Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Slow Connection, Odd Network Activity - Fearful of Spyware


  • Please log in to reply

#1
Golden Butterflies

Golden Butterflies

    Member

  • Member
  • PipPip
  • 53 posts
I first noticed this issue a few weeks back after I attempted to load a music file from my flash drive and VLC stalled. It wouldn't load properly, got stuck half-opened, but once I selected the same file a second time it played normally and properly. Later that night, the internet was sluggish without any obvious stimuli to explain it (such as inclement weather, microwave, etc.). I thought this was odd since the connection's data transfer as monitored through RainMeter was at a pretty high peak yet everything behaved as if it were timed out or disconnected.

After putting Firefox into offline mode and closing all applications which I know use the internet, a steady stream of data transfer continued. Thus, in a panic, I disconnected from the wireless network, waited a minute, then reconnected. When I reconnected, there was another, but much smaller, stream of unexplained data transfer which then disappeared. Afterward, the connection appeared to work normally.

Since then, however, I've been having problems. In particular, everything loads sluggishly and the connection is now prone to unexplained drop outs. In addition, I've experienced massive amounts of bandwidth usage on the wireless network from which I know how to monitor such things. I attempted to test this when sitting right next to the router at my neighbor's home (to ensure it wasn't an odd connectivity problem), and the network was perfectly fine with no usage until my system connected. Even only browsing my email and text-based sites minimally, and even while letting my computer just sit there not loading anything, the available bandwidth dropped at frighteningly high rates. Once my system was disconnected, it seemed to level out. When I logged back in, there was nothing unreasonable.

Similar occurred when I attempted to use my Aunt's wireless network over the holidays. When my system was connected, hers slowed to a crawl if attempting to use the internet and mine had slow page load times regardless of whether there was additional traffic. I asked her to keep an eye on the behaviour, though we couldn't find an easy way to monitor her bandwidth usage. She reported that nothing abnormal happened, and still nothing has.

I tried to connect using my usually-slow dialup connection for curiosity's sake tonight, and it was practically unusable. I noticed odd data transfer both inbound and outbound - just as I have been noticing with wireless connections - but nothing more than a few kb. Of course, with dialup, that was enough to make it nearly unusable. It was even slower than usual and stalled out multiple times. Overall, a very simple amount of browsing (even for dialup; I've done the same tasks in the past without difficulty on dialup) took hours. No exaggeration.

Here's the worst part, which makes me suspect some sort of malware - particularly some sort which would attach itself to a network and run in the background on some sort of schedule. It seems that the worst of it always happens on Sundays. In particular, over 150MB of bandwidth will be used up over the course of a few hours, as noticed when borrowing wifi at the neighbors'. This starts only after my computer has been connected yet continues in the background for an indeterminate amount of time. I have no idea how long it keeps going or how serious it is (such as how much bandwidth it will destroy), as it levels out at a ridiculously low level then gets caught up with the free download period, where even if something was still eating bandwidth it wouldn't count against the limit.

My Aunt didn't notice this activity, but my guess is because it wasn't Sunday when I used her network. Also, there's no way to check with the dialup because, well... Dialup is slow enough there aren't any bandwidth limits placed upon it. It's kind of its own limiter, and whatnot.

It seems mostly random other than the Sundays bit, where it might go days without abnormal activity but then it might act up on the first time I've connected in several days. Or the second time, etc. Mostly random, with a touch of seeming scheduled. This also happens even when I'm sitting right there and can see for certain the other computer/s attached to the network are turned off and the owners of said systems are nearby as well without said systems.

Also worth noting, lately it seems like every page load regardless of what site or the content thereof, registers as 1 or more megabytes in size. This especially accounts for how long it took for the dialup to load each page and the errors encountered in trying.

Part of me thinks it might be a Firefox cache issue, as every image I encounter and click 'properties' on simply says it isn't cached even though it obviously is (won't reload when I return to the page). I'm just hesitant to clear my cache in Firefox until I have a professional opinion on that matter as, with the odd network activity happening even with light loads, I'm a little worried what might happen when I need to reload everything from scratch.

Oh, and AIM recently started cycling new ads atop the Buddy List. I never, ever click these ads, but since they're loading from whatever means through a program installed on my system I figure that's worth mentioning. The new ads started cycling circa the same time this problem occurred, though I can't remember if it was before or after.

Attempted Maintenance
MBAM Quick Scan - no infections found
OTL - log to be added via thread starting instructions
Disconnecting - sometimes works, doesn't work on Sunday nights
Different Connections - tried two wireless and one dialup total, all show symptoms
Checking Processes/Services - the things which I thought were suspicious checked out when Googled

My System
Model - HP Pavilion dv7z
Processor - AMD Turion X2 Ultra
OS - Windows Vista Home Premium 32 bit
User Account - admin level (if I'm not mistaken)
Browser - Firefox 2.0.0.16 (partly by choice)
Note - I'm currently still stuck with a dying hard drive. This might or might not affect my ability to perform certain steps or might (but hopefully won't) result in disaster. But nobody wants to make a copy of an infected drive, right?


Thanks in advance, and here's hoping we can figure out what in the world is going on here. I especially would like to know if it sounds like I might have picked up some sort of spyware or - I fear - keylogger. Sorry I can't offer any infection names or anything definite, as this has stumped me so far.

OTL log follows. I'm a little confused/worried by the stuff listed as files modified within the last 30 days. Unless this is associated with the MBAM scan, some weird effect of moving about files on an external flash drive which wasn't connected at the time of the scan, or temp files from using Excel, then I have no idea where they might have come from.




OTL logfile created on: 11/28/2011 12:25:29 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Me\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.75 Gb Total Physical Memory | 1.62 Gb Available Physical Memory | 58.90% Memory free
5.73 Gb Paging File | 4.42 Gb Available in Paging File | 77.13% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 139.38 Gb Total Space | 61.43 Gb Free Space | 44.07% Space Free | Partition Type: NTFS
Drive D: | 9.67 Gb Total Space | 1.71 Gb Free Space | 17.72% Space Free | Partition Type: NTFS

Computer Name: SPIEGEL | User Name: Me | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/28 00:24:50 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Me\Desktop\OTL.exe
PRC - [2010/01/29 15:20:26 | 000,112,208 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
PRC - [2010/01/27 05:30:16 | 001,312,848 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPointP\SetPoint.exe
PRC - [2008/09/08 19:53:14 | 001,175,552 | ---- | M] (CPUID) -- C:\Users\Me\Documents\HWMonitor_111\HWMonitor.exe
PRC - [2008/08/24 02:57:23 | 007,667,312 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2008/08/24 01:55:29 | 000,579,072 | ---- | M] (GRISOFT, s.r.o.) -- C:\Program Files\Grisoft\AVG7\avgcc.exe
PRC - [2008/08/24 01:46:25 | 000,049,664 | ---- | M] (GRISOFT, s.r.o.) -- C:\Program Files\Grisoft\AVG7\avgupsvc.exe
PRC - [2008/08/24 01:46:23 | 000,418,816 | ---- | M] (GRISOFT, s.r.o.) -- C:\Program Files\Grisoft\AVG7\avgamsvr.exe
PRC - [2008/08/24 01:46:23 | 000,192,512 | ---- | M] (GRISOFT, s.r.o.) -- C:\Program Files\Grisoft\AVG7\avgrssvc.exe
PRC - [2008/04/27 23:26:44 | 000,599,344 | ---- | M] (Validity Sensors, Inc.) -- C:\Windows\System32\vfsFPService.exe
PRC - [2008/04/15 12:18:38 | 000,221,239 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_9a642328\stacsv.exe
PRC - [2008/03/26 16:26:56 | 000,341,328 | ---- | M] () -- C:\Windows\SMINST\BLService.exe
PRC - [2008/03/12 20:24:52 | 000,699,456 | ---- | M] (DigitalPersona, Inc.) -- C:\Program Files\DigitalPersona\Bin\DpAgent.exe
PRC - [2008/03/12 20:24:52 | 000,302,144 | ---- | M] (DigitalPersona, Inc.) -- C:\Program Files\DigitalPersona\Bin\DpHostW.exe
PRC - [2008/02/12 14:05:54 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_9a642328\AEstSrv.exe
PRC - [2008/01/20 20:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/01/16 18:56:50 | 001,624,616 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
PRC - [2008/01/16 18:56:50 | 000,727,592 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2007/12/11 12:15:04 | 000,012,800 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2007/04/30 18:43:54 | 003,450,608 | ---- | M] (Stardock) -- C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
PRC - [2006/11/02 06:34:50 | 000,176,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\calc.exe
PRC - [2005/07/19 10:46:09 | 000,020,480 | ---- | M] () -- C:\Program Files\Rainmeter\Rainmeter.exe


========== Modules (No Company Name) ==========

MOD - [2008/08/24 01:55:29 | 000,467,456 | ---- | M] () -- C:\Program Files\Grisoft\AVG7\avgset.dll
MOD - [2008/08/24 01:46:25 | 000,048,128 | ---- | M] () -- C:\Program Files\Grisoft\AVG7\avgf.dll
MOD - [2008/08/16 12:52:58 | 001,679,360 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3050.37261__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll
MOD - [2008/08/16 12:52:58 | 000,253,952 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3050.37221__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll
MOD - [2008/08/16 12:52:58 | 000,196,608 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3050.37274__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll
MOD - [2008/08/16 12:52:58 | 000,077,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3050.37446__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll
MOD - [2008/08/16 12:52:58 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3050.37411__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll
MOD - [2008/08/16 12:52:58 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3050.37253__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll
MOD - [2008/08/16 12:52:58 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3050.37370__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll
MOD - [2008/08/16 12:52:58 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3050.37240__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll
MOD - [2008/08/16 12:52:56 | 000,483,328 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3050.37475__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll
MOD - [2008/08/16 12:52:28 | 000,135,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3050.37482__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll
MOD - [2008/08/16 12:52:28 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3050.37234__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll
MOD - [2008/08/16 12:52:27 | 000,352,256 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3050.37419__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll
MOD - [2008/08/16 12:52:27 | 000,090,112 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3050.37425__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll
MOD - [2008/08/16 12:52:27 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3050.37418__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll
MOD - [2008/08/16 12:52:26 | 000,147,456 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard\2.0.3050.37474__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard.dll
MOD - [2008/08/16 12:52:26 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.3050.37474__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll
MOD - [2008/08/16 12:52:25 | 000,802,816 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3050.37378__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll
MOD - [2008/08/16 12:52:25 | 000,585,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3050.37287__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll
MOD - [2008/08/16 12:52:25 | 000,438,272 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3050.37241__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll
MOD - [2008/08/16 12:52:25 | 000,401,408 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3050.37438__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll
MOD - [2008/08/16 12:52:25 | 000,217,088 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3050.37281__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll
MOD - [2008/08/16 12:52:25 | 000,118,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3050.37393__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll
MOD - [2008/08/16 12:52:25 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3050.37378__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll
MOD - [2008/08/16 12:52:25 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3050.37292__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll
MOD - [2008/08/16 12:52:25 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3050.37392__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll
MOD - [2008/08/16 12:52:24 | 000,479,232 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3050.37372__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll
MOD - [2008/08/16 12:52:24 | 000,446,464 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3050.37365__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll
MOD - [2008/08/16 12:52:24 | 000,401,408 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.3050.37405__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll
MOD - [2008/08/16 12:52:24 | 000,307,200 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.3050.37293__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll
MOD - [2008/08/16 12:52:24 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3050.37371__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll
MOD - [2008/08/16 12:52:24 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3050.37377__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll
MOD - [2008/08/16 12:52:24 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3050.37404__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll
MOD - [2008/08/16 12:52:24 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.2939.23687__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll
MOD - [2008/08/16 12:52:24 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.2939.23679__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll
MOD - [2008/08/16 12:52:24 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.2939.23767__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll
MOD - [2008/08/16 12:52:24 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.2939.23710__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll
MOD - [2008/08/16 12:52:24 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.2939.23768__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll
MOD - [2008/08/16 12:52:23 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll
MOD - [2008/08/16 12:52:23 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.2939.23662__90ba9c70f846762e\LOG.Foundation.dll
MOD - [2008/08/16 12:52:23 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.2939.23667__90ba9c70f846762e\NEWAEM.Foundation.dll
MOD - [2008/08/16 12:52:23 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS.I0602\2.0.2939.23717__90ba9c70f846762e\DEM.OS.I0602.dll
MOD - [2008/08/16 12:52:23 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.2939.23707__90ba9c70f846762e\MOM.Foundation.dll
MOD - [2008/08/16 12:52:23 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS\2.0.2939.23717__90ba9c70f846762e\DEM.OS.dll
MOD - [2008/08/16 12:52:23 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll
MOD - [2008/08/16 12:52:23 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.2939.23718__90ba9c70f846762e\DEM.Graphics.dll
MOD - [2008/08/16 12:52:23 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll
MOD - [2008/08/16 12:52:23 | 000,006,656 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll
MOD - [2008/08/16 12:52:22 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.2939.23668__90ba9c70f846762e\CLI.Foundation.dll
MOD - [2008/08/16 12:52:22 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.2939.23689__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll
MOD - [2008/08/16 12:52:22 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.2939.23743__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll
MOD - [2008/08/16 12:52:22 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.2939.23764__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll
MOD - [2008/08/16 12:52:22 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.2939.23802__90ba9c70f846762e\CLI.Foundation.XManifest.dll
MOD - [2008/08/16 12:52:22 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.2939.23763__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll
MOD - [2008/08/16 12:52:22 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.2939.23693__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll
MOD - [2008/08/16 12:52:22 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.2939.23687__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll
MOD - [2008/08/16 12:52:22 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.2939.23679__90ba9c70f846762e\CLI.Component.Client.Shared.dll
MOD - [2008/08/16 12:52:22 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.2939.23688__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll
MOD - [2008/08/16 12:52:22 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.2939.23734__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll
MOD - [2008/08/16 12:52:22 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.2939.23718__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll
MOD - [2008/08/16 12:52:21 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.2965.22300__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll
MOD - [2008/08/16 12:52:21 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.2939.23739__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll
MOD - [2008/08/16 12:52:21 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.2939.23740__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll
MOD - [2008/08/16 12:52:21 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.2939.23738__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll
MOD - [2008/08/16 12:52:21 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.2939.23742__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll
MOD - [2008/08/16 12:52:21 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.2939.23708__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll
MOD - [2008/08/16 12:52:21 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.2939.23735__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll
MOD - [2008/08/16 12:52:21 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.2939.23719__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll
MOD - [2008/08/16 12:52:21 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.2939.23741__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll
MOD - [2008/08/16 12:52:21 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.2939.23711__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll
MOD - [2008/08/16 12:52:21 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Foundation\2.0.2939.23665__90ba9c70f846762e\AEM.Foundation.dll
MOD - [2008/08/16 12:52:21 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll
MOD - [2008/08/16 12:52:21 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.2939.23719__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll
MOD - [2008/08/16 12:52:21 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.2939.23709__90ba9c70f846762e\APM.Foundation.dll
MOD - [2008/08/16 12:52:21 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.2939.23687__90ba9c70f846762e\AEM.Server.Shared.dll
MOD - [2008/08/16 12:52:11 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3050.37493__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll
MOD - [2008/08/16 12:52:11 | 000,011,264 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOCALIZATION.Foundation.Implementation\2.0.3050.37503__90ba9c70f846762e\LOCALIZATION.Foundation.Implementation.dll
MOD - [2008/08/16 12:52:11 | 000,006,656 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3050.37214__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll
MOD - [2008/08/16 12:52:10 | 000,491,520 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3050.37248__90ba9c70f846762e\CLI.Component.Wizard.dll
MOD - [2008/08/16 12:52:10 | 000,413,696 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3050.37459__90ba9c70f846762e\CLI.Component.Systemtray.dll
MOD - [2008/08/16 12:52:10 | 000,102,400 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3050.37467__90ba9c70f846762e\MOM.Implementation.dll
MOD - [2008/08/16 12:52:10 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3050.37466__90ba9c70f846762e\LOG.Foundation.Implementation.dll
MOD - [2008/08/16 12:52:10 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.2939.23678__90ba9c70f846762e\CLI.Foundation.Private.dll
MOD - [2008/08/16 12:52:10 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.2939.23679__90ba9c70f846762e\LOG.Foundation.Private.dll
MOD - [2008/08/16 12:52:10 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.2939.23694__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll
MOD - [2008/08/16 12:52:10 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.2939.23712__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll
MOD - [2008/08/16 12:52:10 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOCALIZATION.Foundation.Private\2.0.2939.23677__90ba9c70f846762e\LOCALIZATION.Foundation.Private.dll
MOD - [2008/08/16 12:52:09 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3050.37214__90ba9c70f846762e\CLI.Component.Runtime.dll
MOD - [2008/08/16 12:52:09 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.2939.23713__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll
MOD - [2008/08/16 12:52:08 | 001,511,424 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3050.37228__90ba9c70f846762e\CLI.Component.Dashboard.dll
MOD - [2008/08/16 12:52:08 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATIDEMOS\2.0.3050.37215__90ba9c70f846762e\ATIDEMOS.dll
MOD - [2008/08/16 12:52:08 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.3050.37213__90ba9c70f846762e\APM.Server.dll
MOD - [2008/08/16 12:52:08 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.3050.37213__90ba9c70f846762e\AEM.Server.dll
MOD - [2008/08/16 12:52:08 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.2939.23689__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll
MOD - [2008/08/16 12:52:08 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3050.37467__90ba9c70f846762e\CCC.Implementation.dll
MOD - [2008/08/16 12:52:08 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll
MOD - [2008/08/16 12:52:08 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.2939.23711__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll
MOD - [2008/08/16 12:52:08 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.2939.23746__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll
MOD - [2008/05/14 23:56:42 | 000,066,856 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\common\MCEMediaStatus.dll
MOD - [2008/05/08 16:14:22 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll
MOD - [2008/02/27 15:48:46 | 000,016,384 | R--- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll
MOD - [2008/01/20 20:52:50 | 013,193,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\45ee94a63c463b93e3ff694c6ecd0820\System.Windows.Forms.ni.dll
MOD - [2008/01/20 20:52:15 | 001,667,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\a35f567c4c67d6b1ca9a0023852847a2\System.Drawing.ni.dll
MOD - [2008/01/20 20:52:13 | 012,513,280 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\369cdfcbaefd8f28200e295c26c2141f\System.Web.ni.dll
MOD - [2008/01/20 20:52:00 | 000,815,104 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\8fe7232e97fdf63c6b146e93f432d7d7\System.Runtime.Remoting.ni.dll
MOD - [2008/01/20 20:51:50 | 005,771,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\02cf61328d59df9b3ec09544f449a781\System.Xml.ni.dll
MOD - [2008/01/20 20:51:40 | 008,265,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\267d4c344058092e6950c11594244f90\System.ni.dll
MOD - [2008/01/20 20:51:31 | 011,722,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\5b3e3b0551bcaa722c27dbb089c431e4\mscorlib.ni.dll
MOD - [2007/08/14 13:59:54 | 006,365,184 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtGui4.dll
MOD - [2007/07/12 13:55:52 | 000,131,072 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2007/07/12 13:55:28 | 001,581,056 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtCore4.dll
MOD - [2007/04/30 18:18:50 | 000,112,400 | ---- | M] () -- C:\Program Files\Stardock\ObjectDock\DockShellHook.dll
MOD - [2007/04/22 23:19:28 | 000,026,392 | ---- | M] () -- C:\Program Files\Stardock\ObjectDock\Docklets\Calendar\Calendar.dll
MOD - [2007/04/21 12:47:52 | 000,059,592 | ---- | M] () -- C:\Program Files\Stardock\ObjectDock\zlib.dll
MOD - [2007/04/19 13:23:48 | 000,095,944 | ---- | M] () -- C:\Program Files\Stardock\ObjectDock\CrashRpt.dll
MOD - [2005/07/19 10:46:09 | 000,065,536 | ---- | M] () -- C:\Program Files\Rainmeter\Plugins\WebParser.dll
MOD - [2005/07/19 10:46:09 | 000,024,576 | ---- | M] () -- C:\Program Files\Rainmeter\Plugins\WindowMessagePlugin.dll
MOD - [2005/07/19 10:46:09 | 000,020,480 | ---- | M] () -- C:\Program Files\Rainmeter\Rainmeter.exe
MOD - [2005/07/19 10:46:08 | 000,028,672 | ---- | M] () -- C:\Program Files\Rainmeter\Plugins\SysInfo.dll
MOD - [2005/07/19 10:46:06 | 000,249,856 | ---- | M] () -- C:\Program Files\Rainmeter\Rainmeter.dll
MOD - [2002/11/19 13:11:40 | 000,139,264 | ---- | M] () -- C:\Program Files\Common Files\Stardock\ODimg.dll
MOD - [2002/03/13 18:46:32 | 000,118,784 | ---- | M] () -- C:\Program Files\Stardock\ObjectDock\ODimg.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (Viewpoint Manager Service)
SRV - [2010/01/29 15:17:14 | 000,292,944 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2008/08/24 01:46:25 | 000,049,664 | ---- | M] (GRISOFT, s.r.o.) [Auto | Running] -- C:\Program Files\Grisoft\AVG7\avgupsvc.exe -- (Avg7UpdSvc)
SRV - [2008/08/24 01:46:23 | 000,418,816 | ---- | M] (GRISOFT, s.r.o.) [Auto | Running] -- C:\Program Files\Grisoft\AVG7\avgamsvr.exe -- (Avg7Alrt)
SRV - [2008/08/24 01:46:23 | 000,192,512 | ---- | M] (GRISOFT, s.r.o.) [Auto | Running] -- C:\Program Files\Grisoft\AVG7\avgrssvc.exe -- (AvgCoreSvc)
SRV - [2008/04/27 23:26:44 | 000,599,344 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\System32\vfsFPService.exe -- (vfsFPService)
SRV - [2008/04/15 12:18:38 | 000,221,239 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_9a642328\stacsv.exe -- (STacSV)
SRV - [2008/03/26 16:26:56 | 000,341,328 | ---- | M] () [Auto | Running] -- C:\Windows\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2008/03/12 20:24:52 | 000,302,144 | ---- | M] (DigitalPersona, Inc.) [Auto | Running] -- C:\Program Files\DigitalPersona\Bin\DpHostW.exe -- (DpHost)
SRV - [2008/02/12 14:05:54 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_9a642328\AEstSrv.exe -- (AESTFilters)
SRV - [2008/01/20 20:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/11 12:15:04 | 000,012,800 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (cpuz129)
DRV - [2009/11/10 05:55:08 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2009/11/10 05:54:52 | 000,035,984 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2008/08/24 01:55:30 | 000,010,760 | ---- | M] (GRISOFT, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgclean.sys -- (AvgClean)
DRV - [2008/08/24 01:55:26 | 000,026,952 | ---- | M] (GRISOFT, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2008/07/02 07:19:44 | 000,031,744 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Users\Me\AppData\Local\Temp\ewdmaudn.sys -- (ewdmaudn)
DRV - [2008/05/08 19:01:42 | 003,552,256 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008/04/28 03:26:42 | 000,014,352 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AtiPcie.sys -- (AtiPcie) ATI PCI Express (3GIO)
DRV - [2008/04/27 23:27:10 | 000,040,752 | ---- | M] (Validity Sensors, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vfs101x.sys -- (vfs101x)
DRV - [2008/04/27 12:07:44 | 000,909,824 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008/04/15 12:19:54 | 000,378,368 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2008/04/11 11:55:04 | 000,084,240 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR)
DRV - [2008/03/27 13:12:12 | 000,024,424 | ---- | M] (Hewlett-Packard Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\hpdskflt.sys -- (hpdskflt)
DRV - [2008/03/27 13:11:34 | 000,034,664 | ---- | M] (Hewlett-Packard Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Accelerometer.sys -- (Accelerometer)
DRV - [2008/02/14 08:56:02 | 000,118,784 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008/01/24 07:23:12 | 000,052,736 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\enecir.sys -- (enecir)
DRV - [2008/01/07 17:54:50 | 001,202,560 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2007/06/18 18:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2006/11/02 01:30:56 | 000,429,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvm60x32.sys -- (NVENETFD)
DRV - [2005/05/25 08:39:06 | 000,004,608 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\RMClock\RTCore32.sys -- (RTCore32)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cnnb

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cnnb
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "The Free Dictionary"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: ""

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2008/06/12 09:06:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 2.0.0.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/04/13 02:48:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 2.0.0.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/02/10 01:11:09 | 000,000,000 | ---D | M]

[2011/09/09 03:12:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Me\AppData\Roaming\Mozilla\Firefox\Profiles\xue1rgkd.default\extensions
[2008/08/24 00:07:08 | 000,000,000 | ---D | M] (Remove It Permanently) -- C:\Users\Me\AppData\Roaming\Mozilla\Firefox\Profiles\xue1rgkd.default\extensions\{1dbc4a33-ea62-4330-966c-7bdad3455322}
[2008/08/23 23:53:19 | 000,000,000 | ---D | M] (Abstract Classic) -- C:\Users\Me\AppData\Roaming\Mozilla\Firefox\Profiles\xue1rgkd.default\extensions\{2fbc1200-ad13-11db-abbd-0800200c9a66}
[2008/08/24 00:07:09 | 000,000,000 | ---D | M] ("Adblock") -- C:\Users\Me\AppData\Roaming\Mozilla\Firefox\Profiles\xue1rgkd.default\extensions\{34274bf4-1d97-a289-e984-17e546307e4f}
[2010/09/02 03:56:53 | 000,000,000 | ---D | M] (WebMail Notifier) -- C:\Users\Me\AppData\Roaming\Mozilla\Firefox\Profiles\xue1rgkd.default\extensions\{37fa1426-b82d-11db-8314-0800200c9a66}
[2008/08/25 22:30:52 | 000,000,000 | ---D | M] (Stylish) -- C:\Users\Me\AppData\Roaming\Mozilla\Firefox\Profiles\xue1rgkd.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}
[2008/08/29 23:56:44 | 000,000,000 | ---D | M] (Fingerfox (SE)) -- C:\Users\Me\AppData\Roaming\Mozilla\Firefox\Profiles\xue1rgkd.default\extensions\{58c64034-c5f3-4179-85f5-81642f42b6d5}
[2008/08/29 00:14:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Me\AppData\Roaming\Mozilla\Firefox\Profiles\xue1rgkd.default\extensions\{6c872ba3-f6b2-4012-8156-88e07efe06fa}
[2009/11/09 00:20:40 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Me\AppData\Roaming\Mozilla\Firefox\Profiles\xue1rgkd.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010/09/06 12:43:32 | 000,000,000 | ---D | M] ("LJlogin") -- C:\Users\Me\AppData\Roaming\Mozilla\Firefox\Profiles\xue1rgkd.default\extensions\{ad4ee9e5-49c7-4589-acf3-db9fa76a95c9}
[2010/03/23 21:42:11 | 000,000,000 | ---D | M] (Cache Fixer) -- C:\Users\Me\AppData\Roaming\Mozilla\Firefox\Profiles\xue1rgkd.default\extensions\{afcc0bd2-0b43-4a08-9981-afd8f3520e64}
[2010/04/02 06:42:43 | 000,000,000 | ---D | M] () -- C:\Users\Me\AppData\Roaming\Mozilla\Firefox\Profiles\xue1rgkd.default\extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}
[2010/04/03 02:51:03 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Me\AppData\Roaming\Mozilla\Firefox\Profiles\xue1rgkd.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2008/08/24 00:07:08 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\Me\AppData\Roaming\Mozilla\Firefox\Profiles\xue1rgkd.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2008/08/24 00:07:08 | 000,000,000 | ---D | M] (Tab Mix Plus) -- C:\Users\Me\AppData\Roaming\Mozilla\Firefox\Profiles\xue1rgkd.default\extensions\{dc572301-7619-498c-a57d-39143191b318}
[2009/04/02 01:10:04 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Me\AppData\Roaming\Mozilla\Firefox\Profiles\xue1rgkd.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}(52)
[2009/01/02 03:13:08 | 000,000,000 | ---D | M] (Menu Editor) -- C:\Users\Me\AppData\Roaming\Mozilla\Firefox\Profiles\xue1rgkd.default\extensions\{EDA7B1D7-F793-4e03-B074-E6F303317FB0}
[2010/10/15 02:31:54 | 000,000,000 | ---D | M] (British English Dictionary) -- C:\Users\Me\AppData\Roaming\Mozilla\Firefox\Profiles\xue1rgkd.default\extensions\[email protected]
[2008/08/24 00:07:08 | 000,000,000 | ---D | M] ("Linky") -- C:\Users\Me\AppData\Roaming\Mozilla\Firefox\Profiles\xue1rgkd.default\extensions\[email protected]
[2011/05/12 11:19:11 | 000,000,000 | ---D | M] (Simple Mail) -- C:\Users\Me\AppData\Roaming\Mozilla\Firefox\Profiles\xue1rgkd.default\extensions\[email protected]
[2008/09/12 03:21:23 | 000,000,437 | ---- | M] () -- C:\Users\Me\AppData\Roaming\Mozilla\Firefox\Profiles\xue1rgkd.default\searchplugins\dream-journal.xml
[2010/10/21 03:48:36 | 000,002,043 | ---- | M] () -- C:\Users\Me\AppData\Roaming\Mozilla\Firefox\Profiles\xue1rgkd.default\searchplugins\the-free-dictionary.xml
[2011/09/09 03:12:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/02/10 01:11:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2008/08/24 02:57:27 | 000,000,000 | ---D | M] (DOM Inspector) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
[2008/08/24 02:57:18 | 000,067,696 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jar50.dll
[2008/08/24 02:57:18 | 000,054,376 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jsd3250.dll
[2008/08/24 02:57:18 | 000,034,952 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\myspell.dll
[2008/08/24 02:57:19 | 000,046,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\spellchk.dll
[2008/08/24 02:57:20 | 000,172,144 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\xpinstal.dll
[2011/02/10 01:10:54 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2011/03/24 00:54:21 | 000,000,025 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O4 - HKLM..\Run: [AVG7_CC] C:\Program Files\Grisoft\AVG7\avgcc.exe (GRISOFT, s.r.o.)
O4 - HKLM..\Run: [DpAgent] C:\Program Files\DigitalPersona\Bin\DpAgent.exe (DigitalPersona, Inc.)
O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [Aim6] File not found
O4 - Startup: C:\Users\Me\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk = C:\Program Files\Common Files\LogiShrd\eReg\SetPoint\eReg.exe (Leader Technologies/Logitech)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 66.82.4.8
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{03F18E8A-CA29-4E65-A728-D0BB73517000}: DhcpNameServer = 100.100.0.205
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8167A2A5-D88B-46DC-8378-09EFF5DB2CA1}: DhcpNameServer = 66.82.4.8
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgwlntf: DllName - (avgwlntf.dll) - C:\Windows\System32\avgwlntf.dll (GRISOFT, s.r.o.)
O24 - Desktop WallPaper: C:\Users\Me\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Me\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/06/12 07:36:39 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/28 00:24:54 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Me\Desktop\OTL.exe

========== Files - Modified Within 30 Days ==========

[2011/11/28 00:24:50 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Me\Desktop\OTL.exe
[2011/11/27 23:48:45 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/27 23:48:45 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/27 17:54:18 | 000,595,684 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/11/27 17:54:18 | 000,101,350 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/11/27 17:50:38 | 000,000,412 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{D77409A7-A3A2-4033-9A35-852519C12020}.job
[2011/11/27 17:48:50 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2011/11/27 17:48:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/11/27 17:48:37 | 2950,520,832 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/26 01:25:21 | 000,001,076 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011/11/22 21:27:00 | 000,043,520 | ---- | M] () -- C:\Windows\System32\CmdLineExt03.dll
[2011/11/20 00:24:06 | 000,247,183 | ---- | M] () -- C:\Users\Me\.recently-used.xbel
[2011/10/31 02:33:53 | 000,049,152 | ---- | M] () -- C:\Users\Me\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== Files Created - No Company Name ==========

[2011/11/20 00:24:06 | 000,247,183 | ---- | C] () -- C:\Users\Me\.recently-used.xbel
[2011/05/17 12:46:53 | 000,000,113 | ---- | C] () -- C:\Windows\(null)toolkit.ini
[2011/02/05 01:19:43 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/02/05 01:19:43 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/02/05 01:19:43 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011/02/05 01:19:43 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/02/05 01:19:43 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2008/12/14 08:11:09 | 000,000,147 | ---- | C] () -- C:\Windows\VTMCHAR2.INI
[2008/12/07 13:10:30 | 000,000,680 | ---- | C] () -- C:\Users\Me\AppData\Local\d3d9caps.dat
[2008/09/23 07:38:12 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/09/23 07:35:21 | 000,000,000 | ---- | C] () -- C:\Users\Me\AppData\Roaming\wklnhst.dat
[2008/09/21 12:47:03 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll
[2008/09/21 12:46:37 | 000,197,120 | ---- | C] () -- C:\Windows\patchw32.dll
[2008/09/19 09:24:02 | 000,000,000 | ---- | C] () -- C:\Windows\SETUP32.INI
[2008/09/14 11:59:54 | 000,000,510 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2008/08/30 04:02:45 | 000,031,007 | ---- | C] () -- C:\Users\Me\AppData\Roaming\UserTile.png
[2008/08/24 07:46:22 | 000,000,016 | ---- | C] () -- C:\Windows\popcinfo.dat
[2008/08/24 04:38:52 | 000,049,152 | ---- | C] () -- C:\Users\Me\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/08/24 00:52:41 | 000,000,000 | ---- | C] () -- C:\Windows\mozver.dat
[2008/08/23 06:08:55 | 000,044,032 | ---- | C] () -- C:\Windows\Unwash5.exe
[2008/08/22 21:53:15 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2008/08/16 13:24:34 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2008/08/16 12:53:25 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008/06/12 08:31:26 | 000,101,605 | ---- | C] () -- C:\Windows\hpqins13.dat
[2008/06/12 06:23:06 | 000,001,076 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2008/05/08 16:14:22 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2008/05/08 15:44:14 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2008/03/06 04:40:54 | 000,168,883 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2008/03/04 13:02:00 | 000,090,112 | ---- | C] () -- C:\Windows\System32\atibrtmon.exe
[2008/02/04 17:23:10 | 000,693,792 | ---- | C] () -- C:\Windows\System32\OGACheckControl.DLL
[2008/01/20 20:24:14 | 000,100,043 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2007/11/14 17:17:34 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CogentBioSDK.dll
[2006/11/02 06:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 06:47:37 | 000,809,568 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 06:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 04:33:01 | 000,595,684 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 04:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 04:33:01 | 000,101,350 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 04:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 04:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 02:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 02:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 01:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 01:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/11/02 01:22:43 | 000,018,271 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2001/11/14 13:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll
[1996/04/03 13:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys

========== LOP Check ==========

[2008/08/23 22:51:53 | 000,000,000 | ---D | M] -- C:\Users\Me\AppData\Roaming\acccore
[2008/09/21 12:47:15 | 000,000,000 | ---D | M] -- C:\Users\Me\AppData\Roaming\Atari
[2010/08/22 21:18:51 | 000,000,000 | ---D | M] -- C:\Users\Me\AppData\Roaming\AVG7
[2008/08/22 19:39:31 | 000,000,000 | ---D | M] -- C:\Users\Me\AppData\Roaming\DigitalPersona
[2009/09/27 02:51:42 | 000,000,000 | ---D | M] -- C:\Users\Me\AppData\Roaming\FileZilla
[2008/08/29 23:59:48 | 000,000,000 | ---D | M] -- C:\Users\Me\AppData\Roaming\Fingerfox (SE)
[2009/01/19 16:57:32 | 000,000,000 | ---D | M] -- C:\Users\Me\AppData\Roaming\funkitron
[2011/11/20 00:24:06 | 000,000,000 | ---D | M] -- C:\Users\Me\AppData\Roaming\gtk-2.0
[2009/01/21 07:47:39 | 000,000,000 | ---D | M] -- C:\Users\Me\AppData\Roaming\iWin
[2008/09/21 12:46:40 | 000,000,000 | ---D | M] -- C:\Users\Me\AppData\Roaming\Leadertech
[2009/01/21 12:30:54 | 000,000,000 | ---D | M] -- C:\Users\Me\AppData\Roaming\Legends of pirates
[2008/08/26 01:45:54 | 000,000,000 | ---D | M] -- C:\Users\Me\AppData\Roaming\Mp3tag
[2009/12/28 11:24:18 | 000,000,000 | ---D | M] -- C:\Users\Me\AppData\Roaming\muvee Technologies
[2008/08/30 04:02:45 | 000,000,000 | ---D | M] -- C:\Users\Me\AppData\Roaming\PeerNetworking
[2008/09/04 10:36:42 | 000,000,000 | ---D | M] -- C:\Users\Me\AppData\Roaming\PlayFirst
[2008/08/28 04:32:57 | 000,000,000 | ---D | M] -- C:\Users\Me\AppData\Roaming\Super-Cow
[2008/09/01 13:09:01 | 000,000,000 | ---D | M] -- C:\Users\Me\AppData\Roaming\Tenebril
[2010/09/01 23:53:19 | 000,000,000 | ---D | M] -- C:\Users\Me\AppData\Roaming\Trillian
[2011/11/26 01:25:21 | 000,032,546 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/11/27 17:50:38 | 000,000,412 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{D77409A7-A3A2-4033-9A35-852519C12020}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 64 bytes -> C:\Users\Me\Documents\Souleater's Remorse.wav:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Me\Documents\Once Upon a December.mp3:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Me\Documents\Cowboy Bebop - Bang Bang.mpg:TOC.WMV
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:206E2596

< End of report >
  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,776 posts
  • MVP
Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:

http://www.malwarebytes.org/mbam.php

SAVE Malwarebytes' Anti-Malware to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.



ComboFix
:!: If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:

:!: It must be saved to your desktop, do not run it :!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Doubleclick on ComboFix to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.


A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.


1. Double-click My Computer, and then right-click the hard disk that you want to check. C:
2. Click Properties, and then click Tools.
3. Under Error-checking, click Check Now. A dialog box that shows the Check disk options is displayed,
4. Check both boxes and then click Start.
You will receive the following message:
The disk check could not be performed because the disk check utility needs exclusive access to some Windows files on the disk. These files can be accessed by restarting Windows. Do you want to schedule the disk check to occur the next time you restart the computer?
Click Yes to schedule the disk check, but don't restart yet.

Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application. Reboot. The disk check will run and will probably take an hour or more to finish.


Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).

sfc /scannow

(SPACE after sfc. This will check your critical system files. If it asks for a CD and you don't have one or it doesn't like your CD just tell it to SKIP.)


1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.




Your AVG is ridiculously old. You need to update it. Lets use the free Avast instead.:

Download and save the AVG removal tool
http://download.avg....6_2011_1184.exe

Download and save the free Avast installer.
http://www.avast.com...ivirus-download
Uninstall AVG

Run the Avg Remover

Reboot

Install Avast. (Register when it asks you - they will try to talk you in to buying the full product but the free version is what we want.)
Once you have it installed and it has updated:

Click on the Avast ball. Then click on Scan Computer, then on
Boot-Time Scan then on Settings. Change the Ask at the bottom to Move to Chest. OK then Schedule Now. Reboot and let it run a scan. It may take hours.
Once it finishes it should load windows. Click on the Avast ball and then on Scan Logs, select the Boot-time scan report then View Results. How many did it find?

I think on XP systems the log file can be found in text form in C:\Documents and Settings\All Users\Application Data\AVAST Software\Avast\report\boot.txt

You might want to look at Aim+ or Pidgin to get rid of the ads.
http://www.big-o-sof...oducts/aimplus/
http://www.pidgin.im/

Ron
  • 0

#3
Golden Butterflies

Golden Butterflies

    Member

  • Topic Starter
  • Member
  • PipPip
  • 53 posts
Hi, and thanks very much for the assistance. Please bare with me through this, as my computer does have a damaged hard drive and the connection issues combined with limited bandwidth will make it take a bit longer than it otherwise might to download the necessary files, programs, and updates.

That said, I do have some questions before I go too far, since I don't want to mess up anywhere because I misunderstood or anything like that.

Firstly, I have an old version of ComboFix sitting on my desktop. By deleting it, do you simply mean to delete the file from my desktop then download the one you linked? That's what I assume, but I want to make sure.

Next, is the error scanning of my drive going to put it at an elevated risk of failure? I know this must sound like a ridiculous question, but let me explain.

In being damaged, by means I don't fully know but think are partially related to multiple power failures and an instance of being dropped, I mean that my hard drive emits the clicking and chirping sounds that are often labeled as death signs. It's held out for nearly a year like a trooper, but does get progressively worse. In particular, saving or removing files makes it act up and free space disappears on a whim. Upon startup and shutdown, it makes a deep clunk or thud type of noise. So I'm mostly worried because any manner of scanning it, even for virus protection, does seem to make the drive very unhappy.

I'm inclined to also worry in that regard with relation to the Avast boot-time scan, but instinct tells me that's going to be necessary in order to check for certain malware/spyware. I want to do what's necessary to check for serious issues, of course, I'm just worried about making sure it holds out until I can get someone to install the replacement drive and ghost everything over to it. Your opinion on that would be greatly appreciated.

I'll get started on the steps as soon as possible, but it's starting to look like that might not be possible tonight. Unfortunately, the connection I'm using is acting up a lot right now.
  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,776 posts
  • MVP
Take as long as you need - I don't keep track.

If you want you can use your old version of Combofix as long as it is able to update before it runs. I stole the canned write up from another forum where I sometimes respond to posts and never really paid that much attention to what it said. If you do want to uninstall the best way (assuming it is on your desktop) is to copy the next line:

"%userprofile%\Desktop\combofix.exe" /Uninstall

Start, All Programs, Accessories then right click on Command Prompt and Run As Administrator.
then right click, Paste, then hit Enter.

I suppose any activity could be the death knoll for a drive that is acting up as you say. You might be better off first cloning the drive and then let us clean up the new drive. For what it is worth there is nothing evil visible in your OTL log.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP