files\Softex\OmniPass\scureapp.exe
MOD - [2006/02/28 15:20:02 | 000,013,312 | ---- | M] () -- C:\Program Files\Softex\OmniPass\OPXPApp.exe
MOD - [2006/02/28 15:19:40 | 000,122,880 | ---- | M] () -- C:\Program Files\Softex\OmniPass\ginastub.dll
MOD - [2006/02/28 15:15:26 | 000,053,248 | ---- | M] () -- C:\Program Files\Softex\OmniPass\scuredll.dll
MOD - [2006/02/28 15:14:56 | 000,327,680 | ---- | M] () -- C:\Program Files\Softex\OmniPass\userdata.dll
MOD - [2006/02/28 15:14:40 | 000,790,528 | ---- | M] () -- C:\Program Files\Softex\OmniPass\autheng.dll
MOD - [2006/02/28 15:14:30 | 000,012,288 | ---- | M] () -- C:\Program Files\Softex\OmniPass\cryptodll.dll
MOD - [2006/02/28 15:14:28 | 000,434,176 | ---- | M] () -- C:\Program Files\Softex\OmniPass\storeng.dll
MOD - [2006/02/28 15:14:12 | 000,010,752 | ---- | M] () -- C:\Program Files\Softex\OmniPass\SSPLogon.dll
MOD - [2006/02/28 15:10:46 | 002,179,504 | ---- | M] () -- C:\Program Files\Softex\OmniPass\sftxtgp.dll
MOD - [2006/01/18 01:46:48 | 000,053,248 | ---- | M] () -- C:\Program Files\Lenovo\Bluetooth Software\BTKeyInd.dll
MOD - [2005/12/29 03:11:34 | 000,876,544 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\Libeay32.dll
MOD - [2005/12/29 03:11:34 | 000,208,965 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\iWMSProv.dll
MOD - [2005/12/29 03:11:34 | 000,053,322 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\IntStngs.dll
MOD - [2005/12/22 09:34:58 | 000,077,824 | ---- | M] () -- C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe
MOD - [2005/12/22 09:27:00 | 000,032,768 | ---- | M] () -- C:\Program Files\IBM ThinkVantage\Common\Logger\logmon.exe
MOD - [2005/12/22 09:23:06 | 000,139,264 | ---- | M] () -- C:\Program Files\IBM ThinkVantage\Rescue and Recovery\CDRecord.dll
MOD - [2005/12/22 09:20:56 | 001,384,448 | ---- | M] () -- C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
MOD - [2005/12/22 09:19:10 | 000,155,648 | ---- | M] () -- C:\Program Files\IBM ThinkVantage\Rescue and Recovery\ui.dll
MOD - [2005/12/22 09:19:02 | 000,069,632 | ---- | M] () -- C:\Program Files\IBM ThinkVantage\Rescue and Recovery\zlib.dll
MOD - [2005/12/22 09:15:14 | 000,671,744 | ---- | M] () -- C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rr_res.dll
MOD - [2005/12/21 11:46:04 | 000,024,576 | ---- | M] () -- C:\WINDOWS\system32\tphklock.dll
MOD - [2005/12/10 23:28:40 | 000,045,056 | ---- | M] () -- C:\Program Files\Lenovo\HOTKEY\TpWAudHk.dll
MOD - [2005/12/07 16:00:00 | 000,057,344 | ---- | M] () -- C:\Program Files\Lenovo\LenovoCare\US\LPRESMGR.DLL
MOD - [2005/12/05 08:33:00 | 000,466,944 | ---- | M] () -- C:\WINDOWS\system32\nvshell.dll
MOD - [2005/08/16 16:14:36 | 000,401,408 | R--- | M] () -- C:\Program Files\FarStone\VDPBS\DVDCreator\CDBLib.dll
MOD - [2005/08/13 00:53:12 | 000,106,496 | ---- | M] () -- C:\Program Files\FarStone\VDPBS\Vhd\RDTask_RC.dll
MOD - [2005/08/02 08:32:40 | 000,040,960 | ---- | M] () -- C:\Program Files\ThinkVantage\SystemUpdate\UCLauncherService.exe
MOD - [2005/08/02 08:32:36 | 000,147,456 | ---- | M] () -- C:\Program Files\ThinkVantage\SystemUpdate\UCLauncherCommon.dll
MOD - [2005/07/20 18:34:28 | 000,126,976 | ---- | M] () -- C:\Program Files\ThinkVantage\AMSG\ahlprunl.dll
MOD - [2005/07/16 22:54:46 | 000,081,920 | ---- | M] () -- C:\Program Files\FarStone\VDPBS\VDP\VDExt900.dll
MOD - [2005/06/30 18:54:50 | 000,180,224 | ---- | M] () -- C:\Program Files\ThinkVantage\AMSG\AcpPollingEngine.dll
MOD - [2005/06/01 22:35:54 | 000,094,290 | R--- | M] () -- C:\Program Files\FarStone\VDPBS\DVDCreator\DVDCreatorMenuShell.dll
MOD - [2005/03/03 21:04:48 | 000,122,880 | R--- | M] () -- C:\Program Files\FarStone\VDPBS\Vhd\RDTask.exe
MOD - [2005/03/03 21:04:46 | 000,077,824 | R--- | M] () -- C:\Program Files\FarStone\VDPBS\Vhd\RDrv2KInterface.dll
MOD - [2004/06/29 01:03:56 | 000,028,672 | R--- | M] () -- C:\Program Files\FarStone\VDPBS\Vhd\RDrvInterface.dll
MOD - [2003/06/06 23:57:02 | 000,024,576 | R--- | M] () -- C:\Program Files\FarStone\VDPBS\Vhd\FsLodLib.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (PsaSrv)
SRV - File not found [On_Demand | Stopped] -- -- (AVG Security Toolbar Service)
SRV - [2010/07/17 02:34:45 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/05/10 11:33:42 | 000,110,592 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
SRV - [2010/05/10 11:32:36 | 001,858,048 | ---- | M] () [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe -- (WDFME)
SRV - [2010/05/10 11:32:06 | 000,482,304 | ---- | M] () [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe -- (WDSC)
SRV - [2008/07/04 12:52:18 | 000,014,336 | ---- | M] (Vodafone) [Disabled | Stopped] -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe -- (VMCService)
SRV - [2006/11/03 18:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2006/05/20 01:39:16 | 000,057,344 | ---- | M] (Lenovo) [Auto | Running] -- C:\WINDOWS\system32\PMSveH.exe -- (PMSveH)
SRV - [2006/04/18 04:12:28 | 000,151,552 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe -- (AcSvc)
SRV - [2006/04/18 04:12:26 | 000,040,960 | ---- | M] () [Auto | Running] -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)
SRV - [2006/02/28 15:18:32 | 000,032,768 | ---- | M] (Softex Inc.) [Auto | Running] -- C:\Program Files\Softex\OmniPass\OmniServ.exe -- (omniserv)
SRV - [2006/01/18 01:37:24 | 000,266,295 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe -- (btwdins)
SRV - [2005/12/22 09:34:58 | 000,077,824 | ---- | M] () [Auto | Running] -- C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe -- (TVT Scheduler)
SRV - [2005/12/22 09:20:56 | 001,384,448 | ---- | M] () [Auto | Running] -- C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe -- (TVT Backup Service)
SRV - [2005/12/15 02:51:12 | 000,622,700 | ---- | M] (Diskeeper Corporation) [Auto | Running] -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper)
SRV - [2005/08/02 08:32:40 | 000,040,960 | ---- | M] () [Auto | Running] -- C:\Program Files\ThinkVantage\SystemUpdate\UCLauncherService.exe -- (UCLauncherService)


========== Driver Services (SafeList) ==========

DRV - [2011/09/30 15:55:44 | 000,029,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2011/05/31 01:10:17 | 000,243,152 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/07/17 02:33:44 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/06/03 19:23:14 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010/05/30 05:12:40 | 000,016,256 | ---- | M] (Lenovo) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd)
DRV - [2009/02/13 12:02:52 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2008/11/12 13:50:52 | 000,110,080 | R--- | M] (ZTE Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbnet.sys -- (ZTEusbnet)
DRV - [2008/11/12 13:50:52 | 000,105,344 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2008/11/12 13:50:52 | 000,104,960 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\zteusbvoice.sys -- (ZTEusbvoice)
DRV - [2008/11/12 13:50:52 | 000,104,960 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2008/11/12 13:50:52 | 000,104,960 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2008/11/12 13:50:52 | 000,007,680 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\massfilter.sys -- (massfilter)
DRV - [2008/09/09 14:35:08 | 000,119,936 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sshsmdm.sys -- (sshsmdm)
DRV - [2008/09/09 14:35:08 | 000,091,776 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sshsbus.sys -- (sshsbus) SAMSUNG Mobile USB Multi-Device driver (WDM)
DRV - [2008/09/09 14:35:08 | 000,014,976 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sshsmdfl.sys -- (sshsmdfl)
DRV - [2006/04/17 09:58:12 | 000,048,896 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2006/02/27 20:46:20 | 000,081,408 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2006/01/18 01:21:52 | 000,328,061 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2006/01/18 01:18:22 | 000,850,474 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2006/01/18 01:15:36 | 000,030,459 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2006/01/18 01:14:52 | 000,065,688 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2006/01/18 01:11:56 | 000,148,900 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2006/01/13 15:33:22 | 000,006,016 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\IBMBLDID.sys -- (IBMTPCHK)
DRV - [2006/01/11 17:42:00 | 000,007,168 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS -- (TSMAPIP)
DRV - [2005/12/29 04:22:08 | 000,013,568 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2005/12/22 08:14:58 | 000,012,544 | ---- | M] (IBM) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ibmfilter.sys -- (ibmfilter)
DRV - [2005/12/22 05:09:50 | 000,010,240 | ---- | M] (Lenovo ) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\PMHler.sys -- (PMHler)
DRV - [2005/12/13 07:08:44 | 001,124,097 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2005/12/05 15:55:30 | 001,428,096 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel®
DRV - [2005/11/17 11:28:32 | 000,028,928 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2005/11/09 00:27:20 | 000,011,520 | ---- | M] (IBM Corp.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ANC.sys -- (ANC)
DRV - [2005/11/02 09:08:00 | 000,308,992 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2005/11/02 08:54:50 | 000,051,584 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2005/10/18 07:16:50 | 010,446,592 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\snp2sxp.sys -- (SNP2STD) USB2.0 PC Camera (SNP2STD)
DRV - [2005/08/10 23:01:34 | 000,020,864 | R--- | M] () [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DVDRC.sys -- (DVDRC)
DRV - [2005/08/06 01:41:12 | 000,138,496 | ---- | M] (Farstone Corporation) [File_System | Boot | Running] -- C:\WINDOWS\System32\drivers\fsUdf.sys -- (FsUdf)
DRV - [2005/07/16 00:07:00 | 000,064,868 | R--- | M] (FarStone Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\fvdscsi.sys -- (fvdscsi)
DRV - [2005/03/30 09:02:22 | 000,116,594 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ATSwpDrv.sys -- (ATSWPDRV) AuthenTec TruePrint USB Driver (AES2500)
DRV - [2005/01/08 08:07:16 | 000,145,920 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService)
DRV - [2004/09/22 03:46:26 | 000,037,409 | R--- | M] (FarStone) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\fsRamDsk.sys -- (fsRamDsk)
DRV - [2003/08/06 16:46:12 | 000,010,899 | R--- | M] (FarStone Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\fcdabus.sys -- (fcdabus)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.facemoods.com/?a=ddr
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Documents and Settings\johnnie fritz\Application Data\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\johnnie fritz\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\johnnie fritz\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2011/09/30 21:00:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVG\AVG9\Toolbar\Firefox\[email protected] [2011/08/16 01:47:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\Firefox [2010/06/14 20:49:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\FlashCatch\firefox [2010/06/16 15:55:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/06/25 07:54:23 | 000,000,000 | ---D | M]

[2011/11/27 15:31:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/11/21 16:53:52 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011/09/30 18:33:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/09/30 18:32:49 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/09/30 18:25:28 | 000,002,046 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrchddr.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\johnnie fritz\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U22 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\johnnie fritz\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\johnnie fritz\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\pdf.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Documents and Settings\johnnie fritz\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.7.0.8773_0\npSkypeChromePlugin.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Facebook Plugin (Enabled) = C:\Documents and Settings\johnnie fritz\Application Data\Facebook\npfbplugin_1_0_3.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\johnnie fritz\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Bing Bar (Enabled) = C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Complitly plugin for chrome = C:\Documents and Settings\johnnie fritz\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dlfienamagdnkekbbbocojppncdambda\1.1_0\
CHR - Extension: Skype Click to Call = C:\Documents and Settings\johnnie fritz\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.7.0.8773_0\

O1 HOSTS File: ([2011/11/27 18:56:53 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Complitly) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Documents and Settings\johnnie fritz\Application Data\Complitly\Complitly.dll File not found
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (FlashCatchBHO Class) - {88618A96-6D8A-42E7-B932-9073D5B2080F} - C:\Program Files\FlashCatch\flashcatch.dll (Level 9 Technology, Inc.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (FlashCatch) - {10CECF4F-A96E-4803-8AC2-F565FB29FF47} - C:\Program Files\FlashCatch\flashcatch.dll (Level 9 Technology, Inc.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (FlashCatch) - {10CECF4F-A96E-4803-8AC2-F565FB29FF47} - C:\Program Files\FlashCatch\flashcatch.dll (Level 9 Technology, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe (Lenovo)
O4 - HKLM..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [cssauthe] C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauthe.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [LPManager] C:\Program Files\Lenovo\LenovoCare\LPMGR.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [OmniPass] C:\Program Files\Softex\OmniPass\scureapp.exe ()
O4 - HKLM..\Run: [RAMDrive] C:\Program Files\FarStone\VDPBS\VHD\RDTask.exe ()
O4 - HKLM..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe (Sonix)
O4 - HKLM..\Run: [suScheduler] C:\Program Files\ThinkVantage\SystemUpdate\UCLauncher.exe ()
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe File not found
O4 - HKLM..\Run: [TPWAUDAP] C:\Program Files\Lenovo\HOTKEY\TpWAudAp.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - (avgrsstx.dll) - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\OPXPGina: DllName - (C:\Program Files\Softex\OmniPass\opxpgina.dll) - C:\Program Files\Softex\OmniPass\OPXPGina.dll ()
O20 - Winlogon\Notify\tphotkey: DllName - (tphklock.dll) - C:\WINDOWS\System32\tphklock.dll ()
O24 - Desktop WallPaper: C:\Documents and Settings\johnnie fritz\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\johnnie fritz\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/05/30 05:37:36 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/29 11:56:22 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\johnnie fritz\Desktop\OTL.exe
[2011/11/28 13:42:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\johnnie fritz\Desktop\t2
[2011/11/28 01:21:37 | 000,000,000 | ---D | C] -- C:\44e66634bdce4a94f54e2e01f1
[2011/11/27 21:37:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\johnnie fritz\Application Data\Toolbar4
[2011/11/27 19:09:31 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/11/27 18:35:13 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/11/27 18:29:17 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/11/27 18:29:17 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/11/27 18:29:17 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/11/27 18:29:17 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/11/27 18:29:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/11/27 18:29:03 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/11/27 18:23:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\johnnie fritz\Desktop\instal
[2011/11/26 18:46:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\johnnie fritz\Desktop\antivir
[2011/11/26 18:39:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\johnnie fritz\Desktop\t
[2011/11/26 15:28:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\johnnie fritz\Application Data\Malwarebytes
[2011/11/26 15:28:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/11/26 14:31:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\johnnie fritz\Desktop\exehelper
[2011/11/26 14:31:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\johnnie fritz\Desktop\rkill
[2011/11/25 09:56:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\johnnie fritz\Application Data\ImgBurn
[2011/11/25 09:54:48 | 000,000,000 | ---D | C] -- C:\Program Files\ImgBurn
[2011/11/25 09:54:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ImgBurn
[2011/11/23 22:53:06 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\johnnie fritz\Recent
[2011/11/23 18:49:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\johnnie fritz\My Documents\Gerald Games 2011
[2011/11/22 12:49:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\microsoft
[2011/11/22 12:37:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\xlive
[2011/11/22 12:37:43 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Games for Windows - LIVE
[2011/11/21 23:47:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\johnnie fritz\Start Menu\Programs\LIMBO
[2011/11/21 23:47:01 | 000,000,000 | ---D | C] -- C:\Program Files\LIMBO
[2011/11/21 16:53:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\johnnie fritz\Application Data\Skype
[2011/11/21 16:51:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[2011/11/21 16:51:58 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2011/11/21 16:51:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2011/11/21 16:51:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Skype
[2011/11/21 13:46:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\johnnie fritz\Desktop\Review
[2011/11/21 12:10:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\johnnie fritz\Saved Games
[2011/11/21 12:05:08 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft XNA
[2011/11/21 11:54:07 | 000,000,000 | ---D | C] -- C:\Program Files\WB Games
[2011/11/19 10:02:38 | 000,000,000 | ---D | C] -- C:\Program Files\Frozen Synapse
[2011/11/19 00:02:28 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\johnnie fritz\Application Data\pcouffin.sys
[2011/11/19 00:02:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\johnnie fritz\My Documents\PcSetup
[2011/11/18 23:50:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\johnnie fritz\Application Data\Vso
[2011/11/18 22:25:49 | 000,000,000 | ---D | C] -- C:\Program Files\SystemRequirementsLab
[2011/11/18 22:23:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\johnnie fritz\Application Data\SystemRequirementsLab
[2011/11/18 22:22:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2011/11/18 21:41:05 | 000,000,000 | ---D | C] -- C:\Program Files\Complitly
[2011/11/18 21:41:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\johnnie fritz\Application Data\Complitly
[2011/11/18 21:40:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\johnnie fritz\Local Settings\Application Data\Somoto
[2011/11/15 22:54:56 | 000,000,000 | ---D | C] -- C:\Program Files\Ultra PSP Movie Converter
[2011/11/15 11:39:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\johnnie fritz\Application Data\vlc
[2011/11/15 11:38:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\VideoLAN
[2011/11/13 21:56:17 | 000,000,000 | ---D | C] -- C:\Program Files\CDisplay
[2011/11/13 21:56:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CDisplay
[2011/11/06 20:23:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\johnnie fritz\Start Menu\Programs\The KMPlayer
[2011/11/06 20:23:11 | 000,000,000 | ---D | C] -- C:\Program Files\The KMPlayer
[2011/11/06 12:27:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\johnnie fritz\Desktop\beast mode
[2011/11/06 09:35:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\johnnie fritz\Desktop\3 Idiots 2009 Hindi DVDRip XviD E-SuB xRG
[2011/10/31 12:11:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\johnnie fritz\Desktop\Kingston
[2011/10/31 11:51:38 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2010/05/30 04:44:48 | 000,122,880 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnp2std.dll
[2010/05/30 04:44:48 | 000,061,440 | ---- | C] ( ) -- C:\WINDOWS\System32\csnp2std.dll
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/11/29 11:48:23 | 000,043,616 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011/11/29 11:48:17 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/11/29 11:46:07 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/11/29 11:46:04 | 1071,828,992 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/28 03:06:48 | 000,470,778 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/11/28 03:06:48 | 000,082,138 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/11/28 02:59:59 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/11/28 02:25:07 | 000,326,704 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/11/28 01:56:01 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/11/27 22:53:01 | 089,681,381 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2011/11/27 19:29:17 | 000,110,998 | ---- | M] () -- C:\Documents and Settings\johnnie fritz\Desktop\afterblackscreen.JPG
[2011/11/27 19:27:36 | 003,044,214 | ---- | M] () -- C:\Documents and Settings\johnnie fritz\Desktop\blackscreen.bmp
[2011/11/27 18:56:53 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/11/27 18:35:20 | 000,000,310 | RHS- | M] () -- C:\BOOT.INI
[2011/11/26 16:15:12 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\johnnie fritz\Desktop\OTL.exe
[2011/11/26 13:40:21 | 000,000,637 | ---- | M] () -- C:\Documents and Settings\johnnie fritz\Desktop\LIMBO.lnk
[2011/11/25 09:55:01 | 000,001,557 | ---- | M] () -- C:\Documents and Settings\johnnie fritz\Application Data\Microsoft\Internet Explorer\Quick Launch\ImgBurn.lnk
[2011/11/25 09:55:01 | 000,001,539 | ---- | M] () -- C:\Documents and Settings\johnnie fritz\Desktop\ImgBurn.lnk
[2011/11/25 03:28:44 | 000,086,528 | ---- | M] () -- C:\Documents and Settings\johnnie fritz\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/11/22 01:09:43 | 000,000,946 | ---- | M] () -- C:\Documents and Settings\johnnie fritz\Desktop\Terraria.lnk
[2011/11/21 18:41:32 | 000,001,878 | ---- | M] () -- C:\Documents and Settings\johnnie fritz\Application Data\Microsoft\Internet Explorer\Quick Launch\Skype.lnk
[2011/11/21 16:51:59 | 000,001,878 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011/11/21 16:32:34 | 000,001,730 | -H-- | M] () -- C:\Documents and Settings\johnnie fritz\My Documents\Default.rdp
[2011/11/20 23:04:07 | 000,001,582 | ---- | M] () -- C:\Documents and Settings\johnnie fritz\Desktop\VisualBoy Advance.lnk
[2011/11/19 00:02:28 | 000,047,360 | ---- | M] (VSO Software) -- C:\Documents and Settings\johnnie fritz\Application Data\pcouffin.sys
[2011/11/19 00:02:28 | 000,007,887 | ---- | M] () -- C:\Documents and Settings\johnnie fritz\Application Data\pcouffin.cat
[2011/11/19 00:02:28 | 000,001,144 | ---- | M] () -- C:\Documents and Settings\johnnie fritz\Application Data\pcouffin.inf
[2011/11/16 01:30:58 | 000,000,161 | ---- | M] () -- C:\WINDOWS\System32\temp_0000_85-18.aok
[2011/11/16 01:30:13 | 000,000,162 | ---- | M] () -- C:\WINDOWS\System32\test.aok
[2011/11/15 11:49:53 | 000,000,730 | ---- | M] () -- C:\Documents and Settings\johnnie fritz\Application Data\Microsoft\Internet Explorer\Quick Launch\VLC media player.lnk
[2011/11/15 11:38:07 | 000,000,730 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2011/11/13 21:56:17 | 000,000,641 | ---- | M] () -- C:\Documents and Settings\johnnie fritz\Desktop\CDisplay.lnk
[2011/11/07 14:25:29 | 000,000,045 | ---- | M] () -- C:\WINDOWS\System32\initdebug.nfo
[2011/11/07 00:46:41 | 000,000,721 | ---- | M] () -- C:\Documents and Settings\johnnie fritz\Application Data\Microsoft\Internet Explorer\Quick Launch\KMPlayer.lnk
[2011/11/06 20:24:32 | 000,000,721 | ---- | M] () -- C:\Documents and Settings\johnnie fritz\Desktop\KMPlayer.lnk
[2011/11/06 17:27:02 | 011,873,864 | ---- | M] () -- C:\Documents and Settings\johnnie fritz\My Documents\vlc-1.1.11-win32.exe
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/11/27 19:29:17 | 000,110,998 | ---- | C] () -- C:\Documents and Settings\johnnie fritz\Desktop\afterblackscreen.JPG
[2011/11/27 19:27:35 | 003,044,214 | ---- | C] () -- C:\Documents and Settings\johnnie fritz\Desktop\blackscreen.bmp
[2011/11/27 18:35:20 | 000,000,194 | ---- | C] () -- C:\Boot.bak
[2011/11/27 18:35:15 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/11/27 18:29:17 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/11/27 18:29:17 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/11/27 18:29:17 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/11/27 18:29:17 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/11/27 18:29:17 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/11/26 18:46:48 | 000,001,539 | ---- | C] () -- C:\Documents and Settings\johnnie fritz\Desktop\ImgBurn.lnk
[2011/11/25 09:55:01 | 000,001,557 | ---- | C] () -- C:\Documents and Settings\johnnie fritz\Application Data\Microsoft\Internet Explorer\Quick Launch\ImgBurn.lnk
[2011/11/22 01:09:43 | 000,000,946 | ---- | C] () -- C:\Documents and Settings\johnnie fritz\Desktop\Terraria.lnk
[2011/11/21 23:47:10 | 000,000,637 | ---- | C] () -- C:\Documents and Settings\johnnie fritz\Desktop\LIMBO.lnk
[2011/11/21 18:41:32 | 000,001,878 | ---- | C] () -- C:\Documents and Settings\johnnie fritz\Application Data\Microsoft\Internet Explorer\Quick Launch\Skype.lnk
[2011/11/21 16:51:59 | 000,001,878 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011/11/21 13:24:42 | 000,000,717 | ---- | C] () -- C:\Documents and Settings\johnnie fritz\Desktop\Gemini Rue.lnk
[2011/11/19 00:02:28 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\johnnie fritz\Application Data\pcouffin.cat
[2011/11/19 00:02:28 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\johnnie fritz\Application Data\pcouffin.inf
[2011/11/15 23:13:43 | 000,000,161 | ---- | C] () -- C:\WINDOWS\System32\temp_0000_85-18.aok
[2011/11/15 23:12:09 | 000,000,162 | ---- | C] () -- C:\WINDOWS\System32\test.aok
[2011/11/15 11:49:53 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\johnnie fritz\Application Data\Microsoft\Internet Explorer\Quick Launch\VLC media player.lnk
[2011/11/15 11:38:07 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2011/11/13 21:56:17 | 000,000,641 | ---- | C] () -- C:\Documents and Settings\johnnie fritz\Desktop\CDisplay.lnk
[2011/11/07 14:25:27 | 000,000,045 | ---- | C] () -- C:\WINDOWS\System32\initdebug.nfo
[2011/11/07 00:46:41 | 000,000,721 | ---- | C] () -- C:\Documents and Settings\johnnie fritz\Application Data\Microsoft\Internet Explorer\Quick Launch\KMPlayer.lnk
[2011/11/06 20:24:32 | 000,000,721 | ---- | C] () -- C:\Documents and Settings\johnnie fritz\Desktop\KMPlayer.lnk
[2011/11/06 17:21:35 | 011,873,864 | ---- | C] () -- C:\Documents and Settings\johnnie fritz\My Documents\vlc-1.1.11-win32.exe
[2011/10/14 11:53:56 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2011/10/02 23:28:01 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2011/10/02 23:28:01 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2011/10/02 23:28:01 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2011/08/26 20:51:35 | 000,001,195 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2011/08/10 10:40:02 | 000,000,046 | ---- | C] () -- C:\WINDOWS\KeySkill.ini
[2011/08/10 10:38:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Sunburst Internet Installer.ini
[2011/06/05 13:16:17 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2011/06/05 13:16:17 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2011/05/26 12:50:41 | 000,008,192 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2010/08/08 09:53:30 | 000,373,600 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/08/02 19:24:12 | 000,000,145 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
[2010/07/14 11:21:42 | 000,061,440 | ---- | C] () -- C:\WINDOWS\eject_proj.exe
[2010/07/14 11:21:42 | 000,006,656 | ---- | C] () -- C:\WINDOWS\ewalkrun.exe
[2010/06/22 12:52:54 | 000,000,232 | ---- | C] () -- C:\WINDOWS\Mgr.INI
[2010/06/22 12:23:50 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\VDPross.dat
[2010/06/22 12:22:42 | 000,014,496 | R--- | C] () -- C:\WINDOWS\System32\VDI08X.dat
[2010/06/22 12:20:04 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\unVHDDrvExe.exe
[2010/06/22 12:20:04 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\inVHDDrvExe.exe
[2010/06/14 10:36:12 | 000,001,744 | ---- | C] () -- C:\WINDOWS\System32\secustat.dat
[2010/06/14 10:34:38 | 000,010,267 | ---- | C] () -- C:\WINDOWS\System32\secushr.dat
[2010/06/14 10:33:03 | 000,000,025 | ---- | C] () -- C:\WINDOWS\libem.INI
[2010/06/13 15:41:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/05/30 18:02:09 | 000,000,319 | ---- | C] () -- C:\WINDOWS\game.ini
[2010/05/30 05:59:17 | 000,086,528 | ---- | C] () -- C:\Documents and Settings\johnnie fritz\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/30 05:37:36 | 000,009,089 | R--- | C] () -- C:\WINDOWS\System32\Mfcuiz32.dll
[2010/05/30 05:37:36 | 000,006,925 | R--- | C] () -- C:\WINDOWS\System32\Wpwizapi.dll
[2010/05/30 05:37:36 | 000,004,726 | R--- | C] () -- C:\WINDOWS\System32\Dpxsockw.dll
[2010/05/30 05:37:31 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\johnnie fritz\Local Settings\Application Data\fusioncache.dat
[2010/05/30 05:16:58 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2010/05/30 05:16:15 | 000,006,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\IBMBLDID.sys
[2010/05/30 05:12:40 | 000,032,256 | ---- | C] () -- C:\WINDOWS\System32\drivers\psasrv.exe
[2010/05/30 05:01:26 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2010/05/30 05:01:25 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2010/05/30 05:01:25 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2010/05/30 05:01:25 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2010/05/30 05:01:25 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2010/05/30 05:01:25 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2010/05/30 05:00:58 | 000,114,688 | ---- | C] () -- C:\WINDOWS\desktopset.exe
[2010/05/30 05:00:43 | 000,028,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
[2010/05/30 04:58:55 | 000,000,032 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2010/05/30 04:44:49 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\tsnp2std.exe
[2010/05/30 04:44:49 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\SNCTRL.exe
[2010/05/30 04:44:48 | 010,446,592 | ---- | C] () -- C:\WINDOWS\System32\drivers\snp2sxp.sys
[2010/05/30 04:44:48 | 000,015,497 | ---- | C] () -- C:\WINDOWS\snp2std.ini
[2010/05/30 04:44:47 | 000,020,480 | ---- | C] () -- C:\WINDOWS\usnp2std.exe
[2010/05/30 04:28:52 | 000,002,481 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2010/05/30 04:05:38 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\tphklock.dll
[2010/05/29 23:45:42 | 000,000,137 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\fusioncache.dat
[2010/04/02 17:17:34 | 000,179,091 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2008/06/23 13:02:02 | 000,097,410 | R--- | C] () -- C:\Documents and Settings\All Users\Application Data\DeviceManager.xml.rc4
[2008/05/23 17:48:50 | 000,020,270 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\DeviceInstaller.xml
[2006/05/21 01:42:18 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\PMEBLib.dll
[2006/02/09 00:42:14 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\PMHlerIO.dll
[2006/01/20 03:46:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/01/18 01:31:30 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2005/08/13 00:52:46 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\ComRc.dll
[2005/08/10 23:01:34 | 000,020,864 | R--- | C] () -- C:\WINDOWS\System32\drivers\DVDRC.sys
[2005/05/23 23:22:24 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.BIN
[2005/05/23 23:22:24 | 000,004,547 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.DAT
[2004/08/11 00:23:46 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\mp3dec.dll
[2004/08/10 02:03:43 | 000,000,885 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 02:01:40 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/10 01:51:56 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/10 01:46:20 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/10 01:45:31 | 000,326,704 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/02/04 18:05:40 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\VDExt800.dll
[2003/09/19 00:03:12 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\GDExt800.dll
[2003/09/04 03:49:42 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\VDExt712.dll
[2003/08/15 17:52:42 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\GDExt712.dll
[2003/07/29 17:19:24 | 000,006,397 | R--- | C] () -- C:\WINDOWS\System32\drivers\SmartCd.sys
[2003/06/06 23:57:02 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\FsLodLib.dll
[2003/05/31 02:23:56 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\dcmesbox.dll
[2003/02/14 00:56:14 | 000,016,384 | ---- | C] () -- C:\WINDOWS\FSRunCmd.exe
[2001/11/15 03:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
[2001/05/05 01:55:32 | 000,232,448 | ---- | C] () -- C:\WINDOWS\System32\UNLHA32.DLL
[1996/04/04 03:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys
[1980/01/01 15:00:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[1980/01/01 15:00:00 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[1980/01/01 15:00:00 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[1980/01/01 15:00:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[1980/01/01 15:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[1980/01/01 15:00:00 | 000,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[1980/01/01 15:00:00 | 000,470,778 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[1980/01/01 15:00:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[1980/01/01 15:00:00 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[1980/01/01 15:00:00 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[1980/01/01 15:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[1980/01/01 15:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[1980/01/01 15:00:00 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[1980/01/01 15:00:00 | 000,082,138 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[1980/01/01 15:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[1980/01/01 15:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[1980/01/01 15:00:00 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[1980/01/01 15:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[1980/01/01 15:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[1980/01/01 15:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2010/06/14 20:58:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2011/11/29 10:21:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/05/30 04:56:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Borland
[2011/08/15 20:55:58 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2011/05/31 04:08:35 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2010/06/03 19:22:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2011/06/01 16:43:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GarenaMessenger
[2010/12/09 20:56:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Growl
[2011/06/01 18:22:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Individual Software
[2011/09/01 20:57:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2010/05/30 05:01:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lenovo
[2010/11/11 18:28:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCDr
[2011/08/17 00:53:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SlySoft
[2010/05/30 05:38:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ThinkVantage
[2010/07/28 14:10:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Vodafone
[2010/08/02 19:24:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Western Digital
[2010/05/31 18:08:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/08/22 21:30:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\johnnie fritz\Application Data\.minecraft
[2010/12/09 21:01:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\johnnie fritz\Application Data\AnvSoft
[2011/07/16 20:59:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\johnnie fritz\Application Data\AVG9
[2011/10/14 16:10:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\johnnie fritz\Application Data\BITS
[2011/11/26 12:33:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\johnnie fritz\Application Data\Complitly
[2010/06/03 19:32:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\johnnie fritz\Application Data\DAEMON Tools Lite
[2011/11/28 02:54:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\johnnie fritz\Application Data\Facebook
[2010/06/22 12:30:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\johnnie fritz\Application Data\FarStone
[2010/06/14 10:32:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\johnnie fritz\Application Data\FlashGet
[2010/06/14 10:32:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\johnnie fritz\Application Data\FlashGetBHO
[2010/05/30 04:59:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\johnnie fritz\Application Data\IBM
[2011/11/25 09:56:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\johnnie fritz\Application Data\ImgBurn
[2010/05/30 20:23:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\johnnie fritz\Application Data\InterVideo
[2010/05/30 20:13:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\johnnie fritz\Application Data\Leadertech
[2011/09/04 10:19:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\johnnie fritz\Application Data\PSPDocMaker
[2011/08/13 18:07:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\johnnie fritz\Application Data\Rovio
[2010/12/09 20:38:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\johnnie fritz\Application Data\Stardock
[2011/11/18 22:23:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\johnnie fritz\Application Data\SystemRequirementsLab
[2011/01/17 19:27:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\johnnie fritz\Application Data\TeamViewer
[2010/05/30 05:38:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\johnnie fritz\Application Data\ThinkVantage
[2011/11/28 12:38:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\johnnie fritz\Application Data\Toolbar4
[2011/11/22 14:22:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\johnnie fritz\Application Data\uTorrent
[2010/07/07 15:11:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\johnnie fritz\Application Data\Vodafone
[2011/11/19 00:02:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\johnnie fritz\Application Data\Vso
[2011/11/28 01:56:01 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========



< End of report >



After OTl I checked my Taskmanager and its not avaialble. So I installed again MBAM.
And here's the result.



Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 7622

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

11/29/2011 12:19:40
mbam-log-2011-11-29 (12-19-40).txt

Scan type: Quick scan
Objects scanned: 193311
Time elapsed: 8 minute(s), 21 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 5
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (PUM.Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



Task Manager is up and running again. After this i install updates which were failed before and shutdown.
After rebooting on the desktop. I've notice that my computer keeps on reading something. I checked my Task Manager and
I discovered that my CPU USage keeps on rising and falling. It happened after I installed windows updates. What could be the cause of this.
So far no threat found. And task manager is running. Do I have ways to find what keeps my computer reading something. I don't know whatever it is.

Reformat? yeah i've considered this already. But maybe we can still try. I really wanted to save the system from that virus. Please ask me anything about
the computer, anything as to help resolve this case. Please read my scan results above and tell me everything from your point of view about it. Please reply to me asap as you read it. I don't have an internet for more than aday. Sorry for the bother.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP