Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Service Function NtMapViewofSection hook -> 0x86153190

Started by adegroot , Nov 27 2011 06:49 PM

  • Please log in to reply

#1
adegroot
Posted 27 November 2011 - 06:49 PM

adegroot

    New Member

  • Member
  • Pip
  • 1 posts
I have run AVG anti-rootkit scan multiple times and each time it detects the Service Function NtMapViewOfSection hook -> 0x86... rootkit, and says the object is hidden. When I click remove, it prompts me with the message "object is hidden with a rootkit technique. Do you really want to remove it?" I click yes and give AVG power user rights, then it tells me to restart my machine. After I do this, I run AVG again and it detects the same rootkit with different numbers/letters after the 0x86, and I do it all over again, to no avail.


I am running Windows 7 32-bit on a Toshiba Satellite laptop which has been installed only for about 2 weeks because I needed to do a clean install to remove a previous virus.



I ran OTL, and here is the log:

OTL logfile created on: 11/27/2011 6:33:35 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Andre\Downloads
Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.75 Gb Total Physical Memory | 1.65 Gb Available Physical Memory | 60.10% Memory free
5.49 Gb Paging File | 4.35 Gb Available in Paging File | 79.21% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 154.50 Gb Free Space | 66.34% Space Free | Partition Type: NTFS
Drive D: | 702.83 Mb Total Space | 406.43 Mb Free Space | 57.83% Space Free | Partition Type: UDF

Computer Name: ANDRE-PC | User Name: Andre | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/27 18:16:27 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Andre\Downloads\OTL.exe
PRC - [2011/11/05 00:53:18 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/10/24 20:29:16 | 002,415,456 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2011/10/18 06:14:54 | 001,229,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
PRC - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
PRC - [2011/09/08 20:53:26 | 000,743,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
PRC - [2011/09/02 01:15:40 | 000,227,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
PRC - [2011/08/15 06:21:40 | 000,337,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
PRC - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/02/24 23:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/01/19 13:13:02 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2011/01/19 13:13:00 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2011/01/19 13:12:58 | 001,893,728 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
PRC - [2011/01/19 13:12:58 | 001,839,776 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
PRC - [2011/01/19 13:12:58 | 001,459,568 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
PRC - [2010/11/20 06:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/08/18 02:36:36 | 000,348,160 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2009/08/18 02:36:08 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/14 17:04:59 | 008,527,008 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll
MOD - [2011/11/05 00:53:18 | 001,989,592 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/06/12 11:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/01/19 13:13:02 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2011/01/19 13:13:02 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2011/01/19 13:12:58 | 001,893,728 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
SRV - [2011/01/19 13:12:58 | 001,839,776 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2011/01/19 13:12:58 | 000,357,744 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE -- (SNAC)
SRV - [2010/09/07 16:05:51 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2010/02/23 19:49:40 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009/08/18 02:36:08 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009/07/13 19:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 19:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 19:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 19:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - [2011/11/13 03:00:00 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/11/13 03:00:00 | 000,106,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/10/18 02:00:00 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20111127.005\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/10/18 02:00:00 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20111127.005\NAVENG.SYS -- (NAVENG)
DRV - [2011/10/07 06:23:48 | 000,230,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2011/10/04 06:21:28 | 000,016,720 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/09/13 06:30:10 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/08/08 06:08:58 | 000,040,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/07/11 01:14:38 | 000,295,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/07/11 01:14:14 | 000,024,272 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/07/11 01:14:12 | 000,134,736 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/07/11 01:14:12 | 000,023,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/05/12 14:05:32 | 000,018,816 | ---- | M] (Sophos Group) [Kernel | System | Running] -- C:\Windows\System32\SAVRKBootTasks.sys -- (SAVRKBootTasks)
DRV - [2011/02/28 16:34:23 | 000,125,488 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/01/19 13:13:02 | 000,320,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2011/01/19 13:13:02 | 000,284,720 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\srtsp.sys -- (SRTSP)
DRV - [2011/01/19 13:13:02 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2011/01/19 13:12:54 | 000,421,424 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2010/11/20 06:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 06:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 06:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 06:30:12 | 000,077,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV - [2010/11/20 04:24:41 | 000,112,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - [2010/11/20 04:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 04:24:40 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2010/11/20 04:21:14 | 000,025,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\terminpt.sys -- (terminpt)
DRV - [2010/11/20 04:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010/11/20 03:14:49 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\dmvsc.sys -- (dmvsc)
DRV - [2010/11/20 03:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 03:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009/09/25 10:35:12 | 000,188,080 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2009/09/25 10:35:12 | 000,026,416 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2009/09/21 17:58:28 | 001,218,048 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/08/18 03:48:06 | 004,994,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009/07/13 17:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\serial.sys -- (Serial)
DRV - [2009/07/13 16:13:48 | 001,035,776 | ---- | M] (LSI Corp) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2007/11/09 05:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS -- (TVALZ)
DRV - [2006/11/19 22:11:14 | 000,007,168 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk)
DRV - [2002/06/03 09:18:32 | 000,040,832 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\es1371mp.sys -- (es1371) Creative AudioPCI (ES1371,ES1373) (WDM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\prxtbuTor.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.uiowa.edu
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.uiowa.edu
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 17 43 54 9D 4E 16 CC 01 [binary data]
IE - HKCU\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\prxtbuTor.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.facebook....uiowa.edu/owa/"
FF - prefs.js..keyword.URL: "http://www.google.co...-8&oe=UTF-8&q="
FF - prefs.js..keyword.enabled: false

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@wolfram.com/Mathematica: C:\Program Files\Common Files\Wolfram Research\Browser\8.0.4.2609412\npmathplugin.dll (Wolfram Research, Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Andre\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Andre\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Andre\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2011/11/22 12:07:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/14 14:05:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/11/27 18:08:02 | 000,000,000 | ---D | M]

[2009/10/13 14:27:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andre\AppData\Roaming\Mozilla\Extensions
[2011/11/26 16:39:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andre\AppData\Roaming\Mozilla\Firefox\Profiles\l8577wyz.default\extensions
[2011/11/23 20:55:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/11/23 20:55:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2011/11/05 00:53:18 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/11/23 20:54:46 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/11/04 21:21:03 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/04 21:21:03 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Andre\AppData\Local\Google\Chrome\Application\15.0.874.121\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Andre\AppData\Local\Google\Chrome\Application\15.0.874.121\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Andre\AppData\Local\Google\Chrome\Application\15.0.874.121\pdf.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\Andre\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1857_0\plugins/avgnpss.dll
CHR - plugin: Wolfram Mathematica (Enabled) = C:\Program Files\Common Files\Wolfram Research\Browser\8.0.4.2609412\npmathplugin.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Andre\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: AVG Safe Search = C:\Users\Andre\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1857_0\

O1 HOSTS File: ([2009/06/10 15:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\prxtbuTor.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\prxtbuTor.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKCU..\Run: [Facebook Update] C:\Users\Andre\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - Startup: C:\Users\Andre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 205.171.3.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A0BBB41B-9A86-4A82-BFD4-EC1BD6ED008A}: DhcpNameServer = 128.255.1.3 128.255.64.11 128.255.1.8
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BDF986C9-4A34-4C89-ADA3-2CE39D84F1E0}: DhcpNameServer = 192.168.0.1 205.171.3.25
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 15:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{9da92e7b-aab6-11de-bc21-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{9da92e7b-aab6-11de-bc21-806e6f6e6963}\Shell\AutoRun\command - "" = D:\SETUP.EXE
O33 - MountPoints2\{9da92e7b-aab6-11de-bc21-806e6f6e6963}\Shell\configure\command - "" = D:\SETUP.EXE
O33 - MountPoints2\{9da92e7b-aab6-11de-bc21-806e6f6e6963}\Shell\install\command - "" = D:\SETUP.EXE
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/27 18:04:05 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/11/26 16:42:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2011/11/26 16:40:45 | 000,000,000 | ---D | C] -- C:\Users\Andre\AppData\Local\Solid State Networks
[2011/11/26 16:28:48 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt
[2011/11/23 20:55:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2011/11/23 20:55:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/11/23 20:54:31 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2011/11/22 21:51:15 | 000,018,816 | ---- | C] (Sophos Group) -- C:\Windows\System32\SAVRKBootTasks.sys
[2011/11/22 20:54:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
[2011/11/22 20:54:00 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos
[2011/11/22 20:13:16 | 000,000,000 | ---D | C] -- C:\Users\Andre\Pavark
[2011/11/21 19:02:41 | 000,000,000 | ---D | C] -- C:\Users\Andre\Documents\Bigasoft Audio Converter
[2011/11/21 19:01:21 | 000,000,000 | ---D | C] -- C:\Users\Andre\AppData\Roaming\Bigasoft Audio Converter
[2011/11/21 18:12:51 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2011/11/21 18:12:48 | 000,000,000 | ---D | C] -- C:\Users\Andre\AppData\Local\Conduit
[2011/11/21 18:12:46 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrentBar
[2011/11/21 16:22:55 | 000,000,000 | ---D | C] -- C:\Users\Andre\AppData\Roaming\Malwarebytes
[2011/11/21 16:22:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/11/21 16:22:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/11/21 16:22:35 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/11/21 16:22:35 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/11/19 12:55:16 | 000,000,000 | R--D | C] -- C:\Users\Andre\Documents\Scanned Documents
[2011/11/19 12:55:15 | 000,000,000 | ---D | C] -- C:\Users\Andre\Documents\Fax
[2011/11/16 01:57:31 | 000,000,000 | ---D | C] -- C:\Users\Andre\AppData\Local\Microsoft Games
[2011/11/16 01:55:33 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Games
[2011/11/16 01:34:55 | 000,000,000 | ---D | C] -- C:\Program Files\TOSHIBA
[2011/11/16 01:34:54 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2011/11/16 01:34:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2011/11/15 23:22:04 | 000,000,000 | ---D | C] -- C:\Users\Andre\Documents\School
[2011/11/15 23:22:03 | 000,000,000 | ---D | C] -- C:\Users\Andre\Documents\Outlook Files
[2011/11/15 23:22:03 | 000,000,000 | ---D | C] -- C:\Users\Andre\Documents\LimeWire
[2011/11/15 02:17:53 | 000,000,000 | ---D | C] -- C:\Users\Andre\Documents\OneNote Notebooks
[2011/11/15 00:45:37 | 000,000,000 | ---D | C] -- C:\Users\Andre\AppData\Local\Facebook
[2011/11/14 21:44:11 | 000,000,000 | ---D | C] -- C:\Users\Andre\AppData\Local\Diagnostics
[2011/11/14 19:30:29 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011/11/14 17:00:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NX Client for Windows
[2011/11/14 17:00:10 | 000,000,000 | ---D | C] -- C:\Program Files\NX Client for Windows
[2011/11/14 15:21:16 | 000,000,000 | ---D | C] -- C:\Users\Andre\AppData\Roaming\Apple Computer
[2011/11/14 15:21:16 | 000,000,000 | ---D | C] -- C:\Users\Andre\AppData\Local\Apple Computer
[2011/11/14 15:21:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/11/14 15:21:01 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2011/11/14 15:19:44 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/11/14 15:19:35 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/11/14 15:19:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2011/11/14 15:19:35 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/11/14 15:18:23 | 000,000,000 | ---D | C] -- C:\Users\Andre\AppData\Local\Apple
[2011/11/14 15:18:15 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2011/11/14 15:17:23 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/11/14 15:16:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2011/11/14 15:16:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2011/11/14 15:14:42 | 000,000,000 | ---D | C] -- C:\Users\Andre\AppData\Roaming\Panda Security
[2011/11/14 14:12:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Panda Security
[2011/11/14 14:12:18 | 000,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2011/11/14 14:11:56 | 000,000,000 | ---D | C] -- C:\Users\Andre\AppData\Roaming\AVG2012
[2011/11/14 14:09:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2012
[2011/11/14 14:09:18 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012
[2011/11/14 14:09:18 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\AVG
[2011/11/14 14:08:33 | 000,000,000 | ---D | C] -- C:\Users\Andre\AppData\Roaming\MathematicaPlayer
[2011/11/14 14:08:33 | 000,000,000 | ---D | C] -- C:\Users\Andre\AppData\Local\MathematicaPlayer
[2011/11/14 14:08:33 | 000,000,000 | ---D | C] -- C:\ProgramData\MathematicaPlayer
[2011/11/14 14:08:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wolfram Research
[2011/11/14 14:08:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ResearchSoft
[2011/11/14 14:08:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Mathematica
[2011/11/14 14:08:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wolfram CDF Player
[2011/11/14 14:07:53 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2011/11/14 14:07:30 | 000,370,704 | ---- | C] (Wolfram Research, Inc.) -- C:\Windows\System32\ml32i3.dll
[2011/11/14 14:07:30 | 000,334,352 | ---- | C] (Wolfram Research, Inc.) -- C:\Windows\System32\mltcpip32.mlp
[2011/11/14 14:07:30 | 000,260,112 | ---- | C] (Wolfram Research, Inc.) -- C:\Windows\System32\ml32i2.dll
[2011/11/14 14:07:30 | 000,253,968 | ---- | C] (Wolfram Research, Inc.) -- C:\Windows\System32\ml32i1.dll
[2011/11/14 14:07:30 | 000,163,344 | ---- | C] (Wolfram Research, Inc.) -- C:\Windows\System32\mlmodule32.dll
[2011/11/14 14:07:30 | 000,093,712 | ---- | C] (Wolfram Research, Inc.) -- C:\Windows\System32\mltcp32.mlp
[2011/11/14 14:07:30 | 000,088,080 | ---- | C] (Wolfram Research, Inc.) -- C:\Windows\System32\mlshm32.mlp
[2011/11/14 14:07:30 | 000,079,376 | ---- | C] (Wolfram Research, Inc.) -- C:\Windows\System32\mlmap32.mlp
[2011/11/14 14:07:08 | 000,000,000 | ---D | C] -- C:\temp
[2011/11/14 14:06:42 | 000,000,000 | ---D | C] -- C:\Program Files\Wolfram Research
[2011/11/14 14:04:03 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2011/11/14 14:03:53 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2011/11/14 09:43:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint
[2011/11/14 09:43:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2011/11/14 09:41:49 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Synchronization Services
[2011/11/14 09:41:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2011/11/14 09:41:15 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Sync Framework
[2011/11/14 09:39:50 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 8
[2011/11/14 09:38:40 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Analysis Services
[2011/11/14 09:37:53 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2011/11/14 09:37:39 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2011/11/14 09:36:07 | 000,000,000 | ---D | C] -- C:\Users\Andre\AppData\Local\VirtualStore
[2011/11/14 09:36:03 | 000,000,000 | -HSD | C] -- C:\Users\Andre\AppData\Local\Temporary Internet Files
[2011/11/14 09:36:03 | 000,000,000 | -HSD | C] -- C:\Users\Andre\Templates
[2011/11/14 09:36:03 | 000,000,000 | -HSD | C] -- C:\Users\Andre\Start Menu
[2011/11/14 09:36:03 | 000,000,000 | -HSD | C] -- C:\Users\Andre\SendTo
[2011/11/14 09:36:03 | 000,000,000 | -HSD | C] -- C:\Users\Andre\Recent
[2011/11/14 09:36:03 | 000,000,000 | -HSD | C] -- C:\Users\Andre\PrintHood
[2011/11/14 09:36:03 | 000,000,000 | -HSD | C] -- C:\Users\Andre\NetHood
[2011/11/14 09:36:03 | 000,000,000 | -HSD | C] -- C:\Users\Andre\Documents\My Videos
[2011/11/14 09:36:03 | 000,000,000 | -HSD | C] -- C:\Users\Andre\Documents\My Pictures
[2011/11/14 09:36:03 | 000,000,000 | -HSD | C] -- C:\Users\Andre\Documents\My Music
[2011/11/14 09:36:03 | 000,000,000 | -HSD | C] -- C:\Users\Andre\My Documents
[2011/11/14 09:36:03 | 000,000,000 | -HSD | C] -- C:\Users\Andre\Local Settings
[2011/11/14 09:36:03 | 000,000,000 | -HSD | C] -- C:\Users\Andre\AppData\Local\History
[2011/11/14 09:36:03 | 000,000,000 | -HSD | C] -- C:\Users\Andre\Cookies
[2011/11/14 09:36:03 | 000,000,000 | -HSD | C] -- C:\Users\Andre\Application Data
[2011/11/14 09:36:03 | 000,000,000 | -HSD | C] -- C:\Users\Andre\AppData\Local\Application Data
[2011/11/14 09:35:32 | 000,000,000 | -H-D | C] -- C:\Users\Andre\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2011/11/14 09:35:32 | 000,000,000 | ---D | C] -- C:\Users\Andre\AppData\Local\Temp
[2011/11/14 09:35:32 | 000,000,000 | ---D | C] -- C:\Users\Andre\AppData\Local\Symantec
[2011/11/14 09:35:32 | 000,000,000 | ---D | C] -- C:\Users\Andre\AppData\Local\Mozilla
[2011/11/14 09:35:32 | 000,000,000 | ---D | C] -- C:\Users\Andre\AppData\Local\Microsoft Help
[2011/11/14 09:35:32 | 000,000,000 | ---D | C] -- C:\Users\Andre\AppData\Local\Microsoft
[2011/11/14 09:35:32 | 000,000,000 | ---D | C] -- C:\Users\Andre\AppData\Roaming\Macromedia
[2011/11/14 09:35:32 | 000,000,000 | ---D | C] -- C:\Users\Andre\AppData\Roaming\Identities
[2011/11/14 09:35:32 | 000,000,000 | ---D | C] -- C:\Users\Andre\AppData\Local\Google
[2011/11/14 09:35:32 | 000,000,000 | ---D | C] -- C:\Users\Andre\AppData\Local\ElevatedDiagnostics
[2011/11/14 09:35:32 | 000,000,000 | ---D | C] -- C:\Users\Andre\AppData\Local\Deployment
[2011/11/14 09:35:32 | 000,000,000 | ---D | C] -- C:\Users\Andre\AppData\Local\Apps
[2011/11/14 09:35:32 | 000,000,000 | ---D | C] -- C:\Users\Andre\AppData\Roaming\Adobe
[2011/11/14 09:35:32 | 000,000,000 | ---D | C] -- C:\Users\Andre\AppData\Local\Adobe
[2011/11/14 09:35:31 | 000,000,000 | --SD | C] -- C:\Users\Andre\AppData\Roaming\Microsoft
[2011/11/14 09:35:31 | 000,000,000 | R--D | C] -- C:\Users\Andre\Videos
[2011/11/14 09:35:31 | 000,000,000 | R--D | C] -- C:\Users\Andre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2011/11/14 09:35:31 | 000,000,000 | R--D | C] -- C:\Users\Andre\Searches
[2011/11/14 09:35:31 | 000,000,000 | R--D | C] -- C:\Users\Andre\Saved Games
[2011/11/14 09:35:31 | 000,000,000 | R--D | C] -- C:\Users\Andre\Pictures
[2011/11/14 09:35:31 | 000,000,000 | R--D | C] -- C:\Users\Andre\Music
[2011/11/14 09:35:31 | 000,000,000 | R--D | C] -- C:\Users\Andre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2011/11/14 09:35:31 | 000,000,000 | R--D | C] -- C:\Users\Andre\Links
[2011/11/14 09:35:31 | 000,000,000 | R--D | C] -- C:\Users\Andre\Favorites
[2011/11/14 09:35:31 | 000,000,000 | R--D | C] -- C:\Users\Andre\Downloads
[2011/11/14 09:35:31 | 000,000,000 | R--D | C] -- C:\Users\Andre\Documents
[2011/11/14 09:35:31 | 000,000,000 | R--D | C] -- C:\Users\Andre\Desktop
[2011/11/14 09:35:31 | 000,000,000 | R--D | C] -- C:\Users\Andre\Contacts
[2011/11/14 09:35:31 | 000,000,000 | R--D | C] -- C:\Users\Andre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2011/11/14 09:35:31 | 000,000,000 | R--D | C] -- C:\Users\Andre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2011/11/14 09:35:31 | 000,000,000 | -H-D | C] -- C:\Users\Andre\AppData
[2011/11/14 09:35:31 | 000,000,000 | ---D | C] -- C:\Users\Andre\AppData\Roaming\Mozilla
[2011/11/14 09:35:31 | 000,000,000 | ---D | C] -- C:\Users\Andre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011/11/14 09:34:58 | 000,000,000 | -HSD | C] -- C:\Recovery
[2011/11/14 09:16:37 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2011/11/14 09:14:07 | 000,000,000 | ---D | C] -- C:\Windows\CSC
[2011/11/14 09:13:07 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[1 C:\Users\Andre\Documents\*.tmp files -> C:\Users\Andre\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/11/27 18:34:40 | 000,016,512 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/27 18:34:40 | 000,016,512 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/27 18:32:05 | 000,624,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/11/27 18:32:05 | 000,106,522 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/11/27 18:23:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/11/27 18:23:04 | 2212,892,672 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/27 18:09:03 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2613544101-1464780962-2195119024-1000UA.job
[2011/11/27 18:08:07 | 000,001,989 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/11/27 16:17:01 | 110,914,329 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2011/11/27 15:50:01 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2613544101-1464780962-2195119024-1000UA.job
[2011/11/27 14:09:01 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2613544101-1464780962-2195119024-1000Core.job
[2011/11/27 00:50:02 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2613544101-1464780962-2195119024-1000Core.job
[2011/11/23 19:16:18 | 000,088,388 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[2011/11/22 12:57:02 | 000,000,000 | ---- | M] () -- C:\0x0304A000.sfl
[2011/11/22 12:07:54 | 000,000,935 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2011/11/16 15:15:44 | 000,001,266 | ---- | M] () -- C:\Users\Andre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
[2011/11/14 19:30:44 | 000,430,088 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/11/14 19:29:49 | 360,398,780 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/11/14 17:00:24 | 000,000,982 | ---- | M] () -- C:\Users\Andre\Desktop\NX Client for Windows.lnk
[2011/11/14 15:21:06 | 000,001,753 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/11/14 14:05:18 | 000,001,096 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/11/14 09:36:28 | 000,001,411 | ---- | M] () -- C:\Users\Andre\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/11/14 09:21:06 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin
[1 C:\Users\Andre\Documents\*.tmp files -> C:\Users\Andre\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/11/27 18:08:07 | 000,001,989 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/11/27 18:08:06 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011/11/27 16:17:01 | 110,914,329 | ---- | C] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2011/11/23 19:16:18 | 000,088,388 | ---- | C] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[2011/11/22 12:57:02 | 000,000,000 | ---- | C] () -- C:\0x0304A000.sfl
[2011/11/15 23:22:03 | 000,002,102 | ---- | C] () -- C:\Users\Andre\Documents\Google Chrome.lnk
[2011/11/15 02:18:01 | 000,001,266 | ---- | C] () -- C:\Users\Andre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
[2011/11/15 00:45:47 | 000,000,928 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2613544101-1464780962-2195119024-1000UA.job
[2011/11/15 00:45:46 | 000,000,906 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2613544101-1464780962-2195119024-1000Core.job
[2011/11/14 19:29:49 | 360,398,780 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/11/14 17:00:24 | 000,000,982 | ---- | C] () -- C:\Users\Andre\Desktop\NX Client for Windows.lnk
[2011/11/14 15:21:06 | 000,001,753 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/11/14 15:18:18 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2011/11/14 14:09:59 | 000,000,935 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2011/11/14 14:05:18 | 000,001,096 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/11/14 14:04:49 | 000,000,908 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2613544101-1464780962-2195119024-1000UA.job
[2011/11/14 14:04:48 | 000,000,856 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2613544101-1464780962-2195119024-1000Core.job
[2011/11/14 09:36:28 | 000,001,411 | ---- | C] () -- C:\Users\Andre\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/11/14 09:35:34 | 000,000,290 | ---- | C] () -- C:\Users\Andre\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2011/11/14 09:35:34 | 000,000,272 | ---- | C] () -- C:\Users\Andre\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2011/11/14 09:35:33 | 000,001,417 | ---- | C] () -- C:\Users\Andre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2011/11/14 09:21:06 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/11/14 09:13:08 | 2212,892,672 | -HS- | C] () -- C:\hiberfil.sys
[2011/02/28 15:18:32 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011/02/28 15:14:03 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2009/10/13 14:26:32 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 16:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/07/13 22:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 22:33:53 | 000,430,088 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/13 20:05:48 | 000,624,178 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/13 20:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/13 20:05:48 | 000,106,522 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/13 20:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/13 20:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/13 20:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 17:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 17:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 17:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/18 19:29:04 | 000,197,654 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2009/06/10 15:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== LOP Check ==========

[2011/11/14 14:11:56 | 000,000,000 | ---D | M] -- C:\Users\Andre\AppData\Roaming\AVG2012
[2011/11/21 19:01:21 | 000,000,000 | ---D | M] -- C:\Users\Andre\AppData\Roaming\Bigasoft Audio Converter
[2011/11/14 15:14:43 | 000,000,000 | ---D | M] -- C:\Users\Andre\AppData\Roaming\Panda Security
[2011/11/27 00:50:02 | 000,000,906 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2613544101-1464780962-2195119024-1000Core.job
[2011/11/27 15:50:01 | 000,000,928 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2613544101-1464780962-2195119024-1000UA.job
[2009/07/13 22:53:46 | 000,025,008 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >

Edited by adegroot, 27 November 2011 - 06:54 PM.

  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP