Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Space Eating Malware

Started by kilawen , Dec 29 2011 12:51 PM

  • Please log in to reply

#1
kilawen
Posted 29 December 2011 - 12:51 PM

kilawen

    New Member

  • Member
  • Pip
  • 2 posts
I might have a malware that my free AVG antivirus and my Advanced System Care can't detect. Neither can my hacked McaffeeOAS.

I download a lot of movies so I know I have just a little space to spare but i have been deleting them permanently by using Shift Delete or Emptying the Recycle Bin.

But out of 149 G I am only getting 55 MB free space now and it's going lower and lower with each time.

I did Disk Clean Up and that seemed to have brought it back to 500 MB, but that's still too small considering I deleted a 3 gig movie.
Another thing that might be worth noting is that when it doesn't allow me to delete the Roxio Back on Track files on the Disk Clean Up program, and my Advanced System Care can't diagnose the system because it's always stuck on checking computer for malwares.

(log file to follow in a few mins)

Edited by kilawen, 29 December 2011 - 01:16 PM.

  • 0

Advertisements

#2
kilawen
Posted 29 December 2011 - 01:40 PM

kilawen

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
OTL logfile created on: 12/29/2011 10:56:47 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Romeo\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1015.23 Mb Total Physical Memory | 191.90 Mb Available Physical Memory | 18.90% Memory free
2.39 Gb Paging File | 1.58 Gb Available in Paging File | 66.08% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 0.48 Gb Free Space | 0.32% Space Free | Partition Type: NTFS

Computer Name: MICHAEL | User Name: Romeo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/29 10:55:16 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Romeo\My Documents\downloads\OTL.exe
PRC - [2011/12/02 14:17:38 | 000,074,752 | ---- | M] (Freemake) -- C:\Documents and Settings\All Users\Application Data\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
PRC - [2011/09/10 06:28:50 | 002,338,656 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2011/09/09 03:10:56 | 001,082,208 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2011/08/18 01:33:26 | 000,659,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2011/08/18 01:33:06 | 007,390,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2011/05/23 14:13:04 | 000,657,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2011/03/28 02:00:52 | 000,351,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
PRC - [2011/02/10 06:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011/02/08 04:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2010/10/24 14:38:50 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2010/09/28 20:33:02 | 002,407,632 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
PRC - [2010/09/20 21:40:50 | 000,977,976 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Romeo\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2009/11/08 19:17:50 | 000,180,224 | ---- | M] (PowerISO Computing, Inc.) -- C:\Program Files\PowerISO\PWRISOVM.EXE
PRC - [2009/10/22 19:07:00 | 000,146,448 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
PRC - [2009/10/22 19:07:00 | 000,124,240 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
PRC - [2009/10/22 19:07:00 | 000,070,728 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\mfevtps.exe
PRC - [2009/10/22 19:07:00 | 000,066,896 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
PRC - [2009/10/22 19:07:00 | 000,027,960 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe
PRC - [2009/10/22 19:07:00 | 000,021,256 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
PRC - [2009/08/25 15:00:00 | 000,226,624 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
PRC - [2009/08/25 15:00:00 | 000,136,512 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\UdaterUI.exe
PRC - [2009/08/25 15:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe
PRC - [2009/08/25 15:00:00 | 000,091,456 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\McTray.exe
PRC - [2009/07/09 18:27:18 | 000,134,600 | ---- | M] (PortableApps.com) -- C:\Program Files\On-ScreenKeyboardPortable\On-ScreenKeyboardPortable.exe
PRC - [2009/03/30 15:02:08 | 000,319,488 | ---- | M] () -- C:\Program Files\HP\HPBTWD.exe
PRC - [2009/02/13 18:17:20 | 000,399,848 | ---- | M] (HP) -- C:\Program Files\HPQ\HP Connection Manager 2\bin\mdvauthsrv.exe
PRC - [2009/02/13 18:17:20 | 000,281,064 | ---- | M] (HP) -- C:\Program Files\HPQ\HP Connection Manager 2\bin\mdvsrv.exe
PRC - [2008/11/06 17:56:18 | 002,025,968 | ---- | M] () -- C:\Program Files\Roxio\BackOnTrack\Main\Backup_Central10.exe
PRC - [2008/04/15 04:00:00 | 000,215,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\osk.exe
PRC - [2008/04/15 04:00:00 | 000,064,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cleanmgr.exe
PRC - [2008/04/15 04:00:00 | 000,006,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msswchx.exe
PRC - [2007/09/02 12:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.exe


========== Modules (No Company Name) ==========

MOD - [2011/12/29 10:29:14 | 000,016,384 | ---- | M] () -- C:\Documents and Settings\Romeo\Local Settings\Temp\nse82.tmp\registry.dll
MOD - [2011/12/29 10:29:13 | 000,008,704 | ---- | M] () -- C:\Documents and Settings\Romeo\Local Settings\Temp\nse82.tmp\newadvsplash.dll
MOD - [2011/12/29 10:29:12 | 000,011,264 | ---- | M] () -- C:\Documents and Settings\Romeo\Local Settings\Temp\nse82.tmp\System.dll
MOD - [2011/12/28 14:03:00 | 001,848,832 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Web.Services\a8b3b855811673736626d2c54a5b7a9b\System.Web.Services.ni.dll
MOD - [2011/12/28 14:02:00 | 017,978,368 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\e75e84d40ba7ab388e6e0c3ed5e5eccb\System.ServiceModel.ni.dll
MOD - [2011/12/28 14:00:02 | 001,071,104 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\e024c7b5e7ea27128c2c18ffe47d532a\System.IdentityModel.ni.dll
MOD - [2011/12/28 13:52:43 | 000,646,656 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Transactions\44c1fb4dc0d2b70ac91d1124e43a5c3f\System.Transactions.ni.dll
MOD - [2011/12/28 13:52:38 | 001,019,392 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\b68de190f1244fee530d443a6b13d680\System.Runtime.DurableInstancing.ni.dll
MOD - [2011/12/28 13:52:31 | 000,142,336 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\9e5119c293c7bc004c1f40b6e3a3e9e7\SMDiagnostics.ni.dll
MOD - [2011/12/28 13:52:28 | 002,629,632 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\e010cf2e93ce0060737bddaa0f1bb16b\System.Runtime.Serialization.ni.dll
MOD - [2011/12/28 12:07:01 | 007,049,216 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\a451bc4184621fea6d5016144c1dc5a0\System.Core.ni.dll
MOD - [2011/12/28 12:06:57 | 005,611,008 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\53933ab768e6942749c0c637a2d72131\System.Xml.ni.dll
MOD - [2011/12/28 12:06:30 | 000,974,336 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\4254c538267ab98946c96b4924d441f3\System.Configuration.ni.dll
MOD - [2011/12/28 12:06:18 | 009,060,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\58c9be4722eba6c936d898de5db7a99d\System.ni.dll
MOD - [2011/12/28 12:05:22 | 014,407,680 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\c67723c313466429fb66b20c297ccd4f\mscorlib.ni.dll
MOD - [2011/12/05 08:10:55 | 000,057,344 | ---- | M] () -- C:\Documents and Settings\Romeo\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj\1.0.0_0\npFreemake.dll
MOD - [2011/02/10 06:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
MOD - [2010/09/20 21:40:49 | 002,613,816 | ---- | M] () -- C:\Documents and Settings\Romeo\Local Settings\Application Data\Google\Chrome\Application\6.0.472.63\pdf.dll
MOD - [2010/09/20 21:39:49 | 000,174,648 | ---- | M] () -- C:\Documents and Settings\Romeo\Local Settings\Application Data\Google\Chrome\Application\6.0.472.63\Locales\en-US.dll
MOD - [2010/09/20 21:39:28 | 000,091,192 | ---- | M] () -- C:\Documents and Settings\Romeo\Local Settings\Application Data\Google\Chrome\Application\6.0.472.63\avutil-50.dll
MOD - [2010/09/20 21:39:27 | 000,193,592 | ---- | M] () -- C:\Documents and Settings\Romeo\Local Settings\Application Data\Google\Chrome\Application\6.0.472.63\avformat-52.dll
MOD - [2010/09/20 21:39:25 | 001,434,680 | ---- | M] () -- C:\Documents and Settings\Romeo\Local Settings\Application Data\Google\Chrome\Application\6.0.472.63\avcodec-52.dll
MOD - [2010/09/20 19:41:21 | 005,964,752 | ---- | M] () -- C:\Documents and Settings\Romeo\Local Settings\Application Data\Google\Chrome\Application\6.0.472.63\gcswf32.dll
MOD - [2010/02/05 10:27:45 | 001,291,776 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2010/01/22 13:13:30 | 000,323,160 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 3\winSkinD7R.bpl
MOD - [2010/01/22 13:13:16 | 000,045,656 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 3\CoolTrayIcon_D6plus.bpl
MOD - [2010/01/22 13:11:42 | 000,250,968 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 3\sqlite3.dll
MOD - [2010/01/22 13:11:36 | 000,150,616 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 3\STFix.dll
MOD - [2010/01/22 13:11:30 | 000,057,432 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 3\NtfsData.dll
MOD - [2009/08/25 15:00:00 | 000,057,344 | ---- | M] () -- C:\Program Files\McAfee\Common Framework\boost_thread-vc71-mt-1_32.dll
MOD - [2009/03/30 15:02:08 | 000,319,488 | ---- | M] () -- C:\Program Files\HP\HPBTWD.exe
MOD - [2009/02/13 18:17:34 | 000,502,248 | ---- | M] () -- C:\Program Files\HPQ\HP Connection Manager 2\bin\OsifUtils.dll
MOD - [2009/02/13 18:17:32 | 000,481,768 | ---- | M] () -- C:\Program Files\HPQ\HP Connection Manager 2\bin\MdvEapTtls.dll
MOD - [2009/02/13 18:17:32 | 000,481,768 | ---- | M] () -- C:\Program Files\HPQ\HP Connection Manager 2\bin\MdvEapTls.dll
MOD - [2009/02/13 18:17:32 | 000,354,792 | ---- | M] () -- C:\Program Files\HPQ\HP Connection Manager 2\bin\MdvEapTlv.dll
MOD - [2009/02/13 18:17:30 | 000,362,984 | ---- | M] () -- C:\Program Files\HPQ\HP Connection Manager 2\bin\MdvEapMschapV2.dll
MOD - [2009/02/13 18:17:30 | 000,354,792 | ---- | M] () -- C:\Program Files\HPQ\HP Connection Manager 2\bin\MdvEapLeap.dll
MOD - [2009/02/13 18:17:30 | 000,346,600 | ---- | M] () -- C:\Program Files\HPQ\HP Connection Manager 2\bin\MdvEapGtc.dll
MOD - [2009/02/13 18:17:30 | 000,342,504 | ---- | M] () -- C:\Program Files\HPQ\HP Connection Manager 2\bin\MdvEapMd5.dll
MOD - [2009/02/13 18:17:28 | 000,522,728 | ---- | M] () -- C:\Program Files\HPQ\HP Connection Manager 2\bin\MdvEapFast.dll
MOD - [2008/11/06 17:56:38 | 000,195,056 | ---- | M] () -- C:\Program Files\Roxio\BackOnTrack\Main\MainrENU.dll
MOD - [2008/11/06 17:56:18 | 002,025,968 | ---- | M] () -- C:\Program Files\Roxio\BackOnTrack\Main\Backup_Central10.exe
MOD - [2008/11/04 00:44:24 | 000,439,632 | ---- | M] () -- C:\Program Files\Common Files\Microsoft Shared\DW\DWDCW20.DLL
MOD - [2007/09/02 12:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.exe
MOD - [2007/09/02 12:57:36 | 000,069,632 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.dll
MOD - [2005/08/22 15:38:16 | 003,264,512 | ---- | M] () -- C:\Program Files\McAfee\Common Framework\cryptocme2.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/12/02 14:17:38 | 000,074,752 | ---- | M] (Freemake) [Auto | Running] -- C:\Documents and Settings\All Users\Application Data\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe -- (Freemake Improver)
SRV - [2011/08/18 01:33:06 | 007,390,560 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/04/25 14:42:16 | 000,658,432 | ---- | M] (Macrovision Europe Ltd.) [Disabled | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/02/08 04:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2009/10/22 19:07:00 | 000,146,448 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe -- (McShield)
SRV - [2009/10/22 19:07:00 | 000,070,728 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\WINDOWS\system32\mfevtps.exe -- (mfevtp)
SRV - [2009/10/22 19:07:00 | 000,066,896 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe -- (McTaskManager)
SRV - [2009/10/22 19:07:00 | 000,021,256 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe -- (McAfeeEngineService)
SRV - [2009/08/25 15:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)
SRV - [2009/03/30 12:47:00 | 000,254,042 | ---- | M] (IDT, Inc.) [Disabled | Stopped] -- c:\Program Files\IDT\WDM\stacsv.exe -- (STacSV)
SRV - [2009/02/13 18:17:20 | 000,399,848 | ---- | M] (HP) [Auto | Running] -- C:\Program Files\HPQ\HP Connection Manager 2\bin\mdvauthsrv.exe -- (mdvauthsrv)
SRV - [2009/02/13 18:17:20 | 000,281,064 | ---- | M] (HP) [Auto | Running] -- C:\Program Files\HPQ\HP Connection Manager 2\bin\mdvsrv.exe -- (mdvsrv)
SRV - [2009/01/14 14:56:46 | 000,345,336 | ---- | M] (QUALCOMM, Inc.) [Disabled | Stopped] -- C:\QUALCOMM\QDLService\QDLService.exe -- (QDLService)
SRV - [2009/01/09 08:54:26 | 000,081,920 | ---- | M] () [Disabled | Stopped] -- C:\WINDOWS\system32\SupportAppXL\cdrom_mon.exe -- (Autorun CDROM Monitor)
SRV - [2008/12/11 21:46:22 | 000,125,424 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe -- (9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269)
SRV - [2008/11/09 12:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Disabled | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV - [2011/05/27 19:05:44 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/04/04 23:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/03/16 15:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/03/01 13:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/02/22 07:13:02 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/02/10 06:53:54 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/02/10 06:53:52 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/01/07 05:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/11/09 05:08:04 | 000,026,112 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tap0901.sys -- (tap0901)
DRV - [2010/10/31 14:21:25 | 000,278,728 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)
DRV - [2010/10/31 14:21:24 | 000,025,416 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2010/10/25 07:44:21 | 000,721,904 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/11/08 19:21:18 | 000,059,388 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2009/10/22 19:07:00 | 000,343,664 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2009/10/22 19:07:00 | 000,091,672 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2009/10/22 19:07:00 | 000,075,704 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2009/10/22 19:07:00 | 000,065,448 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2009/10/22 19:07:00 | 000,063,728 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdik.sys -- (mfetdik)
DRV - [2009/10/22 19:07:00 | 000,043,288 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009/06/22 18:24:48 | 000,100,480 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbdev.sys -- (hwusbdev)
DRV - [2009/05/08 10:46:59 | 001,735,040 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2009/03/30 12:47:00 | 001,550,891 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2009/03/30 09:39:16 | 000,105,344 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbvoice.sys -- (ZTEusbvoice)
DRV - [2009/03/30 09:39:10 | 000,104,960 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2009/03/30 09:39:06 | 000,105,344 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2009/03/30 09:38:48 | 000,104,960 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2009/03/19 10:55:06 | 000,113,664 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AESTAud.sys -- (AESTAud)
DRV - [2009/03/02 13:03:48 | 000,038,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l1c51x86.sys -- (L1c)
DRV - [2009/01/14 14:49:54 | 000,104,448 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\qcusbserhp.sys -- (qcusbserhp)
DRV - [2008/12/11 00:00:00 | 000,025,584 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SaibVd32.sys -- (SaibVd32)
DRV - [2008/12/11 00:00:00 | 000,021,488 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\SahdIa32.sys -- (SahdIa32)
DRV - [2008/12/11 00:00:00 | 000,015,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\SaibIa32.sys -- (SaibIa32)
DRV - [2008/11/21 17:36:46 | 000,160,256 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTS5121.sys -- (RSUSBSTOR)
DRV - [2008/09/26 17:01:00 | 000,101,376 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2008/09/24 21:09:40 | 000,103,792 | ---- | M] (Sonic Solutions) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\syscow32x.sys -- (SysCow)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cnnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = webproxy.int.westgroup.com:80

========== FireFox ==========

FF - prefs.js..network.proxy.backup.ftp: "127.0.0.1"
FF - prefs.js..network.proxy.backup.ftp_port: 9666
FF - prefs.js..network.proxy.backup.socks: "127.0.0.1"
FF - prefs.js..network.proxy.backup.socks_port: 9666
FF - prefs.js..network.proxy.backup.ssl: "127.0.0.1"
FF - prefs.js..network.proxy.backup.ssl_port: 9666
FF - prefs.js..network.proxy.ftp: "127.0.0.1"
FF - prefs.js..network.proxy.ftp_port: 9666
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 9666
FF - prefs.js..network.proxy.no_proxies_on: ""
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "127.0.0.1"
FF - prefs.js..network.proxy.socks_port: 9666
FF - prefs.js..network.proxy.ssl: "127.0.0.1"
FF - prefs.js..network.proxy.ssl_port: 9666
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.50917.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Documents and Settings\Romeo\Local Settings\Application Data\Google\Update\1.2.183.23\npGoogleOneClick8.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/12/05 08:48:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\ [2011/12/02 09:40:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/12/16 07:53:35 | 000,000,000 | ---D | M]

[2011/04/20 22:35:04 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Romeo\Application Data\Mozilla\Extensions
[2011/04/20 22:33:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/12/02 09:40:16 | 000,000,000 | ---D | M] (Freemake Video Converter Plugin) -- C:\PROGRAM FILES\FREEMAKE\FREEMAKE VIDEO CONVERTER\BROWSERPLUGIN\FIREFOX
[2009/05/08 10:55:25 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010/06/24 15:19:08 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/12/16 07:53:32 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/12/16 07:53:13 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/12/16 07:53:12 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google ()
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - Extension: AT_InfectedMushroom = C:\Documents and Settings\Romeo\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dobnnindgjlefbclgkdfgjaikcdiaone\3_0\
CHR - Extension: Freemake Video Converter = C:\Documents and Settings\Romeo\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj\1.0.0_0\
CHR - Extension: AVG Safe Search = C:\Documents and Settings\Romeo\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\

O1 HOSTS File: ([2008/04/15 04:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Blacks Law Dictionary Digital) - {2360EB3A-59E2-4E70-95B0-690CF14E0F23} - C:\Program Files\Thomson West\Blacks Law\BlacksLawToolbarIE.dll (Thomson West)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [HP BTW Detect Program] C:\Program Files\HP\HPBTWD.exe ()
O4 - HKLM..\Run: [HP Mobile Broadband] c:\SWsetup\HPQWWAN\HPMobileBroadband.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\udaterui.exe (McAfee, Inc.)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - HKCU..\Run: [Advanced SystemCare 3] C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe (IObit)
O4 - HKCU..\Run: [RocketDock] C:\Program Files\RocketDock\RocketDock.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O15 - HKCU\..Trusted Domains: hjk.vom ([]https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 4.2.2.2 198.80.142.4 10.106.140.20
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3B4E77E4-717D-4DBB-A46D-526FF99AEE75}: DhcpNameServer = 4.2.2.2 198.80.142.4 10.106.140.20
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (C:\RECYCLER\S-1-5-21-1364786105-2091244169-280831980-3385\yv8g67.exe) - File not found
O20 - HKCU Winlogon: Shell - (C:\RECYCLER\S-1-5-21-2223324474-0154354819-976408685-9185\yv8g67.exe) - File not found
O20 - HKCU Winlogon: Shell - (C:\Documents and Settings\Romeo\Application Data\szdx.exe) - File not found
O20 - HKCU Winlogon: Shell - (C:\RECYCLER\S-1-5-21-9455509167-1050072142-963776237-9746\yv8g67.exe) - File not found
O20 - HKCU Winlogon: Shell - (C:\Documents and Settings\Romeo\ctfmon.exe) - File not found
O20 - HKCU Winlogon: Shell - (explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\RelevantKnowledge: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Romeo\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Romeo\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/12/31 09:51:32 | 000,002,194 | RHS- | M] () - C:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{1609e0e7-8f61-11df-8f1b-0025b3560d50}\Shell - "" = AutoRun
O33 - MountPoints2\{1609e0e7-8f61-11df-8f1b-0025b3560d50}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{1609e0e7-8f61-11df-8f1b-0025b3560d50}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{203b0e1c-e46f-11de-9537-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{203b0e1c-e46f-11de-9537-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{203b0e1c-e46f-11de-9537-806d6172696f}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\Printerprnt.exe usbdrop usb
O33 - MountPoints2\{20e2025f-7152-11df-a8b4-0025b3560d50}\Shell - "" = AutoRun
O33 - MountPoints2\{20e2025f-7152-11df-a8b4-0025b3560d50}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{20e2025f-7152-11df-a8b4-0025b3560d50}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{20e2028b-7152-11df-a8b4-0025b3560d50}\Shell - "" = AutoRun
O33 - MountPoints2\{20e2028b-7152-11df-a8b4-0025b3560d50}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{20e2028b-7152-11df-a8b4-0025b3560d50}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{33ffbf1d-71d1-11df-a5ba-0025b3560d50}\Shell - "" = AutoRun
O33 - MountPoints2\{33ffbf1d-71d1-11df-a5ba-0025b3560d50}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{33ffbf1d-71d1-11df-a5ba-0025b3560d50}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{45d4a47d-064b-11df-852a-0025b3560d50}\Shell - "" = AutoRun
O33 - MountPoints2\{45d4a47d-064b-11df-852a-0025b3560d50}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{45d4a47d-064b-11df-852a-0025b3560d50}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\srvFile.exe usbdrop usb
O33 - MountPoints2\{5de0f158-752c-11df-bf2b-0025b3560d50}\Shell - "" = AutoRun
O33 - MountPoints2\{5de0f158-752c-11df-bf2b-0025b3560d50}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{5de0f158-752c-11df-bf2b-0025b3560d50}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{8db443a0-f41f-11df-8e28-0025b3560d50}\Shell - "" = AutoRun
O33 - MountPoints2\{8db443a0-f41f-11df-8e28-0025b3560d50}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{8db443a0-f41f-11df-8e28-0025b3560d50}\Shell\AutoRun\command - "" = D:\LaunchU3.exe -a
O33 - MountPoints2\{9282b55a-d0a5-11df-9ced-0025b3560d50}\Shell - "" = AutoRun
O33 - MountPoints2\{9282b55a-d0a5-11df-9ced-0025b3560d50}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9282b55a-d0a5-11df-9ced-0025b3560d50}\Shell\AutoRun\command - "" = E:\USBNB.exe
O33 - MountPoints2\{98e52e5e-7115-11df-9e1b-0025b3560d50}\Shell - "" = AutoRun
O33 - MountPoints2\{98e52e5e-7115-11df-9e1b-0025b3560d50}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{98e52e5e-7115-11df-9e1b-0025b3560d50}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{a1b75eb5-7807-11df-ac69-0025b3560d50}\Shell - "" = AutoRun
O33 - MountPoints2\{a1b75eb5-7807-11df-ac69-0025b3560d50}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a1b75eb5-7807-11df-ac69-0025b3560d50}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{ab979981-ed68-11df-8d8f-0025b3560d50}\Shell\AutoRun\command - "" = F:\TeUIj.eXe
O33 - MountPoints2\{b4047cd8-7230-11df-ad4a-0025b3560d50}\Shell - "" = AutoRun
O33 - MountPoints2\{b4047cd8-7230-11df-ad4a-0025b3560d50}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b4047cd8-7230-11df-ad4a-0025b3560d50}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{b4047ce7-7230-11df-ad4a-0025b3560d50}\Shell - "" = AutoRun
O33 - MountPoints2\{b4047ce7-7230-11df-ad4a-0025b3560d50}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b4047ce7-7230-11df-ad4a-0025b3560d50}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{d35dddb8-2e33-11e0-82b1-0025b3560d50}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{d35dddb8-2e33-11e0-82b1-0025b3560d50}\Shell\AutoRun\command - "" = D:\zarila//samzar.exe
O33 - MountPoints2\{d35dddb8-2e33-11e0-82b1-0025b3560d50}\Shell\Explore\command - "" = D:\zarila//samzar.exe
O33 - MountPoints2\{d35dddb8-2e33-11e0-82b1-0025b3560d50}\Shell\Open\command - "" = D:\zarila//samzar.exe
O33 - MountPoints2\{d7f95841-79be-11df-a0b2-0025b3560d50}\Shell - "" = AutoRun
O33 - MountPoints2\{d7f95841-79be-11df-a0b2-0025b3560d50}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{d7f95841-79be-11df-a0b2-0025b3560d50}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{f03ae160-ec74-11df-a763-0025b3560d50}\Shell - "" = AutoRun
O33 - MountPoints2\{f03ae160-ec74-11df-a763-0025b3560d50}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{f03ae160-ec74-11df-a763-0025b3560d50}\Shell\AutoRun\command - "" = D:\Install.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O36 - AppCertDlls: AppSecDll - (C:\Documents and Settings\Romeo\Local Settings\Application Data\Windows Server\ckiobo.dll) - File not found
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/29 09:27:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Romeo\Start Menu\Programs\WinDirStat
[2011/12/29 09:26:59 | 000,000,000 | ---D | C] -- C:\Program Files\WinDirStat
[2011/12/29 09:18:37 | 004,356,248 | ---- | C] (Swearware) -- C:\Documents and Settings\Romeo\Desktop\ComboFix.exe
[2011/12/28 11:50:44 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/12/27 15:09:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PowerISO
[2011/12/27 15:09:16 | 000,000,000 | ---D | C] -- C:\Program Files\PowerISO
[2011/12/27 14:54:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Romeo\Application Data\Thinstall
[2011/12/27 14:43:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Romeo\Desktop\earth, wind & fire - that's the way of the world
[2011/12/27 14:43:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Romeo\Desktop\Into the Woods-Stephen Sondheim
[2011/12/15 07:59:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Romeo\Desktop\leisurre
[2011/12/02 09:40:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Romeo\My Documents\Freemake
[2011/12/02 09:40:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Freemake
[2011/12/02 09:40:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Freemake
[2011/12/02 09:39:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Romeo\Start Menu\Programs\Freemake
[2011/12/02 09:39:01 | 000,000,000 | ---D | C] -- C:\Program Files\Freemake
[2011/12/01 16:38:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Leawo
[2011/12/01 16:38:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Leawo
[2011/12/01 16:31:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Romeo\Desktop\leawo
[2011/12/01 15:41:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Romeo\Application Data\tiger-k
[2011/12/01 15:41:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Romeo\My Documents\Leawo
[2011/12/01 15:41:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Romeo\Application Data\Leawo
[2011/12/01 15:38:57 | 000,000,000 | ---D | C] -- C:\Program Files\RelevantKnowledge
[2011/12/01 15:36:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\K-Lite Codec Pack
[2011/12/01 15:36:31 | 000,000,000 | ---D | C] -- C:\Program Files\K-Lite Codec Pack
[2011/12/01 15:35:54 | 000,139,264 | ---- | C] (http://www.xvid.org) -- C:\WINDOWS\System32\xvid.ax
[2011/12/01 15:35:53 | 000,606,208 | ---- | C] (http://www.xvid.org) -- C:\WINDOWS\System32\xvidcore.dll
[2011/12/01 15:34:09 | 000,000,000 | ---D | C] -- C:\Program Files\Leawo
[2011/12/01 11:04:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Romeo\My Documents\New Folder
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/12/29 11:20:33 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\BackOnTrack Instant Restore Idle.job
[2011/12/29 11:03:00 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-688044517-2027637066-181029217-1006UA.job
[2011/12/29 10:10:00 | 000,484,770 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/12/29 10:10:00 | 000,080,618 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/12/29 10:06:47 | 000,000,376 | ---- | M] () -- C:\WINDOWS\tasks\AWC AutoSweep.job
[2011/12/29 10:05:29 | 000,000,332 | ---- | M] () -- C:\WINDOWS\tasks\systems.job
[2011/12/29 10:04:22 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/12/29 10:04:20 | 1064,620,032 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/29 09:27:03 | 000,000,706 | ---- | M] () -- C:\Documents and Settings\Romeo\Desktop\WinDirStat.lnk
[2011/12/29 09:25:31 | 004,356,248 | ---- | M] (Swearware) -- C:\Documents and Settings\Romeo\Desktop\ComboFix.exe
[2011/12/29 08:39:51 | 000,031,676 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2011/12/28 14:43:06 | 141,715,648 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/12/28 13:11:36 | 000,000,388 | ---- | M] () -- C:\WINDOWS\tasks\AWC Update.job
[2011/12/28 13:04:54 | 000,039,936 | ---- | M] () -- C:\Documents and Settings\Romeo\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/27 15:09:30 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\PowerISO.lnk
[2011/12/27 09:58:33 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/12/21 09:48:09 | 010,471,340 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\Danniebelle Hall - Ordinary People.mp4
[2011/12/21 09:39:55 | 012,626,095 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\Andrea Bocelli- Con te Partiro.mp4
[2011/12/21 09:28:18 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/12/21 08:56:55 | 014,487,251 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\Andrea Bocelli - Canto Della Terra.mp4
[2011/12/16 10:06:52 | 296,602,576 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\The Hitchhiker's Guide to the Galaxy (2005) WHOLE.mp4
[2011/12/16 08:54:47 | 001,097,645 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\hello papa!.mp4
[2011/12/16 08:51:43 | 001,335,290 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\lulling himself to sleep.mp4
[2011/12/09 15:23:28 | 021,392,018 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\Schrödinger's Cat - Sixty Symbols.mp4
[2011/12/09 15:18:17 | 027,333,027 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\Wormholes & Portal 2 - Sixty Symbols.mp4
[2011/12/09 15:10:04 | 023,383,424 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\Mass - Sixty Symbols.mp4
[2011/12/09 15:04:22 | 015,951,176 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\Water in Space - Sixty Symbols.mp4
[2011/12/09 15:00:32 | 017,999,246 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\Extra Dimensions - Sixty Symbols.mp4
[2011/12/09 14:56:26 | 013,175,178 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\Uncertainty - Sixty Symbols.mp4
[2011/12/09 14:46:42 | 018,636,004 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\Cosmological Constant - Sixty Symbols.mp4
[2011/12/09 14:42:39 | 016,906,581 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\Planck's Constant - Sixty Symbols.mp4
[2011/12/09 14:39:11 | 017,690,739 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\Black Holes - Sixty Symbols.mp4
[2011/12/09 14:29:30 | 020,035,393 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\Infinity - Sixty Symbols.mp4
[2011/12/09 14:21:15 | 023,599,944 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\Gravity - Sixty Symbols.mp4
[2011/12/09 14:15:11 | 022,139,448 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\Physics Nobel Prize 2011 - Sixty Symbols.mp4
[2011/12/09 12:01:40 | 009,700,165 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\Neptune - Sixty Symbols.mp4
[2011/12/09 11:57:28 | 017,944,492 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\Pluto - Sixty Symbols.mp4
[2011/12/09 11:47:37 | 018,208,471 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\Jupiter - Sixty Symbols.mp4
[2011/12/09 11:41:21 | 026,214,545 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\Mars - Sixty Symbols.mp4
[2011/12/09 11:33:57 | 015,952,850 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\Earth - Sixty Symbols.mp4
[2011/12/09 11:18:01 | 013,302,732 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\Venus - Sixty Symbols.mp4
[2011/12/05 08:48:54 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk
[2011/12/02 10:32:37 | 002,849,105 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\Video0020.mp4
[2011/12/02 09:40:21 | 000,000,973 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Freemake Video Converter.lnk
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/12/29 09:27:03 | 000,000,706 | ---- | C] () -- C:\Documents and Settings\Romeo\Desktop\WinDirStat.lnk
[2011/12/27 15:09:30 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\PowerISO.lnk
[2011/12/21 09:45:47 | 010,471,340 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\Danniebelle Hall - Ordinary People.mp4
[2011/12/21 09:37:27 | 012,626,095 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\Andrea Bocelli- Con te Partiro.mp4
[2011/12/21 09:28:18 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/12/21 08:53:48 | 014,487,251 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\Andrea Bocelli - Canto Della Terra.mp4
[2011/12/16 08:58:53 | 296,602,576 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\The Hitchhiker's Guide to the Galaxy (2005) WHOLE.mp4
[2011/12/16 08:54:38 | 001,097,645 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\hello papa!.mp4
[2011/12/16 08:51:26 | 001,335,290 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\lulling himself to sleep.mp4
[2011/12/09 15:18:18 | 021,392,018 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\Schrödinger's Cat - Sixty Symbols.mp4
[2011/12/09 15:10:04 | 027,333,027 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\Wormholes & Portal 2 - Sixty Symbols.mp4
[2011/12/09 15:04:23 | 023,383,424 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\Mass - Sixty Symbols.mp4
[2011/12/09 15:00:32 | 015,951,176 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\Water in Space - Sixty Symbols.mp4
[2011/12/09 14:56:27 | 017,999,246 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\Extra Dimensions - Sixty Symbols.mp4
[2011/12/09 14:53:17 | 013,175,178 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\Uncertainty - Sixty Symbols.mp4
[2011/12/09 14:42:39 | 018,636,004 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\Cosmological Constant - Sixty Symbols.mp4
[2011/12/09 14:39:11 | 016,906,581 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\Planck's Constant - Sixty Symbols.mp4
[2011/12/09 14:35:25 | 017,690,739 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\Black Holes - Sixty Symbols.mp4
[2011/12/09 14:25:10 | 020,035,393 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\Infinity - Sixty Symbols.mp4
[2011/12/09 14:16:18 | 023,599,944 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\Gravity - Sixty Symbols.mp4
[2011/12/09 14:09:45 | 022,139,448 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\Physics Nobel Prize 2011 - Sixty Symbols.mp4
[2011/12/09 11:59:40 | 009,700,165 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\Neptune - Sixty Symbols.mp4
[2011/12/09 11:52:39 | 017,944,492 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\Pluto - Sixty Symbols.mp4
[2011/12/09 11:43:52 | 018,208,471 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\Jupiter - Sixty Symbols.mp4
[2011/12/09 11:35:44 | 026,214,545 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\Mars - Sixty Symbols.mp4
[2011/12/09 11:30:41 | 015,952,850 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\Earth - Sixty Symbols.mp4
[2011/12/09 11:15:21 | 013,302,732 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\Venus - Sixty Symbols.mp4
[2011/12/02 15:52:09 | 000,840,386 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-688044517-2027637066-181029217-1006-0.dat
[2011/12/02 15:52:01 | 000,263,798 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2011/12/02 10:31:50 | 002,849,105 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\Video0020.mp4
[2011/12/02 09:40:21 | 000,000,973 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Freemake Video Converter.lnk
[2011/12/01 15:36:51 | 000,175,616 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2011/11/18 22:43:10 | 000,000,003 | ---- | C] () -- C:\Documents and Settings\Romeo\Application Data\ispnetkey.dll
[2011/09/28 08:07:54 | 000,000,082 | ---- | C] () -- C:\Documents and Settings\Romeo\Application Data\wklnhst.dat
[2011/04/20 22:33:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/01/04 23:49:22 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2010/11/29 12:19:45 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/10/31 14:21:25 | 000,278,728 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2010/10/31 14:21:24 | 000,025,416 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2010/10/25 07:09:26 | 000,000,033 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2010/10/25 00:13:29 | 000,000,005 | ---- | C] () -- C:\WINDOWS\treeskp.sys
[2010/10/24 23:58:48 | 000,000,005 | ---- | C] () -- C:\WINDOWS\sbacknt.bin
[2010/09/16 00:47:25 | 000,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2010/06/20 03:19:34 | 035,552,200 | ---- | C] () -- C:\WINDOWS\System32\MRT.exe
[2010/06/17 11:23:45 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/06/06 02:00:06 | 000,039,936 | ---- | C] () -- C:\Documents and Settings\Romeo\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/05 19:26:26 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/05/08 11:03:51 | 000,028,510 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2009/05/08 10:44:06 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2008/06/24 17:48:32 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/06/24 17:48:20 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/06/24 17:26:44 | 000,484,770 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008/06/24 17:26:44 | 000,080,618 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008/06/24 17:16:28 | 000,290,888 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/06/24 17:12:12 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/06/24 17:10:36 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/04/15 04:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/04/15 04:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/04/15 04:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/04/15 04:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/04/15 04:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/04/15 04:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/04/15 04:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/04/15 04:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/05/28 21:55:42 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2002/05/28 21:54:40 | 000,004,605 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

========== LOP Check ==========

[2010/10/23 19:50:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/10/23 22:13:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2010/06/08 21:08:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Braintonik
[2011/07/09 17:47:03 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/12/02 10:22:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Freemake
[2011/05/24 12:54:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fugazo
[2011/05/26 00:12:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HipSoft
[2011/06/26 11:53:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2011/11/18 22:43:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\KeyExtender
[2011/12/01 16:38:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Leawo
[2010/10/23 22:08:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/03/18 18:23:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2009/05/08 11:00:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\QUALCOMM
[2011/05/31 14:37:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/05/08 10:54:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Uninstall
[2009/05/08 10:57:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2011/03/18 19:10:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Romeo\Application Data\Alawar
[2010/10/23 22:23:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Romeo\Application Data\AVG10
[2010/06/08 21:08:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Romeo\Application Data\Braintonik
[2010/10/25 07:44:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Romeo\Application Data\DAEMON Tools Pro
[2011/01/04 23:49:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Romeo\Application Data\Ghost Ship Studios
[2010/10/23 20:52:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Romeo\Application Data\IObit
[2011/04/28 17:10:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Romeo\Application Data\Java - B
[2011/12/02 07:44:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Romeo\Application Data\Leawo
[2010/12/14 14:33:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Romeo\Application Data\Magnet's Story
[2010/06/05 19:25:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Romeo\Application Data\Nevosoft
[2010/06/12 20:04:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Romeo\Application Data\NevoSoft Games
[2011/03/18 18:23:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Romeo\Application Data\PlayFirst
[2010/11/02 10:30:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Romeo\Application Data\Pogo Games
[2011/07/23 10:47:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Romeo\Application Data\Rovio
[2011/01/05 15:30:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Romeo\Application Data\Spark Plug Games
[2010/11/09 12:20:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Romeo\Application Data\SpinTop Games
[2011/09/28 08:08:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Romeo\Application Data\Template
[2011/12/27 14:54:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Romeo\Application Data\Thinstall
[2011/12/01 15:42:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Romeo\Application Data\tiger-k
[2011/03/18 19:38:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Romeo\Application Data\Tower Builder Game
[2010/10/25 12:23:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Romeo\Application Data\vghd
[2011/05/24 12:43:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Romeo\Application Data\ViquaSoft
[2011/12/29 10:06:47 | 000,000,376 | ---- | M] () -- C:\WINDOWS\Tasks\AWC AutoSweep.job
[2011/12/28 13:11:36 | 000,000,388 | ---- | M] () -- C:\WINDOWS\Tasks\AWC Update.job
[2011/12/29 11:20:33 | 000,000,282 | ---- | M] () -- C:\WINDOWS\Tasks\BackOnTrack Instant Restore Idle.job
[2011/12/29 10:05:29 | 000,000,332 | ---- | M] () -- C:\WINDOWS\Tasks\systems.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:88A44CC1
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D385C0C1
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F1F936DF
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:073139EC

< End of report >
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP