Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

XP Security 2012 virus and now "Open With" ? [Solved]


  • This topic is locked This topic is locked

#31
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
Warning!!
You have an information stealing trojan installed on your computer.
Backdoor Trojans, IRCBots, keyloggers and Infostealers are very dangerous because they provide a way of accessing a computer system that bypasses security mechanisms and can steal sensitive information like passwords, personal and financial data which they send back to the hacker. Remote attackers use backdoor Trojans as part of an exploit to to gain unauthorized access to a computer and take control of it without your knowledge.

If your computer was used for online banking, has credit card information or other sensitive data on it, I suggest you do the following.

  • All passwords should be changed to include those used for banking, email, eBay and forums. You should consider them to be compromised. They should be changed using a different computer and not the infected one. If you use the infected computer, an attacker may get the new passwords and transaction information.
  • Banking and credit card institutions should be notified of the possible security breach.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you want to continue cleaning this machine please follow the steps that follow.



Step 1.

AVG wreaks havoc on ComboFix and you have some remnants of an old installation on your machine.

Please download the AVG removal tool to your desktop and run it following the prompts and rebooting after it completes.


Step 2.

Now we need to rerun ComboFix. Please delete the copy on your desktop and download a fresh copy. You will not have to install the recovery console again.

Download ComboFix from one of the following locations:

Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop * IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
    Posted Image
  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
    Posted Image
  • Click on Yes, to continue scanning for malware.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" for further review.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions



Step 3.

We need to run an OTL Fix

  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.

    :OTL
    IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 35 C6 ED 01 C8 03 82 48 99 14 25 63 25 06 D1 0E [binary data]
    IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 35 C6 ED 01 C8 03 82 48 99 14 25 63 25 06 D1 0E [binary data]
    IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 35 C6 ED 01 C8 03 82 48 99 14 25 63 25 06 D1 0E [binary data]
    IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 35 C6 ED 01 C8 03 82 48 99 14 25 63 25 06 D1 0E [binary data]
    IE - HKU\S-1-5-21-1496702142-2573685113-574413517-1006\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 35 C6 ED 01 C8 03 82 48 99 14 25 63 25 06 D1 0E [binary data]
    IE - HKU\S-1-5-21-1496702142-2573685113-574413517-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
    [2011/07/30 17:52:55 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\Owner.Lindsay\Application Data\Mozilla\Firefox\Profiles\2ygg9a1s.default\extensions\{2a5e149e-c859-4c51-b16b-ba623b583935}
    O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    [2011/12/22 13:26:09 | 000,016,444 | --S- | C] () -- C:\Documents and Settings\Owner.Lindsay\Local Settings\Application Data\474672s7k507w783d741k4qvb0b4
    [2011/06/15 17:44:10 | 000,016,190 | --S- | C] () -- C:\Documents and Settings\Owner.Lindsay\Local Settings\Application Data\jrfome35tf08ah35e4cqfgv7wigo7r
    
    
    
    :files
    ipconfig /flushdns /c
    
    :reg
    [HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]
    "XMLHTTP_UUID_Default" =-
    
    [HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]
    "XMLHTTP_UUID_Default" =-
    
    [HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]
    "XMLHTTP_UUID_Default" =-
    
    [HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]
    "XMLHTTP_UUID_Default" =-
    
    [HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]
    "XMLHTTP_UUID_Default" =-
    
    [HKU\S-1-5-21-1496702142-2573685113-574413517-1006\SOFTWARE\Microsoft\Internet Explorer\Main]
    "XMLHTTP_UUID_Default" =-
    
    
    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [createrestorepoint]
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date and the time of the tool run.


Step 4.

Re run OTL from your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    C:\Windows\assembly\tmp\U\*.* /s
    CREATERESTOREPOINT

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan won't take long.
  • When the scan completes, it will open one notepad window, OTL.Txt.
  • Post the log


Step 5.

Download aswMBR.exe ( 1.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image


Step 6.

Please post:

ComboFix.txt
OTL fix log
aswMBR log
OTL.txt


After these runs I need to know if your security center is working.
Go Start > Control Panel > Security Center to see if it is working.


I need to know what issues you have remaining with your machine.
  • 0

Advertisements


#32
Skiminims

Skiminims

    Member

  • Topic Starter
  • Member
  • PipPip
  • 63 posts
I decided to go ahead and clean it for now. Probably going to get a new computer at tax time. In the process of changing passwords on the uninfected laptop.

Curious as to how long I had the backdoor trojan on the infected computer.

Was able to run all the programs successfully and have logs for all but MBR. It has been stuck at one point for over an hour. The computer light is still flickering like it is doing something and I can move the window around, so it doesn't act like it is frozen. How long should I keep it up before trying to either reboot and restart or anything else you might recommend?
  • 0

#33
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
It is running a quickscan. If it does not complete and give you a log, just close it and rerun it but when you open it you will get a screen like this:
Posted Image

Before you hit scan select the Down arrow next to quickscan in the lower left corner and select the choice (none), then select the Scan button just to the upper right of it as highlighted in the picture above.
  • 0

#34
Skiminims

Skiminims

    Member

  • Topic Starter
  • Member
  • PipPip
  • 63 posts
I was able to get into Security Center after I had run the scans and was able to turn my firewall on.

ComboFix 11-12-28.03 - Owner 12/28/2011 20:13:33.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2815.2120 [GMT -6:00]
Running from: c:\documents and settings\Owner.Lindsay\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: AVG Anti-Virus Free *Enabled/Outdated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: PC Tools AntiVirus 3.6.0.34 *Enabled/Outdated* {832E7172-E406-4BB2-8B19-6D29F2C93A98}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Owner.Lindsay\Application Data\Mozilla\Firefox\Profiles\2ygg9a1s.default\extensions\{2a5e149e-c859-4c51-b16b-ba623b583935}
c:\documents and settings\Owner.Lindsay\Application Data\Mozilla\Firefox\Profiles\2ygg9a1s.default\extensions\{2a5e149e-c859-4c51-b16b-ba623b583935}\chrome.manifest
c:\documents and settings\Owner.Lindsay\Application Data\Mozilla\Firefox\Profiles\2ygg9a1s.default\extensions\{2a5e149e-c859-4c51-b16b-ba623b583935}\chrome\xulcache.jar
c:\documents and settings\Owner.Lindsay\Application Data\Mozilla\Firefox\Profiles\2ygg9a1s.default\extensions\{2a5e149e-c859-4c51-b16b-ba623b583935}\defaults\preferences\xulcache.js
c:\documents and settings\Owner.Lindsay\Application Data\Mozilla\Firefox\Profiles\2ygg9a1s.default\extensions\{2a5e149e-c859-4c51-b16b-ba623b583935}\install.rdf
G:\AUTORUN.INF . . . . Failed to delete
.
.
((((((((((((((((((((((((( Files Created from 2011-11-28 to 2011-12-29 )))))))))))))))))))))))))))))))
.
.
2011-12-27 18:14 . 2011-12-27 18:14 -------- d-----w- C:\_OTL
2011-12-27 00:40 . 2011-12-27 00:40 -------- d-----w- c:\documents and settings\Administrator\Application Data\HP
2011-12-27 00:39 . 2011-12-27 00:39 -------- d-----w- c:\documents and settings\Administrator\Application Data\OpenOffice.org
2011-12-27 00:39 . 2011-12-27 00:39 -------- d-----w- c:\documents and settings\Administrator\Application Data\DAEMON Tools Lite
2011-12-27 00:35 . 2011-12-27 00:35 -------- d-----w- c:\documents and settings\Administrator\Application Data\Winamp
2011-12-25 23:44 . 2011-12-25 23:44 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Adobe
2011-12-22 19:44 . 2011-12-22 19:44 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2011-11-29 22:26 . 2011-12-09 06:40 -------- d-----w- c:\documents and settings\Owner.Lindsay\Local Settings\Application Data\The Lord of the Rings Online
2011-11-29 22:20 . 2009-09-04 23:29 235344 ----a-w- c:\windows\system32\d3dx11_42.dll
2011-11-29 22:20 . 2009-09-04 23:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2011-11-29 22:20 . 2009-09-04 23:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2011-11-29 22:16 . 2009-09-04 23:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2011-11-29 05:17 . 2011-11-29 05:17 -------- d-----w- c:\program files\LOTRO
2011-11-29 05:16 . 2011-12-08 04:28 -------- d-----w- c:\documents and settings\Owner.Lindsay\Local Settings\Application Data\PMB Files
2011-11-29 05:16 . 2011-11-29 21:34 -------- d-----w- c:\documents and settings\All Users\Application Data\PMB Files
2011-11-29 05:15 . 2011-11-29 05:15 -------- d-----w- c:\program files\Pando Networks
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-27 00:38 . 2011-08-09 02:57 232512 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-11-28 18:01 . 2011-06-16 23:59 41184 ----a-w- c:\windows\avastSS.scr
2011-11-28 18:01 . 2011-06-16 23:59 199816 ----a-w- c:\windows\system32\aswBoot.exe
2011-11-28 17:53 . 2011-06-16 23:59 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-11-28 17:53 . 2011-06-16 23:59 314456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-11-28 17:52 . 2011-06-16 23:59 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-11-28 17:52 . 2011-06-16 23:59 52952 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-11-28 17:52 . 2011-06-16 23:59 111320 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-11-28 17:51 . 2011-06-16 23:59 105176 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-11-28 17:51 . 2011-06-16 23:59 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-11-28 17:48 . 2011-06-16 23:59 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LogitechSoftwareUpdate"="c:\program files\Logitech\Video\ManifestEngine.exe" [2005-06-08 196608]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-08-02 4910912]
"Starfield Updater"="c:\program files\Workspace\WorkspaceUpdate.exe" [2011-09-02 34496]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"USRpdA"="c:\windows\SYSTEM32\USRmlnkA.exe RunServices \Device\3cpipe-USRpdA" [X]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 77312]
"readericon"="c:\program files\Digital Media Reader\readericon45G.exe" [2005-12-10 139264]
"CHotkey"="zHotkey.exe" [2004-12-09 550912]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-11-30 7311360]
"nwiz"="nwiz.exe" [2005-11-30 1519616]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-11-30 86016]
"AGEIA PhysX SysTray"="c:\program files\AGEIA Technologies\TrayIcon.exe" [2006-03-20 331776]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2006-01-13 196608]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-03 36352]
"RTHDCPL"="RTHDCPL.EXE" [2008-07-31 16806912]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-07-16 61440]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-06-08 2221352]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-07-19 221184]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2005-06-08 458752]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2005-06-08 217088]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]
"QuickTime Task"="c:\program files\QuickTime Alternative\qttask.exe" [2010-03-18 421888]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 18:37 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-10-03 09:08 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
2005-08-06 03:56 64512 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2009-11-18 21:13 54576 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2008-07-09 19:39 570664 ----a-w- c:\program files\Common Files\Nero\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-18 02:53 421888 ----a-w- c:\program files\QuickTime Alternative\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
2002-09-14 07:42 212992 ----a-w- c:\windows\SMINST\Recguard.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
2005-02-26 02:24 966656 ----a-w- c:\windows\creator\Remind_XP.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USBToolTip]
2007-02-20 17:07 199752 ----a-w- c:\progra~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"PrismXL"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Sony\\Station\\LaunchPad\\LaunchPad.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Trillian\\trillian.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Pinnacle\\Studio 14\\Programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 14\\Programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 14\\Programs\\umi.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Sony\\EverQuest II\\EQ2VoiceService.exe"=
"c:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy2.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Program Files\\HP\\HP Software Update\\hpwucli.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4100:UDP"= 4100:UDP:uPNP Router Control Port
"56126:TCP"= 56126:TCP:Pando Media Booster
"56126:UDP"= 56126:UDP:Pando Media Booster
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [6/16/2011 5:59 PM 435032]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [6/16/2011 5:59 PM 314456]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [8/8/2011 8:57 PM 232512]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [6/16/2011 5:59 PM 20568]
R2 File Backup;File Backup Service;c:\program files\Workspace\offSyncService.exe [2/2/2011 10:12 AM 1185008]
R3 NeroCd2k;NeroCd2k;c:\windows\system32\drivers\NeroCd2k.sys [7/17/2008 9:40 AM 44227]
S2 Ca533av;Icatch(IV) Video Camera Device;c:\windows\system32\drivers\Ca533av.sys [9/22/2009 2:28 PM 515803]
S2 Ca536av;5.1M MPEG4 DV Video Camera Device;c:\windows\system32\drivers\ca536av.sys [8/19/2010 4:09 PM 514859]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/18/2010 5:26 PM 135664]
S3 FXDrv32;FXDrv32;\??\e:\fxdrv32.sys --> e:\FXDrv32.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [1/18/2010 5:26 PM 135664]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [3/11/2010 5:58 PM 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [3/11/2010 5:58 PM 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [3/11/2010 5:58 PM 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [3/11/2010 5:58 PM 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [3/11/2010 5:58 PM 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [3/11/2010 5:58 PM 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [3/11/2010 5:58 PM 115752]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
.
2011-12-20 c:\windows\Tasks\Disk Cleanup.job
- c:\windows\system32\cleanmgr.exe [2006-11-25 00:12]
.
2011-12-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-18 23:26]
.
2011-12-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-18 23:26]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.archerytalk.com/vb/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = <local>
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Owner.Lindsay\Application Data\Mozilla\Firefox\Profiles\2ygg9a1s.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.ikesoutdoors.com
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Starfield Zoom: [email protected] - c:\program files\Mozilla Firefox\extensions\[email protected]
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Ext: StumbleUpon: {AE93811A-5C9A-4d34-8462-F7B864FC4696} - %profile%\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
FF - Ext: ActiveGS: [email protected] - %profile%\extensions\[email protected]
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Google Gears: {000a9d1c-beef-4f90-9363-039d445309b8} - c:\program files\Google\Google Gears\Firefox
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-28 20:32
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\.dtsoftbus01]
"ImagePath"="\*"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(880)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(2504)
c:\windows\system32\WININET.dll
c:\windows\system32\msi.dll
c:\program files\SmartFTP Client\en-US\sfShellTools.dll.mui
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Google\Update\1.3.21.79\GoogleCrashHandler.exe
c:\windows\arservice.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\system32\IoctlSvc.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\ARPWRMSG.EXE
c:\windows\zHotkey.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\dllhost.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Logitech\Video\FxSvr2.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
.
**************************************************************************
.
Completion time: 2011-12-28 20:46:01 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-29 02:45
.
Pre-Run: 16,937,349,120 bytes free
Post-Run: 16,871,780,352 bytes free
.
- - End Of File - - BFC9C97C96B91AF5BBD0F43EF166D658


All processes killed
========== OTL ==========
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main\\XMLHTTP_UUID_Default| /E : value set successfully!
HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main\\XMLHTTP_UUID_Default| /E : value set successfully!
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main\\XMLHTTP_UUID_Default| /E : value set successfully!
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main\\XMLHTTP_UUID_Default| /E : value set successfully!
HKU\S-1-5-21-1496702142-2573685113-574413517-1006\SOFTWARE\Microsoft\Internet Explorer\Main\\XMLHTTP_UUID_Default| /E : value set successfully!
HKU\S-1-5-21-1496702142-2573685113-574413517-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Folder C:\Documents and Settings\Owner.Lindsay\Application Data\Mozilla\Firefox\Profiles\2ygg9a1s.default\extensions\{2a5e149e-c859-4c51-b16b-ba623b583935}\ not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
C:\Documents and Settings\Owner.Lindsay\Local Settings\Application Data\474672s7k507w783d741k4qvb0b4 moved successfully.
C:\Documents and Settings\Owner.Lindsay\Local Settings\Application Data\jrfome35tf08ah35e4cqfgv7wigo7r moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Owner.Lindsay\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Owner.Lindsay\Desktop\cmd.txt deleted successfully.
========== REGISTRY ==========
Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main\\XMLHTTP_UUID_Default deleted successfully.
Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main\\XMLHTTP_UUID_Default not found.
Registry value HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main\\XMLHTTP_UUID_Default deleted successfully.
Registry value HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main\\XMLHTTP_UUID_Default deleted successfully.
Registry value HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main\\XMLHTTP_UUID_Default not found.
Registry value HKEY_USERS\S-1-5-21-1496702142-2573685113-574413517-1006\SOFTWARE\Microsoft\Internet Explorer\Main\\XMLHTTP_UUID_Default deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Anime

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 65536 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32835 bytes

User: Owner

User: Owner.Lindsay
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 376858 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 47049933 bytes
->Flash cache emptied: 1819 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 544 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 45.00 mb

Restore point Set: OTL Restore Point (0)

OTL by OldTimer - Version 3.2.31.0 log created on 12282011_214257

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

aswMBR version 0.9.9.1120 Copyright© 2011 AVAST Software
Run date: 2011-12-29 08:44:36
-----------------------------
08:44:36.953 OS Version: Windows 5.1.2600 Service Pack 3
08:44:36.953 Number of processors: 2 586 0x4B02
08:44:36.953 ComputerName: LINDSAY UserName: Owner
08:44:37.625 Initialize success
08:44:37.765 AVAST engine defs: 11122900
08:45:46.812 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-10
08:45:46.812 Disk 0 Vendor: WDC_WD2500BB-22RDA0 20.00K20 Size: 238475MB BusType: 3
08:45:48.843 Disk 0 MBR read successfully
08:45:48.843 Disk 0 MBR scan
08:45:48.843 Disk 0 unknown MBR code
08:45:48.859 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 232966 MB offset 11261565
08:45:48.859 Disk 0 Partition 2 00 0B FAT32 RECOVERY 5498 MB offset 63
08:45:48.875 Disk 0 scanning sectors +488376000
08:45:48.906 Disk 0 malicious Win32:MBRoot code @ sector 488376003 !
08:45:48.953 Disk 0 scanning C:\WINDOWS\system32\drivers
08:46:06.171 Service scanning
08:46:06.671 Service .dtsoftbus01 \* **LOCKED** 123
08:46:06.750 Service Evf_umpapsa C:\WINDOWS\C:\WINDOWS\system32\drivers\acpiec.sys **LOCKED** 123
08:46:06.765 Service FXDrv32 E:\FXDrv32.sys **LOCKED** 1
08:46:07.437 Modules scanning
08:46:22.671 Disk 0 trace - called modules:
08:46:22.687 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
08:46:22.703 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8b09a030]
08:46:22.703 3 CLASSPNP.SYS[ba188fd7] -> nt!IofCallDriver -> \Device\000000c3[0x8affa9e8]
08:46:22.718 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T0L0-10[0x8aff9d98]
08:46:22.718 Scan finished successfully
08:46:55.703 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\MBR.dat"
08:46:55.718 The log file has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\aswMBR1229.txt"


OTL logfile created on: 12/28/2011 10:37:01 PM - Run 5
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Owner.Lindsay\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.75 Gb Total Physical Memory | 2.24 Gb Available Physical Memory | 81.37% Memory free
5.34 Gb Paging File | 4.94 Gb Available in Paging File | 92.56% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 227.51 Gb Total Space | 15.76 Gb Free Space | 6.93% Space Free | Partition Type: NTFS
Drive D: | 5.36 Gb Total Space | 2.11 Gb Free Space | 39.45% Space Free | Partition Type: FAT32
Drive G: | 121.26 Mb Total Space | 7.26 Mb Free Space | 5.99% Space Free | Partition Type: FAT

Computer Name: LINDSAY | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/23 19:31:48 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner.Lindsay\Desktop\OTL.exe
PRC - [2011/11/28 12:01:24 | 003,744,552 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/11/28 12:01:23 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/10/21 02:23:28 | 000,140,952 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.21.79\GoogleCrashHandler.exe
PRC - [2011/09/20 14:30:46 | 001,185,008 | ---- | M] (Starfield Technologies, Inc.) -- C:\Program Files\Workspace\offSyncService.exe
PRC - [2011/09/01 22:01:55 | 000,034,496 | ---- | M] () -- C:\Program Files\Workspace\workspaceupdate.exe
PRC - [2011/08/02 01:33:30 | 004,910,912 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe
PRC - [2008/08/03 17:02:20 | 000,036,352 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe
PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/03/20 13:43:16 | 000,331,776 | ---- | M] () -- C:\Program Files\AGEIA Technologies\TrayIcon.exe
PRC - [2005/12/09 20:44:40 | 000,139,264 | ---- | M] (Alcor Micro, Corp.) -- C:\Program Files\Digital Media Reader\readericon45G.exe
PRC - [2005/08/02 18:19:16 | 000,077,312 | ---- | M] (Microsoft) -- C:\WINDOWS\arpwrmsg.exe
PRC - [2005/08/02 18:19:16 | 000,058,880 | ---- | M] (Microsoft) -- C:\WINDOWS\arservice.exe
PRC - [2005/07/19 16:32:18 | 000,221,184 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\LVCOMSX.EXE
PRC - [2005/06/08 14:14:44 | 000,217,088 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Video\LogiTray.exe
PRC - [2005/06/08 13:44:56 | 000,192,512 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Video\FxSvr2.exe
PRC - [2004/12/08 19:57:36 | 000,550,912 | ---- | M] () -- C:\WINDOWS\zHotkey.exe


========== Modules (No Company Name) ==========

MOD - [2011/12/28 11:44:32 | 001,657,856 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\11122801\algo.dll
MOD - [2011/12/19 17:49:56 | 000,241,528 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\11122801\aswRep.dll
MOD - [2011/11/21 17:48:14 | 011,800,576 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\e1a85615ab132405c28590c9d8e6233f\System.Web.ni.dll
MOD - [2011/11/21 17:43:40 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\5756ca113c80af34720b25cfc7a7b445\System.Configuration.ni.dll
MOD - [2011/11/21 17:43:26 | 000,025,600 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\6d081910258eaa8d51d4d69036a312ac\Accessibility.ni.dll
MOD - [2011/11/21 16:20:39 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\c4020fe0dc0b08e7fbf56be3fa2af986\System.Xml.ni.dll
MOD - [2011/11/21 16:20:31 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\0f11a9acd451eab539a828efb005c1b6\System.Windows.Forms.ni.dll
MOD - [2011/11/21 16:20:12 | 001,587,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\8812414cfc3093d545c71980100970a5\System.Drawing.ni.dll
MOD - [2011/11/21 16:18:05 | 007,950,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\279715bc4706e5e5683f405085a58fa6\System.ni.dll
MOD - [2011/11/21 16:17:55 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\b1e18a86c1ee54bf30076d9db209c577\mscorlib.ni.dll
MOD - [2011/10/27 15:45:01 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2011/09/01 22:01:55 | 000,034,496 | ---- | M] () -- C:\Program Files\Workspace\workspaceupdate.exe
MOD - [2011/02/28 16:37:32 | 000,180,624 | ---- | M] () -- C:\WINDOWS\system32\Primomonnt.dll
MOD - [2011/02/04 16:48:30 | 000,291,840 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll
MOD - [2010/02/05 12:27:45 | 001,291,776 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2009/10/14 20:27:45 | 001,691,648 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3134.40006__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll
MOD - [2009/10/14 20:27:45 | 000,266,240 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3134.39961__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll
MOD - [2009/10/14 20:27:45 | 000,204,800 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3134.40009__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll
MOD - [2009/10/14 20:27:45 | 000,077,824 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3134.40160__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll
MOD - [2009/10/14 20:27:45 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3134.40125__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll
MOD - [2009/10/14 20:27:45 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3134.39999__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll
MOD - [2009/10/14 20:27:45 | 000,036,864 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3134.40096__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll
MOD - [2009/10/14 20:27:45 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3134.39983__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll
MOD - [2009/10/14 20:27:44 | 000,483,328 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3134.40198__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll
MOD - [2009/10/14 20:27:44 | 000,135,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3134.40199__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll
MOD - [2009/10/14 20:27:44 | 000,106,496 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Dashboard\2.0.3134.40008__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Dashboard.dll
MOD - [2009/10/14 20:27:44 | 000,073,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3134.39977__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll
MOD - [2009/10/14 20:27:44 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Runtime\2.0.3134.40007__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Runtime.dll
MOD - [2009/10/14 20:27:43 | 000,356,352 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3134.40134__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll
MOD - [2009/10/14 20:27:43 | 000,090,112 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3134.40135__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll
MOD - [2009/10/14 20:27:43 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3134.40133__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll
MOD - [2009/10/14 20:27:41 | 000,811,008 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3134.40100__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll
MOD - [2009/10/14 20:27:41 | 000,405,504 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3134.40149__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll
MOD - [2009/10/14 20:27:40 | 000,585,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3134.40011__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll
MOD - [2009/10/14 20:27:40 | 000,438,272 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3134.39985__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll
MOD - [2009/10/14 20:27:40 | 000,225,280 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3134.40010__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll
MOD - [2009/10/14 20:27:40 | 000,118,784 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3134.40119__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll
MOD - [2009/10/14 20:27:40 | 000,077,824 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3134.40099__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll
MOD - [2009/10/14 20:27:40 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3134.40017__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll
MOD - [2009/10/14 20:27:40 | 000,036,864 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3134.40118__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll
MOD - [2009/10/14 20:27:39 | 000,450,560 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3134.40089__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll
MOD - [2009/10/14 20:27:39 | 000,376,832 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3134.40098__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll
MOD - [2009/10/14 20:27:39 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3134.40097__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll
MOD - [2009/10/14 20:27:39 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3134.40098__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll
MOD - [2009/10/14 20:27:39 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3134.40121__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll
MOD - [2009/10/14 20:27:39 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3119.30092__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll
MOD - [2009/10/14 20:27:39 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3119.30104__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll
MOD - [2009/10/14 20:27:38 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3119.30081__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll
MOD - [2009/10/14 20:27:38 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3119.30177__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll
MOD - [2009/10/14 20:27:38 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3119.30120__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll
MOD - [2009/10/14 20:27:38 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3119.30176__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll
MOD - [2009/10/14 20:27:38 | 000,006,656 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll
MOD - [2009/10/14 20:27:37 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll
MOD - [2009/10/14 20:27:37 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation\2.0.3119.30063__90ba9c70f846762e\LOG.Foundation.dll
MOD - [2009/10/14 20:27:37 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3119.30065__90ba9c70f846762e\NEWAEM.Foundation.dll
MOD - [2009/10/14 20:27:37 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.OS.I0602\2.0.3119.30127__90ba9c70f846762e\DEM.OS.I0602.dll
MOD - [2009/10/14 20:27:37 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\MOM.Foundation\2.0.3119.30117__90ba9c70f846762e\MOM.Foundation.dll
MOD - [2009/10/14 20:27:37 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.OS\2.0.3119.30171__90ba9c70f846762e\DEM.OS.dll
MOD - [2009/10/14 20:27:37 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll
MOD - [2009/10/14 20:27:36 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation\2.0.3119.30067__90ba9c70f846762e\CLI.Foundation.dll
MOD - [2009/10/14 20:27:36 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3119.30096__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll
MOD - [2009/10/14 20:27:36 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3119.30148__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll
MOD - [2009/10/14 20:27:36 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3119.30169__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll
MOD - [2009/10/14 20:27:36 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3119.30232__90ba9c70f846762e\CLI.Foundation.XManifest.dll
MOD - [2009/10/14 20:27:36 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3119.30100__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll
MOD - [2009/10/14 20:27:36 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3119.30089__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll
MOD - [2009/10/14 20:27:36 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3119.30082__90ba9c70f846762e\CLI.Component.Client.Shared.dll
MOD - [2009/10/14 20:27:36 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Shared\2.0.3119.30140__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Shared.dll
MOD - [2009/10/14 20:27:36 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics\2.0.3119.30128__90ba9c70f846762e\DEM.Graphics.dll
MOD - [2009/10/14 20:27:36 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll
MOD - [2009/10/14 20:27:36 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3119.30094__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll
MOD - [2009/10/14 20:27:36 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3119.30139__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll
MOD - [2009/10/14 20:27:36 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3119.30129__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll
MOD - [2009/10/14 20:27:35 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3119.30145__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll
MOD - [2009/10/14 20:27:35 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3119.30146__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll
MOD - [2009/10/14 20:27:35 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3119.30130__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll
MOD - [2009/10/14 20:27:34 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3119.30149__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll
MOD - [2009/10/14 20:27:34 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3119.30144__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll
MOD - [2009/10/14 20:27:34 | 000,049,152 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3119.30144__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll
MOD - [2009/10/14 20:27:34 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3134.40215__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll
MOD - [2009/10/14 20:27:34 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3119.30148__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll
MOD - [2009/10/14 20:27:34 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3119.30118__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll
MOD - [2009/10/14 20:27:34 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3119.30141__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll
MOD - [2009/10/14 20:27:34 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3119.30130__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll
MOD - [2009/10/14 20:27:34 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3119.30122__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll
MOD - [2009/10/14 20:27:34 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll
MOD - [2009/10/14 20:27:34 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\APM.Foundation\2.0.3119.30119__90ba9c70f846762e\APM.Foundation.dll
MOD - [2009/10/14 20:27:34 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3119.30093__90ba9c70f846762e\AEM.Server.Shared.dll
MOD - [2009/10/14 20:27:34 | 000,011,264 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOCALIZATION.Foundation.Implementation\2.0.3134.40228__90ba9c70f846762e\LOCALIZATION.Foundation.Implementation.dll
MOD - [2009/10/14 20:27:33 | 000,417,792 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3134.40175__90ba9c70f846762e\CLI.Component.Systemtray.dll
MOD - [2009/10/14 20:27:33 | 000,397,312 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3134.39992__90ba9c70f846762e\CLI.Component.Wizard.dll
MOD - [2009/10/14 20:27:33 | 000,106,496 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\MOM.Implementation\2.0.3134.40186__90ba9c70f846762e\MOM.Implementation.dll
MOD - [2009/10/14 20:27:33 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3134.40183__90ba9c70f846762e\LOG.Foundation.Implementation.dll
MOD - [2009/10/14 20:27:33 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3134.39953__90ba9c70f846762e\CLI.Component.SkinFactory.dll
MOD - [2009/10/14 20:27:33 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3119.30076__90ba9c70f846762e\CLI.Foundation.Private.dll
MOD - [2009/10/14 20:27:33 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3119.30085__90ba9c70f846762e\LOG.Foundation.Private.dll
MOD - [2009/10/14 20:27:33 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3119.30121__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll
MOD - [2009/10/14 20:27:33 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3119.30121__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll
MOD - [2009/10/14 20:27:33 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOCALIZATION.Foundation.Private\2.0.3119.30074__90ba9c70f846762e\LOCALIZATION.Foundation.Private.dll
MOD - [2009/10/14 20:27:33 | 000,014,848 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll
MOD - [2009/10/14 20:27:33 | 000,013,312 | ---- | M] () -- C:\WINDOWS\assembly\GAC\Interop.WBOCXLib\1.0.0.0__90ba9c70f846762e\Interop.WBOCXLib.dll
MOD - [2009/10/14 20:27:33 | 000,007,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3134.39948__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll
MOD - [2009/10/14 20:27:32 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3134.39951__90ba9c70f846762e\CLI.Component.Runtime.dll
MOD - [2009/10/14 20:27:32 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3119.30123__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll
MOD - [2009/10/14 20:27:32 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3119.30113__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll
MOD - [2009/10/14 20:27:31 | 000,999,424 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3134.39970__90ba9c70f846762e\CLI.Component.Dashboard.dll
MOD - [2009/10/14 20:27:31 | 000,069,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ATIDEMOS\2.0.3134.39952__90ba9c70f846762e\ATIDEMOS.dll
MOD - [2009/10/14 20:27:31 | 000,057,344 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\APM.Server\2.0.3134.39950__90ba9c70f846762e\APM.Server.dll
MOD - [2009/10/14 20:27:31 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Server\2.0.3134.39948__90ba9c70f846762e\AEM.Server.dll
MOD - [2009/10/14 20:27:31 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3119.30101__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll
MOD - [2009/10/14 20:27:31 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll
MOD - [2009/10/14 20:27:31 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CCC.Implementation\2.0.3134.40186__90ba9c70f846762e\CCC.Implementation.dll
MOD - [2009/10/14 20:27:31 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3119.30150__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll
MOD - [2009/05/23 13:29:50 | 000,140,288 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2008/08/03 17:02:20 | 000,036,352 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe
MOD - [2008/06/23 12:58:36 | 000,016,384 | R--- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll
MOD - [2008/04/13 18:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 18:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2006/03/20 13:43:16 | 000,331,776 | ---- | M] () -- C:\Program Files\AGEIA Technologies\TrayIcon.exe
MOD - [2004/12/08 19:57:36 | 000,550,912 | ---- | M] () -- C:\WINDOWS\zHotkey.exe
MOD - [2003/05/16 22:09:32 | 000,011,776 | ---- | M] () -- C:\WINDOWS\HIDMNT.dll
MOD - [2001/07/02 22:36:30 | 000,024,576 | ---- | M] () -- C:\WINDOWS\HKNTDLL.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (PCTAVSvc)
SRV - [2011/11/28 12:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/09/20 14:30:46 | 001,185,008 | ---- | M] (Starfield Technologies, Inc.) [Auto | Running] -- C:\Program Files\Workspace\offSyncService.exe -- (File Backup)
SRV - [2008/06/30 10:10:23 | 000,068,096 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe -- (Macromedia Licensing Service)
SRV - [2006/11/24 23:01:01 | 000,172,032 | ---- | M] (New Boundary Technologies, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- (PrismXL)
SRV - [2005/08/02 18:19:16 | 000,058,880 | ---- | M] (Microsoft) [Auto | Running] -- C:\WINDOWS\arservice.exe -- (ARSVC)


========== Driver Services (SafeList) ==========

DRV - [2011/12/26 18:38:35 | 000,232,512 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2011/11/28 11:53:53 | 000,435,032 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/11/28 11:53:35 | 000,314,456 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/11/28 11:52:19 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/11/28 11:52:16 | 000,052,952 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/11/28 11:52:02 | 000,111,320 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/11/28 11:51:50 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/11/28 11:48:49 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2009/05/14 12:08:40 | 000,027,136 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tapvpn.sys -- (tapvpn)
DRV - [2008/10/24 12:42:28 | 001,035,008 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2008/10/24 12:42:27 | 000,718,464 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2008/10/24 12:42:27 | 000,244,480 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2008/08/12 02:10:50 | 004,751,360 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/08/01 00:40:28 | 003,894,272 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008/08/01 00:38:20 | 003,266,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2008/07/17 19:12:38 | 003,682,240 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtHDMI.sys -- (RTHDMIAzAudService)
DRV - [2008/07/17 09:39:52 | 000,044,227 | ---- | M] (ahead software gmbh
im stoeckmaedle 6
76307 karlsbad, germany
Fax: ++49-7248-911-888
e-mail: [email protected]) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NeroCd2k.sys -- (NeroCd2k)
DRV - [2008/07/03 14:23:51 | 000,083,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s616bus.sys -- (s616bus) Sony Ericsson Device 616 driver (WDM)
DRV - [2008/06/30 21:27:44 | 000,108,800 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2008/05/16 11:33:14 | 000,115,752 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016unic.sys -- (s0016unic) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM)
DRV - [2008/05/16 11:33:14 | 000,025,512 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016nd5.sys -- (s0016nd5) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS)
DRV - [2008/05/16 11:33:14 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016mdfl.sys -- (s0016mdfl)
DRV - [2008/05/16 11:33:12 | 000,120,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016mdm.sys -- (s0016mdm)
DRV - [2008/05/16 11:33:12 | 000,114,216 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016mgmt.sys -- (s0016mgmt) Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM)
DRV - [2008/05/16 11:33:12 | 000,110,632 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016obex.sys -- (s0016obex)
DRV - [2008/05/16 11:33:12 | 000,089,256 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016bus.sys -- (s0016bus) Sony Ericsson Device 0016 driver (WDM)
DRV - [2007/10/07 17:29:33 | 000,278,728 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)
DRV - [2007/10/07 17:29:32 | 000,025,416 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2007/08/07 10:38:02 | 000,015,872 | ---- | M] (PC Tools Research Pty Ltd) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\AVFilter.sys -- (AVFilter)
DRV - [2007/06/18 16:15:18 | 000,022,528 | ---- | M] (PC Tools Research Pty Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVHook.sys -- (AVHook)
DRV - [2007/06/18 16:15:18 | 000,015,872 | ---- | M] (PC Tools Research Pty Ltd ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVRec.sys -- (AVRec)
DRV - [2007/04/03 12:59:42 | 000,099,080 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s616unic.sys -- (s616unic) Sony Ericsson Device 616 USB Ethernet Emulation SEMC616 (WDM)
DRV - [2007/04/03 12:59:42 | 000,098,568 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s616obex.sys -- (s616obex)
DRV - [2007/04/03 12:59:42 | 000,023,176 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s616nd5.sys -- (s616nd5) Sony Ericsson Device 616 USB Ethernet Emulation SEMC616 (NDIS)
DRV - [2007/04/03 12:59:40 | 000,100,360 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s616mgmt.sys -- (s616mgmt) Sony Ericsson Device 616 USB WMC Device Management Drivers (WDM)
DRV - [2007/04/03 12:59:38 | 000,108,680 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s616mdm.sys -- (s616mdm)
DRV - [2007/04/03 12:59:36 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s616mdfl.sys -- (s616mdfl)
DRV - [2007/03/07 17:51:00 | 000,009,464 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2007/03/07 17:51:00 | 000,009,336 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2006/06/19 01:37:34 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2005/09/23 22:18:32 | 000,171,520 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MarvinBus.sys -- (MarvinBus)
DRV - [2005/07/28 12:11:04 | 000,012,928 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2005/07/28 12:11:02 | 000,034,048 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2005/05/27 08:46:22 | 000,913,280 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LV302AV.SYS -- (PID_08A0) QuickCam IM(PID_08A0)
DRV - [2005/05/27 08:31:28 | 000,022,016 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2004/09/29 14:36:29 | 000,015,360 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NetMotCM.sys -- (ndiscm)
DRV - [2003/09/05 12:47:22 | 000,514,859 | ---- | M] (Digital Camera) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\ca536av.sys -- (Ca536av)
DRV - [2003/01/10 15:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2002/10/21 10:37:16 | 000,515,803 | ---- | M] (Digital Camera) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\Ca533av.sys -- (Ca533av) Icatch(IV)
DRV - [2002/07/25 10:19:48 | 000,010,986 | ---- | M] (USB BULK) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Bulk533.sys -- (USBCamera) Icatch(IV)
DRV - [2001/08/17 12:51:32 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\irsir.sys -- (irsir)
DRV - [2001/08/17 12:28:26 | 000,113,762 | ---- | M] (U.S. Robotics Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USRpdA.sys -- (USRpdA)
DRV - [2001/08/17 12:28:12 | 000,050,751 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_TONE.sys -- (Tones)
DRV - [2001/08/17 12:28:10 | 000,542,879 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_MSFT.sys -- (hsf_msft)
DRV - [2001/08/17 12:28:10 | 000,057,471 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_SAMP.sys -- (Rksample)
DRV - [2001/08/17 12:28:08 | 000,391,199 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_K56K.sys -- (K56)
DRV - [2001/08/17 12:28:06 | 000,289,887 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_FALL.sys -- (Fallback)
DRV - [2001/08/17 12:28:06 | 000,199,711 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_FAXX.sys -- (SoftFax)
DRV - [2001/08/17 12:28:06 | 000,115,807 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_FSKS.sys -- (Fsks)
DRV - [2001/08/17 12:28:04 | 000,067,167 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_BSC2.sys -- (basic2)
DRV - [2001/08/17 11:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\el90xbc5.sys -- (EL90XBC)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_page_URL = http://www.gateway.c...ys=DTP&M=GT5220
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_page_URL = http://www.gateway.c...ys=DTP&M=GT5220
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie

IE - HKU\S-1-5-21-1496702142-2573685113-574413517-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-1496702142-2573685113-574413517-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKU\S-1-5-21-1496702142-2573685113-574413517-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.archerytalk.com/vb/
IE - HKU\S-1-5-21-1496702142-2573685113-574413517-1006\Software\Microsoft\Internet Explorer\SearchURL\CNNSI, = search.sportsillustrated.cnn.com/pages/search.jsp?query=%s
IE - HKU\S-1-5-21-1496702142-2573685113-574413517-1006\Software\Microsoft\Internet Explorer\SearchURL\Dictionary, = dictionary.reference.com/search?q=%s
IE - HKU\S-1-5-21-1496702142-2573685113-574413517-1006\Software\Microsoft\Internet Explorer\SearchURL\Google, = google.com/search?q=%s
IE - HKU\S-1-5-21-1496702142-2573685113-574413517-1006\Software\Microsoft\Internet Explorer\SearchURL\GoogleGroups, = groups-beta.google.com/groups?q=%s
IE - HKU\S-1-5-21-1496702142-2573685113-574413517-1006\Software\Microsoft\Internet Explorer\SearchURL\GoogleImages, = images.google.com/images?hl=en&lr=&q=%s
IE - HKU\S-1-5-21-1496702142-2573685113-574413517-1006\Software\Microsoft\Internet Explorer\SearchURL\GoogleNews, = news.google.com/news?tab=gn&hl=en&ie=UTF-8&q=%s&btnG=Search+News
IE - HKU\S-1-5-21-1496702142-2573685113-574413517-1006\Software\Microsoft\Internet Explorer\SearchURL\KB, = support.microsoft.com/search/default.aspx?query=%s
IE - HKU\S-1-5-21-1496702142-2573685113-574413517-1006\Software\Microsoft\Internet Explorer\SearchURL\KBDLL, = support.microsoft.com/dllhelp/default.aspx?dlltype=file&l=55&alpha=%s&S=1
IE - HKU\S-1-5-21-1496702142-2573685113-574413517-1006\Software\Microsoft\Internet Explorer\SearchURL\Movies, = fandango.com/my_box_office.asp?searchby=2&txtCityZip=%s
IE - HKU\S-1-5-21-1496702142-2573685113-574413517-1006\Software\Microsoft\Internet Explorer\SearchURL\MSN, = search.msn.com/results.asp?q=%s
IE - HKU\S-1-5-21-1496702142-2573685113-574413517-1006\Software\Microsoft\Internet Explorer\SearchURL\Thesaurus, = thesaurus.reference.com/search?q=%s
IE - HKU\S-1-5-21-1496702142-2573685113-574413517-1006\Software\Microsoft\Internet Explorer\SearchURL\Weather, = weather.com/weather/local/%s
IE - HKU\S-1-5-21-1496702142-2573685113-574413517-1006\Software\Microsoft\Internet Explorer\SearchURL\Yahoo, = search.yahoo.com/search?p=%s
IE - HKU\S-1-5-21-1496702142-2573685113-574413517-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1496702142-2573685113-574413517-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =

========== FireFox ==========

FF - prefs.js..browser.bdtoolbar.orig_keyword_url: "data:text/plain,keyword.URL=http://search.yahoo.com/search?ei=UTF-8&fr=yff35awe&p="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "www.ikesoutdoors.com"
FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.4
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.8
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.81
FF - prefs.js..extensions.enabledItems: [email protected]:3.3.201
FF - prefs.js..extensions.enabledItems: [email protected]:1.3

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Program Files\DivX\DivX Content Uploader\npUpload.dll File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@starfield.com/off: C:\Documents and Settings\Owner.Lindsay\Application Data\Mozilla\Plugins\npoff.dll ( Starfield Technologies, Inc.)
FF - HKCU\Software\MozillaPlugins\@starfield.com/wbe: C:\Documents and Settings\Owner.Lindsay\Application Data\Mozilla\Plugins\npwbe.dll (Starfield Technology, Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010/03/04 17:49:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Java\jre6\lib\deploy\jqs\ff
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/08/24 12:57:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/12/22 13:32:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/12/27 12:14:05 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/08/24 12:57:43 | 000,000,000 | ---D | M]

[2009/06/17 20:34:41 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner.Lindsay\Application Data\Mozilla\Extensions
[2011/12/28 21:41:12 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner.Lindsay\Application Data\Mozilla\Firefox\Profiles\2ygg9a1s.default\extensions
[2011/06/24 16:14:12 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Owner.Lindsay\Application Data\Mozilla\Firefox\Profiles\2ygg9a1s.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/04/19 18:23:42 | 000,000,000 | ---D | M] ("StumbleUpon") -- C:\Documents and Settings\Owner.Lindsay\Application Data\Mozilla\Firefox\Profiles\2ygg9a1s.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2011/04/19 18:23:43 | 000,000,000 | ---D | M] (Web Developer) -- C:\Documents and Settings\Owner.Lindsay\Application Data\Mozilla\Firefox\Profiles\2ygg9a1s.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2011/08/19 09:21:00 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\Owner.Lindsay\Application Data\Mozilla\Firefox\Profiles\2ygg9a1s.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011/02/07 11:30:18 | 000,000,000 | ---D | M] (ActiveGS) -- C:\Documents and Settings\Owner.Lindsay\Application Data\Mozilla\Firefox\Profiles\2ygg9a1s.default\extensions\[email protected]
[2011/12/27 18:12:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/24 12:06:32 | 000,000,000 | ---D | M] (Starfield Zoom) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
[2011/09/01 22:02:42 | 000,000,000 | ---D | M] (WBE Paste) -- C:\DOCUMENTS AND SETTINGS\OWNER.LINDSAY\APPLICATION DATA\MOZILLA\EXTENSIONS\{EC8030F7-C20A-464F-9B0E-13A3A9E97384}\[email protected]
[2011/12/06 18:47:13 | 000,000,000 | ---D | M] (Workspace Email Zoom) -- C:\DOCUMENTS AND SETTINGS\OWNER.LINDSAY\APPLICATION DATA\MOZILLA\EXTENSIONS\{EC8030F7-C20A-464F-9B0E-13A3A9E97384}\[email protected]
[2010/03/04 17:49:17 | 000,000,000 | ---D | M] (Google Gears) -- C:\PROGRAM FILES\GOOGLE\GOOGLE GEARS\FIREFOX
[2009/11/20 12:34:44 | 000,218,624 | ---- | M] (Starfield Technology, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwbe.dll

O1 HOSTS File: ([2011/12/28 21:43:00 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O4 - HKLM..\Run: [AGEIA PhysX SysTray] C:\Program Files\AGEIA Technologies\TrayIcon.exe ()
O4 - HKLM..\Run: [AlwaysReady Power Message APP] C:\WINDOWS\arpwrmsg.exe (Microsoft)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CHotkey] C:\WINDOWS\zHotkey.exe ()
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe (HP)
O4 - HKLM..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe (Logitech Inc.)
O4 - HKLM..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.)
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime Alternative\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [readericon] C:\Program Files\Digital Media Reader\readericon45G.exe (Alcor Micro, Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [USRpdA] C:\WINDOWS\SYSTEM32\USRmlnkA.exe RunServices \Device\3cpipe-USRpdA File not found
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - HKU\S-1-5-21-1496702142-2573685113-574413517-1006..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-1496702142-2573685113-574413517-1006..\Run: [LogitechSoftwareUpdate] C:\Program Files\Logitech\Video\ManifestEngine.exe (Logitech Inc.)
O4 - HKU\S-1-5-21-1496702142-2573685113-574413517-1006..\Run: [Starfield Updater] C:\Program Files\Workspace\WorkspaceUpdate.exe ()
O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1496702142-2573685113-574413517-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1496702142-2573685113-574413517-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1496702142-2573685113-574413517-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1496702142-2573685113-574413517-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1496702142-2573685113-574413517-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogOff = 0
O7 - HKU\S-1-5-21-1496702142-2573685113-574413517-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe File not found
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail....es/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onec...lscbase5483.cab (Windows Live Safety Center Base Module)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{741894F8-4A75-4632-BFCC-1475BEC1D96C}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9285FE47-0669-4854-9785-E023AF4C09FD}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D801D433-DE9A-4E4C-B70E-30810B5E1A75}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\WRNotifier: DllName - (WRLogonNTF.dll) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/06/17 03:41:16 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2011/12/26 15:59:00 | 000,000,016 | -H-- | M] () - G:\AUTORUN.INF -- [ FAT ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/12/28 21:43:02 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/12/28 20:09:50 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/12/28 20:09:50 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/12/28 20:09:50 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/12/28 20:09:50 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/12/28 20:08:56 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/12/28 19:58:24 | 004,354,974 | R--- | C] (Swearware) -- C:\Documents and Settings\Owner.Lindsay\Desktop\ComboFix.exe
[2011/12/27 18:16:00 | 001,578,288 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Owner.Lindsay\Desktop\tdsskiller(2).exe
[2011/12/27 12:14:02 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/12/27 12:11:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.Lindsay\Desktop\RK_Quarantine
[2011/12/23 19:31:45 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner.Lindsay\Desktop\OTL.exe
[2011/11/29 16:26:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.Lindsay\My Documents\The Lord of the Rings Online
[2011/11/29 16:26:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.Lindsay\Local Settings\Application Data\The Lord of the Rings Online
[2011/11/28 23:17:25 | 000,000,000 | ---D | C] -- C:\Program Files\LOTRO
[2011/11/28 23:16:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.Lindsay\Local Settings\Application Data\PMB Files
[2011/11/28 23:16:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2011/11/28 23:15:49 | 000,000,000 | ---D | C] -- C:\Program Files\Pando Networks
[1 C:\Documents and Settings\Owner.Lindsay\Desktop\*.tmp files -> C:\Documents and Settings\Owner.Lindsay\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/12/28 22:28:01 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/28 22:26:49 | 000,524,460 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/12/28 22:26:49 | 000,098,524 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/12/28 22:26:42 | 000,012,648 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/12/28 22:26:29 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/28 22:26:20 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/12/28 22:26:19 | 000,003,568 | ---- | M] () -- C:\WINDOWS\System32\ativvaxx.cap
[2011/12/28 21:43:00 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/12/28 19:58:52 | 004,354,974 | R--- | M] (Swearware) -- C:\Documents and Settings\Owner.Lindsay\Desktop\ComboFix.exe
[2011/12/27 22:07:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/12/27 18:15:11 | 001,578,288 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Owner.Lindsay\Desktop\tdsskiller(2).exe
[2011/12/26 18:38:35 | 000,232,512 | ---- | M] (DT Soft Ltd) -- C:\WINDOWS\System32\drivers\dtsoftbus01.sys
[2011/12/25 17:44:50 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/12/23 19:31:48 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner.Lindsay\Desktop\OTL.exe
[2011/12/22 22:00:17 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/12/21 13:57:04 | 217,793,177 | ---- | M] () -- C:\Documents and Settings\Owner.Lindsay\Desktop\ProChronoEdited.wmv
[2011/12/19 22:41:32 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\Disk Cleanup.job
[2011/12/17 09:55:05 | 000,039,608 | ---- | M] () -- C:\Documents and Settings\Owner.Lindsay\Application Data\wklnhst.dat
[2011/12/07 12:15:30 | 254,248,937 | ---- | M] () -- C:\Documents and Settings\Owner.Lindsay\Desktop\Eliminator.wmv
[2011/12/05 11:10:30 | 000,152,192 | ---- | M] () -- C:\Documents and Settings\Owner.Lindsay\My Documents\USCell.png
[2011/12/04 01:06:03 | 000,260,344 | ---- | M] () -- C:\Documents and Settings\Owner.Lindsay\My Documents\Gūr Edhellen V5.0.pdf
[2011/11/30 13:40:45 | 000,000,349 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\PCLECHAL.INI
[2011/11/29 22:10:53 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/11/29 16:15:39 | 000,001,866 | ---- | M] () -- C:\Documents and Settings\Owner.Lindsay\Desktop\The Lord of the Rings Online.lnk
[2011/11/29 16:14:56 | 001,044,651 | ---- | M] () -- C:\Documents and Settings\Owner.Lindsay\Desktop\CuzTurkeyDaySM.png
[2011/11/29 16:11:42 | 008,750,593 | ---- | M] () -- C:\Documents and Settings\Owner.Lindsay\Desktop\CuzTurkeyDay.png
[1 C:\Documents and Settings\Owner.Lindsay\Desktop\*.tmp files -> C:\Documents and Settings\Owner.Lindsay\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/12/28 20:09:50 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/12/28 20:09:50 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/12/28 20:09:50 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/12/28 20:09:50 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/12/28 20:09:50 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/12/23 19:32:54 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/12/22 01:25:11 | 217,793,177 | ---- | C] () -- C:\Documents and Settings\Owner.Lindsay\Desktop\ProChronoEdited.wmv
[2011/12/07 13:03:09 | 254,248,937 | ---- | C] () -- C:\Documents and Settings\Owner.Lindsay\Desktop\Eliminator.wmv
[2011/12/05 11:10:28 | 000,152,192 | ---- | C] () -- C:\Documents and Settings\Owner.Lindsay\My Documents\USCell.png
[2011/12/04 01:06:03 | 000,260,344 | ---- | C] () -- C:\Documents and Settings\Owner.Lindsay\My Documents\Gūr Edhellen V5.0.pdf
[2011/11/29 16:15:39 | 000,001,866 | ---- | C] () -- C:\Documents and Settings\Owner.Lindsay\Desktop\The Lord of the Rings Online.lnk
[2011/11/29 16:14:53 | 001,044,651 | ---- | C] () -- C:\Documents and Settings\Owner.Lindsay\Desktop\CuzTurkeyDaySM.png
[2011/11/29 16:11:34 | 008,750,593 | ---- | C] () -- C:\Documents and Settings\Owner.Lindsay\Desktop\CuzTurkeyDay.png
[2011/11/20 19:44:34 | 000,180,624 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2011/07/30 08:24:43 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll0707.old
[2011/07/29 20:31:51 | 000,381,408 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/06/16 09:26:47 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner.Lindsay\Local Settings\Application Data\{6B48CC37-9F47-418C-A65B-EB7549DD289C}
[2011/06/16 09:26:47 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner.Lindsay\Local Settings\Application Data\{073B44C5-9107-4F84-A53E-963406EF5240}
[2011/02/09 22:03:48 | 000,000,314 | ---- | C] () -- C:\WINDOWS\primopdf.ini
[2010/08/28 12:41:56 | 000,000,558 | ---- | C] () -- C:\WINDOWS\hpomdl37.dat.temp
[2010/08/24 12:50:53 | 000,171,929 | ---- | C] () -- C:\WINDOWS\hpoins37.dat
[2010/08/24 12:50:53 | 000,000,558 | ---- | C] () -- C:\WINDOWS\hpomdl37.dat
[2010/08/19 16:09:36 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\MKCoInstaller.dll
[2010/08/19 16:09:36 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\MKSetting.exe
[2010/08/17 20:45:55 | 000,053,248 | R--- | C] () -- C:\WINDOWS\System32\InstMed.exe
[2010/08/17 20:45:46 | 000,009,255 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2010/05/28 15:21:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2010/05/24 14:03:34 | 000,819,200 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/05/24 14:03:34 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010/05/23 11:43:53 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010/02/12 14:34:27 | 000,005,018 | --S- | C] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2010/01/29 10:58:24 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner.Lindsay\Local Settings\Application Data\prvlcl.dat
[2009/10/21 13:43:09 | 000,290,816 | ---- | C] () -- C:\WINDOWS\System32\decdll.dll
[2009/10/14 20:30:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2009/10/14 20:26:19 | 000,593,920 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2009/10/14 20:17:11 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2009/10/14 19:37:47 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\atiumdva.dat
[2009/09/22 14:28:11 | 000,001,888 | ---- | C] () -- C:\WINDOWS\CA533A.INI
[2009/09/22 14:28:10 | 000,118,784 | ---- | C] () -- C:\WINDOWS\ShowBmp.exe
[2009/09/22 14:28:10 | 000,001,325 | ---- | C] () -- C:\WINDOWS\Remove.ini
[2009/08/20 11:32:05 | 000,168,448 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/03/31 07:03:57 | 000,000,022 | ---- | C] () -- C:\Documents and Settings\Owner.Lindsay\Local Settings\Application Data\kodakpcd.ini
[2009/03/26 11:18:00 | 000,028,992 | ---- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/01/06 20:55:01 | 000,001,353 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2008/09/09 19:26:05 | 000,000,034 | ---- | C] () -- C:\WINDOWS\hpfsched.ini
[2008/09/09 19:22:46 | 000,036,864 | ---- | C] () -- C:\WINDOWS\hpfsched.exe
[2008/07/31 22:47:28 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\atitmmxx.dll
[2008/07/31 21:59:05 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.dat
[2008/07/31 21:59:05 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2008/07/31 21:59:05 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2008/06/24 15:09:06 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2008/06/23 07:47:40 | 000,174,820 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2008/05/30 15:48:15 | 000,000,275 | ---- | C] () -- C:\WINDOWS\EReg104.dat
[2008/03/05 18:38:44 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\atibrtmon.exe
[2008/01/23 14:29:17 | 000,007,207 | R--- | C] () -- C:\WINDOWS\Disktool.INI
[2008/01/23 14:29:17 | 000,006,399 | R--- | C] () -- C:\WINDOWS\fwupgrade.ini
[2008/01/23 14:29:17 | 000,003,677 | R--- | C] () -- C:\WINDOWS\SoundCon.INI
[2007/10/07 17:29:33 | 000,278,728 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2007/10/07 17:29:32 | 000,025,416 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2007/08/21 15:51:16 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ATIODE.exe
[2007/08/21 13:36:12 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ATIODCLI.exe
[2007/03/29 11:04:25 | 000,000,575 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007/02/16 20:19:28 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Owner.Lindsay\Local Settings\Application Data\fusioncache.dat
[2007/02/01 20:59:43 | 000,000,048 | ---- | C] () -- C:\WINDOWS\Sierra.ini
[2007/01/26 23:08:32 | 000,039,608 | ---- | C] () -- C:\Documents and Settings\Owner.Lindsay\Application Data\wklnhst.dat
[2007/01/09 23:22:20 | 000,161,792 | ---- | C] () -- C:\Documents and Settings\Owner.Lindsay\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/12/16 13:21:51 | 000,684,032 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2006/12/16 13:21:51 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2006/12/16 13:14:11 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/11/27 17:53:56 | 000,000,076 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2006/11/27 17:53:55 | 000,000,341 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2006/11/24 23:01:07 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\jesterss.dll
[2006/11/24 22:59:27 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2006/11/24 22:56:07 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/11/24 22:55:25 | 000,550,912 | ---- | C] () -- C:\WINDOWS\zHotkey.exe
[2006/11/24 22:55:25 | 000,532,544 | ---- | C] () -- C:\WINDOWS\PIC.dll
[2006/11/24 22:55:25 | 000,042,040 | ---- | C] () -- C:\WINDOWS\PatchWnd.exe
[2006/11/24 22:55:25 | 000,036,864 | ---- | C] () -- C:\WINDOWS\ShowWnd.exe
[2006/11/24 22:55:25 | 000,024,576 | ---- | C] () -- C:\WINDOWS\HKNTDLL.dll
[2006/11/24 22:55:25 | 000,011,776 | ---- | C] () -- C:\WINDOWS\HIDMNT.dll
[2006/11/24 22:55:04 | 000,000,004 | ---- | C] () -- C:\WINDOWS\Pix11.dat
[2006/11/24 22:50:01 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/11/24 22:33:58 | 000,000,060 | ---- | C] () -- C:\WINDOWS\System32\SYSDRV.DAT
[2006/11/24 22:18:45 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/11/24 22:18:29 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/11/24 22:18:29 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/11/24 22:18:25 | 000,005,151 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006/11/24 22:18:20 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006/11/24 22:18:13 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2006/11/24 22:17:44 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/11/24 22:17:43 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/11/24 22:16:34 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/11/24 22:16:05 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006/08/10 09:33:30 | 001,519,616 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2006/08/10 09:33:28 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/08/10 09:33:28 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/08/10 09:33:27 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/08/10 09:33:25 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/08/10 09:33:25 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2006/08/10 09:33:25 | 000,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/08/10 09:33:25 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/08/10 09:33:21 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2006/08/10 09:33:21 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/08/10 09:33:20 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2006/06/21 03:48:15 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/06/21 03:12:42 | 000,352,256 | ---- | C] () -- C:\WINDOWS\System32\HotlineClient.exe
[2006/06/17 03:44:22 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006/06/17 03:37:18 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/06/17 03:24:58 | 000,001,276 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006/06/17 03:24:57 | 000,000,521 | ---- | C] () -- C:\WINDOWS\System32\emver.ini
[2006/06/17 03:23:22 | 000,524,460 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/06/17 03:23:22 | 000,098,524 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/06/16 20:31:45 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/06/16 20:30:47 | 000,286,112 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006/03/20 13:43:15 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2006/03/20 13:43:15 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2006/03/20 13:43:15 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2006/03/20 13:43:15 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2006/03/20 13:43:15 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2006/03/20 13:43:15 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2006/03/20 13:43:15 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2006/03/20 13:43:15 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2006/03/20 13:43:15 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2005/08/05 22:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/08/02 18:19:16 | 000,050,176 | ---- | C] () -- C:\WINDOWS\armcex.dll
[2004/09/16 13:26:40 | 000,012,634 | ---- | C] () -- C:\WINDOWS\System32\drivers\ADFUUD.SYS
[2004/09/16 13:26:40 | 000,012,634 | ---- | C] () -- C:\WINDOWS\ADFUUD.SYS

========== LOP Check ==========

[2011/12/26 18:39:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\DAEMON Tools Lite
[2011/12/26 18:39:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\OpenOffice.org
[2006/11/24 23:00:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SampleView
[2011/06/16 17:59:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2009/11/02 12:47:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2009/11/15 04:53:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2011/03/15 07:21:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/08/08 20:53:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2011/11/22 09:54:00 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\DSS
[2011/11/21 16:26:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EA Core
[2011/11/21 16:26:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
[2009/12/24 10:49:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InterVideo(2)
[2011/12/11 17:48:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Invoice Expert
[2010/08/21 14:07:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Leapfrog
[2010/12/31 12:47:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2008/12/30 16:26:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
[2010/03/04 19:40:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle
[2010/03/04 19:40:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle Studio Plus
[2010/02/07 17:21:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle Studio Ultimate
[2010/03/04 19:54:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle Studio Ultimate Collection
[2011/11/29 15:34:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2010/02/12 14:31:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
[2010/03/04 19:40:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Studio 14
[2009/12/24 10:50:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems(2)
[2006/12/16 13:16:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2006/11/24 23:00:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\SampleView
[2009/10/27 19:51:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Lindsay\Application Data\Any Video Converter
[2011/06/16 16:34:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Lindsay\Application Data\Azureus
[2011/11/20 18:14:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Lindsay\Application Data\com.acrobat.createpdf.CreatePDFDesktop
[2010/10/10 13:43:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Lindsay\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/08/08 20:59:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Lindsay\Application Data\DAEMON Tools Lite
[2010/01/31 20:37:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Lindsay\Application Data\enchant
[2009/10/21 13:43:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Lindsay\Application Data\FreeVideoConverter
[2010/03/04 18:27:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Lindsay\Application Data\GetRightToGo
[2010/12/31 15:39:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Lindsay\Application Data\gtk-2.0
[2010/08/07 17:24:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Lindsay\Application Data\inkscape
[2010/01/03 18:01:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Lindsay\Application Data\Leadertech
[2007/04/10 18:57:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Lindsay\Application Data\Microgaming
[2008/11/24 19:41:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Lindsay\Application Data\Nvu
[2010/02/21 10:11:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Lindsay\Application Data\OpenOffice.org
[2009/10/15 16:45:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Lindsay\Application Data\OxelonMC
[2011/12/11 23:28:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Lindsay\Application Data\PrimoPDF
[2006/11/24 23:00:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Lindsay\Application Data\SampleView
[2010/10/26 08:50:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Lindsay\Application Data\SecondLife
[2009/03/31 06:55:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Lindsay\Application Data\Skinux
[2011/07/29 11:55:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Lindsay\Application Data\SmartDraw
[2007/01/26 23:08:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Lindsay\Application Data\Template
[2007/10/03 09:48:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Lindsay\Application Data\Viewpoint
[2011/12/19 22:41:32 | 000,000,260 | ---- | M] () -- C:\WINDOWS\Tasks\Disk Cleanup.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-07-13 14:40:33

< C:\Windows\assembly\tmp\U\*.* /s >

< End of report >
  • 0

#35
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
How is your computer running?

What issues do you currently have?

Please try to do Windows Update:

Click Start > All Programs > Microsoft Update (or Windows update if Microsoft update is not present in the upper left portion of your start menu)

Please let me know if you can access the update and have it show updates. Do not update at this time though.

CompCav
  • 0

#36
Skiminims

Skiminims

    Member

  • Topic Starter
  • Member
  • PipPip
  • 63 posts
Ok, clicked on it and Internet explorer popped up at update.microsoft.com and was able to check for updates and I have a list showing possible updates.
  • 0

#37
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
How is your computer running?

What issues do you currently have?
  • 0

#38
Skiminims

Skiminims

    Member

  • Topic Starter
  • Member
  • PipPip
  • 63 posts
Computer seems to be running fine. No pop-ups, no lag anywhere that I can tell. Seems to be back to it's old self.
  • 0

#39
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
Step 1.

Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.


Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



Step 2.

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic


Run ESET Online Scan

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
  • ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Make sure that the option "Remove found threats" is Unchecked
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


Step 3.

Security Check
Download Security Check by screen317 from here or here.

Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Step 4.

Please post:
mbam log
eset log
checkup.txt



Are there any new issues?
  • 0

#40
Skiminims

Skiminims

    Member

  • Topic Starter
  • Member
  • PipPip
  • 63 posts
Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2011.12.30.01

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Owner :: LINDSAY [administrator]

12/29/2011 8:09:34 PM
mbam-log-2011-12-29 (20-09-34).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 199277
Time elapsed: 11 minute(s), 59 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Documents and Settings\Administrator\Desktop\uSeRiNiT.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

(end)

C:\Documents and Settings\Owner.Lindsay\Desktop\New Folder\MyPhoneExplorer_Setup_1.6.7.exe a variant of Win32/Adware.ADON application
C:\Documents and Settings\Owner.Lindsay\My Documents\Downloads\couponprinter.exe probably a variant of Win32/Adware.Softomate.AD application
C:\Documents and Settings\Owner.Lindsay\My Documents\Downloads\Setup_FreeVideoConverter(2).exe Win32/Adware.Toolbar.Dealio application
C:\Documents and Settings\Owner.Lindsay\My Documents\Downloads\Setup_FreeVideoConverter(3).exe Win32/Adware.Toolbar.Dealio application
C:\Documents and Settings\Owner.Lindsay\My Documents\Downloads\Setup_FreeVideoConverter(4).exe Win32/Adware.Toolbar.Dealio application
C:\Documents and Settings\Owner.Lindsay\My Documents\Downloads\Setup_FreeVideoConverter(5).exe Win32/Adware.Toolbar.Dealio application
C:\Documents and Settings\Owner.Lindsay\My Documents\Downloads\Setup_FreeVideoConverter(6).exe multiple threats
C:\Documents and Settings\Owner.Lindsay\My Documents\Downloads\Setup_FreeVideoConverter.exe Win32/Adware.Toolbar.Dealio application
C:\Qoobox\Quarantine\C\Documents and Settings\Owner.Lindsay\Application Data\Mozilla\Firefox\Profiles\2ygg9a1s.default\extensions\{2a5e149e-c859-4c51-b16b-ba623b583935}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan
C:\Qoobox\Quarantine\C\Documents and Settings\Owner.Lindsay\Application Data\Mozilla\Firefox\Profiles\2ygg9a1s.default\extensions\{2a5e149e-c859-4c51-b16b-ba623b583935}\chrome\xulcache.jar.vir JS/Agent.NDJ trojan
C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP1\A0000033.manifest Win32/TrojanDownloader.Tracur.F trojan
C:\_OTL\MovedFiles\12272011_121402\C_Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ko8dw50z.default\extensions\{2a5e149e-c859-4c51-b16b-ba623b583935}\chrome.manifest Win32/TrojanDownloader.Tracur.F trojan
C:\_OTL\MovedFiles\12272011_121402\C_Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ko8dw50z.default\extensions\{2a5e149e-c859-4c51-b16b-ba623b583935}\chrome\xulcache.jar JS/Agent.NDJ trojan

Results of screen317's Security Check version 0.99.30
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
avast! Free Antivirus
ESET Online Scanner v3
Antivirus out of date!
```````````````````````````````
Anti-malware/Other Utilities Check:

Java™ 6 Update 20
Java version out of date!
Adobe Flash Player 10.2.152.32 Flash Player out of Date!
Adobe Reader 9 Adobe Reader out of date!
Mozilla Firefox (3.6.25) Firefox out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

AVAST Software Avast AvastSvc.exe
AVAST Software Avast avastUI.exe
``````````End of Log````````````
  • 0

Advertisements


#41
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
Are there any new issues?

How is the computer performing?
  • 0

#42
Skiminims

Skiminims

    Member

  • Topic Starter
  • Member
  • PipPip
  • 63 posts
The computer is performing fine, just as before. There is one issue that I think is hardware. It is doing a beep/squeak thing (I think it sounds like more of a squeak) when it is doing long scans. It does it occasionally. Maybe my processor fan? Not sure.
  • 0

#43
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
Step 1.

We need to run an OTL Fix

  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.

    :OTL
    
    
    
    :files
    ipconfig /flushdns /c
    C:\Documents and Settings\Owner.Lindsay\Desktop\New Folder\MyPhoneExplorer_Setup_1.6.7.exe
    C:\Documents and Settings\Owner.Lindsay\My Documents\Downloads\couponprinter.exe
    C:\Documents and Settings\Owner.Lindsay\My Documents\Downloads\Setup_FreeVideoConverter(2).exe
    C:\Documents and Settings\Owner.Lindsay\My Documents\Downloads\Setup_FreeVideoConverter(3).exe
    C:\Documents and Settings\Owner.Lindsay\My Documents\Downloads\Setup_FreeVideoConverter(4).exe
    C:\Documents and Settings\Owner.Lindsay\My Documents\Downloads\Setup_FreeVideoConverter(5).exe 
    C:\Documents and Settings\Owner.Lindsay\My Documents\Downloads\Setup_FreeVideoConverter(6).exe
    C:\Documents and Settings\Owner.Lindsay\My Documents\Downloads\Setup_FreeVideoConverter.exe
    C:\Documents and Settings\Owner.Lindsay\Desktop\New Folder
    
    
    
    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [createrestorepoint]
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date and the time of the tool run.





Step 2.

Your antivirus is out of date. Please right click on the orange ball in your system tray and select update, then select update Program, this should check for program updates to install as well as engine and virus definitions.
However if it does not update the engine and virus definitions go back and right click the orange ball again and select update, then selecit Engine and virus definitions.


Step 3.

Update Java

Please download JavaRa to your desktop and unzip it to its own folder

Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
Accept any prompts.
Open JavaRa.exe again and select Search For Updates.
Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.


Step 4.

Update Adobe Reader

Recently there have been vunerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

Uninstall all previous versions.
Download the latest version from: http://www.adobe.com.../readstep2.html

If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.


Step 5.

Update Mozilla FireFox

Your version of FireFox is 3.6 and the current release is 9

Please uninstall the version you have and go here to download the latest version and install it.


Step 6.

Update adobe flash player

You will need to download and install both the IE and non-IE versions of Adobe Flashplayer. Make sure to uncheck the install of the McAfee tool before downloading. You will need to select your operating system (XP 32-bit) and then each version to download and install separately.


Step 7.

Please rerun OTL.

Click Scan all Users, LOP, and Purity

Then click Quickscan

It will produce an OTL.txt log on your desktop. Please post it in your next reply.

The squeak can be checked out in this forum area.


What issues are you still having with your computer?
  • 0

#44
Skiminims

Skiminims

    Member

  • Topic Starter
  • Member
  • PipPip
  • 63 posts
Which version of Java should I download?

Windows x86 Online 0.85 MB jre-7u2-windows-i586-iftw.exe
Windows x86 Offline 19.35 MB jre-7u2-windows-i586.exe
Windows x64 20.46 MB jre-7u2-windows-x64.exe
  • 0

#45
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
Windows x86 Offline 19.35 MB jre-7u2-windows-i586.exe
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP