Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Had what appeared as a rootkit & associated viruses, I need a 2nd

Started by The Rabid One , Feb 02 2012 01:07 PM

  • This topic is locked This topic is locked

#1
The Rabid One
Posted 02 February 2012 - 01:07 PM

The Rabid One

    Member

  • Member
  • PipPip
  • 17 posts
Awhile back I had what appeared, or acted like, a rootkit and with it a lot of different malware/viruses that it loaded. There was a root bot (if I remember the type correctly) that was running amok on the web and I'm not sure if that was what I had. Using the resources here with your search engine I think I have most if not all viruses removed. But here is the issue. Once in awhile I have problems with the system connecting to the net (router checked out OK). I have run several other programs that found additional malware and removed them. I may just have some issues with damage done and I've already repaired or replaced most .dll files, upgdated windows drivers etc.; and Windows XP would not update at first and there is still one update that won't load (a security update...dummy here lost the notepad with the name). In the beginning I had to use the install CD for Windows XP Media addition just to get the system stable enough to begin working on the removal process. Now with the system running a bit smoother is there more damage I missed or something still lurking on the system? One persistent constant is when booting. I get the screen to choose the operating system "Windows XP" or Recovery Console, and the usual 20 sec. countdown to load XP as the default unless I hit the <ENTER> key. I did run antivirus procedures in Safe Mode with Networking at several points. So here is my OTL log for your perusal, and if you need anything else run just let me know. I rebooted before using the OTL pgm and left everything that default loads so it would be visible. I usually run Stopzilla but have loaded Avira on occasion for a second look at the system from time to time and usually avoid doing more than one anti-virus because of false positives, but in this instance I decided to load both in case you see something I don't. Thanks for any assist.

Please Note: I replaced my name in the file with "USERNAME". Yea, I know paranoia is a occupational hazard with me.

The Rabid One...waiting with bated binary digits.
----------------------------------------------------------------------------------------------------

OTL logfile created on: 2/2/2012 1:25:24 PM - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\USERNAME\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.24 Gb Available Physical Memory | 62.34% Memory free
3.84 Gb Paging File | 3.11 Gb Available in Paging File | 81.11% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 49.80 Gb Total Space | 8.58 Gb Free Space | 17.23% Space Free | Partition Type: NTFS

Computer Name: D9S1K0B2 | User Name: USERNAME | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\USERNAME\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe (TuneUp Software)
PRC - C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe (TuneUp Software)
PRC - c:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe (iS3, Inc.)
PRC - C:\Program Files\Fighters\Tray\FightersTray.exe (SPAMfighter ApS)
PRC - C:\Program Files\NETGATE\Registry Cleaner\RegistryCleanerSrv.exe (NETGATE Technologies s.r.o.)
PRC - C:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
PRC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe (WDC)
PRC - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe ()
PRC - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe ()
PRC - C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\HPZipm12.exe (HP)
PRC - C:\Program Files\SingleClick Systems\HomeNet Manager\hnm_svc.exe (SingleClick Systems)
PRC - C:\Program Files\Dell\QuickSet\NicConfigSvc.exe (Dell Inc.)
PRC - C:\Documents and Settings\USERNAME\Start Menu\Programs\Startup\hpqtra08.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe (Hewlett-Packard Development Company, L.P.)


========== Modules (No Company Name) ==========

MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\b1eabc18afef201a6e87c58d943ea7ad\System.Transactions.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\865390db0278ac64f667038656d9c25f\System.ServiceProcess.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\c578c4ffd883b1aee83c94b4520b1969\System.EnterpriseServices.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\7b8c110eb026c5e6bb8ad47a29b82100\System.Management.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\53ee59e52e646271274d2494480d1797\System.Configuration.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\67bce2b25897e074ba865016315fbc89\System.Xml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\9158e23b927682c7d25f6be518955252\System.Data.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\6836a951700c2eb01a933212425cda4e\System.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll ()
MOD - C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll ()
MOD - C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll ()
MOD - C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll ()
MOD - c:\windows\assembly\gac\hpqisrtb\4.0.0.0__a53cf5803f4c3827\hpqisrtb.dll ()
MOD - c:\windows\assembly\gac\hpqedit\3.0.0.0__a53cf5803f4c3827\hpqedit.dll ()
MOD - c:\windows\assembly\gac\hpqbakup\3.0.0.0__a53cf5803f4c3827\hpqbakup.dll ()
MOD - c:\windows\assembly\gac\hpqvideo\3.0.0.0__a53cf5803f4c3827\hpqvideo.dll ()
MOD - c:\windows\assembly\gac\hpqntrop\4.0.0.0__a53cf5803f4c3827\hpqntrop.dll ()
MOD - c:\windows\assembly\gac\hpqmdmr\4.0.0.0__a53cf5803f4c3827\hpqmdmr.dll ()
MOD - c:\windows\assembly\gac\hpqimlib\3.0.0.0__a53cf5803f4c3827\hpqimlib.dll ()
MOD - c:\windows\assembly\gac\hpqprrsc\4.0.0.0__a53cf5803f4c3827\hpqprrsc.dll ()
MOD - c:\windows\assembly\gac\hpqovskn\3.0.0.0__a53cf5803f4c3827\hpqovskn.dll ()
MOD - c:\windows\assembly\gac\interop.hpqcxm08\3.0.0.0__a53cf5803f4c3827\interop.hpqcxm08.dll ()
MOD - c:\windows\assembly\gac\interop.hpqvideo\4.0.0.0__a53cf5803f4c3827\interop.hpqvideo.dll ()
MOD - c:\windows\assembly\gac\interop.hpqimgr\4.0.0.0__a53cf5803f4c3827\interop.hpqimgr.dll ()
MOD - c:\windows\assembly\gac\interop.hprblog\3.0.0.0__a53cf5803f4c3827\interop.hprblog.dll ()
MOD - c:\windows\assembly\gac\hpqcprsc\3.0.0.0__a53cf5803f4c3827\hpqcprsc.dll ()
MOD - c:\windows\assembly\gac\hpqutils\4.0.0.0__a53cf5803f4c3827\hpqutils.dll ()
MOD - c:\windows\assembly\gac\hpqthumb\3.0.0.0__a53cf5803f4c3827\hpqthumb.dll ()
MOD - c:\windows\assembly\gac\hpqasset\4.0.0.0__a53cf5803f4c3827\hpqasset.dll ()
MOD - c:\windows\assembly\gac\hpqcc2\3.0.0.0__a53cf5803f4c3827\hpqcc2.dll ()
MOD - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe ()
MOD - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe ()
MOD - c:\windows\assembly\gac\lead.wrapper\13.0.0.113__9cf889f53ea9b907\lead.wrapper.dll ()
MOD - c:\windows\assembly\gac\lead.drawing\13.0.0.113__9cf889f53ea9b907\lead.drawing.dll ()
MOD - c:\windows\assembly\gac\lead\13.0.0.113__9cf889f53ea9b907\lead.dll ()
MOD - c:\windows\assembly\gac\lead.windows.forms.drawingcontainer\13.0.0.113__9cf889f53ea9b907\lead.windows.forms.drawingcontainer.dll ()
MOD - c:\windows\assembly\gac\lead.windows.forms\13.0.0.113__9cf889f53ea9b907\lead.windows.forms.dll ()
MOD - c:\windows\assembly\gac\lead.drawing.imaging.imageprocessing\13.0.0.113__9cf889f53ea9b907\lead.drawing.imaging.imageprocessing.dll ()
MOD - c:\windows\assembly\gac\lead.drawing.imaging.codecs\13.0.0.113__9cf889f53ea9b907\lead.drawing.imaging.codecs.dll ()
MOD - c:\windows\assembly\gac\hpqimvlt\3.0.0.0__a53cf5803f4c3827\hpqimvlt.dll ()
MOD - c:\windows\assembly\gac\hpqimgrc\4.0.0.0__a53cf5803f4c3827\hpqimgrc.dll ()
MOD - c:\windows\assembly\gac\hpqtray\4.0.0.0__a53cf5803f4c3827\hpqtray.dll ()
MOD - c:\windows\assembly\gac\hpqglutl\4.0.0.0__a53cf5803f4c3827\hpqglutl.dll ()
MOD - c:\windows\assembly\gac\hpqiface\4.0.0.0__a53cf5803f4c3827\hpqiface.dll ()
MOD - c:\windows\assembly\gac\hpqfmrsc\4.0.0.0__a53cf5803f4c3827\hpqfmrsc.dll ()
MOD - C:\WINDOWS\system32\msdmo.dll ()
MOD - C:\WINDOWS\system32\devenum.dll ()
MOD - C:\WINDOWS\system32\ventmon.dll ()
MOD - C:\WINDOWS\system32\bcm1xsup.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_301215ba\mscorlib.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_35232345\system.drawing.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_4904afa9\system.xml.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_b3a714e9\system.windows.forms.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_b73bfa67\system.dll ()
MOD - c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll ()
MOD - c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll ()
MOD - c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll ()
MOD - c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll ()
MOD - c:\windows\assembly\gac\accessibility\1.0.5000.0__b03f5f7f11d50a3a\accessibility.dll ()
MOD - C:\WINDOWS\system32\dtmon.dll ()


========== Win32 Services (SafeList) ==========

SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe (TuneUp Software)
SRV - (szserver) -- c:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe (iS3, Inc.)
SRV - (NGRegClnSrv) -- C:\Program Files\NETGATE\Registry Cleaner\RegistryCleanerSrv.exe (NETGATE Technologies s.r.o.)
SRV - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (WDDMService) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe (WDC)
SRV - (WDFME) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe ()
SRV - (WDSC) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe ()
SRV - (SwitchBoard) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)
SRV - (hnmsvc) -- C:\Program Files\SingleClick Systems\HomeNet Manager\hnm_svc.exe (SingleClick Systems)
SRV - (DSBrokerService) -- C:\Program Files\DellSupport\brkrsvc.exe ()
SRV - (NICCONFIGSVC) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe (Dell Inc.)
SRV - (Imapi Helper) -- C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe (Alex Feinman)


========== Driver Services (SafeList) ==========

DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avkmgr) -- C:\WINDOWS\system32\drivers\avkmgr.sys (Avira GmbH)
DRV - (TuneUpUtilitiesDrv) -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys (TuneUp Software)
DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (szkg5) -- C:\WINDOWS\system32\DRIVERS\szkg.sys (iS3 Inc.)
DRV - (is3srv) -- C:\WINDOWS\system32\drivers\is3srv.sys (iS3 Inc.)
DRV - (szkgfs) -- C:\WINDOWS\system32\drivers\szkgfs.sys (iS3, Inc.)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (nhcDriverDevice) -- C:\WINDOWS\system32\drivers\nhcDriver.sys (Notebook Hardware Control)
DRV - (SmartDefragDriver) -- C:\WINDOWS\System32\Drivers\SmartDefragDriver.sys ()
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (VirtualFD) -- C:\Virtual Floppy\WAJUNE15\vfd.sys (Ken Kato)
DRV - (INIDVD) -- C:\WINDOWS\system32\drivers\inidvd.sys (Initio Corporation)
DRV - (mcdbus) -- C:\WINDOWS\system32\drivers\mcdbus.sys (MagicISO, Inc.)
DRV - (WDC_SAM) -- C:\WINDOWS\system32\drivers\wdcsam.sys (Western Digital Technologies)
DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corp.)
DRV - (BVRPMPR5) -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS (Avanquest Software)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (NWADI) -- C:\WINDOWS\system32\drivers\NWADIenum.sys (Novatel Wireless Inc)
DRV - (NWUSBPort) -- C:\WINDOWS\system32\drivers\nwusbser.sys (Novatel Wireless Inc.)
DRV - (NWUSBModem) -- C:\WINDOWS\system32\drivers\nwusbmdm.sys (Novatel Wireless Inc.)
DRV - (dsunidrv) -- C:\WINDOWS\system32\drivers\dsunidrv.sys (Gteko Ltd.)
DRV - (bcm4sbxp) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys (Broadcom Corporation)
DRV - (rimmptsk) -- C:\WINDOWS\system32\drivers\rimmptsk.sys (REDC)
DRV - (rimsptsk) -- C:\WINDOWS\system32\drivers\rimsptsk.sys (REDC)
DRV - (rismxdp) -- C:\WINDOWS\system32\drivers\rixdptsk.sys (REDC)
DRV - (DSproct) -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys (Gteko Ltd.)
DRV - (APPDRV) -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS (Dell Inc)
DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.)
DRV - (omci) -- C:\WINDOWS\system32\drivers\omci.sys (Dell Inc)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.clusty.com/
IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/...TDF&PC=BBLN&q="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811&ilc=12"
FF - prefs.js..browser.search.selectedEngine: "Amazon.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.bing.com"
FF - prefs.js..browser.startup.homepage: "http://www.bing.com/?pc=MOZO"
FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:4.6.5
FF - prefs.js..extensions.enabledItems: {9757e92f-94d4-4b02-ba2d-0454955c7e4b}:1.6.1
FF - prefs.js..extensions.enabledItems: {4776510a-a1f4-41f3-a3c8-35b474ecef23}:1.0.8
FF - prefs.js..extensions.enabledItems: [email protected]:1.6.1
FF - prefs.js..extensions.enabledItems: {9669CC8F-B388-42FE-86F4-CB5E7F5A8BDC}:6.0.4
FF - prefs.js..extensions.enabledItems: {35106bca-6c78-48c7-ac28-56df30b51d2b}:1.1.12
FF - prefs.js..extensions.enabledItems: {6e84150a-d526-41f1-a480-a67d3fed910d}:1.4.5.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.3
FF - prefs.js..extensions.enabledItems: [email protected]:0.7.61a
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1178
FF - prefs.js..extensions.enabledItems: [email protected]:1.2
FF - prefs.js..extensions.enabledItems: [email protected]:1.2.9
FF - prefs.js..extensions.enabledItems: {c8f71e5b-88f8-42a7-98bb-e4c506161de9}:0.4
FF - prefs.js..extensions.enabledItems: {e2c58150-9d72-11dd-ad8b-0800200c9a66}:1.3.1
FF - prefs.js..extensions.enabledItems: {2dc42b10-7622-11de-8a39-0800200c9a66}:1.1.5
FF - prefs.js..extensions.enabledItems: [email protected]:0.6.20101009
FF - prefs.js..keyword.URL: "http://search.yahoo....type=937811&p="
FF - prefs.js..network.proxy.type: 0


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKCU\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine: File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/02 08:48:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/01/15 17:08:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/10/25 06:56:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2012/01/15 17:08:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\SeaMonkey 1.1.1\Extensions\\Components: C:\Program Files\mozilla.org\SeaMonkey\Components [2011/09/22 06:35:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\SeaMonkey 1.1.1\Extensions\\Plugins: C:\Program Files\mozilla.org\SeaMonkey\Plugins [2012/01/15 17:08:55 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey 1.1.1\Extensions\\Components: C:\Program Files\mozilla.org\SeaMonkey\Components [2011/09/22 06:35:44 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey 1.1.1\Extensions\\Plugins: C:\Program Files\mozilla.org\SeaMonkey\Plugins [2012/01/15 17:08:55 | 000,000,000 | ---D | M]

[2011/01/15 10:36:48 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\USERNAME\Application Data\Mozilla\Extensions
[2011/01/15 10:36:48 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\USERNAME\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2008/09/08 13:52:33 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\USERNAME\Application Data\Mozilla\Extensions\{6334D996-EA3E-4a0e-AA8D-15BA56B37241}
[2012/02/02 08:48:22 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\USERNAME\Application Data\Mozilla\Firefox\Profiles\c7y2m18d.default\extensions
[2011/08/27 13:44:15 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Documents and Settings\USERNAME\Application Data\Mozilla\Firefox\Profiles\c7y2m18d.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2012/01/23 07:30:38 | 000,000,000 | ---D | M] (HP Detect) -- C:\Documents and Settings\USERNAME\Application Data\Mozilla\Firefox\Profiles\c7y2m18d.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}
[2012/01/14 15:43:12 | 000,000,000 | ---D | M] (Open With Photoshop) -- C:\Documents and Settings\USERNAME\Application Data\Mozilla\Firefox\Profiles\c7y2m18d.default\extensions\{f3f219f9-cbce-467e-b8fe-6e076d29665c}
[2006/06/11 14:46:05 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\USERNAME\Application Data\Mozilla\Firefox\Profiles\c7y2m18d.default\extensions\{FB5A4470-185E-442a-AF55-7F4669A5FF9F}-trash
[2010/08/21 18:37:29 | 000,000,000 | ---D | M] (Open in IE) -- C:\Documents and Settings\USERNAME\Application Data\Mozilla\Firefox\Profiles\c7y2m18d.default\extensions\[email protected]
[2011/01/05 08:18:19 | 000,001,919 | ---- | M] () -- C:\Documents and Settings\USERNAME\Application Data\Mozilla\Firefox\Profiles\c7y2m18d.default\searchplugins\bing-zugo.xml
[2010/11/11 18:06:35 | 000,000,570 | ---- | M] () -- C:\Documents and Settings\USERNAME\Application Data\Mozilla\Firefox\Profiles\c7y2m18d.default\searchplugins\bing.xml
[2009/08/03 15:45:45 | 000,005,349 | ---- | M] () -- C:\Documents and Settings\USERNAME\Application Data\Mozilla\Firefox\Profiles\c7y2m18d.default\searchplugins\clusty.xml
[2010/09/04 08:04:49 | 000,001,632 | ---- | M] () -- C:\Documents and Settings\USERNAME\Application Data\Mozilla\Firefox\Profiles\c7y2m18d.default\searchplugins\yauba.xml
[2011/12/19 13:23:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
() (No name found) -- C:\DOCUMENTS AND SETTINGS\USERNAME\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\C7Y2M18D.DEFAULT\EXTENSIONS\{0545B830-F0AA-4D7E-8820-50A4629A56FE}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\USERNAME\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\C7Y2M18D.DEFAULT\EXTENSIONS\{2A1D5949-B519-4924-BF62-8522FE0D5274}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\USERNAME\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\C7Y2M18D.DEFAULT\EXTENSIONS\{6E84150A-D526-41F1-A480-A67D3FED910D}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\USERNAME\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\C7Y2M18D.DEFAULT\EXTENSIONS\{D40F5E7B-D2CF-4856-B441-CC613EEFFBE3}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\USERNAME\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\C7Y2M18D.DEFAULT\EXTENSIONS\[email protected]
[2012/02/02 08:48:01 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2007/08/29 16:47:44 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\mozilla firefox\plugins\npbittorrent.dll
[2011/10/03 13:25:02 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/09 20:20:05 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Bing (Enabled)
CHR - default_search_provider: search_url = http://www.bing.com/...q={searchTerms}
CHR - default_search_provider: suggest_url = http://api.bing.com/...uage={language}
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\USERNAME\Local Settings\Application Data\Google\Chrome\Application\10.0.648.151\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.3.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.3.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.3.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.3.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.3.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.3.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.3.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60129.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\USERNAME\Local Settings\Application Data\Google\Chrome\Application\10.0.648.151\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Documents and Settings\USERNAME\Local Settings\Application Data\Google\Chrome\Application\10.0.648.151\gears.dll
CHR - plugin: BitTorrent (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\USERNAME\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: DNA Plug-in (Enabled) = C:\Program Files\DNA\plugins\npbtdna.dll
CHR - plugin: Garmin Communicator Plug-In (Enabled) = C:\Program Files\Garmin GPS Plugin\npGarmin.dll
CHR - plugin: RealNetworks Rhapsody Player Engine (Enabled) = C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll
CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Entanglement = C:\Documents and Settings\USERNAME\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.1.1_0\
CHR - Extension: Poppit = C:\Documents and Settings\USERNAME\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\

O1 HOSTS File: ([2011/10/31 14:26:22 | 000,000,123 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ÿþ1 2 7 . 0 . 0 . 1 l o c a l h o s t
O1 - Hosts: : : 1 l o c a l h o s t
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\ShellBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [CommonToolkitTray] C:\Program Files\Fighters\Tray\FightersTray.exe (SPAMfighter ApS)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [Nikon Transfer Monitor] C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\Sigmatel\C-Major Audio\WDM\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Development Company, L.P.)
O4 - Startup: C:\Documents and Settings\USERNAME\Start Menu\Programs\Startup\hpqtra08.exe (Hewlett-Packard Development Company, L.P.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Search - Reg Error: Value error. File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Documents and Settings\USERNAME\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (Intertrust Technologies, Inc.)
O15 - HKLM\..Trusted Domains: musicmatch.com ([online] https in Trusted sites)
O15 - HKCU\..Trusted Domains: //@install.mar@ ([]msni in My Computer)
O15 - HKCU\..Trusted Domains: //@mail.mar@ ([]msni in Local intranet)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.micros...ntent/opuc3.cab (Office Update Installation Engine)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcaf...01/mcinsctl.cab (Reg Error: Value error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1148938412196 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_02)
O16 - DPF: {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_01)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_04)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_02)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_02)
O16 - DPF: Garmin Communicator Plug-In https://my.garmin.co...inAxControl.CAB (Reg Error: Key error.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (C:\WINDOWS\system32\wbsys.dll) -C:\WINDOWS\system32\wbsys.dll (Stardock.Net, Inc)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\avgrsstarter: DllName - (avgrsstx.dll) - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\TPSvc: DllName - (TPSvc.dll) - File not found
O20 - Winlogon\Notify\WBSrv: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O24 - Desktop WallPaper: C:\Documents and Settings\All Users\Documents\Stardock\WindowBlinds\USERNAMEwall2.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\All Users\Documents\Stardock\WindowBlinds\USERNAMEwall2.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [2006/06/15 12:18:20 | 000,000,008 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{29979f18-395f-11e0-9873-0016ce504313}\Shell\AutoRun\command - "" = J:\PMBP_Win.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2012/02/02 09:37:02 | 000,026,696 | R--- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\pavboot.sys
[2012/02/02 09:23:14 | 004,395,504 | ---- | C] (Swearware) -- C:\Documents and Settings\USERNAME\Desktop\Combo-Fix.exe
[2012/02/02 08:29:42 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\USERNAME\Desktop\OTL.exe
[2012/02/01 08:26:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\TuneUp Software
[2012/01/31 11:32:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2012/01/29 18:33:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\USERNAME\Application Data\Avira
[2012/01/29 18:27:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Avira
[2012/01/29 18:26:51 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2012/01/29 18:26:48 | 000,134,856 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2012/01/29 18:26:48 | 000,074,640 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2012/01/29 18:26:48 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avkmgr.sys
[2012/01/29 18:25:40 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2012/01/29 18:25:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2012/01/28 21:11:32 | 000,000,000 | ---D | C] -- C:\Router CFG BKUP
[2012/01/28 09:22:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinUtilities
[2012/01/28 09:22:00 | 000,544,768 | ---- | C] (Stardock Corporation) -- C:\WINDOWS\System32\wbocx.ocx
[2012/01/28 09:22:00 | 000,056,496 | ---- | C] (Stardock.Net, Inc) -- C:\WINDOWS\System32\wbhelp2.dll
[2012/01/28 09:22:00 | 000,033,968 | ---- | C] (Neil Banfield) -- C:\WINDOWS\System32\anim.dll
[2012/01/28 09:21:59 | 000,000,000 | ---D | C] -- C:\Program Files\WinUtilities
[2012/01/26 22:29:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\USERNAME\My Documents\Open Office Templates
[2012/01/26 13:30:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\USERNAME\Desktop\PDF TEMPLATE
[2012/01/26 12:49:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\USERNAME\Application Data\OpenOffice.org
[2012/01/25 08:23:06 | 000,031,552 | ---- | C] (TuneUp Software) -- C:\WINDOWS\System32\TURegOpt.exe
[2012/01/25 08:23:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\TuneUp Utilities 2012
[2012/01/25 08:22:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\USERNAME\Application Data\TuneUp Software
[2012/01/25 08:22:30 | 000,000,000 | ---D | C] -- C:\Program Files\TuneUp Utilities 2012
[2012/01/25 08:21:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2012/01/25 08:21:31 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Application Data\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[2012/01/24 22:38:38 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\USERNAME\Recent
[2012/01/24 22:28:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[2012/01/24 18:58:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\USERNAME\Application Data\NETGATE Registry Cleaner
[2012/01/24 18:58:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\NETGATE Registry Cleaner
[2012/01/24 18:58:03 | 000,000,000 | ---D | C] -- C:\Program Files\NETGATE
[2012/01/24 17:35:17 | 000,000,000 | --SD | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\OpenOffice.org 3.1
[2012/01/24 17:34:17 | 000,000,000 | ---D | C] -- C:\Program Files\JRE
[2012/01/24 17:34:12 | 000,000,000 | ---D | C] -- C:\Program Files\OpenOffice.org 3
[2012/01/23 13:03:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}
[2012/01/23 08:20:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\USERNAME\Desktop\New Folder
[2012/01/22 19:41:15 | 000,000,000 | ---D | C] -- C:\e23c51f1e61af4e13aa07d
[2012/01/22 19:41:10 | 000,000,000 | ---D | C] -- C:\7f4b6b0247e825ce26888e949924c2ca
[2012/01/20 21:26:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\USERNAME\Application Data\Promethean
[2012/01/20 21:26:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\USERNAME\My Documents\Activ Software
[2012/01/20 21:02:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Activ Software
[2012/01/20 21:02:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Activ Software
[2012/01/20 21:02:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Promethean
[2012/01/20 21:01:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\USERNAME\Application Data\ACTIV Software
[2012/01/20 21:01:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Activ Software
[2012/01/20 21:01:42 | 000,000,000 | ---D | C] -- C:\Program Files\Activ Software
[2012/01/20 21:01:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Activ Software
[2012/01/20 06:52:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\USERNAME\Desktop\Jr. Peacock-PHOTOS
[2012/01/16 14:38:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\USERNAME\My Documents\TubeTilla
[2012/01/15 17:50:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\USERNAME\Desktop\Photo Recovery Software
[2012/01/15 14:46:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\USERNAME\My Documents\Adobe Photoshop Tutorials
[2012/01/11 12:02:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\USERNAME\My Documents\My Albums
[2012/01/11 11:10:08 | 000,000,000 | ---D | C] -- C:\bin
[2012/01/10 16:58:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\USERNAME\Local Settings\Application Data\Sun
[2012/01/10 13:32:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2012/01/10 13:31:51 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2012/01/10 13:31:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2012/01/10 13:30:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2012/01/10 13:30:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\USERNAME\Local Settings\Application Data\Apple
[2012/01/10 13:30:37 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2012/01/10 13:30:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple
[2012/01/10 13:23:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2012/01/10 12:33:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2012/01/10 11:48:48 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2012/01/10 11:16:54 | 000,000,000 | ---D | C] -- C:\4360808b5f622d14930475cf
[2012/01/10 09:28:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\USERNAME\Start Menu\Programs\Glarysoft
[2012/01/10 09:28:49 | 000,000,000 | ---D | C] -- C:\Program Files\Glarysoft
[2012/01/09 18:11:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\USERNAME\Desktop\mscoree
[2012/01/09 17:34:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\USERNAME\Application Data\DriverCure
[2012/01/09 17:34:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\USERNAME\Application Data\ParetoLogic
[2012/01/09 17:34:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[242 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[24 C:\WINDOWS\Fonts\*.tmp files -> C:\WINDOWS\Fonts\*.tmp -> ]
[24 C:\WINDOWS\Fonts\*.tmp files -> C:\WINDOWS\Fonts\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2026/03/05 06:34:17 | 000,003,120 | ---- | M] () -- C:\WINDOWS\System\MSVFWIN.DLL
[2012/02/02 13:10:43 | 000,002,416 | ---- | M] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2012/02/02 13:10:02 | 000,013,696 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/02/02 13:10:01 | 000,000,400 | ---- | M] () -- C:\WINDOWS\tasks\SLOW-PCfighter-Administrator-Notification.job
[2012/02/02 13:10:01 | 000,000,386 | ---- | M] () -- C:\WINDOWS\tasks\SLOW-PCfighter-USERNAME-Notification.job
[2012/02/02 13:10:01 | 000,000,372 | ---- | M] () -- C:\WINDOWS\tasks\SLOW-PCfighter-Administrator-Startup.job
[2012/02/02 13:10:00 | 000,000,358 | ---- | M] () -- C:\WINDOWS\tasks\SLOW-PCfighter-USERNAME-Startup.job
[2012/02/02 13:09:59 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\SmartDefrag_Startup.job
[2012/02/02 10:00:56 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/02/02 09:34:02 | 017,390,080 | ---- | M] () -- C:\Documents and Settings\USERNAME\Desktop\PandaActiveScanCleaner.msi
[2012/02/02 09:25:06 | 000,160,350 | ---- | M] () -- C:\Documents and Settings\USERNAME\Desktop\JavaRa.zip
[2012/02/02 09:22:51 | 004,395,504 | ---- | M] (Swearware) -- C:\Documents and Settings\USERNAME\Desktop\Combo-Fix.exe
[2012/02/02 09:21:37 | 000,724,952 | ---- | M] () -- C:\Documents and Settings\USERNAME\Desktop\avenger.zip
[2012/02/02 07:57:22 | 000,000,046 | ---- | M] () -- C:\WINDOWS\System32\_WKERNEL.FRE
[2012/02/02 02:00:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-D9S1K0B2-USERNAME.job
[2012/02/01 11:36:27 | 003,488,232 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/02/01 09:36:56 | 000,000,286 | ---- | M] () -- C:\WINDOWS\reimage.ini
[2012/02/01 09:22:34 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\USERNAME\Desktop\MBR.dat
[2012/02/01 09:14:27 | 004,733,440 | ---- | M] (AVAST Software) -- C:\Documents and Settings\USERNAME\Desktop\aswMBR.exe
[2012/01/31 13:02:25 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\USERNAME\Desktop\OTL.exe
[2012/01/30 14:24:00 | 000,000,294 | ---- | M] () -- C:\WINDOWS\tasks\expressburnDowngrade.job
[2012/01/30 11:48:08 | 000,031,968 | ---- | M] () -- C:\Documents and Settings\USERNAME\My Documents\Is it a waste of time to write congress.odt
[2012/01/29 18:27:29 | 000,001,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira Control Center.lnk
[2012/01/28 20:36:00 | 000,910,745 | ---- | M] () -- C:\Documents and Settings\USERNAME\Desktop\MM061A17.exe
[2012/01/28 09:22:03 | 000,000,643 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\WinUtilities.lnk
[2012/01/27 21:10:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/01/26 16:36:40 | 000,000,151 | ---- | M] () -- C:\WINDOWS\Ulead32.ini
[2012/01/25 08:23:03 | 000,001,747 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TuneUp 1-Click Maintenance.lnk
[2012/01/25 08:23:03 | 000,001,741 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TuneUp Utilities 2012.lnk
[2012/01/24 22:36:27 | 000,000,594 | ---- | M] () -- C:\Documents and Settings\USERNAME\My Documents\cc_20120124_223622.reg
[2012/01/24 18:58:05 | 000,000,873 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\NETGATE Registry Cleaner.lnk
[2012/01/24 17:35:17 | 000,000,905 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\OpenOffice.org 3.1.lnk
[2012/01/23 10:34:53 | 000,116,458 | ---- | M] () -- C:\WINDOWS\hpoins11.dat
[2012/01/23 10:20:00 | 000,000,733 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HP Photosmart Essential.lnk
[2012/01/22 16:23:09 | 000,546,098 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/01/22 16:23:08 | 000,100,552 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/01/20 22:04:09 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\doxillionShakeIcon.job
[2012/01/20 21:42:10 | 000,033,645 | ---- | M] () -- C:\Documents and Settings\USERNAME\Desktop\Energy Study Guide2011.pdf
[2012/01/20 21:02:54 | 000,002,028 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ActivInspire.lnk
[2012/01/20 09:14:00 | 000,000,308 | ---- | M] () -- C:\WINDOWS\tasks\expressburnShakeIcon.job
[2012/01/20 09:07:00 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\mixpadShakeIcon.job
[2012/01/17 09:25:10 | 000,007,096 | ---- | M] () -- C:\Documents and Settings\USERNAME\My Documents\cc_20120117_092506.reg
[2012/01/15 18:45:44 | 000,015,716 | ---- | M] () -- C:\Documents and Settings\USERNAME\My Documents\cc_20120115_184540.reg
[2012/01/15 17:57:47 | 000,000,020 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLbx.DAT
[2012/01/15 00:04:06 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/01/13 09:52:22 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\USERNAME\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/01/11 15:56:40 | 000,003,072 | ---- | M] () -- C:\Documents and Settings\USERNAME\My Documents\cc_20120111_155636.reg
[2012/01/11 11:29:43 | 000,000,291 | RHS- | M] () -- C:\boot.ini
[2012/01/11 11:10:12 | 000,001,894 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HP Document Viewer.lnk
[2012/01/11 11:08:55 | 000,000,898 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HP Photosmart Premier.lnk
[2012/01/11 11:08:55 | 000,000,798 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk
[2012/01/11 10:24:55 | 000,138,317 | ---- | M] () -- C:\Documents and Settings\USERNAME\Desktop\HP Solution for Plug and Play - XP.mht
[2012/01/11 07:22:42 | 000,018,346 | ---- | M] () -- C:\Documents and Settings\USERNAME\My Documents\cc_20120111_072234.reg
[2012/01/10 17:12:21 | 000,005,184 | ---- | M] () -- C:\Documents and Settings\USERNAME\My Documents\cc_20120110_171211.reg
[2012/01/10 13:42:32 | 000,001,496 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\COWON Media Center - jetAudio.lnk
[2012/01/10 13:36:57 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2012/01/10 13:20:13 | 000,000,760 | ---- | M] () -- C:\Documents and Settings\USERNAME\Application Data\Microsoft\Internet Explorer\Quick Launch\InfraRecorder.lnk
[2012/01/10 13:19:05 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2012/01/10 13:17:28 | 000,001,475 | ---- | M] () -- C:\Documents and Settings\USERNAME\Desktop\Windows Explorer.lnk
[2012/01/10 12:35:41 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2012/01/10 09:28:50 | 000,000,877 | ---- | M] () -- C:\Documents and Settings\USERNAME\Desktop\Registry Repair.lnk
[2012/01/09 18:11:21 | 000,000,290 | ---- | M] () -- C:\WINDOWS\tasks\expresszipShakeIcon.job
[2012/01/09 16:38:27 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2012/01/09 16:38:26 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[242 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2026/03/05 06:34:17 | 000,003,120 | ---- | C] () -- C:\WINDOWS\System\MSVFWIN.DLL
[2012/02/02 10:05:43 | 000,002,416 | ---- | C] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2012/02/02 09:33:41 | 017,390,080 | ---- | C] () -- C:\Documents and Settings\USERNAME\Desktop\PandaActiveScanCleaner.msi
[2012/02/02 09:25:19 | 000,160,350 | ---- | C] () -- C:\Documents and Settings\USERNAME\Desktop\JavaRa.zip
[2012/02/02 09:21:44 | 000,724,952 | ---- | C] () -- C:\Documents and Settings\USERNAME\Desktop\avenger.zip
[2012/02/01 09:22:34 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\USERNAME\Desktop\MBR.dat
[2012/01/30 11:48:07 | 000,031,968 | ---- | C] () -- C:\Documents and Settings\USERNAME\My Documents\Is it a waste of time to write congress.odt
[2012/01/29 18:27:29 | 000,001,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira Control Center.lnk
[2012/01/28 20:36:07 | 000,910,745 | ---- | C] () -- C:\Documents and Settings\USERNAME\Desktop\MM061A17.exe
[2012/01/28 09:22:10 | 000,000,046 | ---- | C] () -- C:\WINDOWS\System32\_WKERNEL.FRE
[2012/01/28 09:22:03 | 000,000,643 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\WinUtilities.lnk
[2012/01/28 09:21:59 | 000,000,439 | ---- | C] () -- C:\WINDOWS\System32\shfolder.inf
[2012/01/25 08:23:03 | 000,001,747 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\TuneUp Utilities 2012.lnk
[2012/01/25 08:23:03 | 000,001,747 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TuneUp 1-Click Maintenance.lnk
[2012/01/25 08:23:03 | 000,001,741 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TuneUp Utilities 2012.lnk
[2012/01/24 22:36:25 | 000,000,594 | ---- | C] () -- C:\Documents and Settings\USERNAME\My Documents\cc_20120124_223622.reg
[2012/01/24 18:58:05 | 000,000,873 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\NETGATE Registry Cleaner.lnk
[2012/01/24 17:35:17 | 000,000,905 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\OpenOffice.org 3.1.lnk
[2012/01/23 10:34:52 | 000,116,458 | ---- | C] () -- C:\WINDOWS\hpoins11.dat
[2012/01/23 10:20:00 | 000,000,733 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HP Photosmart Essential.lnk
[2012/01/20 22:04:09 | 000,000,286 | ---- | C] () -- C:\WINDOWS\tasks\doxillionShakeIcon.job
[2012/01/20 21:42:10 | 000,033,645 | ---- | C] () -- C:\Documents and Settings\USERNAME\Desktop\Energy Study Guide2011.pdf
[2012/01/20 21:02:54 | 000,002,028 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ActivInspire.lnk
[2012/01/17 09:25:08 | 000,007,096 | ---- | C] () -- C:\Documents and Settings\USERNAME\My Documents\cc_20120117_092506.reg
[2012/01/17 08:42:39 | 000,000,372 | ---- | C] () -- C:\WINDOWS\tasks\SLOW-PCfighter-Administrator-Startup.job
[2012/01/17 08:42:29 | 000,000,400 | ---- | C] () -- C:\WINDOWS\tasks\SLOW-PCfighter-Administrator-Notification.job
[2012/01/15 18:45:42 | 000,015,716 | ---- | C] () -- C:\Documents and Settings\USERNAME\My Documents\cc_20120115_184540.reg
[2012/01/13 09:52:22 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\USERNAME\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/01/11 15:56:38 | 000,003,072 | ---- | C] () -- C:\Documents and Settings\USERNAME\My Documents\cc_20120111_155636.reg
[2012/01/11 11:10:12 | 000,001,894 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HP Document Viewer.lnk
[2012/01/11 11:08:55 | 000,000,898 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HP Photosmart Premier.lnk
[2012/01/11 11:08:55 | 000,000,798 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk
[2012/01/11 10:59:01 | 000,011,634 | ---- | C] () -- C:\WINDOWS\hpomdl11.dat
[2012/01/11 10:24:54 | 000,138,317 | ---- | C] () -- C:\Documents and Settings\USERNAME\Desktop\HP Solution for Plug and Play - XP.mht
[2012/01/11 07:22:39 | 000,018,346 | ---- | C] () -- C:\Documents and Settings\USERNAME\My Documents\cc_20120111_072234.reg
[2012/01/10 17:12:18 | 000,005,184 | ---- | C] () -- C:\Documents and Settings\USERNAME\My Documents\cc_20120110_171211.reg
[2012/01/10 13:42:32 | 000,001,496 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\COWON Media Center - jetAudio.lnk
[2012/01/10 13:36:57 | 000,002,347 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2012/01/10 13:36:57 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2012/01/10 13:30:42 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/01/10 13:30:37 | 000,001,830 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk
[2012/01/10 13:19:05 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2012/01/10 09:28:50 | 000,000,877 | ---- | C] () -- C:\Documents and Settings\USERNAME\Desktop\Registry Repair.lnk
[2012/01/09 18:11:20 | 000,000,290 | ---- | C] () -- C:\WINDOWS\tasks\expresszipShakeIcon.job
[2012/01/09 11:48:29 | 000,000,286 | ---- | C] () -- C:\WINDOWS\reimage.ini
[2011/11/30 18:00:32 | 000,256,066 | ---- | C] () -- C:\Documents and Settings\USERNAME\Local Settings\Application Data\census.cache
[2011/11/30 18:00:18 | 000,256,571 | ---- | C] () -- C:\Documents and Settings\USERNAME\Local Settings\Application Data\ars.cache
[2011/11/20 18:03:15 | 000,044,544 | ---- | C] () -- C:\WINDOWS\System32\Gif89.dll
[2011/11/09 19:25:22 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2011/10/31 09:47:36 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\USERNAME\Local Settings\Application Data\housecall.guid.cache
[2011/10/31 08:48:06 | 000,000,797 | ---- | C] () -- C:\Documents and Settings\USERNAME\Application Data\Launch Internet Explorer Browser.lnk
[2011/05/23 18:03:47 | 000,000,056 | ---- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2011/05/17 14:26:54 | 000,029,520 | ---- | C] () -- C:\WINDOWS\System32\SmartDefragBootTime.exe
[2011/05/17 14:26:54 | 000,013,496 | ---- | C] () -- C:\WINDOWS\System32\drivers\SmartDefragDriver.sys
[2011/04/01 11:38:06 | 000,001,456 | ---- | C] () -- C:\Documents and Settings\USERNAME\Local Settings\Application Data\Adobe Save for Web 12.0 Prefs
[2011/02/02 18:59:04 | 000,034,640 | ---- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/10/21 08:32:33 | 000,000,099 | ---- | C] () -- C:\WINDOWS\SAWReg.ini
[2010/10/16 13:16:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ViewNX.INI
[2010/09/21 12:59:19 | 000,000,145 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
[2010/08/22 16:43:42 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\USERNAME\Local Settings\Application Data\prvlcl.dat
[2010/08/20 14:19:22 | 000,000,365 | ---- | C] () -- C:\WINDOWS\lgfwup.ini
[2010/08/14 21:35:31 | 000,000,268 | R--- | C] () -- C:\Documents and Settings\All Users\Application Data\Application Support
[2010/08/14 21:35:31 | 000,000,268 | R--- | C] () -- C:\Documents and Settings\USERNAME\Application Data\Analog Sync
[2010/08/14 21:35:31 | 000,000,020 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLck.DAT
[2010/08/14 21:35:31 | 000,000,012 | R--- | C] () -- C:\Documents and Settings\All Users\Application Data\Filesystems
[2010/08/14 21:35:23 | 000,000,268 | R--- | C] () -- C:\Documents and Settings\All Users\Application Data\Applications
[2010/08/14 21:35:23 | 000,000,268 | R--- | C] () -- C:\Documents and Settings\USERNAME\Application Data\Animals
[2010/08/14 21:35:23 | 000,000,012 | R--- | C] () -- C:\Documents and Settings\All Users\Application Data\Filters
[2010/08/14 20:07:38 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLbx.DAT
[2010/08/14 19:04:26 | 000,000,268 | R--- | C] () -- C:\Documents and Settings\All Users\Application Data\Specifications
[2010/08/14 19:04:26 | 000,000,268 | R--- | C] () -- C:\Documents and Settings\USERNAME\Application Data\Sounds
[2010/08/14 19:04:26 | 000,000,020 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdw.DAT
[2010/08/14 18:54:09 | 000,000,268 | R--- | C] () -- C:\Documents and Settings\All Users\Application Data\Space Choir
[2010/08/14 18:54:09 | 000,000,268 | R--- | C] () -- C:\Documents and Settings\USERNAME\Application Data\Solid Colors
[2010/08/14 18:54:09 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT
[2010/03/12 15:04:39 | 000,094,215 | ---- | C] () -- C:\WINDOWS\hpqins09.dat
[2010/03/12 14:47:25 | 000,070,835 | ---- | C] () -- C:\WINDOWS\hpqins04.dat
[2009/11/19 19:49:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\WB.ini
[2009/11/19 12:35:34 | 000,002,048 | ---- | C] () -- C:\WINDOWS\System32\Tr_sttool.dat
[2009/11/14 10:04:48 | 001,421,763 | ---- | C] () -- C:\WINDOWS\System32\Snow Chill.exe
[2009/10/19 20:03:56 | 000,000,054 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2009/10/19 20:03:56 | 000,000,039 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2009/10/14 12:17:17 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\ventmon.dll
[2009/09/14 16:31:48 | 000,000,090 | ---- | C] () -- C:\WINDOWS\System32\faxman32.INI
[2009/09/14 16:25:47 | 000,051,200 | ---- | C] () -- C:\WINDOWS\System32\dtmon.dll
[2009/09/14 16:25:45 | 000,002,219 | ---- | C] () -- C:\WINDOWS\OEDEVKIT.INI
[2009/09/14 16:25:45 | 000,000,761 | ---- | C] () -- C:\WINDOWS\BTI.INI
[2009/09/14 16:25:44 | 000,015,840 | ---- | C] () -- C:\WINDOWS\System32\MACHNM1.EXE
[2009/09/14 16:25:33 | 000,000,030 | ---- | C] () -- C:\WINDOWS\MAINPATH.INI
[2009/09/14 16:25:22 | 000,000,065 | ---- | C] () -- C:\WINDOWS\WININI.INI
[2009/08/20 11:47:43 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\Stac97co.dll
[2009/08/14 09:57:44 | 000,006,144 | ---- | C] () -- C:\WINDOWS\System32\ClassXps.dll
[2009/07/26 14:47:56 | 000,000,045 | ---- | C] () -- C:\WINDOWS\System32\RPVersion.ini
[2009/07/22 17:51:04 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\ncvDS61.dll
[2009/07/22 17:51:04 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\ncCompress.dll
[2009/07/22 17:51:04 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\ncUtil62.dll
[2009/07/22 17:51:03 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\nczlib.dll
[2009/07/22 17:51:03 | 000,053,760 | ---- | C] () -- C:\WINDOWS\System32\zlib32.dll
[2009/06/19 17:41:15 | 000,000,227 | ---- | C] () -- C:\WINDOWS\HP_CounterReport_Update_HPSU.ini
[2009/04/13 16:36:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Ntuximeqaguvimu.bin
[2009/04/13 16:36:09 | 000,000,408 | ---- | C] () -- C:\WINDOWS\Sjomiqefamete.dat
[2009/04/10 07:30:11 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2009/04/10 07:05:22 | 000,000,234 | ---- | C] () -- C:\WINDOWS\PrnHlpLogConfig.ini
[2009/04/10 06:59:37 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_InstantSHareJPG.ini
[2009/03/26 12:41:33 | 002,682,880 | ---- | C] () -- C:\WINDOWS\System32\vcredist_x86.exe
[2009/03/26 12:26:59 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4814.dll
[2009/03/26 07:09:33 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/02/25 15:16:50 | 000,000,112 | ---- | C] () -- C:\WINDOWS\Sansa Media Converter.INI
[2009/02/25 14:27:39 | 000,230,096 | ---- | C] () -- C:\WINDOWS\System32\xactengine2_0.dll
[2009/01/19 12:16:59 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/01/19 11:16:46 | 000,002,272 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2009/01/09 10:09:28 | 000,000,563 | ---- | C] () -- C:\WINDOWS\PPViewer.INI
[2008/12/03 21:31:32 | 000,000,183 | ---- | C] () -- C:\WINDOWS\PlayListEditor.ini
[2008/09/30 09:17:31 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2007/05/06 11:04:13 | 000,000,016 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2007/04/24 19:27:41 | 000,118,784 | ---- | C] () -- C:\WINDOWS\SeaMonkeyUninstall.exe
[2007/04/24 19:27:24 | 000,118,784 | ---- | C] () -- C:\WINDOWS\GREUninstall.exe
[2007/03/28 12:49:00 | 000,001,226 | ---- | C] () -- C:\WINDOWS\flax.ini
[2007/03/28 09:17:39 | 000,000,463 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007/03/20 15:08:10 | 000,000,082 | ---- | C] () -- C:\WINDOWS\netdet.ini
[2007/03/13 14:07:52 | 000,000,013 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ÝÃÄ›Ò3113›.sys
[2007/03/12 18:23:15 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2007/03/12 18:23:12 | 000,536,576 | ---- | C] () -- C:\WINDOWS\System32\ciaSecurity.DLL
[2007/03/12 18:06:47 | 000,000,013 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ÝÙÃÄ3113›.sys
[2007/03/08 12:35:48 | 000,000,217 | ---- | C] () -- C:\WINDOWS\HP_IZClosingDiscErrorPatch.ini
[2007/03/08 12:34:47 | 000,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
[2007/01/14 22:04:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iplayer.INI
[2007/01/02 23:36:43 | 000,000,072 | ---- | C] () -- C:\WINDOWS\pex.INI
[2007/01/02 23:30:14 | 000,000,151 | ---- | C] () -- C:\WINDOWS\Ulead32.ini
[2006/12/28 17:03:55 | 000,000,830 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006/08/29 14:54:02 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2006/06/21 19:37:12 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2006/06/15 12:18:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2006/06/12 16:33:33 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\PopWait.exe
[2006/06/04 19:23:31 | 000,000,404 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2006/06/02 15:05:39 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/06/01 11:22:20 | 000,133,120 | ---- | C] () -- C:\Documents and Settings\USERNAME\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/05/31 10:37:43 | 000,099,965 | ---- | C] () -- C:\WINDOWS\UninstallFirefox.exe
[2006/05/31 10:37:24 | 000,015,193 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2006/05/29 19:18:27 | 000,000,088 | R-S- | C] () -- C:\WINDOWS\System32\EB1816CB85.sys
[2006/05/29 16:29:45 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\RasWait.exe
[2006/05/27 19:09:32 | 000,000,632 | ---- | C] () -- C:\WINDOWS\CoDUO.INI
[2006/05/27 18:48:18 | 000,000,104 | R-S- | C] () -- C:\WINDOWS\System32\85CB1618EB.sys
[2006/05/27 18:48:08 | 000,007,206 | --S- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/05/27 18:41:41 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\USERNAME\Local Settings\Application Data\fusioncache.dat
[2006/05/20 17:16:48 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/05/20 17:08:38 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2006/05/20 17:02:30 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/05/20 16:58:25 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare
[2006/05/20 16:33:44 | 000,049,152 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe
[2006/05/20 16:33:36 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2006/05/20 16:33:28 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2006/05/20 16:33:28 | 000,024,064 | ---- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE
[2006/05/20 16:33:23 | 000,753,664 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2006/05/20 16:32:16 | 000,000,391 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/08/16 04:48:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/08/16 04:38:45 | 000,034,332 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/08/16 04:33:38 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/08/16 04:27:59 | 003,488,232 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/08/16 04:18:33 | 000,546,098 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2005/08/16 04:18:33 | 000,100,552 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2005/08/16 04:18:28 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2005/05/19 19:05:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/04/13 13:41:02 | 000,749,568 | ---- | C] () -- C:\WINDOWS\System32\SWFGen.dll
[2005/03/22 17:38:24 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/03/22 17:38:24 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/10 06:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/10 06:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/10 06:00:00 | 000,249,270 | ---- | C] () -- C:\WINDOWS\System32\_005462_.tmp.dll
[2004/08/10 06:00:00 | 000,249,270 | ---- | C] () -- C:\WINDOWS\System32\_005171_.tmp.dll
[2004/08/10 06:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/10 06:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/10 06:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/10 06:00:00 | 000,022,040 | ---- | C] () -- C:\WINDOWS\System32\_005430_.tmp.dll
[2004/08/10 06:00:00 | 000,022,040 | ---- | C] () -- C:\WINDOWS\System32\_005139_.tmp.dll
[2004/08/10 06:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/10 06:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/09 23:11:42 | 000,185,856 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/03/24 06:03:00 | 000,279,552 | ---- | C] () -- C:\WINDOWS\System32\FGWVB32.DLL
[2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/07/06 14:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== LOP Check ==========

[2012/01/22 11:45:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Activ Software
[2009/07/22 18:16:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Anonymizer
[2011/10/27 14:08:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2011/11/19 13:44:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2009/11/20 14:22:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2011/10/24 09:56:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CAM Development
[2011/11/17 10:14:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2005/08/16 20:54:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DIGStream
[2010/09/21 10:26:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Driver Boost
[2010/11/07 10:20:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Driver Whiz
[2010/08/14 21:35:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EnterNHelp
[2011/12/08 08:16:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fighters
[2009/07/03 13:30:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GARMIN
[2009/09/17 16:08:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2010/01/31 18:21:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2011/11/19 13:43:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/06/25 19:00:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2010/08/14 19:00:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nikon
[2012/01/17 07:42:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2011/11/04 13:12:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PhotoME
[2012/01/20 21:26:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Promethean
[2011/01/27 10:35:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2011/03/09 14:05:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Rosetta Stone
[2009/05/14 18:37:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\scar5
[2009/07/22 17:43:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SingleClick Systems
[2010/08/14 18:54:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Solid Colors
[2010/08/14 19:04:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\StatusSheet
[2012/02/02 13:11:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2012/01/02 15:59:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/04/01 13:51:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Transparent
[2012/01/25 08:23:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2007/01/02 23:29:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2010/08/14 21:35:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ultima_T15
[2009/10/14 12:17:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Venta
[2006/05/20 17:03:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/09/21 12:59:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Western Digital
[2011/12/08 11:18:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YouTube Downloader
[2012/01/25 08:21:31 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[2012/01/23 13:03:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}
[2011/04/01 13:51:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{7D4B3D1D-104E-4507-9123-568BC721B7E2}
[2011/03/28 15:37:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8A4124D0-6AF6-4584-A7BF-4CDFECF4B129}
[2011/05/08 15:20:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USERNAME\Application Data\99119
[2011/01/16 20:49:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USERNAME\Application Data\ACD Systems
[2012/01/20 21:01:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USERNAME\Application Data\ACTIV Software
[2009/07/22 18:16:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USERNAME\Application Data\Anonymizer
[2011/05/03 14:35:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USERNAME\Application Data\Anthropics
[2010/10/21 08:33:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USERNAME\Application Data\apm
[2009/11/19 11:46:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USERNAME\Application Data\Apowersoft
[2011/11/02 09:06:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USERNAME\Application Data\AVG
[2010/10/26 06:29:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USERNAME\Application Data\AVG10
[2011/10/28 05:53:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USERNAME\Application Data\AVG2012
[2010/10/26 06:23:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USERNAME\Application Data\AVG9
[2011/12/19 13:29:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USERNAME\Application Data\Axialis
[2009/08/01 12:31:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USERNAME\Application Data\BitTorrent
[2011/01/28 14:33:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USERNAME\Application Data\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/02/21 09:41:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USERNAME\Application Data\COWON
[2012/01/09 17:34:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USERNAME\Application Data\DriverCure
[2011/04/19 13:16:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USERNAME\Application Data\DVDVideoSoftIEHelpers
[2007/03/30 15:35:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USERNAME\Application Data\Eltima Software
[2011/12/08 08:16:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USERNAME\Application Data\Fighters
[2011/11/22 21:47:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USERNAME\Application Data\FixCleaner
[2011/04/27 09:22:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USERNAME\Application Data\Focus Mp3 Recorder
[2009/07/03 13:18:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USERNAME\Application Data\GARMIN
[2011/06/11 10:06:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USERNAME\Application Data\GetRightToGo
[2008/09/30 14:00:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USERNAME\Application Data\GlarySoft
[2008/12/25 22:36:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USERNAME\Application Data\Hulabee
[2012/01/10 19:10:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USERNAME\Application Data\Image Zone Express
[2011/10/28 14:56:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USERNAME\Application Data\ImgBurn
[2011/11/21 11:19:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USERNAME\Application Data\InfraRecorder
[2007/12/26 21:55:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USERNAME\Application Data\InterTrust
[2011/05/17 14:26:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USERNAME\Application Data\IObit
[2012/01/02 16:39:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USERNAME\Application Data\Kernel for Windows Data Recovery
[2006/05/27 19:13:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USERNAME\Application Data\Leadertech
[2006/06/10 22:54:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USERNAME\Application Data\MSNInstaller
[2011/06/25 19:00:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USERNAME\Application Data\NCH Swift Sound
[2012/01/24 18:58:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USERNAME\Application Data\NETGATE Registry Cleaner
[2010/10/16 13:05:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USERNAME\Application Data\Nikon
[2011/06/11 11:24:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USERNAME\Application Data\Notebook Hardware Control
[2012/01/26 12:49:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USERNAME\Application Data\OpenOffice.org
[2011/11/20 10:14:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USERNAME\Application Data\PandoraRecovery
[2012/01/09 17:34:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USERNAME\Application Data\ParetoLogic
[2008/09/08 13:52:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USERNAME\Application Data\Participatory Culture Foundation
[2011/01/16 20:05:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USERNAME\Application Data\PhotoScape
[2012/02/01 09:56:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USERNAME\Application Data\PriceGong
[2012/01/20 21:26:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USERNAME\Application Data\Promethean
[2012/01/02 15:39:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USERNAME\Application Data\RecoveryFix for Windows
[2008/12/02 13:29:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USERNAME\Application Data\SanDisk
[2006/06/12 16:41:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USERNAME\Application Data\ScamGuard
[2009/05/08 14:25:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USERNAME\Application Data\scar5
[2008/06/09 22:22:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USERNAME\Application Data\Smith Micro
[2011/01/28 15:02:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USERNAME\Application Data\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2009/08/28 11:43:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USERNAME\Application Data\Systweak
[2011/01/15 10:36:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USERNAME\Application Data\Thunderbird
[2012/01/25 08:22:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USERNAME\Application Data\TuneUp Software
[2007/01/02 23:31:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USERNAME\Application Data\Ulead Systems
[2012/01/08 18:23:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USERNAME\Application Data\Uniblue
[2011/11/09 19:26:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USERNAME\Application Data\WeatherBug
[2010/11/21 17:15:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USERNAME\Application Data\Wireshark
[2010/08/14 21:50:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USERNAME\Application Data\XnView
[2012/01/20 22:04:09 | 000,000,286 | ---- | M] () -- C:\WINDOWS\Tasks\doxillionShakeIcon.job
[2012/01/30 14:24:00 | 000,000,294 | ---- | M] () -- C:\WINDOWS\Tasks\expressburnDowngrade.job
[2012/01/20 09:14:00 | 000,000,308 | ---- | M] () -- C:\WINDOWS\Tasks\expressburnShakeIcon.job
[2012/01/09 18:11:21 | 000,000,290 | ---- | M] () -- C:\WINDOWS\Tasks\expresszipShakeIcon.job
[2012/01/20 09:07:00 | 000,000,288 | ---- | M] () -- C:\WINDOWS\Tasks\mixpadShakeIcon.job
[2012/01/02 10:37:00 | 000,000,286 | ---- | M] () -- C:\WINDOWS\Tasks\pixillionDowngrade.job
[2011/12/25 10:37:00 | 000,000,286 | ---- | M] () -- C:\WINDOWS\Tasks\pixillionShakeIcon.job
[2011/11/09 16:16:00 | 000,000,270 | ---- | M] () -- C:\WINDOWS\Tasks\prismShakeIcon.job
[2012/02/02 09:59:15 | 000,032,306 | ---- | M] () -- C:\WINDOWS\Tasks\SCHEDLGU.TXT
[2012/02/02 13:10:01 | 000,000,400 | ---- | M] () -- C:\WINDOWS\Tasks\SLOW-PCfighter-Administrator-Notification.job
[2012/02/02 13:10:01 | 000,000,372 | ---- | M] () -- C:\WINDOWS\Tasks\SLOW-PCfighter-Administrator-Startup.job
[2012/02/02 13:10:01 | 000,000,386 | ---- | M] () -- C:\WINDOWS\Tasks\SLOW-PCfighter-USERNAME-Notification.job
[2012/02/02 13:10:00 | 000,000,358 | ---- | M] () -- C:\WINDOWS\Tasks\SLOW-PCfighter-USERNAME-Startup.job
[2012/02/02 13:09:59 | 000,000,282 | ---- | M] () -- C:\WINDOWS\Tasks\SmartDefrag_Startup.job
[2011/11/09 16:16:00 | 000,000,278 | ---- | M] () -- C:\WINDOWS\Tasks\wavepadShakeIcon.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7631EA83
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BB5B0476
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ECF54A0E
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B63300D1

< End of report >


I removed Avira from the system in case of false positives. But it did seem to be detecting some 'nasties' that Stopzilla wasn't detecting. So here is the new OTL since the removal of Avira for your viewing pleasure.

OTL logfile created on: 2/6/2012 9:21:55 AM - Run 4
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\USERNAME\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.02 Gb Available Physical Memory | 51.31% Memory free
3.84 Gb Paging File | 3.08 Gb Available in Paging File | 80.15% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 49.80 Gb Total Space | 8.56 Gb Free Space | 17.18% Space Free | Partition Type: NTFS

Computer Name: D9S1K0B2 | User Name: USERNAME | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\USERNAME\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe (TuneUp Software)
PRC - C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe (TuneUp Software)
PRC - c:\Program Files\STOPzilla!\STOPzilla.exe (iS3, Inc.)
PRC - c:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe (iS3, Inc.)
PRC - C:\Program Files\Fighters\Tray\FightersTray.exe (SPAMfighter ApS)
PRC - C:\Program Files\NETGATE\Registry Cleaner\RegistryCleanerSrv.exe (NETGATE Technologies s.r.o.)
PRC - C:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
PRC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe (WDC)
PRC - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe ()
PRC - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe ()
PRC - C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\HPZipm12.exe (HP)
PRC - C:\Program Files\SingleClick Systems\HomeNet Manager\hnm_svc.exe (SingleClick Systems)
PRC - C:\Program Files\Dell\QuickSet\NicConfigSvc.exe (Dell Inc.)
PRC - C:\Documents and Settings\USERNAME\Start Menu\Programs\Startup\hpqtra08.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe (Hewlett-Packard Development Company, L.P.)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\b1eabc18afef201a6e87c58d943ea7ad\System.Transactions.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\865390db0278ac64f667038656d9c25f\System.ServiceProcess.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\c578c4ffd883b1aee83c94b4520b1969\System.EnterpriseServices.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\7b8c110eb026c5e6bb8ad47a29b82100\System.Management.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\53ee59e52e646271274d2494480d1797\System.Configuration.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\67bce2b25897e074ba865016315fbc89\System.Xml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\9158e23b927682c7d25f6be518955252\System.Data.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\6836a951700c2eb01a933212425cda4e\System.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll ()
MOD - C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll ()
MOD - C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - c:\windows\assembly\gac\hpqisrtb\4.0.0.0__a53cf5803f4c3827\hpqisrtb.dll ()
MOD - c:\windows\assembly\gac\hpqedit\3.0.0.0__a53cf5803f4c3827\hpqedit.dll ()
MOD - c:\windows\assembly\gac\hpqbakup\3.0.0.0__a53cf5803f4c3827\hpqbakup.dll ()
MOD - c:\windows\assembly\gac\hpqvideo\3.0.0.0__a53cf5803f4c3827\hpqvideo.dll ()
MOD - c:\windows\assembly\gac\hpqntrop\4.0.0.0__a53cf5803f4c3827\hpqntrop.dll ()
MOD - c:\windows\assembly\gac\hpqmdmr\4.0.0.0__a53cf5803f4c3827\hpqmdmr.dll ()
MOD - c:\windows\assembly\gac\hpqimlib\3.0.0.0__a53cf5803f4c3827\hpqimlib.dll ()
MOD - c:\windows\assembly\gac\hpqprrsc\4.0.0.0__a53cf5803f4c3827\hpqprrsc.dll ()
MOD - c:\windows\assembly\gac\hpqovskn\3.0.0.0__a53cf5803f4c3827\hpqovskn.dll ()
MOD - c:\windows\assembly\gac\interop.hpqcxm08\3.0.0.0__a53cf5803f4c3827\interop.hpqcxm08.dll ()
MOD - c:\windows\assembly\gac\interop.hpqvideo\4.0.0.0__a53cf5803f4c3827\interop.hpqvideo.dll ()
MOD - c:\windows\assembly\gac\interop.hpqimgr\4.0.0.0__a53cf5803f4c3827\interop.hpqimgr.dll ()
MOD - c:\windows\assembly\gac\interop.hprblog\3.0.0.0__a53cf5803f4c3827\interop.hprblog.dll ()
MOD - c:\windows\assembly\gac\hpqcprsc\3.0.0.0__a53cf5803f4c3827\hpqcprsc.dll ()
MOD - c:\windows\assembly\gac\hpqutils\4.0.0.0__a53cf5803f4c3827\hpqutils.dll ()
MOD - c:\windows\assembly\gac\hpqthumb\3.0.0.0__a53cf5803f4c3827\hpqthumb.dll ()
MOD - c:\windows\assembly\gac\hpqasset\4.0.0.0__a53cf5803f4c3827\hpqasset.dll ()
MOD - c:\windows\assembly\gac\hpqcc2\3.0.0.0__a53cf5803f4c3827\hpqcc2.dll ()
MOD - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe ()
MOD - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe ()
MOD - c:\windows\assembly\gac\lead.wrapper\13.0.0.113__9cf889f53ea9b907\lead.wrapper.dll ()
MOD - c:\windows\assembly\gac\lead.drawing\13.0.0.113__9cf889f53ea9b907\lead.drawing.dll ()
MOD - c:\windows\assembly\gac\lead\13.0.0.113__9cf889f53ea9b907\lead.dll ()
MOD - c:\windows\assembly\gac\lead.windows.forms.drawingcontainer\13.0.0.113__9cf889f53ea9b907\lead.windows.forms.drawingcontainer.dll ()
MOD - c:\windows\assembly\gac\lead.windows.forms\13.0.0.113__9cf889f53ea9b907\lead.windows.forms.dll ()
MOD - c:\windows\assembly\gac\lead.drawing.imaging.imageprocessing\13.0.0.113__9cf889f53ea9b907\lead.drawing.imaging.imageprocessing.dll ()
MOD - c:\windows\assembly\gac\lead.drawing.imaging.codecs\13.0.0.113__9cf889f53ea9b907\lead.drawing.imaging.codecs.dll ()
MOD - c:\windows\assembly\gac\hpqimvlt\3.0.0.0__a53cf5803f4c3827\hpqimvlt.dll ()
MOD - c:\windows\assembly\gac\hpqimgrc\4.0.0.0__a53cf5803f4c3827\hpqimgrc.dll ()
MOD - c:\windows\assembly\gac\hpqtray\4.0.0.0__a53cf5803f4c3827\hpqtray.dll ()
MOD - c:\windows\assembly\gac\hpqglutl\4.0.0.0__a53cf5803f4c3827\hpqglutl.dll ()
MOD - c:\windows\assembly\gac\hpqiface\4.0.0.0__a53cf5803f4c3827\hpqiface.dll ()
MOD - c:\windows\assembly\gac\hpqfmrsc\4.0.0.0__a53cf5803f4c3827\hpqfmrsc.dll ()
MOD - C:\WINDOWS\system32\msdmo.dll ()
MOD - C:\WINDOWS\system32\devenum.dll ()
MOD - C:\WINDOWS\system32\ventmon.dll ()
MOD - C:\WINDOWS\system32\bcm1xsup.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_301215ba\mscorlib.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_35232345\system.drawing.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_4904afa9\system.xml.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_b3a714e9\system.windows.forms.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_b73bfa67\system.dll ()
MOD - c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll ()
MOD - c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll ()
MOD - c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll ()
MOD - c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll ()
MOD - c:\windows\assembly\gac\accessibility\1.0.5000.0__b03f5f7f11d50a3a\accessibility.dll ()
MOD - C:\WINDOWS\system32\dtmon.dll ()


========== Win32 Services (SafeList) ==========

SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe (TuneUp Software)
SRV - (szserver) -- c:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe (iS3, Inc.)
SRV - (NGRegClnSrv) -- C:\Program Files\NETGATE\Registry Cleaner\RegistryCleanerSrv.exe (NETGATE Technologies s.r.o.)
SRV - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (WDDMService) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe (WDC)
SRV - (WDFME) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe ()
SRV - (WDSC) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe ()
SRV - (SwitchBoard) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)
SRV - (hnmsvc) -- C:\Program Files\SingleClick Systems\HomeNet Manager\hnm_svc.exe (SingleClick Systems)
SRV - (DSBrokerService) -- C:\Program Files\DellSupport\brkrsvc.exe ()
SRV - (NICCONFIGSVC) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe (Dell Inc.)
SRV - (Imapi Helper) -- C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe (Alex Feinman)


========== Driver Services (SafeList) ==========

DRV - (TuneUpUtilitiesDrv) -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys (TuneUp Software)
DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (szkg5) -- C:\WINDOWS\system32\DRIVERS\szkg.sys (iS3 Inc.)
DRV - (is3srv) -- C:\WINDOWS\system32\drivers\is3srv.sys (iS3 Inc.)
DRV - (szkgfs) -- C:\WINDOWS\system32\drivers\szkgfs.sys (iS3, Inc.)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (nhcDriverDevice) -- C:\WINDOWS\system32\drivers\nhcDriver.sys (Notebook Hardware Control)
DRV - (SmartDefragDriver) -- C:\WINDOWS\System32\Drivers\SmartDefragDriver.sys ()
DRV - (VirtualFD) -- C:\Virtual Floppy\WAJUNE15\vfd.sys (Ken Kato)
DRV - (INIDVD) -- C:\WINDOWS\system32\drivers\inidvd.sys (Initio Corporation)
DRV - (mcdbus) -- C:\WINDOWS\system32\drivers\mcdbus.sys (MagicISO, Inc.)
DRV - (WDC_SAM) -- C:\WINDOWS\system32\drivers\wdcsam.sys (Western Digital Technologies)
DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corp.)
DRV - (BVRPMPR5) -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS (Avanquest Software)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (NWADI) -- C:\WINDOWS\system32\drivers\NWADIenum.sys (Novatel Wireless Inc)
DRV - (NWUSBPort) -- C:\WINDOWS\system32\drivers\nwusbser.sys (Novatel Wireless Inc.)
DRV - (NWUSBModem) -- C:\WINDOWS\system32\drivers\nwusbmdm.sys (Novatel Wireless Inc.)
DRV - (dsunidrv) -- C:\WINDOWS\system32\drivers\dsunidrv.sys (Gteko Ltd.)
DRV - (bcm4sbxp) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys (Broadcom Corporation)
DRV - (rimmptsk) -- C:\WINDOWS\system32\drivers\rimmptsk.sys (REDC)
DRV - (rimsptsk) -- C:\WINDOWS\system32\drivers\rimsptsk.sys (REDC)
DRV - (rismxdp) -- C:\WINDOWS\system32\drivers\rixdptsk.sys (REDC)
DRV - (DSproct) -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys (Gteko Ltd.)
DRV - (APPDRV) -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS (Dell Inc)
DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.)
DRV - (omci) -- C:\WINDOWS\system32\drivers\omci.sys (Dell Inc)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.clusty.com/
IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/...TDF&PC=BBLN&q="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811&ilc=12"
FF - prefs.js..browser.search.selectedEngine: "Amazon.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.bing.com"
FF - prefs.js..browser.startup.homepage: "http://www.bing.com/?pc=MOZO"
FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:4.6.5
FF - prefs.js..extensions.enabledItems: {9757e92f-94d4-4b02-ba2d-0454955c7e4b}:1.6.1
FF - prefs.js..extensions.enabledItems: {4776510a-a1f4-41f3-a3c8-35b474ecef23}:1.0.8
FF - prefs.js..extensions.enabledItems: [email protected]:1.6.1
FF - prefs.js..extensions.enabledItems: {9669CC8F-B388-42FE-86F4-CB5E7F5A8BDC}:6.0.4
FF - prefs.js..extensions.enabledItems: {35106bca-6c78-48c7-ac28-56df30b51d2b}:1.1.12
FF - prefs.js..extensions.enabledItems: {6e84150a-d526-41f1-a480-a67d3fed910d}:1.4.5.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.3
FF - prefs.js..extensions.enabledItems: [email protected]:0.7.61a
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1178
FF - prefs.js..extensions.enabledItems: [email protected]:1.2
FF - prefs.js..extensions.enabledItems: [email protected]:1.2.9
FF - prefs.js..extensions.enabledItems: {c8f71e5b-88f8-42a7-98bb-e4c506161de9}:0.4
FF - prefs.js..extensions.enabledItems: {e2c58150-9d72-11dd-ad8b-0800200c9a66}:1.3.1
FF - prefs.js..extensions.enabledItems: {2dc42b10-7622-11de-8a39-0800200c9a66}:1.1.5
FF - prefs.js..extensions.enabledItems: [email protected]:0.6.20101009
FF - prefs.js..keyword.URL: "http://search.yahoo....type=937811&p="
FF - prefs.js..network.proxy.type: 0


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKCU\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine: File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/02 08:48:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/01/15 17:08:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/10/25 06:56:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2012/01/15 17:08:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\SeaMonkey 1.1.1\Extensions\\Components: C:\Program Files\mozilla.org\SeaMonkey\Components [2011/09/22 06:35:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\SeaMonkey 1.1.1\Extensions\\Plugins: C:\Program Files\mozilla.org\SeaMonkey\Plugins [2012/01/15 17:08:55 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey 1.1.1\Extensions\\Components: C:\Program Files\mozilla.org\SeaMonkey\Components [2011/09/22 06:35:44 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey 1.1.1\Extensions\\Plugins: C:\Program Files\mozilla.org\SeaMonkey\Plugins [2012/01/15 17:08:55 | 000,000,000 | ---D | M]

[2011/01/15 10:36:48 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\USERNAME\Application Data\Mozilla\Extensions
[2011/01/15 10:36:48 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\USERNAME\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2008/09/08 13:52:33 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\USERNAME\Application Data\Mozilla\Extensions\{6334D996-EA3E-4a0e-AA8D-15BA56B37241}
[2012/02/03 15:16:49 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\USERNAME\Application Data\Mozilla\Firefox\Profiles\c7y2m18d.default\extensions
[2011/08/27 13:44:15 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Documents and Settings\USERNAME\Application Data\Mozilla\Firefox\Profiles\c7y2m18d.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2012/01/23 07:30:38 | 000,000,000 | ---D | M] (HP Detect) -- C:\Documents and Settings\USERNAME\Application Data\Mozilla\Firefox\Profiles\c7y2m18d.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}
[2012/02/03 15:16:49 | 000,000,000 | ---D | M] (Open With Photoshop) -- C:\Documents and Settings\USERNAME\Application Data\Mozilla\Firefox\Profiles\c7y2m18d.default\extensions\{f3f219f9-cbce-467e-b8fe-6e076d29665c}
[2006/06/11 14:46:05 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\USERNAME\Application Data\Mozilla\Firefox\Profiles\c7y2m18d.default\extensions\{FB5A4470-185E-442a-AF55-7F4669A5FF9F}-trash
[2010/08/21 18:37:29 | 000,000,000 | ---D | M] (Open in IE) -- C:\Documents and Settings\USERNAME\Application Data\Mozilla\Firefox\Profiles\c7y2m18d.default\extensions\[email protected]
[2011/01/05 08:18:19 | 000,001,919 | ---- | M] () -- C:\Documents and Settings\USERNAME\Application Data\Mozilla\Firefox\Profiles\c7y2m18d.default\searchplugins\bing-zugo.xml
[2010/11/11 18:06:35 | 000,000,570 | ---- | M] () -- C:\Documents and Settings\USERNAME\Application Data\Mozilla\Firefox\Profiles\c7y2m18d.default\searchplugins\bing.xml
[2009/08/03 15:45:45 | 000,005,349 | ---- | M] () -- C:\Documents and Settings\USERNAME\Application Data\Mozilla\Firefox\Profiles\c7y2m18d.default\searchplugins\clusty.xml
[2010/09/04 08:04:49 | 000,001,632 | ---- | M] () -- C:\Documents and Settings\USERNAME\Application Data\Mozilla\Firefox\Profiles\c7y2m18d.default\searchplugins\yauba.xml
[2011/12/19 13:23:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
() (No name found) -- C:\DOCUMENTS AND SETTINGS\USERNAME\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\C7Y2M18D.DEFAULT\EXTENSIONS\{0545B830-F0AA-4D7E-8820-50A4629A56FE}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\USERNAME\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\C7Y2M18D.DEFAULT\EXTENSIONS\{2A1D5949-B519-4924-BF62-8522FE0D5274}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\USERNAME\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\C7Y2M18D.DEFAULT\EXTENSIONS\{6E84150A-D526-41F1-A480-A67D3FED910D}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\USERNAME\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\C7Y2M18D.DEFAULT\EXTENSIONS\{D40F5E7B-D2CF-4856-B441-CC613EEFFBE3}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\USERNAME\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\C7Y2M18D.DEFAULT\EXTENSIONS\[email protected]
[2012/02/02 08:48:01 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2007/08/29 16:47:44 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\mozilla firefox\plugins\npbittorrent.dll
[2011/10/03 13:25:02 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/09 20:20:05 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Bing (Enabled)
CHR - default_search_provider: search_url = http://www.bing.com/...q={searchTerms}
CHR - default_search_provider: suggest_url = http://api.bing.com/...uage={language}
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\USERNAME\Local Settings\Application Data\Google\Chrome\Application\10.0.648.151\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.3.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.3.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.3.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.3.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.3.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.3.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.3.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60129.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\USERNAME\Local Settings\Application Data\Google\Chrome\Application\10.0.648.151\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Documents and Settings\USERNAME\Local Settings\Application Data\Google\Chrome\Application\10.0.648.151\gears.dll
CHR - plugin: BitTorrent (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\USERNAME\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: DNA Plug-in (Enabled) = C:\Program Files\DNA\plugins\npbtdna.dll
CHR - plugin: Garmin Communicator Plug-In (Enabled) = C:\Program Files\Garmin GPS Plugin\npGarmin.dll
CHR - plugin: RealNetworks Rhapsody Player Engine (Enabled) = C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll
CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Entanglement = C:\Documents and Settings\USERNAME\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.1.1_0\
CHR - Extension: Poppit = C:\Documents and Settings\USERNAME\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\

O1 HOSTS File: ([2011/10/31 14:26:22 | 000,000,123 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ÿþ1 2 7 . 0 . 0 . 1 l o c a l h o s t
O1 - Hosts: : : 1 l o c a l h o s t
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\ShellBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [CommonToolkitTray] C:\Program Files\Fighters\Tray\FightersTray.exe (SPAMfighter ApS)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [Nikon Transfer Monitor] C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\Sigmatel\C-Major Audio\WDM\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Development Company, L.P.)
O4 - Startup: C:\Documents and Settings\USERNAME\Start Menu\Programs\Startup\hpqtra08.exe (Hewlett-Packard Development Company, L.P.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Search - Reg Error: Value error. File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Documents and Settings\USERNAME\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (Intertrust Technologies, Inc.)
O15 - HKLM\..Trusted Domains: musicmatch.com ([online] https in Trusted sites)
O15 - HKCU\..Trusted Domains: //@install.mar@ ([]msni in My Computer)
O15 - HKCU\..Trusted Domains: //@mail.mar@ ([]msni in Local intranet)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.micros...ntent/opuc3.cab (Office Update Installation Engine)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcaf...01/mcinsctl.cab (Reg Error: Value error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1148938412196 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_02)
O16 - DPF: {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_01)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_04)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_02)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_02)
O16 - DPF: Garmin Communicator Plug-In https://my.garmin.co...inAxControl.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F7C831FD-CCB7-42D0-B979-8DA635B30FF7}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (C:\WINDOWS\system32\wbsys.dll) -C:\WINDOWS\system32\wbsys.dll (Stardock.Net, Inc)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\avgrsstarter: DllName - (avgrsstx.dll) - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\TPSvc: DllName - (TPSvc.dll) - File not found
O20 - Winlogon\Notify\WBSrv: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O24 - Desktop WallPaper: C:\Documents and Settings\All Users\Documents\Stardock\WindowBlinds\USERNAMEwall2.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\All Users\Documents\Stardock\WindowBlinds\USERNAMEwall2.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [2006/06/15 12:18:20 | 000,000,008 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{29979f18-395f-11e0-9873-0016ce504313}\Shell\AutoRun\command - "" = J:\PMBP_Win.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2012/02/02 09:37:02 | 000,026,696 | R--- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\pavboot.sys
[2012/02/02 09:23:14 | 004,395,504 | ---- | C] (Swearware) -- C:\Documents and Settings\USERNAME\Desktop\Combo-Fix.exe
[2012/02/02 08:29:42 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\USERNAME\Desktop\OTL.exe
[2012/02/01 08:26:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\TuneUp Software
[2012/01/31 11:32:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2012/01/29 18:33:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\USERNAME\Application Data\Avira
[2012/01/28 21:11:32 | 000,000,000 | ---D | C] -- C:\Router CFG BKUP
[2012/01/28 09:22:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinUtilities
[2012/01/28 09:22:00 | 000,544,768 | ---- | C] (Stardock Corporation) -- C:\WINDOWS\System32\wbocx.ocx
[2012/01/28 09:22:00 | 000,056,496 | ---- | C] (Stardock.Net, Inc) -- C:\WINDOWS\System32\wbhelp2.dll
[2012/01/28 09:22:00 | 000,033,968 | ---- | C] (Neil Banfield) -- C:\WINDOWS\System32\anim.dll
[2012/01/28 09:21:59 | 000,000,000 | ---D | C] -- C:\Program Files\WinUtilities
[2012/01/26 22:29:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\USERNAME\My Documents\Open Office Templates
[2012/01/26 13:30:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\USERNAME\Desktop\PDF TEMPLATE
[2012/01/26 12:49:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\USERNAME\Application Data\OpenOffice.org
[2012/01/25 08:23:06 | 000,031,552 | ---- | C] (TuneUp Software) -- C:\WINDOWS\System32\TURegOpt.exe
[2012/01/25 08:23:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\TuneUp Utilities 2012
[2012/01/25 08:22:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\USERNAME\Application Data\TuneUp Software
[2012/01/25 08:22:30 | 000,000,000 | ---D | C] -- C:\Program Files\TuneUp Utilities 2012
[2012/01/25 08:21:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2012/01/25 08:21:31 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Application Data\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[2012/01/24 22:38:38 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\USERNAME\Recent
[2012/01/24 22:28:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[2012/01/24 18:58:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\USERNAME\Application Data\NETGATE Registry Cleaner
[2012/01/24 18:58:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\NETGATE Registry Cleaner
[2012/01/24 18:58:03 | 000,000,000 | ---D | C] -- C:\Program Files\NETGATE
[2012/01/24 17:35:17 | 000,000,000 | --SD | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\OpenOffice.org 3.1
[2012/01/24 17:34:17 | 000,000,000 | ---D | C] -- C:\Program Files\JRE
[2012/01/24 17:34:12 | 000,000,000 | ---D | C] -- C:\Program Files\OpenOffice.org 3
[2012/01/23 13:03:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}
[2012/01/23 08:20:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\USERNAME\Desktop\New Folder
[2012/01/22 19:41:15 | 000,000,000 | ---D | C] -- C:\e23c51f1e61af4e13aa07d
[2012/01/22 19:41:10 | 000,000,000 | ---D | C] -- C:\7f4b6b0247e825ce26888e949924c2ca
[2012/01/20 21:26:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\USERNAME\Application Data\Promethean
[2012/01/20 21:26:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\USERNAME\My Documents\Activ Software
[2012/01/20 21:02:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Activ Software
[2012/01/20 21:02:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Activ Software
[2012/01/20 21:02:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Promethean
[2012/01/20 21:01:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\USERNAME\Application Data\ACTIV Software
[2012/01/20 21:01:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Activ Software
[2012/01/20 21:01:42 | 000,000,000 | ---D | C] -- C:\Program Files\Activ Software
[2012/01/20 21:01:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Activ Software
[2012/01/20 06:52:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\USERNAME\Desktop\Jr. Peacock-PHOTOS
[2012/01/16 14:38:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\USERNAME\My Documents\TubeTilla
[2012/01/15 17:50:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\USERNAME\Desktop\Photo Recovery Software
[2012/01/15 14:46:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\USERNAME\My Documents\Adobe Photoshop Tutorials
[2012/01/11 12:02:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\USERNAME\My Documents\My Albums
[2012/01/11 11:10:08 | 000,000,000 | ---D | C] -- C:\bin
[2012/01/10 16:58:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\USERNAME\Local Settings\Application Data\Sun
[2012/01/10 13:32:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2012/01/10 13:31:51 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2012/01/10 13:31:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2012/01/10 13:30:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2012/01/10 13:30:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\USERNAME\Local Settings\Application Data\Apple
[2012/01/10 13:30:37 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2012/01/10 13:30:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple
[2012/01/10 13:23:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2012/01/10 12:33:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2012/01/10 11:48:48 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2012/01/10 11:16:54 | 000,000,000 | ---D | C] -- C:\4360808b5f622d14930475cf
[2012/01/10 09:28:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\USERNAME\Start Menu\Programs\Glarysoft
[2012/01/10 09:28:49 | 000,000,000 | ---D | C] -- C:\Program Files\Glarysoft
[2012/01/09 18:11:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\USERNAME\Desktop\mscoree
[2012/01/09 17:34:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\USERNAME\Application Data\DriverCure
[2012/01/09 17:34:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\USERNAME\Application Data\ParetoLogic
[2012/01/09 17:34:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[242 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[24 C:\WINDOWS\Fonts\*.tmp files -> C:\WINDOWS\Fonts\*.tmp -> ]
[24 C:\WINDOWS\Fonts\*.tmp files -> C:\WINDOWS\Fonts\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2026/03/05 06:34:17 | 000,003,120 | ---- | M] () -- C:\WINDOWS\System\MSVFWIN.DLL
[2012/02/06 08:42:00 | 000,000,400 | ---- | M] () -- C:\WINDOWS\tasks\SLOW-PCfighter-Administrator-Notification.job
[2012/02/06 02:00:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-D9S1K0B2-USERNAME.job
[2012/02/05 22:35:00 | 000,000,386 | ---- | M] () -- C:\WINDOWS\tasks\SLOW-PCfighter-USERNAME-Notification.job
[2012/02/05 10:22:41 | 000,001,944 | ---- | M] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2012/02/05 10:20:40 | 000,013,696 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/02/05 10:19:30 | 000,000,372 | ---- | M] () -- C:\WINDOWS\tasks\SLOW-PCfighter-Administrator-Startup.job
[2012/02/05 10:19:30 | 000,000,358 | ---- | M] () -- C:\WINDOWS\tasks\SLOW-PCfighter-USERNAME-Startup.job
[2012/02/05 10:19:30 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\SmartDefrag_Startup.job
[2012/02/05 10:19:20 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/02/03 21:10:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/02/03 12:06:00 | 000,027,246 | ---- | M] () -- C:\Documents and Settings\USERNAME\My Documents\Bio for Art Show.odt
[2012/02/02 09:34:02 | 017,390,080 | ---- | M] () -- C:\Documents and Settings\USERNAME\Desktop\PandaActiveScanCleaner.msi
[2012/02/02 09:25:06 | 000,160,350 | ---- | M] () -- C:\Documents and Settings\USERNAME\Desktop\JavaRa.zip
[2012/02/02 09:22:51 | 004,395,504 | ---- | M] (Swearware) -- C:\Documents and Settings\USERNAME\Desktop\Combo-Fix.exe
[2012/02/02 09:21:37 | 000,724,952 | ---- | M] () -- C:\Documents and Settings\USERNAME\Desktop\avenger.zip
[2012/02/02 07:57:22 | 000,000,046 | ---- | M] () -- C:\WINDOWS\System32\_WKERNEL.FRE
[2012/02/01 11:36:27 | 003,488,232 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/02/01 09:36:56 | 000,000,286 | ---- | M] () -- C:\WINDOWS\reimage.ini
[2012/02/01 09:22:34 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\USERNAME\Desktop\MBR.dat
[2012/02/01 09:14:27 | 004,733,440 | ---- | M] (AVAST Software) -- C:\Documents and Settings\USERNAME\Desktop\aswMBR.exe
[2012/01/31 13:02:25 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\USERNAME\Desktop\OTL.exe
[2012/01/30 14:24:00 | 000,000,294 | ---- | M] () -- C:\WINDOWS\tasks\expressburnDowngrade.job
[2012/01/30 11:48:08 | 000,031,968 | ---- | M] () -- C:\Documents and Settings\USERNAME\My Documents\Is it a waste of time to write congress.odt
[2012/01/28 20:36:00 | 000,910,745 | ---- | M] () -- C:\Documents and Settings\USERNAME\Desktop\MM061A17.exe
[2012/01/28 09:22:03 | 000,000,643 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\WinUtilities.lnk
[2012/01/26 16:36:40 | 000,000,151 | ---- | M] () -- C:\WINDOWS\Ulead32.ini
[2012/01/25 08:23:03 | 000,001,747 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TuneUp 1-Click Maintenance.lnk
[2012/01/25 08:23:03 | 000,001,741 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TuneUp Utilities 2012.lnk
[2012/01/24 22:36:27 | 000,000,594 | ---- | M] () -- C:\Documents and Settings\USERNAME\My Documents\cc_20120124_223622.reg
[2012/01/24 18:58:05 | 000,000,873 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\NETGATE Registry Cleaner.lnk
[2012/01/24 17:35:17 | 000,000,905 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\OpenOffice.org 3.1.lnk
[2012/01/23 10:34:53 | 000,116,458 | ---- | M] () -- C:\WINDOWS\hpoins11.dat
[2012/01/23 10:20:00 | 000,000,733 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HP Photosmart Essential.lnk
[2012/01/22 16:23:09 | 000,546,098 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/01/22 16:23:08 | 000,100,552 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/01/20 22:04:09 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\doxillionShakeIcon.job
[2012/01/20 21:42:10 | 000,033,645 | ---- | M] () -- C:\Documents and Settings\USERNAME\Desktop\Energy Study Guide2011.pdf
[2012/01/20 21:02:54 | 000,002,028 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ActivInspire.lnk
[2012/01/20 09:14:00 | 000,000,308 | ---- | M] () -- C:\WINDOWS\tasks\expressburnShakeIcon.job
[2012/01/20 09:07:00 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\mixpadShakeIcon.job
[2012/01/17 09:25:10 | 000,007,096 | ---- | M] () -- C:\Documents and Settings\USERNAME\My Documents\cc_20120117_092506.reg
[2012/01/15 18:45:44 | 000,015,716 | ---- | M] () -- C:\Documents and Settings\USERNAME\My Documents\cc_20120115_184540.reg
[2012/01/15 17:57:47 | 000,000,020 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLbx.DAT
[2012/01/15 00:04:06 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/01/13 09:52:22 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\USERNAME\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/01/11 15:56:40 | 000,003,072 | ---- | M] () -- C:\Documents and Settings\USERNAME\My Documents\cc_20120111_155636.reg
[2012/01/11 11:29:43 | 000,000,291 | RHS- | M] () -- C:\boot.ini
[2012/01/11 11:10:12 | 000,001,894 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HP Document Viewer.lnk
[2012/01/11 11:08:55 | 000,000,898 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HP Photosmart Premier.lnk
[2012/01/11 11:08:55 | 000,000,798 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk
[2012/01/11 10:24:55 | 000,138,317 | ---- | M] () -- C:\Documents and Settings\USERNAME\Desktop\HP Solution for Plug and Play - XP.mht
[2012/01/11 07:22:42 | 000,018,346 | ---- | M] () -- C:\Documents and Settings\USERNAME\My Documents\cc_20120111_072234.reg
[2012/01/10 17:12:21 | 000,005,184 | ---- | M] () -- C:\Documents and Settings\USERNAME\My Documents\cc_20120110_171211.reg
[2012/01/10 13:42:32 | 000,001,496 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\COWON Media Center - jetAudio.lnk
[2012/01/10 13:36:57 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2012/01/10 13:20:13 | 000,000,760 | ---- | M] () -- C:\Documents and Settings\USERNAME\Application Data\Microsoft\Internet Explorer\Quick Launch\InfraRecorder.lnk
[2012/01/10 13:19:05 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2012/01/10 13:17:28 | 000,001,475 | ---- | M] () -- C:\Documents and Settings\USERNAME\Desktop\Windows Explorer.lnk
[2012/01/10 12:35:41 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2012/01/10 09:28:50 | 000,000,877 | ---- | M] () -- C:\Documents and Settings\USERNAME\Desktop\Registry Repair.lnk
[2012/01/09 18:11:21 | 000,000,290 | ---- | M] () -- C:\WINDOWS\tasks\expresszipShakeIcon.job
[2012/01/09 16:38:27 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2012/01/09 16:38:26 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[242 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2026/03/05 06:34:17 | 000,003,120 | ---- | C] () -- C:\WINDOWS\System\MSVFWIN.DLL
[2012/02/05 10:22:38 | 000,001,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2012/02/03 12:05:59 | 000,027,246 | ---- | C] () -- C:\Documents and Settings\USERNAME\My Documents\Bio for Art Show.odt
[2012/02/02 09:33:41 | 017,390,080 | ---- | C] () -- C:\Documents and Settings\USERNAME\Desktop\PandaActiveScanCleaner.msi
[2012/02/02 09:25:19 | 000,160,350 | ---- | C] () -- C:\Documents and Settings\USERNAME\Desktop\JavaRa.zip
[2012/02/02 09:21:44 | 000,724,952 | ---- | C] () -- C:\Documents and Settings\USERNAME\Desktop\avenger.zip
[2012/02/01 09:22:34 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\USERNAME\Desktop\MBR.dat
[2012/01/30 11:48:07 | 000,031,968 | ---- | C] () -- C:\Documents and Settings\USERNAME\My Documents\Is it a waste of time to write congress.odt
[2012/01/28 20:36:07 | 000,910,745 | ---- | C] () -- C:\Documents and Settings\USERNAME\Desktop\MM061A17.exe
[2012/01/28 09:22:10 | 000,000,046 | ---- | C] () -- C:\WINDOWS\System32\_WKERNEL.FRE
[2012/01/28 09:22:03 | 000,000,643 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\WinUtilities.lnk
[2012/01/28 09:21:59 | 000,000,439 | ---- | C] () -- C:\WINDOWS\System32\shfolder.inf
[2012/01/25 08:23:03 | 000,001,747 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\TuneUp Utilities 2012.lnk
[2012/01/25 08:23:03 | 000,001,747 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TuneUp 1-Click Maintenance.lnk
[2012/01/25 08:23:03 | 000,001,741 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TuneUp Utilities 2012.lnk
[2012/01/24 22:36:25 | 000,000,594 | ---- | C] () -- C:\Documents and Settings\USERNAME\My Documents\cc_20120124_223622.reg
[2012/01/24 18:58:05 | 000,000,873 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\NETGATE Registry Cleaner.lnk
[2012/01/24 17:35:17 | 000,000,905 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\OpenOffice.org 3.1.lnk
[2012/01/23 10:34:52 | 000,116,458 | ---- | C] () -- C:\WINDOWS\hpoins11.dat
[2012/01/23 10:20:00 | 000,000,733 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HP Photosmart Essential.lnk
[2012/01/20 22:04:09 | 000,000,286 | ---- | C] () -- C:\WINDOWS\tasks\doxillionShakeIcon.job
[2012/01/20 21:42:10 | 000,033,645 | ---- | C] () -- C:\Documents and Settings\USERNAME\Desktop\Energy Study Guide2011.pdf
[2012/01/20 21:02:54 | 000,002,028 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ActivInspire.lnk
[2012/01/17 09:25:08 | 000,007,096 | ---- | C] () -- C:\Documents and Settings\USERNAME\My Documents\cc_20120117_092506.reg
[2012/01/17 08:42:39 | 000,000,372 | ---- | C] () -- C:\WINDOWS\tasks\SLOW-PCfighter-Administrator-Startup.job
[2012/01/17 08:42:29 | 000,000,400 | ---- | C] () -- C:\WINDOWS\tasks\SLOW-PCfighter-Administrator-Notification.job
[2012/01/15 18:45:42 | 000,015,716 | ---- | C] () -- C:\Documents and Settings\USERNAME\My Documents\cc_20120115_184540.reg
[2012/01/13 09:52:22 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\USERNAME\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/01/11 15:56:38 | 000,003,072 | ---- | C] () -- C:\Documents and Settings\USERNAME\My Documents\cc_20120111_155636.reg
[2012/01/11 11:10:12 | 000,001,894 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HP Document Viewer.lnk
[2012/01/11 11:08:55 | 000,000,898 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HP Photosmart Premier.lnk
[2012/01/11 11:08:55 | 000,000,798 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk
[2012/01/11 10:59:01 | 000,011,634 | ---- | C] () -- C:\WINDOWS\hpomdl11.dat
[2012/01/11 10:24:54 | 000,138,317 | ---- | C] () -- C:\Documents and Settings\USERNAME\Desktop\HP Solution for Plug and Play - XP.mht
[2012/01/11 07:22:39 | 000,018,346 | ---- | C] () -- C:\Documents and Settings\USERNAME\My Documents\cc_20120111_072234.reg
[2012/01/10 17:12:18 | 000,005,184 | ---- | C] () -- C:\Documents and Settings\USERNAME\My Documents\cc_20120110_171211.reg
[2012/01/10 13:42:32 | 000,001,496 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\COWON Media Center - jetAudio.lnk
[2012/01/10 13:36:57 | 000,002,347 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2012/01/10 13:36:57 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2012/01/10 13:30:42 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/01/10 13:30:37 | 000,001,830 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk
[2012/01/10 13:19:05 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2012/01/10 09:28:50 | 000,000,877 | ---- | C] () -- C:\Documents and Settings\USERNAME\Desktop\Registry Repair.lnk
[2012/01/09 18:11:20 | 000,000,290 | ---- | C] () -- C:\WINDOWS\tasks\expresszipShakeIcon.job
[2012/01/09 11:48:29 | 000,000,286 | ---- | C] () -- C:\WINDOWS\reimage.ini
[2011/11/30 18:00:32 | 000,256,066 | ---- | C] () -- C:\Documents and Settings\USERNAME\Local Settings\Application Data\census.cache
[2011/11/30 18:00:18 | 000,256,571 | ---- | C] () -- C:\Documents and Settings\USERNAME\Local Settings\Application Data\ars.cache
[2011/11/20 18:03:15 | 000,044,544 | ---- | C] () -- C:\WINDOWS\System32\Gif89.dll
[2011/11/09 19:25:22 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2011/10/31 09:47:36 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\USERNAME\Local Settings\Application Data\housecall.guid.cache
[2011/10/31 08:48:06 | 000,000,797 | ---- | C] () -- C:\Documents and Settings\USERNAME\Application Data\Launch Internet Explorer Browser.lnk
[2011/05/23 18:03:47 | 000,000,056 | ---- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2011/05/17 14:26:54 | 000,029,520 | ---- | C] () -- C:\WINDOWS\System32\SmartDefragBootTime.exe
[2011/05/17 14:26:54 | 000,013,496 | ---- | C] () -- C:\WINDOWS\System32\drivers\SmartDefragDriver.sys
[2011/04/01 11:38:06 | 000,001,456 | ---- | C] () -- C:\Documents and Settings\USERNAME\Local Settings\Application Data\Adobe Save for Web 12.0 Prefs
[2011/02/02 18:59:04 | 000,034,640 | ---- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/10/21 08:32:33 | 000,000,099 | ---- | C] () -- C:\WINDOWS\SAWReg.ini
[2010/10/16 13:16:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ViewNX.INI
[2010/09/21 12:59:19 | 000,000,145 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
[2010/08/22 16:43:42 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\USERNAME\Local Settings\Application Data\prvlcl.dat
[2010/08/20 14:19:22 | 000,000,365 | ---- | C] () -- C:\WINDOWS\lgfwup.ini
[2010/08/14 21:35:31 | 000,000,268 | R--- | C] () -- C:\Documents and Settings\All Users\Application Data\Application Support
[2010/08/14 21:35:31 | 000,000,268 | R--- | C] () -- C:\Documents and Settings\USERNAME\Application Data\Analog Sync
[2010/08/14 21:35:31 | 000,000,020 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLck.DAT
[2010/08/14 21:35:31 | 000,000,012 | R--- | C] () -- C:\Documents and Settings\All Users\Application Data\Filesystems
[2010/08/14 21:35:23 | 000,000,268 | R--- | C] () -- C:\Documents and Settings\All Users\Application Data\Applications
[2010/08/14 21:35:23 | 000,000,268 | R--- | C] () -- C:\Documents and Settings\USERNAME\Application Data\Animals
[2010/08/14 21:35:23 | 000,000,012 | R--- | C] () -- C:\Documents and Settings\All Users\Application Data\Filters
[2010/08/14 20:07:38 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLbx.DAT
[2010/08/14 19:04:26 | 000,000,268 | R--- | C] () -- C:\Documents and Settings\All Users\Application Data\Specifications
[2010/08/14 19:04:26 | 000,000,268 | R--- | C] () -- C:\Documents and Settings\USERNAME\Application Data\Sounds
[2010/08/14 19:04:26 | 000,000,020 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdw.DAT
[2010/08/14 18:54:09 | 000,000,268 | R--- | C] () -- C:\Documents and Settings\All Users\Application Data\Space Choir
[2010/08/14 18:54:09 | 000,000,268 | R--- | C] () -- C:\Documents and Settings\USERNAME\Application Data\Solid Colors
[2010/08/14 18:54:09 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT
[2010/03/12 15:04:39 | 000,094,215 | ---- | C] () -- C:\WINDOWS\hpqins09.dat
[2010/03/12 14:47:25 | 000,070,835 | ---- | C] () -- C:\WINDOWS\hpqins04.dat
[2009/11/19 19:49:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\WB.ini
[2009/11/19 12:35:34 | 000,002,048 | ---- | C] () -- C:\WINDOWS\System32\Tr_sttool.dat
[2009/11/14 10:04:48 | 001,421,763 | ---- | C] () -- C:\WINDOWS\System32\Snow Chill.exe
[2009/10/19 20:03:56 | 000,000,054 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2009/10/19 20:03:56 | 000,000,039 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2009/10/14 12:17:17 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\ventmon.dll
[2009/09/14 16:31:48 | 000,000,090 | ---- | C] () -- C:\WINDOWS\System32\faxman32.INI
[2009/09/14 16:25:47 | 000,051,200 | ---- | C] () -- C:\WINDOWS\System32\dtmon.dll
[2009/09/14 16:25:45 | 000,002,219 | ---- | C] () -- C:\WINDOWS\OEDEVKIT.INI
[2009/09/14 16:25:45 | 000,000,761 | ---- | C] () -- C:\WINDOWS\BTI.INI
[2009/09/14 16:25:44 | 000,015,840 | ---- | C] () -- C:\WINDOWS\System32\MACHNM1.EXE
[2009/09/14 16:25:33 | 000,000,030 | ---- | C] () -- C:\WINDOWS\MAINPATH.INI
[2009/09/14 16:25:22 | 000,000,065 | ---- | C] () -- C:\WINDOWS\WININI.INI
[2009/08/20 11:47:43 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\Stac97co.dll
[2009/08/14 09:57:44 | 000,006,144 | ---- | C] () -- C:\WINDOWS\System32\ClassXps.dll
[2009/07/26 14:47:56 | 000,000,045 | ---- | C] () -- C:\WINDOWS\System32\RPVersion.ini
[2009/07/22 17:51:04 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\ncvDS61.dll
[2009/07/22 17:51:04 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\ncCompress.dll
[2009/07/22 17:51:04 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\ncUtil62.dll
[2009/07/22 17:51:03 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\nczlib.dll
[2009/07/22 17:51:03 | 000,053,760 | ---- | C] () -- C:\WINDOWS\System32\zlib32.dll
[2009/06/19 17:41:15 | 000,000,227 | ---- | C] () -- C:\WINDOWS\HP_CounterReport_Update_HPSU.ini
[2009/04/13 16:36:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Ntuximeqaguvimu.bin
[2009/04/13 16:36:09 | 000,000,408 | ---- | C] () -- C:\WINDOWS\Sjomiqefamete.dat
[2009/04/10 07:30:11 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2009/04/10 07:05:22 | 000,000,234 | ---- | C] () -- C:\WINDOWS\PrnHlpLogConfig.ini
[2009/04/10 06:59:37 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_InstantSHareJPG.ini
[2009/03/26 12:41:33 | 002,682,880 | ---- | C] () -- C:\WINDOWS\System32\vcredist_x86.exe
[2009/03/26 12:26:59 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4814.dll
[2009/03/26 07:09:33 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/02/25 15:16:50 | 000,000,112 | ---- | C] () -- C:\WINDOWS\Sansa Media Converter.INI
[2009/02/25 14:27:39 | 000,230,096 | ---- | C] () -- C:\WINDOWS\System32\xactengine2_0.dll
[2009/01/19 12:16:59 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/01/19 11:16:46 | 000,002,272 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2009/01/09 10:09:28 | 000,000,563 | ---- | C] () -- C:\WINDOWS\PPViewer.INI
[2008/12/03 21:31:32 | 000,000,183 | ---- | C] () -- C:\WINDOWS\PlayListEditor.ini
[2008/09/30 09:17:31 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2007/05/06 11:04:13 | 000,000,016 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2007/04/24 19:27:41 | 000,118,784 | ---- | C] () -- C:\WINDOWS\SeaMonkeyUninstall.exe
[2007/04/24 19:27:24 | 000,118,784 | ---- | C] () -- C:\WINDOWS\GREUninstall.exe
[2007/03/28 12:49:00 | 000,001,226 | ---- | C] () -- C:\WINDOWS\flax.ini
[2007/03/28 09:17:39 | 000,000,463 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007/03/20 15:08:10 | 000,000,082 | ---- | C] () -- C:\WINDOWS\netdet.ini
[2007/03/13 14:07:52 | 000,000,013 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ÝÃÄ›Ò3113›.sys
[2007/03/12 18:23:15 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2007/03/12 18:23:12 | 000,536,576 | ---- | C] () -- C:\WINDOWS\System32\ciaSecurity.DLL
[2007/03/12 18:06:47 | 000,000,013 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ÝÙÃÄ3113›.sys
[2007/03/08 12:35:48 | 000,000,217 | ---- | C] () -- C:\WINDOWS\HP_IZClosingDiscErrorPatch.ini
[2007/03/08 12:34:47 | 000,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
[2007/01/14 22:04:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iplayer.INI
[2007/01/02 23:36:43 | 000,000,072 | ---- | C] () -- C:\WINDOWS\pex.INI
[2007/01/02 23:30:14 | 000,000,151 | ---- | C] () -- C:\WINDOWS\Ulead32.ini
[2006/12/28 17:03:55 | 000,000,830 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006/08/29 14:54:02 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2006/06/21 19:37:12 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2006/06/15 12:18:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2006/06/12 16:33:33 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\PopWait.exe
[2006/06/04 19:23:31 | 000,000,404 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2006/06/02 15:05:39 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/06/01 11:22:20 | 000,133,120 | ---- | C] () -- C:\Documents and Settings\USERNAME\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/05/31 10:37:43 | 000,099,965 | ---- | C] () -- C:\WINDOWS\UninstallFirefox.exe
[2006/05/31 10:37:24 | 000,015,193 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2006/05/29 19:18:27 | 000,000,088 | R-S- | C] () -- C:\WINDOWS\System32\EB1816CB85.sys
[2006/05/29 16:29:45 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\RasWait.exe
[2006/05/27 19:09:32 | 000,000,632 | ---- | C] () -- C:\WINDOWS\CoDUO.INI
[2006/05/27 18:48:18 | 000,000,104 | R-S- | C] () -- C:\WINDOWS\System32\85CB1618EB.sys
[2006/05/27 18:48:08 | 000,007,206 | --S- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/05/27 18:41:41 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\USERNAME\Local Settings\Application Data\fusioncache.dat
[2006/05/20 17:16:48 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/05/20 17:08:38 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2006/05/20 17:02:30 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/05/20 16:58:25 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare
[2006/05/20 16:33:44 | 000,049,152 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe
[2006/05/20 16:33:36 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2006/05/20 16:33:28 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2006/05/20 16:33:28 | 000,024,064 | ---- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE
[2006/05/20 16:33:23 | 000,753,664 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2006/05/20 16:32:16 | 000,000,391 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/08/16 04:48:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/08/16 04:38:45 | 000,034,332 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/08/16 04:33:38 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/08/16 04:27:59 | 003,488,232 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/08/16 04:18:33 | 000,546,098 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2005/08/16 04:18:33 | 000,100,552 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2005/08/16 04:18:28 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2005/05/19 19:05:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/04/13 13:41:02 | 000,749,568 | ---- | C] () -- C:\WINDOWS\System32\SWFGen.dll
[2005/03/22 17:38:24 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/03/22 17:38:24 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/10 06:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/10 06:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/10 06:00:00 | 000,249,270 | ---- | C] () -- C:\WINDOWS\System32\_005462_.tmp.dll
[2004/08/10 06:00:00 | 000,249,270 | ---- | C] () -- C:\WINDOWS\System32\_005171_.tmp.dll
[2004/08/10 06:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/10 06:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/10 06:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/10 06:00:00 | 000,022,040 | ---- | C] () -- C:\WINDOWS\System32\_005430_.tmp.dll
[2004/08/10 06:00:00 | 000,022,040 | ---- | C] () -- C:\WINDOWS\System32\_005139_.tmp.dll
[2004/08/10 06:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/10 06:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/09 23:11:42 | 000,185,856 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/03/24 06:03:00 | 000,279,552 | ---- | C] () -- C:\WINDOWS\System32\FGWVB32.DLL
[2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/07/06 14:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== LOP Check ==========

[2012/01/22 11:45:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Activ Software
[2009/07/22 18:16:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Anonymizer
[2011/10/27 14:08:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2011/11/19 13:44:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2009/11/20 14:22:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2011/10/24 09:56:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CAM Development
[2011/11/17 10:14:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2005/08/16 20:54:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DIGStream
[2010/09/21 10:26:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Driver Boost
[2010/11/07 10:20:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Driver Whiz
[2010/08/14 21:35:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EnterNHelp
[2011/12/08 08:16:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fighters
[2009/07/03 13:30:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GARMIN
[2009/09/17 16:08:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2010/01/31 18:21:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2011/11/19 13:43:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/06/25 19:00:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2010/08/14 19:00:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nikon
[2012/01/17 07:42:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2011/11/04 13:12:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PhotoME
[2012/01/20 21:26:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Promethean
[2011/01/27 10:35:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2011/03/09 14:05:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Rosetta Stone
[2009/05/14 18:37:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\scar5
[2009/07/22 17:43:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SingleClick Systems
[2010/08/14 18:54:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Solid Colors
[2010/08/14 19:04:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\StatusSheet
[2012/02/06 09:25:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2012/01/02 15:59:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/04/01 13:51:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Transparent
[2012/01/25 08:23:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2007/01/02 23:29:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2010/08/14 21:35:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ultima_T15
[2009/10/14 12:17:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Venta
[2006/05/20 17:03:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/09/21 12:59:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Western Digital
[2011/12/08 11:18:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YouTube Downloader
[2012/01/25 08:21:31 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[2012/01/23 13:03:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}
[2011/04/01 13:51:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{7D4B3D1D-104E-4507-9123-568BC721B7E2}
[2011/03/28 15:37:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8A4124D0-6AF6-4584-A7BF-4CDFECF4B129}
[2011/05/08 15:20:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USERNAME\Application Data\99119
[2011/01/16 20:49:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USERNAME\Application Data\ACD Systems
[2012/01/20 21:01:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USERNAME\Application Data\ACTIV Software
[2009/07/22 18:16:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USERNAME\Application Data\Anonymizer
[2011/05/03 14:35:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USERNAME\Application Data\Anthropics
[2010/10/21 08:33:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USERNAME\Application Data\apm
[2009/11/19 11:46:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USERNAME\Application Data\Apowersoft
[2011/11/02 09:06:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USERNAME\Application Data\AVG
[2010/10/26 06:29:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USERNAME\Application Data\AVG10
[2011/10/28 05:53:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USERNAME\Application Data\AVG2012
[2010/10/26 06:23:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USERNAME\Application Data\AVG9
[2011/12/19 13:29:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USERNAME\Application Data\Axialis
[2009/08/01 12:31:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USERNAME\Application Data\BitTorrent
[2011/01/28 14:33:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USERNAME\Application Data\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/02/21 09:41:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USERNAME\Application Data\COWON
[2012/01/09 17:34:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USERNAME\Application Data\DriverCure
[2011/04/19 13:16:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USERNAME\Application Data\DVDVideoSoftIEHelpers
[2007/03/30 15:35:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USERNAME\Application Data\Eltima Software
[2011/12/08 08:16:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USERNAME\Application Data\Fighters
[2011/11/22 21:47:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USERNAME\Application Data\FixCleaner
[2011/04/27 09:22:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USERNAME\Application Data\Focus Mp3 Recorder
[2009/07/03 13:18:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USERNAME\Application Data\GARMIN
[2011/06/11 10:06:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USERNAME\Application Data\GetRightToGo
[2008/09/30 14:00:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USERNAME\Application Data\GlarySoft
[2008/12/25 22:36:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USERNAME\Application Data\Hulabee
[2012/01/10 19:10:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USERNAME\Application Data\Image Zone Express
[2011/10/28 14:56:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USERNAME\Application Data\ImgBurn
[2011/11/21 11:19:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USERNAME\Application Data\InfraRecorder
[2007/12/26 21:55:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USERNAME\Application Data\InterTrust
[2011/05/17 14:26:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USERNAME\Application Data\IObit
[2012/01/02 16:39:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USERNAME\Application Data\Kernel for Windows Data Recovery
[2006/05/27 19:13:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USERNAME\Application Data\Leadertech
[2006/06/10 22:54:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USERNAME\Application Data\MSNInstaller
[2011/06/25 19:00:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USERNAME\Application Data\NCH Swift Sound
[2012/01/24 18:58:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USERNAME\Application Data\NETGATE Registry Cleaner
[2010/10/16 13:05:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USERNAME\Application Data\Nikon
[2011/06/11 11:24:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USERNAME\Application Data\Notebook Hardware Control
[2012/01/26 12:49:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USERNAME\Application Data\OpenOffice.org
[2011/11/20 10:14:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USERNAME\Application Data\PandoraRecovery
[2012/01/09 17:34:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USERNAME\Application Data\ParetoLogic
[2008/09/08 13:52:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USERNAME\Application Data\Participatory Culture Foundation
[2011/01/16 20:05:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USERNAME\Application Data\PhotoScape
[2012/02/01 09:56:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USERNAME\Application Data\PriceGong
[2012/01/20 21:26:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USERNAME\Application Data\Promethean
[2012/01/02 15:39:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USERNAME\Application Data\RecoveryFix for Windows
[2008/12/02 13:29:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USERNAME\Application Data\SanDisk
[2006/06/12 16:41:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USERNAME\Application Data\ScamGuard
[2009/05/08 14:25:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USERNAME\Application Data\scar5
[2008/06/09 22:22:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USERNAME\Application Data\Smith Micro
[2011/01/28 15:02:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USERNAME\Application Data\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2009/08/28 11:43:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USERNAME\Application Data\Systweak
[2011/01/15 10:36:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USERNAME\Application Data\Thunderbird
[2012/01/25 08:22:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USERNAME\Application Data\TuneUp Software
[2007/01/02 23:31:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USERNAME\Application Data\Ulead Systems
[2012/01/08 18:23:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USERNAME\Application Data\Uniblue
[2011/11/09 19:26:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USERNAME\Application Data\WeatherBug
[2010/11/21 17:15:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USERNAME\Application Data\Wireshark
[2010/08/14 21:50:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USERNAME\Application Data\XnView
[2012/01/20 22:04:09 | 000,000,286 | ---- | M] () -- C:\WINDOWS\Tasks\doxillionShakeIcon.job
[2012/01/30 14:24:00 | 000,000,294 | ---- | M] () -- C:\WINDOWS\Tasks\expressburnDowngrade.job
[2012/01/20 09:14:00 | 000,000,308 | ---- | M] () -- C:\WINDOWS\Tasks\expressburnShakeIcon.job
[2012/01/09 18:11:21 | 000,000,290 | ---- | M] () -- C:\WINDOWS\Tasks\expresszipShakeIcon.job
[2012/01/20 09:07:00 | 000,000,288 | ---- | M] () -- C:\WINDOWS\Tasks\mixpadShakeIcon.job
[2012/01/02 10:37:00 | 000,000,286 | ---- | M] () -- C:\WINDOWS\Tasks\pixillionDowngrade.job
[2011/12/25 10:37:00 | 000,000,286 | ---- | M] () -- C:\WINDOWS\Tasks\pixillionShakeIcon.job
[2011/11/09 16:16:00 | 000,000,270 | ---- | M] () -- C:\WINDOWS\Tasks\prismShakeIcon.job
[2012/02/05 10:17:49 | 000,032,188 | ---- | M] () -- C:\WINDOWS\Tasks\SCHEDLGU.TXT
[2012/02/06 08:42:00 | 000,000,400 | ---- | M] () -- C:\WINDOWS\Tasks\SLOW-PCfighter-Administrator-Notification.job
[2012/02/05 10:19:30 | 000,000,372 | ---- | M] () -- C:\WINDOWS\Tasks\SLOW-PCfighter-Administrator-Startup.job
[2012/02/05 22:35:00 | 000,000,386 | ---- | M] () -- C:\WINDOWS\Tasks\SLOW-PCfighter-USERNAME-Notification.job
[2012/02/05 10:19:30 | 000,000,358 | ---- | M] () -- C:\WINDOWS\Tasks\SLOW-PCfighter-USERNAME-Startup.job
[2012/02/05 10:19:30 | 000,000,282 | ---- | M] () -- C:\WINDOWS\Tasks\SmartDefrag_Startup.job
[2011/11/09 16:16:00 | 000,000,278 | ---- | M] () -- C:\WINDOWS\Tasks\wavepadShakeIcon.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7631EA83
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BB5B0476
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ECF54A0E
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B63300D1

< End of report >

Edited by The Rabid One, 06 February 2012 - 08:50 AM.

  • 0

Advertisements

#2
Render
Posted 13 February 2012 - 07:10 PM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Hi and welcome to GeeksToGo! Please make sure you read all of the instructions and fixes thoroughly before continuing with them. If you have any queries or you are unsure about anything, just say and I'll help you out :)

It may well be worth you printing/saving the instructions throughout the fix, so you have them to hand just in case you are unable to access this site.

Please note:
  • Remember to post your logs, not attach them. So, any logs from any programs we run, should be just 'copied & pasted' into your reply.
  • Please only run the tools that I request. I know malware can be frustrating but running other tools in the meantime and between posts, only makes it harder for us to analyse and fix your PC in the long run.
  • Please subscribe to this topic if you have not already done so. Please check back just in case, as the email system can fail at times.
  • Just because your machine is running better does not mean it is completely cleaned. Please wait for the 'all clear' from me to say when we are done.
  • Please reply within 3 days to be fair to other people asking for help.
  • Please tell me if you have your original Windows CD/DVD available
  • When in doubt, please stop and ask first. There's no harm in asking questions!

If you have since resolved the original problem you were having, I would appreciate you letting me know. If not please perform the following steps below so I can have a look at the current condition of your machine.

  • Please download aswMBR.exe to your desktop.
  • Double click the aswMBR.exe to run it.

    Posted Image
  • When asked if you want to download Avast's virus definitions please select Yes.
  • Click the Scan button to start scan.

    Posted Image
  • On completion of the scan click Save log, save it to your desktop and post in your next reply.
  • Also on Desktop there should be a file called MBR.dat after that, zip it and then attach it here

How to add an attachment to a new topic or reply
  • 0

#3
The Rabid One
Posted 17 February 2012 - 07:49 PM

The Rabid One

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Below is the aswMBR.txt. With the usual "USERNAME" replaced with the normal name as before. BTW on the first run of the scan there was an error from Windows and it finally ran w/o errors after rebooting. And I do have the Windows Media XP DVD with Update Rollup 2

aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software
Run date: 2012-02-17 15:55:12
-----------------------------
15:55:12.776 OS Version: Windows 5.1.2600 Service Pack 3
15:55:12.776 Number of processors: 2 586 0xE08
15:55:12.776 ComputerName: D9S1K0B2 UserName: USERNAME
15:55:15.026 Initialize success
15:57:56.432 AVAST engine defs: 12021701
16:00:02.635 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
16:00:02.635 Disk 0 Vendor: TOSHIBA_MK6032GSX AS312D Size: 55796MB BusType: 3
16:00:02.651 Disk 0 MBR read successfully
16:00:02.651 Disk 0 MBR scan
16:00:02.760 Disk 0 unknown MBR code
16:00:02.776 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
16:00:02.791 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 50995 MB offset 80325
16:00:02.823 Disk 0 Partition 3 00 DB CP/M / CTOS Dell 8.0 4753 MB offset 104518890
16:00:02.854 Disk 0 scanning sectors +114254280
16:00:02.995 Disk 0 scanning C:\WINDOWS\system32\drivers
16:00:49.479 Service scanning
16:00:54.291 Modules scanning
16:01:25.526 Disk 0 trace - called modules:
16:01:25.541 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys
16:01:25.557 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a6b8030]
16:01:25.557 3 CLASSPNP.SYS[ba138fd7] -> nt!IofCallDriver -> \Device\00000076[0x8a748650]
16:01:25.557 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a6f9030]
16:01:26.963 AVAST engine scan C:\WINDOWS
16:01:40.041 AVAST engine scan C:\WINDOWS\system32
16:20:34.510 AVAST engine scan C:\WINDOWS\system32\drivers
16:21:24.854 AVAST engine scan C:\Documents and Settings\USERNAME
16:43:17.995 AVAST engine scan C:\Documents and Settings\All Users
18:57:10.166 Scan finished successfully
20:26:37.463 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\USERNAME\Desktop\MBR.dat"
20:26:37.479 The log file has been saved successfully to "C:\Documents and Settings\USERNAME\Desktop\aswMBR.txt"

Attached Files


Edited by The Rabid One, 17 February 2012 - 07:53 PM.

  • 0

#4
Render
Posted 18 February 2012 - 06:49 AM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
We need to run an OTL Fix

Warning This fix is only relevant for this system and no other, using on another computer may cause problems.

  • Please double click on Posted Image on your Desktop (If running Vista or Windows 7, right click on it and select "Run as an Administrator")
  • Under the Custom Scans/Fixes box copy and paste this in (Please carefully select all text in code box beginning with : ):

    :OTL
  	
:Files
ipconfig /flushdns /c
xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C
xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C
xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C
xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C

:Reg

:Commands
[purity]
[resethosts]
[emptytemp]
[EMPTYJAVA]
[emptyflash]
[createrestorepoint]
[reboot]
  • Make sure all other windows are closed and to let it run uninterrupted.
  • Click on Posted Image button.
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click on Posted Image button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0

#5
The Rabid One
Posted 18 February 2012 - 09:38 AM

The Rabid One

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Below are the two logs you requested, with username replacement as usual.

---------------------------------------------------------------------------------------------
All processes killed
========== OTL ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\USERNAME\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\USERNAME\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C >
0 File(s) copied
C:\Documents and Settings\USERNAME\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\USERNAME\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C >
0 File(s) copied
C:\Documents and Settings\USERNAME\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\USERNAME\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C >
0 File(s) copied
C:\Documents and Settings\USERNAME\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\USERNAME\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C >
0 File(s) copied
C:\Documents and Settings\USERNAME\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\USERNAME\Desktop\cmd.txt deleted successfully.
========== REGISTRY ==========
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 5761419 bytes
->Flash cache emptied: 456 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 469 bytes
->Flash cache emptied: 56475 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 469 bytes
->FireFox cache emptied: 0 bytes

User: USERNAME
->Temp folder emptied: 56462342 bytes
->Temporary Internet Files folder emptied: 53910997 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 50007328 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 57028 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 469 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1459727 bytes
%systemroot%\System32 .tmp files removed: 64398144 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1190007 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 469 bytes
RecycleBin emptied: 698 bytes

Total Files Cleaned = 222.00 mb


[EMPTYJAVA]

User: Administrator

User: All Users

User: Default User

User: LocalService

User: USERNAME
->Java cache emptied: 0 bytes

User: NetworkService

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService

User: USERNAME
->Flash cache emptied: 0 bytes

User: NetworkService

Total Flash Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point (0)

OTL by OldTimer - Version 3.2.31.0 log created on 02182012_092709

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...



---------------------------------------------------------------------------------------------------------------------

OTL logfile created on: 2/18/2012 10:16:05 AM - Run 6
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\USERNAME\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 0.88 Gb Available Physical Memory | 44.16% Memory free
3.84 Gb Paging File | 2.87 Gb Available in Paging File | 74.72% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 49.80 Gb Total Space | 5.21 Gb Free Space | 10.47% Space Free | Partition Type: NTFS

Computer Name: D9S1K0B2 | User Name: USERNAME | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Documents and Settings\USERNAME\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
PRC - c:\Program Files\STOPzilla!\STOPzilla.exe (iS3, Inc.)
PRC - c:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe (iS3, Inc.)
PRC - C:\Program Files\Fighters\Tray\FightersTray.exe (SPAMfighter ApS)
PRC - C:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
PRC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe (WDC)
PRC - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe ()
PRC - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe ()
PRC - C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\HPZipm12.exe (HP)
PRC - C:\Program Files\SingleClick Systems\HomeNet Manager\hnm_svc.exe (SingleClick Systems)
PRC - C:\Program Files\Dell\QuickSet\NicConfigSvc.exe (Dell Inc.)
PRC - C:\Documents and Settings\USERNAME\Start Menu\Programs\Startup\hpqtra08.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe (Hewlett-Packard Development Company, L.P.)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\c1fcd30108fc02b92b78745458fe330c\System.Transactions.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\d4a5aced0ec83076368bad3f7277da5f\System.ServiceProcess.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\d0908fdd3b9f4abd0ded7727be80f764\System.EnterpriseServices.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\acc5ec6c04f1eff1029f88e339c98e47\System.Management.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\64bf8d2f963138ede81700b9fd525547\System.Configuration.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\9cf4a4fdd044bf3f033ae4fa26bdd796\System.Xml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\0aacf518f032079557bc36a2eef2ccea\System.Data.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\12637de2619ee65d57c529f6c786dce1\System.ni.dll ()
MOD - C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll ()
MOD - C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll ()
MOD - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - c:\windows\assembly\gac\hpqisrtb\4.0.0.0__a53cf5803f4c3827\hpqisrtb.dll ()
MOD - c:\windows\assembly\gac\hpqedit\3.0.0.0__a53cf5803f4c3827\hpqedit.dll ()
MOD - c:\windows\assembly\gac\hpqbakup\3.0.0.0__a53cf5803f4c3827\hpqbakup.dll ()
MOD - c:\windows\assembly\gac\hpqvideo\3.0.0.0__a53cf5803f4c3827\hpqvideo.dll ()
MOD - c:\windows\assembly\gac\hpqntrop\4.0.0.0__a53cf5803f4c3827\hpqntrop.dll ()
MOD - c:\windows\assembly\gac\hpqmdmr\4.0.0.0__a53cf5803f4c3827\hpqmdmr.dll ()
MOD - c:\windows\assembly\gac\hpqimlib\3.0.0.0__a53cf5803f4c3827\hpqimlib.dll ()
MOD - c:\windows\assembly\gac\hpqprrsc\4.0.0.0__a53cf5803f4c3827\hpqprrsc.dll ()
MOD - c:\windows\assembly\gac\hpqovskn\3.0.0.0__a53cf5803f4c3827\hpqovskn.dll ()
MOD - c:\windows\assembly\gac\interop.hpqcxm08\3.0.0.0__a53cf5803f4c3827\interop.hpqcxm08.dll ()
MOD - c:\windows\assembly\gac\interop.hpqvideo\4.0.0.0__a53cf5803f4c3827\interop.hpqvideo.dll ()
MOD - c:\windows\assembly\gac\interop.hpqimgr\4.0.0.0__a53cf5803f4c3827\interop.hpqimgr.dll ()
MOD - c:\windows\assembly\gac\interop.hprblog\3.0.0.0__a53cf5803f4c3827\interop.hprblog.dll ()
MOD - c:\windows\assembly\gac\hpqcprsc\3.0.0.0__a53cf5803f4c3827\hpqcprsc.dll ()
MOD - c:\windows\assembly\gac\hpqutils\4.0.0.0__a53cf5803f4c3827\hpqutils.dll ()
MOD - c:\windows\assembly\gac\hpqthumb\3.0.0.0__a53cf5803f4c3827\hpqthumb.dll ()
MOD - c:\windows\assembly\gac\hpqasset\4.0.0.0__a53cf5803f4c3827\hpqasset.dll ()
MOD - c:\windows\assembly\gac\hpqcc2\3.0.0.0__a53cf5803f4c3827\hpqcc2.dll ()
MOD - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe ()
MOD - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe ()
MOD - c:\windows\assembly\gac\lead.wrapper\13.0.0.113__9cf889f53ea9b907\lead.wrapper.dll ()
MOD - c:\windows\assembly\gac\lead.drawing\13.0.0.113__9cf889f53ea9b907\lead.drawing.dll ()
MOD - c:\windows\assembly\gac\lead\13.0.0.113__9cf889f53ea9b907\lead.dll ()
MOD - c:\windows\assembly\gac\lead.windows.forms.drawingcontainer\13.0.0.113__9cf889f53ea9b907\lead.windows.forms.drawingcontainer.dll ()
MOD - c:\windows\assembly\gac\lead.windows.forms\13.0.0.113__9cf889f53ea9b907\lead.windows.forms.dll ()
MOD - c:\windows\assembly\gac\lead.drawing.imaging.imageprocessing\13.0.0.113__9cf889f53ea9b907\lead.drawing.imaging.imageprocessing.dll ()
MOD - c:\windows\assembly\gac\lead.drawing.imaging.codecs\13.0.0.113__9cf889f53ea9b907\lead.drawing.imaging.codecs.dll ()
MOD - c:\windows\assembly\gac\hpqimvlt\3.0.0.0__a53cf5803f4c3827\hpqimvlt.dll ()
MOD - c:\windows\assembly\gac\hpqimgrc\4.0.0.0__a53cf5803f4c3827\hpqimgrc.dll ()
MOD - c:\windows\assembly\gac\hpqtray\4.0.0.0__a53cf5803f4c3827\hpqtray.dll ()
MOD - c:\windows\assembly\gac\hpqglutl\4.0.0.0__a53cf5803f4c3827\hpqglutl.dll ()
MOD - c:\windows\assembly\gac\hpqiface\4.0.0.0__a53cf5803f4c3827\hpqiface.dll ()
MOD - c:\windows\assembly\gac\hpqfmrsc\4.0.0.0__a53cf5803f4c3827\hpqfmrsc.dll ()
MOD - C:\Documents and Settings\USERNAME\Application Data\Mozilla\Plugins\npcoolirisplugin.dll ()
MOD - C:\WINDOWS\system32\msdmo.dll ()
MOD - C:\WINDOWS\system32\devenum.dll ()
MOD - C:\WINDOWS\system32\ventmon.dll ()
MOD - C:\WINDOWS\system32\bcm1xsup.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_301215ba\mscorlib.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_35232345\system.drawing.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_4904afa9\system.xml.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_b3a714e9\system.windows.forms.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_b73bfa67\system.dll ()
MOD - c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll ()
MOD - c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll ()
MOD - c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll ()
MOD - c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll ()
MOD - c:\windows\assembly\gac\accessibility\1.0.5000.0__b03f5f7f11d50a3a\accessibility.dll ()
MOD - C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
MOD - C:\WINDOWS\system32\dtmon.dll ()


========== Win32 Services (SafeList) ==========

SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
SRV - (szserver) -- c:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe (iS3, Inc.)
SRV - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (WDDMService) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe (WDC)
SRV - (WDFME) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe ()
SRV - (WDSC) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe ()
SRV - (SwitchBoard) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)
SRV - (hnmsvc) -- C:\Program Files\SingleClick Systems\HomeNet Manager\hnm_svc.exe (SingleClick Systems)
SRV - (DSBrokerService) -- C:\Program Files\DellSupport\brkrsvc.exe ()
SRV - (NICCONFIGSVC) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe (Dell Inc.)
SRV - (Imapi Helper) -- C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe (Alex Feinman)


========== Driver Services (SafeList) ==========

DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (szkg5) -- C:\WINDOWS\system32\DRIVERS\szkg.sys (iS3 Inc.)
DRV - (is3srv) -- C:\WINDOWS\system32\drivers\is3srv.sys (iS3 Inc.)
DRV - (szkgfs) -- C:\WINDOWS\system32\drivers\szkgfs.sys (iS3, Inc.)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (nhcDriverDevice) -- C:\WINDOWS\system32\drivers\nhcDriver.sys (Notebook Hardware Control)
DRV - (SmartDefragDriver) -- C:\WINDOWS\System32\Drivers\SmartDefragDriver.sys ()
DRV - (VirtualFD) -- C:\Virtual Floppy\WAJUNE15\vfd.sys (Ken Kato)
DRV - (INIDVD) -- C:\WINDOWS\system32\drivers\inidvd.sys (Initio Corporation)
DRV - (mcdbus) -- C:\WINDOWS\system32\drivers\mcdbus.sys (MagicISO, Inc.)
DRV - (WDC_SAM) -- C:\WINDOWS\system32\drivers\wdcsam.sys (Western Digital Technologies)
DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corp.)
DRV - (BVRPMPR5) -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS (Avanquest Software)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (NWADI) -- C:\WINDOWS\system32\drivers\NWADIenum.sys (Novatel Wireless Inc)
DRV - (NWUSBPort) -- C:\WINDOWS\system32\drivers\nwusbser.sys (Novatel Wireless Inc.)
DRV - (NWUSBModem) -- C:\WINDOWS\system32\drivers\nwusbmdm.sys (Novatel Wireless Inc.)
DRV - (dsunidrv) -- C:\WINDOWS\system32\drivers\dsunidrv.sys (Gteko Ltd.)
DRV - (bcm4sbxp) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys (Broadcom Corporation)
DRV - (rimmptsk) -- C:\WINDOWS\system32\drivers\rimmptsk.sys (REDC)
DRV - (rismxdp) -- C:\WINDOWS\system32\drivers\rixdptsk.sys (REDC)
DRV - (DSproct) -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys (Gteko Ltd.)
DRV - (APPDRV) -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS (Dell Inc)
DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.)
DRV - (omci) -- C:\WINDOWS\system32\drivers\omci.sys (Dell Inc)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.clusty.com/
IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/...TDF&PC=BBLN&q="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811&ilc=12"
FF - prefs.js..browser.search.selectedEngine: "Amazon.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.bing.com/"
FF - prefs.js..browser.startup.homepage: "http://www.bing.com/?pc=MOZO"
FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:4.6.5
FF - prefs.js..extensions.enabledItems: {9757e92f-94d4-4b02-ba2d-0454955c7e4b}:1.6.1
FF - prefs.js..extensions.enabledItems: {4776510a-a1f4-41f3-a3c8-35b474ecef23}:1.0.8
FF - prefs.js..extensions.enabledItems: [email protected]:1.6.1
FF - prefs.js..extensions.enabledItems: {9669CC8F-B388-42FE-86F4-CB5E7F5A8BDC}:6.0.4
FF - prefs.js..extensions.enabledItems: {35106bca-6c78-48c7-ac28-56df30b51d2b}:1.1.12
FF - prefs.js..extensions.enabledItems: {6e84150a-d526-41f1-a480-a67d3fed910d}:1.4.5.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.3
FF - prefs.js..extensions.enabledItems: [email protected]:0.7.61a
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1178
FF - prefs.js..extensions.enabledItems: [email protected]:1.2
FF - prefs.js..extensions.enabledItems: [email protected]:1.2.9
FF - prefs.js..extensions.enabledItems: {c8f71e5b-88f8-42a7-98bb-e4c506161de9}:0.4
FF - prefs.js..extensions.enabledItems: {e2c58150-9d72-11dd-ad8b-0800200c9a66}:1.3.1
FF - prefs.js..extensions.enabledItems: {2dc42b10-7622-11de-8a39-0800200c9a66}:1.1.5
FF - prefs.js..extensions.enabledItems: [email protected]:0.6.20101009
FF - prefs.js..keyword.URL: "http://search.yahoo....type=937811&p="
FF - prefs.js..network.proxy.type: 0


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKCU\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine: File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/17 11:44:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/01/15 17:08:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/10/25 06:56:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2012/01/15 17:08:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\SeaMonkey 1.1.1\Extensions\\Components: C:\Program Files\mozilla.org\SeaMonkey\Components [2011/09/22 06:35:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\SeaMonkey 1.1.1\Extensions\\Plugins: C:\Program Files\mozilla.org\SeaMonkey\Plugins [2012/01/15 17:08:55 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey 1.1.1\Extensions\\Components: C:\Program Files\mozilla.org\SeaMonkey\Components [2011/09/22 06:35:44 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey 1.1.1\Extensions\\Plugins: C:\Program Files\mozilla.org\SeaMonkey\Plugins [2012/01/15 17:08:55 | 000,000,000 | ---D | M]

[2011/01/15 10:36:48 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\USERNAME\Application Data\Mozilla\Extensions
[2011/01/15 10:36:48 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\USERNAME\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2008/09/08 13:52:33 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\USERNAME\Application Data\Mozilla\Extensions\{6334D996-EA3E-4a0e-AA8D-15BA56B37241}
[2012/02/10 18:03:07 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\USERNAME\Application Data\Mozilla\Firefox\Profiles\c7y2m18d.default\extensions
[2011/08/27 13:44:15 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Documents and Settings\USERNAME\Application Data\Mozilla\Firefox\Profiles\c7y2m18d.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2012/01/23 07:30:38 | 000,000,000 | ---D | M] (HP Detect) -- C:\Documents and Settings\USERNAME\Application Data\Mozilla\Firefox\Profiles\c7y2m18d.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}
[2012/02/10 18:03:07 | 000,000,000 | ---D | M] (Open With Photoshop) -- C:\Documents and Settings\USERNAME\Application Data\Mozilla\Firefox\Profiles\c7y2m18d.default\extensions\{f3f219f9-cbce-467e-b8fe-6e076d29665c}
[2006/06/11 14:46:05 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\USERNAME\Application Data\Mozilla\Firefox\Profiles\c7y2m18d.default\extensions\{FB5A4470-185E-442a-AF55-7F4669A5FF9F}-trash
[2010/08/21 18:37:29 | 000,000,000 | ---D | M] (Open in IE) -- C:\Documents and Settings\USERNAME\Application Data\Mozilla\Firefox\Profiles\c7y2m18d.default\extensions\[email protected]
[2011/01/05 08:18:19 | 000,001,919 | ---- | M] () -- C:\Documents and Settings\USERNAME\Application Data\Mozilla\Firefox\Profiles\c7y2m18d.default\searchplugins\bing-zugo.xml
[2010/11/11 18:06:35 | 000,000,570 | ---- | M] () -- C:\Documents and Settings\USERNAME\Application Data\Mozilla\Firefox\Profiles\c7y2m18d.default\searchplugins\bing.xml
[2009/08/03 15:45:45 | 000,005,349 | ---- | M] () -- C:\Documents and Settings\USERNAME\Application Data\Mozilla\Firefox\Profiles\c7y2m18d.default\searchplugins\clusty.xml
[2010/09/04 08:04:49 | 000,001,632 | ---- | M] () -- C:\Documents and Settings\USERNAME\Application Data\Mozilla\Firefox\Profiles\c7y2m18d.default\searchplugins\yauba.xml
[2011/12/19 13:23:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
() (No name found) -- C:\DOCUMENTS AND SETTINGS\USERNAME\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\C7Y2M18D.DEFAULT\EXTENSIONS\{0545B830-F0AA-4D7E-8820-50A4629A56FE}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\USERNAME\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\C7Y2M18D.DEFAULT\EXTENSIONS\{2A1D5949-B519-4924-BF62-8522FE0D5274}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\USERNAME\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\C7Y2M18D.DEFAULT\EXTENSIONS\{6E84150A-D526-41F1-A480-A67D3FED910D}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\USERNAME\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\C7Y2M18D.DEFAULT\EXTENSIONS\{D40F5E7B-D2CF-4856-B441-CC613EEFFBE3}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\USERNAME\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\C7Y2M18D.DEFAULT\EXTENSIONS\[email protected]
[2012/02/17 11:44:47 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2007/08/29 16:47:44 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\mozilla firefox\plugins\npbittorrent.dll
[2011/10/03 13:25:02 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/09 20:20:05 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Bing (Enabled)
CHR - default_search_provider: search_url = http://www.bing.com/...q={searchTerms}
CHR - default_search_provider: suggest_url = http://api.bing.com/...uage={language}
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\USERNAME\Local Settings\Application Data\Google\Chrome\Application\10.0.648.151\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.3.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.3.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.3.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.3.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.3.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.3.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.3.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60129.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\USERNAME\Local Settings\Application Data\Google\Chrome\Application\10.0.648.151\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Documents and Settings\USERNAME\Local Settings\Application Data\Google\Chrome\Application\10.0.648.151\gears.dll
CHR - plugin: BitTorrent (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\USERNAME\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: DNA Plug-in (Enabled) = C:\Program Files\DNA\plugins\npbtdna.dll
CHR - plugin: Garmin Communicator Plug-In (Enabled) = C:\Program Files\Garmin GPS Plugin\npGarmin.dll
CHR - plugin: RealNetworks Rhapsody Player Engine (Enabled) = C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll
CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Entanglement = C:\Documents and Settings\USERNAME\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.1.1_0\
CHR - Extension: Poppit = C:\Documents and Settings\USERNAME\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\

O1 HOSTS File: ([2012/02/18 10:05:24 | 000,000,123 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ÿ₫1 2 7 . 0 . 0 . 1 l o c a l h o s t
O1 - Hosts: : : 1 l o c a l h o s t
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\ShellBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [CommonToolkitTray] C:\Program Files\Fighters\Tray\FightersTray.exe (SPAMfighter ApS)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [Nikon Transfer Monitor] C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\Sigmatel\C-Major Audio\WDM\stsystra.exe (SigmaTel, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Development Company, L.P.)
O4 - Startup: C:\Documents and Settings\USERNAME\Start Menu\Programs\Startup\hpqtra08.exe (Hewlett-Packard Development Company, L.P.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Search - Reg Error: Value error. File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Documents and Settings\USERNAME\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (Intertrust Technologies, Inc.)
O15 - HKLM\..Trusted Domains: musicmatch.com ([online] https in Trusted sites)
O15 - HKCU\..Trusted Domains: //@install.mar@ ([]msni in My Computer)
O15 - HKCU\..Trusted Domains: //@mail.mar@ ([]msni in Local intranet)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.micros...ntent/opuc3.cab (Office Update Installation Engine)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcaf...01/mcinsctl.cab (Reg Error: Value error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1148938412196 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_02)
O16 - DPF: {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_01)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_04)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_02)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_02)
O16 - DPF: Garmin Communicator Plug-In https://my.garmin.co...inAxControl.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F7C831FD-CCB7-42D0-B979-8DA635B30FF7}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (C:\WINDOWS\system32\wbsys.dll) -C:\WINDOWS\system32\wbsys.dll (Stardock.Net, Inc)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\avgrsstarter: DllName - (avgrsstx.dll) - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\TPSvc: DllName - (TPSvc.dll) - File not found
O20 - Winlogon\Notify\WBSrv: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O24 - Desktop WallPaper: C:\Documents and Settings\All Users\Documents\Stardock\WindowBlinds\USERNAMEwall2.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\All Users\Documents\Stardock\WindowBlinds\USERNAMEwall2.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [2006/06/15 12:18:20 | 000,000,008 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{29979f18-395f-11e0-9873-0016ce504313}\Shell\AutoRun\command - "" = J:\PMBP_Win.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2012/02/10 08:50:22 | 000,000,000 | ---D | C] -- C:\sh4ldr
[2012/02/10 08:50:22 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2012/02/10 08:47:02 | 000,725,408 | ---- | C] (Enigma Software Group USA, LLC.) -- C:\Documents and Settings\USERNAME\Desktop\SpyHunter-Installer.exe
[2012/02/07 10:09:34 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\USERNAME\Recent
[2012/02/02 09:37:02 | 000,026,696 | R--- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\pavboot.sys
[2012/02/02 09:23:14 | 004,395,504 | ---- | C] (Swearware) -- C:\Documents and Settings\USERNAME\Desktop\Combo-Fix.exe
[2012/02/02 08:29:42 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\USERNAME\Desktop\OTL.exe
[2012/02/01 08:26:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\TuneUp Software
[2012/01/31 11:32:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2012/01/29 18:33:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\USERNAME\Application Data\Avira
[2012/01/28 21:11:32 | 000,000,000 | ---D | C] -- C:\Router CFG BKUP
[2012/01/28 09:22:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinUtilities
[2012/01/28 09:22:00 | 000,544,768 | ---- | C] (Stardock Corporation) -- C:\WINDOWS\System32\wbocx.ocx
[2012/01/28 09:22:00 | 000,056,496 | ---- | C] (Stardock.Net, Inc) -- C:\WINDOWS\System32\wbhelp2.dll
[2012/01/28 09:22:00 | 000,033,968 | ---- | C] (Neil Banfield) -- C:\WINDOWS\System32\anim.dll
[2012/01/28 09:21:59 | 000,000,000 | ---D | C] -- C:\Program Files\WinUtilities
[2012/01/26 22:29:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\USERNAME\My Documents\Open Office Templates
[2012/01/26 13:30:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\USERNAME\Desktop\PDF TEMPLATE
[2012/01/26 12:49:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\USERNAME\Application Data\OpenOffice.org
[2012/01/25 08:22:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\USERNAME\Application Data\TuneUp Software
[2012/01/25 08:21:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2012/01/25 08:21:31 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Application Data\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[2012/01/24 22:28:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[2012/01/24 17:35:17 | 000,000,000 | --SD | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\OpenOffice.org 3.1
[2012/01/24 17:34:17 | 000,000,000 | ---D | C] -- C:\Program Files\JRE
[2012/01/24 17:34:12 | 000,000,000 | ---D | C] -- C:\Program Files\OpenOffice.org 3
[2012/01/23 13:03:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}
[2012/01/23 08:20:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\USERNAME\Desktop\New Folder
[2012/01/22 19:41:15 | 000,000,000 | ---D | C] -- C:\e23c51f1e61af4e13aa07d
[2012/01/22 19:41:10 | 000,000,000 | ---D | C] -- C:\7f4b6b0247e825ce26888e949924c2ca
[2012/01/20 21:26:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\USERNAME\Application Data\Promethean
[2012/01/20 21:26:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\USERNAME\My Documents\Activ Software
[2012/01/20 21:02:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Activ Software
[2012/01/20 21:02:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Activ Software
[2012/01/20 21:02:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Promethean
[2012/01/20 21:01:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\USERNAME\Application Data\ACTIV Software
[2012/01/20 21:01:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Activ Software
[2012/01/20 21:01:42 | 000,000,000 | ---D | C] -- C:\Program Files\Activ Software
[2012/01/20 21:01:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Activ Software
[2012/01/20 06:52:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\USERNAME\Desktop\Jr. Peacock-PHOTOS
[24 C:\WINDOWS\Fonts\*.tmp files -> C:\WINDOWS\Fonts\*.tmp -> ]
[24 C:\WINDOWS\Fonts\*.tmp files -> C:\WINDOWS\Fonts\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2026/03/05 06:34:17 | 000,003,120 | ---- | M] () -- C:\WINDOWS\System\MSVFWIN.DLL
[2012/02/18 10:08:04 | 000,001,248 | ---- | M] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2012/02/18 10:05:24 | 000,000,123 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2012/02/18 10:03:49 | 000,013,696 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/02/18 10:01:31 | 000,000,400 | ---- | M] () -- C:\WINDOWS\tasks\SLOW-PCfighter-Administrator-Notification.job
[2012/02/18 10:01:31 | 000,000,386 | ---- | M] () -- C:\WINDOWS\tasks\SLOW-PCfighter-USERNAME-Notification.job
[2012/02/18 10:01:31 | 000,000,372 | ---- | M] () -- C:\WINDOWS\tasks\SLOW-PCfighter-Administrator-Startup.job
[2012/02/18 10:01:31 | 000,000,358 | ---- | M] () -- C:\WINDOWS\tasks\SLOW-PCfighter-USERNAME-Startup.job
[2012/02/18 10:01:31 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\SmartDefrag_Startup.job
[2012/02/18 10:01:05 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/02/18 02:00:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-D9S1K0B2-USERNAME.job
[2012/02/17 21:10:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/02/17 20:58:06 | 000,000,290 | ---- | M] () -- C:\WINDOWS\tasks\expresszipShakeIcon.job
[2012/02/17 20:40:41 | 000,000,698 | ---- | M] () -- C:\Documents and Settings\USERNAME\Desktop\MBR.dat.zip
[2012/02/17 20:26:37 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\USERNAME\Desktop\MBR.dat
[2012/02/17 11:31:02 | 2137,485,312 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2012/02/17 08:28:59 | 004,733,440 | ---- | M] (AVAST Software) -- C:\Documents and Settings\USERNAME\Desktop\aswMBR.exe
[2012/02/17 07:53:20 | 003,488,232 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/02/17 03:28:35 | 000,546,098 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/02/17 03:28:35 | 000,100,552 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/02/17 03:14:19 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/02/10 08:53:05 | 000,001,475 | ---- | M] () -- C:\Documents and Settings\USERNAME\Desktop\Windows Explorer.lnk
[2012/02/10 08:46:50 | 000,725,408 | ---- | M] (Enigma Software Group USA, LLC.) -- C:\Documents and Settings\USERNAME\Desktop\SpyHunter-Installer.exe
[2012/02/08 08:51:22 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/08 07:57:19 | 000,000,669 | ---- | M] () -- C:\Documents and Settings\USERNAME\Desktop\Focus MP3 Recorder Pro.lnk
[2012/02/07 10:09:16 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2012/02/06 11:08:59 | 000,095,575 | ---- | M] () -- C:\Documents and Settings\USERNAME\My Documents\XPrepairinstall.pdf
[2012/02/03 12:06:00 | 000,027,246 | ---- | M] () -- C:\Documents and Settings\USERNAME\My Documents\Bio for Art Show.odt
[2012/02/02 09:34:02 | 017,390,080 | ---- | M] () -- C:\Documents and Settings\USERNAME\Desktop\PandaActiveScanCleaner.msi
[2012/02/02 09:25:06 | 000,160,350 | ---- | M] () -- C:\Documents and Settings\USERNAME\Desktop\JavaRa.zip
[2012/02/02 09:22:51 | 004,395,504 | ---- | M] (Swearware) -- C:\Documents and Settings\USERNAME\Desktop\Combo-Fix.exe
[2012/02/02 07:57:22 | 000,000,046 | ---- | M] () -- C:\WINDOWS\System32\_WKERNEL.FRE
[2012/02/01 09:36:56 | 000,000,286 | ---- | M] () -- C:\WINDOWS\reimage.ini
[2012/01/31 13:02:25 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\USERNAME\Desktop\OTL.exe
[2012/01/30 14:24:00 | 000,000,294 | ---- | M] () -- C:\WINDOWS\tasks\expressburnDowngrade.job
[2012/01/30 11:48:08 | 000,031,968 | ---- | M] () -- C:\Documents and Settings\USERNAME\My Documents\Is it a waste of time to write congress.odt
[2012/01/28 20:36:00 | 000,910,745 | ---- | M] () -- C:\Documents and Settings\USERNAME\Desktop\MM061A17.exe
[2012/01/28 09:22:03 | 000,000,643 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\WinUtilities.lnk
[2012/01/26 16:36:40 | 000,000,151 | ---- | M] () -- C:\WINDOWS\Ulead32.ini
[2012/01/24 22:36:27 | 000,000,594 | ---- | M] () -- C:\Documents and Settings\USERNAME\My Documents\cc_20120124_223622.reg
[2012/01/24 17:35:17 | 000,000,905 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\OpenOffice.org 3.1.lnk
[2012/01/23 10:34:53 | 000,116,458 | ---- | M] () -- C:\WINDOWS\hpoins11.dat
[2012/01/23 10:20:00 | 000,000,733 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HP Photosmart Essential.lnk
[2012/01/20 22:04:09 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\doxillionShakeIcon.job
[2012/01/20 21:42:10 | 000,033,645 | ---- | M] () -- C:\Documents and Settings\USERNAME\Desktop\Energy Study Guide2011.pdf
[2012/01/20 21:02:54 | 000,002,028 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ActivInspire.lnk
[2012/01/20 09:14:00 | 000,000,308 | ---- | M] () -- C:\WINDOWS\tasks\expressburnShakeIcon.job
[2012/01/20 09:07:00 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\mixpadShakeIcon.job

========== Files Created - No Company Name ==========

[2026/03/05 06:34:17 | 000,003,120 | ---- | C] () -- C:\WINDOWS\System\MSVFWIN.DLL
[2012/02/18 10:07:19 | 000,001,248 | ---- | C] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2012/02/17 20:44:11 | 000,000,290 | ---- | C] () -- C:\WINDOWS\tasks\expresszipShakeIcon.job
[2012/02/17 20:40:40 | 000,000,698 | ---- | C] () -- C:\Documents and Settings\USERNAME\Desktop\MBR.dat.zip
[2012/02/17 20:26:37 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\USERNAME\Desktop\MBR.dat
[2012/02/17 03:03:20 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2012/02/16 12:05:21 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/02/16 12:05:21 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll
[2012/02/06 11:08:59 | 000,095,575 | ---- | C] () -- C:\Documents and Settings\USERNAME\My Documents\XPrepairinstall.pdf
[2012/02/03 12:05:59 | 000,027,246 | ---- | C] () -- C:\Documents and Settings\USERNAME\My Documents\Bio for Art Show.odt
[2012/02/02 09:33:41 | 017,390,080 | ---- | C] () -- C:\Documents and Settings\USERNAME\Desktop\PandaActiveScanCleaner.msi
[2012/02/02 09:25:19 | 000,160,350 | ---- | C] () -- C:\Documents and Settings\USERNAME\Desktop\JavaRa.zip
[2012/01/30 11:48:07 | 000,031,968 | ---- | C] () -- C:\Documents and Settings\USERNAME\My Documents\Is it a waste of time to write congress.odt
[2012/01/28 20:36:07 | 000,910,745 | ---- | C] () -- C:\Documents and Settings\USERNAME\Desktop\MM061A17.exe
[2012/01/28 09:22:10 | 000,000,046 | ---- | C] () -- C:\WINDOWS\System32\_WKERNEL.FRE
[2012/01/28 09:22:03 | 000,000,643 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\WinUtilities.lnk
[2012/01/28 09:21:59 | 000,000,439 | ---- | C] () -- C:\WINDOWS\System32\shfolder.inf
[2012/01/24 22:36:25 | 000,000,594 | ---- | C] () -- C:\Documents and Settings\USERNAME\My Documents\cc_20120124_223622.reg
[2012/01/24 17:35:17 | 000,000,905 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\OpenOffice.org 3.1.lnk
[2012/01/23 10:34:52 | 000,116,458 | ---- | C] () -- C:\WINDOWS\hpoins11.dat
[2012/01/23 10:20:00 | 000,000,733 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HP Photosmart Essential.lnk
[2012/01/20 22:04:09 | 000,000,286 | ---- | C] () -- C:\WINDOWS\tasks\doxillionShakeIcon.job
[2012/01/20 21:42:10 | 000,033,645 | ---- | C] () -- C:\Documents and Settings\USERNAME\Desktop\Energy Study Guide2011.pdf
[2012/01/20 21:02:54 | 000,002,028 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ActivInspire.lnk
[2012/01/11 10:59:01 | 000,011,634 | ---- | C] () -- C:\WINDOWS\hpomdl11.dat
[2012/01/09 11:48:29 | 000,000,286 | ---- | C] () -- C:\WINDOWS\reimage.ini
[2011/11/30 18:00:32 | 000,256,066 | ---- | C] () -- C:\Documents and Settings\USERNAME\Local Settings\Application Data\census.cache
[2011/11/30 18:00:18 | 000,256,571 | ---- | C] () -- C:\Documents and Settings\USERNAME\Local Settings\Application Data\ars.cache
[2011/11/20 18:03:15 | 000,044,544 | ---- | C] () -- C:\WINDOWS\System32\Gif89.dll
[2011/11/09 19:25:22 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2011/10/31 09:47:36 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\USERNAME\Local Settings\Application Data\housecall.guid.cache
[2011/10/31 08:48:06 | 000,000,797 | ---- | C] () -- C:\Documents and Settings\USERNAME\Application Data\Launch Internet Explorer Browser.lnk
[2011/05/23 18:03:47 | 000,000,056 | ---- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2011/05/17 14:26:54 | 000,029,520 | ---- | C] () -- C:\WINDOWS\System32\SmartDefragBootTime.exe
[2011/05/17 14:26:54 | 000,013,496 | ---- | C] () -- C:\WINDOWS\System32\drivers\SmartDefragDriver.sys
[2011/04/01 11:38:06 | 000,001,456 | ---- | C] () -- C:\Documents and Settings\USERNAME\Local Settings\Application Data\Adobe Save for Web 12.0 Prefs
[2011/02/02 18:59:04 | 000,034,640 | ---- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/10/21 08:32:33 | 000,000,099 | ---- | C] () -- C:\WINDOWS\SAWReg.ini
[2010/10/16 13:16:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ViewNX.INI
[2010/09/21 12:59:19 | 000,000,145 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
[2010/08/22 16:43:42 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\USERNAME\Local Settings\Application Data\prvlcl.dat
[2010/08/20 14:19:22 | 000,000,365 | ---- | C] () -- C:\WINDOWS\lgfwup.ini
[2010/08/14 21:35:31 | 000,000,268 | R--- | C] () -- C:\Documents and Settings\All Users\Application Data\Application Support
[2010/08/14 21:35:31 | 000,000,268 | R--- | C] () -- C:\Documents and Settings\USERNAME\Application Data\Analog Sync
[2010/08/14 21:35:31 | 000,000,020 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLck.DAT
[2010/08/14 21:35:31 | 000,000,012 | R--- | C] () -- C:\Documents and Settings\All Users\Application Data\Filesystems
[2010/08/14 21:35:23 | 000,000,268 | R--- | C] () -- C:\Documents and Settings\All Users\Application Data\Applications
[2010/08/14 21:35:23 | 000,000,268 | R--- | C] () -- C:\Documents and Settings\USERNAME\Application Data\Animals
[2010/08/14 21:35:23 | 000,000,012 | R--- | C] () -- C:\Documents and Settings\All Users\Application Data\Filters
[2010/08/14 20:07:38 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLbx.DAT
[2010/08/14 19:04:26 | 000,000,268 | R--- | C] () -- C:\Documents and Settings\All Users\Application Data\Specifications
[2010/08/14 19:04:26 | 000,000,268 | R--- | C] () -- C:\Documents and Settings\USERNAME\Application Data\Sounds
[2010/08/14 19:04:26 | 000,000,020 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdw.DAT
[2010/08/14 18:54:09 | 000,000,268 | R--- | C] () -- C:\Documents and Settings\All Users\Application Data\Space Choir
[2010/08/14 18:54:09 | 000,000,268 | R--- | C] () -- C:\Documents and Settings\USERNAME\Application Data\Solid Colors
[2010/08/14 18:54:09 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT
[2010/03/12 15:04:39 | 000,094,215 | ---- | C] () -- C:\WINDOWS\hpqins09.dat
[2010/03/12 14:47:25 | 000,070,835 | ---- | C] () -- C:\WINDOWS\hpqins04.dat
[2009/11/19 19:49:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\WB.ini
[2009/11/19 12:35:34 | 000,002,048 | ---- | C] () -- C:\WINDOWS\System32\Tr_sttool.dat
[2009/11/14 10:04:48 | 001,421,763 | ---- | C] () -- C:\WINDOWS\System32\Snow Chill.exe
[2009/10/19 20:03:56 | 000,000,054 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2009/10/19 20:03:56 | 000,000,039 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2009/10/14 12:17:17 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\ventmon.dll
[2009/09/14 16:31:48 | 000,000,090 | ---- | C] () -- C:\WINDOWS\System32\faxman32.INI
[2009/09/14 16:25:47 | 000,051,200 | ---- | C] () -- C:\WINDOWS\System32\dtmon.dll
[2009/09/14 16:25:45 | 000,002,219 | ---- | C] () -- C:\WINDOWS\OEDEVKIT.INI
[2009/09/14 16:25:45 | 000,000,761 | ---- | C] () -- C:\WINDOWS\BTI.INI
[2009/09/14 16:25:44 | 000,015,840 | ---- | C] () -- C:\WINDOWS\System32\MACHNM1.EXE
[2009/09/14 16:25:33 | 000,000,030 | ---- | C] () -- C:\WINDOWS\MAINPATH.INI
[2009/09/14 16:25:22 | 000,000,065 | ---- | C] () -- C:\WINDOWS\WININI.INI
[2009/08/20 11:47:43 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\Stac97co.dll
[2009/08/14 09:57:44 | 000,006,144 | ---- | C] () -- C:\WINDOWS\System32\ClassXps.dll
[2009/07/26 14:47:56 | 000,000,045 | ---- | C] () -- C:\WINDOWS\System32\RPVersion.ini
[2009/07/22 17:51:04 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\ncvDS61.dll
[2009/07/22 17:51:04 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\ncCompress.dll
[2009/07/22 17:51:04 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\ncUtil62.dll
[2009/07/22 17:51:03 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\nczlib.dll
[2009/07/22 17:51:03 | 000,053,760 | ---- | C] () -- C:\WINDOWS\System32\zlib32.dll
[2009/06/19 17:41:15 | 000,000,227 | ---- | C] () -- C:\WINDOWS\HP_CounterReport_Update_HPSU.ini
[2009/04/13 16:36:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Ntuximeqaguvimu.bin
[2009/04/13 16:36:09 | 000,000,408 | ---- | C] () -- C:\WINDOWS\Sjomiqefamete.dat
[2009/04/10 07:30:11 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2009/04/10 07:05:22 | 000,000,234 | ---- | C] () -- C:\WINDOWS\PrnHlpLogConfig.ini
[2009/04/10 06:59:37 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_InstantSHareJPG.ini
[2009/03/26 12:41:33 | 002,682,880 | ---- | C] () -- C:\WINDOWS\System32\vcredist_x86.exe
[2009/03/26 12:26:59 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4814.dll
[2009/03/26 07:09:33 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/02/25 15:16:50 | 000,000,112 | ---- | C] () -- C:\WINDOWS\Sansa Media Converter.INI
[2009/02/25 14:27:39 | 000,230,096 | ---- | C] () -- C:\WINDOWS\System32\xactengine2_0.dll
[2009/01/19 12:16:59 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/01/19 11:16:46 | 000,002,272 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2009/01/09 10:09:28 | 000,000,563 | ---- | C] () -- C:\WINDOWS\PPViewer.INI
[2008/12/03 21:31:32 | 000,000,183 | ---- | C] () -- C:\WINDOWS\PlayListEditor.ini
[2008/09/30 09:17:31 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2007/05/06 11:04:13 | 000,000,016 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2007/04/24 19:27:41 | 000,118,784 | ---- | C] () -- C:\WINDOWS\SeaMonkeyUninstall.exe
[2007/04/24 19:27:24 | 000,118,784 | ---- | C] () -- C:\WINDOWS\GREUninstall.exe
[2007/03/28 12:49:00 | 000,001,226 | ---- | C] () -- C:\WINDOWS\flax.ini
[2007/03/28 09:17:39 | 000,000,463 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007/03/20 15:08:10 | 000,000,082 | ---- | C] () -- C:\WINDOWS\netdet.ini
[2007/03/13 14:07:52 | 000,000,013 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ƯĂÄ›̉3113›.sys
[2007/03/12 18:23:15 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2007/03/12 18:23:12 | 000,536,576 | ---- | C] () -- C:\WINDOWS\System32\ciaSecurity.DLL
[2007/03/12 18:06:47 | 000,000,013 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ƯÙĂÄ3113›.sys
[2007/03/08 12:35:48 | 000,000,217 | ---- | C] () -- C:\WINDOWS\HP_IZClosingDiscErrorPatch.ini
[2007/03/08 12:34:47 | 000,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
[2007/01/14 22:04:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iplayer.INI
[2007/01/02 23:36:43 | 000,000,072 | ---- | C] () -- C:\WINDOWS\pex.INI
[2007/01/02 23:30:14 | 000,000,151 | ---- | C] () -- C:\WINDOWS\Ulead32.ini
[2006/12/28 17:03:55 | 000,000,830 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006/08/29 14:54:02 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2006/06/21 19:37:12 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2006/06/15 12:18:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2006/06/12 16:33:33 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\PopWait.exe
[2006/06/04 19:23:31 | 000,000,404 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2006/06/02 15:05:39 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/06/01 11:22:20 | 000,133,120 | ---- | C] () -- C:\Documents and Settings\USERNAME\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/05/31 10:37:43 | 000,099,965 | ---- | C] () -- C:\WINDOWS\UninstallFirefox.exe
[2006/05/31 10:37:24 | 000,015,193 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2006/05/29 19:18:27 | 000,000,088 | R-S- | C] () -- C:\WINDOWS\System32\EB1816CB85.sys
[2006/05/29 16:29:45 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\RasWait.exe
[2006/05/27 19:09:32 | 000,000,632 | ---- | C] () -- C:\WINDOWS\CoDUO.INI
[2006/05/27 18:48:18 | 000,000,104 | R-S- | C] () -- C:\WINDOWS\System32\85CB1618EB.sys
[2006/05/27 18:48:08 | 000,007,206 | --S- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/05/27 18:41:41 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\USERNAME\Local Settings\Application Data\fusioncache.dat
[2006/05/20 17:16:48 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/05/20 17:08:38 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2006/05/20 17:02:30 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/05/20 16:58:25 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare
[2006/05/20 16:33:44 | 000,049,152 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe
[2006/05/20 16:33:36 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2006/05/20 16:33:28 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2006/05/20 16:33:28 | 000,024,064 | ---- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE
[2006/05/20 16:33:23 | 000,753,664 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2006/05/20 16:32:16 | 000,000,391 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/08/16 04:48:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/08/16 04:38:45 | 000,034,332 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/08/16 04:33:38 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/08/16 04:27:59 | 003,488,232 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/08/16 04:18:33 | 000,546,098 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2005/08/16 04:18:33 | 000,100,552 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2005/08/16 04:18:28 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2005/05/19 19:05:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/04/13 13:41:02 | 000,749,568 | ---- | C] () -- C:\WINDOWS\System32\SWFGen.dll
[2005/03/22 17:38:24 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/03/22 17:38:24 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/10 06:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/10 06:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/10 06:00:00 | 000,249,270 | ---- | C] () -- C:\WINDOWS\System32\_005462_.tmp.dll
[2004/08/10 06:00:00 | 000,249,270 | ---- | C] () -- C:\WINDOWS\System32\_005171_.tmp.dll
[2004/08/10 06:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/10 06:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/10 06:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/10 06:00:00 | 000,022,040 | ---- | C] () -- C:\WINDOWS\System32\_005430_.tmp.dll
[2004/08/10 06:00:00 | 000,022,040 | ---- | C] () -- C:\WINDOWS\System32\_005139_.tmp.dll
[2004/08/10 06:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/10 06:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/09 23:11:42 | 000,185,856 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/03/24 06:03:00 | 000,279,552 | ---- | C] () -- C:\WINDOWS\System32\FGWVB32.DLL
[2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/07/06 14:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== LOP Check ==========

[2012/01/22 11:45:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Activ Software
[2009/07/22 18:16:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Anonymizer
[2011/10/27 14:08:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2011/11/19 13:44:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2009/11/20 14:22:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2011/10/24 09:56:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CAM Development
[2011/11/17 10:14:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2005/08/16 20:54:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DIGStream
[2010/09/21 10:26:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Driver Boost
[2010/11/07 10:20:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Driver Whiz
[2010/08/14 21:35:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EnterNHelp
[2011/12/08 08:16:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fighters
[2009/07/03 13:30:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GARMIN
[2009/09/17 16:08:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2010/01/31 18:21:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2011/11/19 13:43:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/06/25 19:00:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2010/08/14 19:00:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nikon
[2012/01/17 07:42:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2011/11/04 13:12:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PhotoME
[2012/01/20 21:26:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Promethean
[2011/01/27 10:35:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2011/03/09 14:05:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Rosetta Stone
[2009/05/14 18:37:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\scar5
[2009/07/22 17:43:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SingleClick Systems
[2010/08/14 18:54:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Solid Colors
[2010/08/14 19:04:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\StatusSheet
[2012/02/18 10:21:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2012/01/02 15:59:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/04/01 13:51:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Transparent
[2012/01/25 08:23:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2007/01/02 23:29:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2010/08/14 21:35:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ultima_T15
[2009/10/14 12:17:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Venta
[2006/05/20 17:03:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/09/21 12:59:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Western Digital
[2011/12/08 11:18:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YouTube Downloader
[2012/01/25 08:21:31 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[2012/01/23 13:03:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}
[2011/04/01 13:51:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{7D4B3D1D-104E-4507-9123-568BC721B7E2}
[2011/03/28 15:37:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8A4124D0-6AF6-4584-A7BF-4CDFECF4B129}
[2011/05/08 15:20:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USERNAME\Application Data\99119
[2011/01/16 20:49:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USERNAME\Application Data\ACD Systems
[2012/01/20 21:01:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USERNAME\Application Data\ACTIV Software
[2009/07/22 18:16:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USERNAME\Application Data\Anonymizer
[2011/05/03 14:35:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USERNAME\Application Data\Anthropics
[2010/10/21 08:33:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USERNAME\Application Data\apm
[2009/11/19 11:46:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USERNAME\Application Data\Apowersoft
[2011/11/02 09:06:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USERNAME\Application Data\AVG
[2010/10/26 06:29:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USERNAME\Application Data\AVG10
[2011/10/28 05:53:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USERNAME\Application Data\AVG2012
[2010/10/26 06:23:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USERNAME\Application Data\AVG9
[2011/12/19 13:29:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USERNAME\Application Data\Axialis
[2009/08/01 12:31:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USERNAME\Application Data\BitTorrent
[2011/01/28 14:33:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USERNAME\Application Data\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/02/21 09:41:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USERNAME\Application Data\COWON
[2012/01/09 17:34:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USERNAME\Application Data\DriverCure
[2011/04/19 13:16:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USERNAME\Application Data\DVDVideoSoftIEHelpers
[2007/03/30 15:35:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USERNAME\Application Data\Eltima Software
[2011/12/08 08:16:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USERNAME\Application Data\Fighters
[2011/11/22 21:47:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USERNAME\Application Data\FixCleaner
[2011/04/27 09:22:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USERNAME\Application Data\Focus Mp3 Recorder
[2009/07/03 13:18:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USERNAME\Application Data\GARMIN
[2011/06/11 10:06:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USERNAME\Application Data\GetRightToGo
[2008/09/30 14:00:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USERNAME\Application Data\GlarySoft
[2008/12/25 22:36:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USERNAME\Application Data\Hulabee
[2012/01/10 19:10:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USERNAME\Application Data\Image Zone Express
[2011/10/28 14:56:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USERNAME\Application Data\ImgBurn
[2011/11/21 11:19:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USERNAME\Application Data\InfraRecorder
[2007/12/26 21:55:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USERNAME\Application Data\InterTrust
[2011/05/17 14:26:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USERNAME\Application Data\IObit
[2012/01/02 16:39:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USERNAME\Application Data\Kernel for Windows Data Recovery
[2006/05/27 19:13:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USERNAME\Application Data\Leadertech
[2006/06/10 22:54:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USERNAME\Application Data\MSNInstaller
[2011/06/25 19:00:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USERNAME\Application Data\NCH Swift Sound
[2010/10/16 13:05:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USERNAME\Application Data\Nikon
[2011/06/11 11:24:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USERNAME\Application Data\Notebook Hardware Control
[2012/01/26 12:49:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USERNAME\Application Data\OpenOffice.org
[2011/11/20 10:14:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USERNAME\Application Data\PandoraRecovery
[2012/01/09 17:34:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USERNAME\Application Data\ParetoLogic
[2008/09/08 13:52:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USERNAME\Application Data\Participatory Culture Foundation
[2011/01/16 20:05:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USERNAME\Application Data\PhotoScape
[2012/02/10 23:58:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USERNAME\Application Data\PriceGong
[2012/01/20 21:26:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USERNAME\Application Data\Promethean
[2012/01/02 15:39:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USERNAME\Application Data\RecoveryFix for Windows
[2008/12/02 13:29:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USERNAME\Application Data\SanDisk
[2006/06/12 16:41:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USERNAME\Application Data\ScamGuard
[2009/05/08 14:25:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USERNAME\Application Data\scar5
[2008/06/09 22:22:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USERNAME\Application Data\Smith Micro
[2011/01/28 15:02:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USERNAME\Application Data\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2009/08/28 11:43:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USERNAME\Application Data\Systweak
[2011/01/15 10:36:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USERNAME\Application Data\Thunderbird
[2012/01/25 08:22:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USERNAME\Application Data\TuneUp Software
[2007/01/02 23:31:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USERNAME\Application Data\Ulead Systems
[2012/01/08 18:23:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USERNAME\Application Data\Uniblue
[2011/11/09 19:26:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USERNAME\Application Data\WeatherBug
[2010/11/21 17:15:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USERNAME\Application Data\Wireshark
[2010/08/14 21:50:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USERNAME\Application Data\XnView
[2012/01/20 22:04:09 | 000,000,286 | ---- | M] () -- C:\WINDOWS\Tasks\doxillionShakeIcon.job
[2012/01/30 14:24:00 | 000,000,294 | ---- | M] () -- C:\WINDOWS\Tasks\expressburnDowngrade.job
[2012/01/20 09:14:00 | 000,000,308 | ---- | M] () -- C:\WINDOWS\Tasks\expressburnShakeIcon.job
[2012/02/17 20:58:06 | 000,000,290 | ---- | M] () -- C:\WINDOWS\Tasks\expresszipShakeIcon.job
[2012/01/20 09:07:00 | 000,000,288 | ---- | M] () -- C:\WINDOWS\Tasks\mixpadShakeIcon.job
[2012/01/02 10:37:00 | 000,000,286 | ---- | M] () -- C:\WINDOWS\Tasks\pixillionDowngrade.job
[2011/12/25 10:37:00 | 000,000,286 | ---- | M] () -- C:\WINDOWS\Tasks\pixillionShakeIcon.job
[2011/11/09 16:16:00 | 000,000,270 | ---- | M] () -- C:\WINDOWS\Tasks\prismShakeIcon.job
[2012/02/18 09:57:44 | 000,032,182 | ---- | M] () -- C:\WINDOWS\Tasks\SCHEDLGU.TXT
[2012/02/18 10:01:31 | 000,000,400 | ---- | M] () -- C:\WINDOWS\Tasks\SLOW-PCfighter-Administrator-Notification.job
[2012/02/18 10:01:31 | 000,000,372 | ---- | M] () -- C:\WINDOWS\Tasks\SLOW-PCfighter-Administrator-Startup.job
[2012/02/18 10:01:31 | 000,000,386 | ---- | M] () -- C:\WINDOWS\Tasks\SLOW-PCfighter-USERNAME-Notification.job
[2012/02/18 10:01:31 | 000,000,358 | ---- | M] () -- C:\WINDOWS\Tasks\SLOW-PCfighter-USERNAME-Startup.job
[2012/02/18 10:01:31 | 000,000,282 | ---- | M] () -- C:\WINDOWS\Tasks\SmartDefrag_Startup.job
[2011/11/09 16:16:00 | 000,000,278 | ---- | M] () -- C:\WINDOWS\Tasks\wavepadShakeIcon.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7631EA83
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BB5B0476
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ECF54A0E
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B63300D1

< End of report >
  • 0

#6
Render
Posted 18 February 2012 - 02:31 PM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
We should proceed with general antimalware scan which can take quite a long time so please be patient.

Download Virus Removal Tool (VRT) from Here to your desktop
(You have to enter your e-mail address and click on Submit Form button. Please download latest English version of this tool)

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan

Click the cog in the upper right
Posted Image


Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan
(Please be patient as this scan can take a few hours)
Posted Image

Allow VRT to delete all infections found
Once it has finished select report tab (last tab)
Select Detected threads report from the left and press Save button
Save it to your desktop and attach to your next post


Now the Analysis

Rerun VRT and select the Manual Disinfection tab and press Start Gathering System Information

Posted Image

On completion click the link to locate the zip file to upload and attach to your next post

Posted Image
  • 0

#7
The Rabid One
Posted 19 February 2012 - 10:03 PM

The Rabid One

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
The scans finally finished. It took almost 16 hours (sheesh). The two files are attached as requested. In case I missed something I am leaving Kaspersky up on the system. Sorry for taking so long to get back to you but I had to take photos of a fire training session for a few departments. It was a long session in sleet and freezing rain and I don't think I'm fully thawed out yet. Let me know whatever you need me to do next (short of taking a hammer to the computer...lol).

Attached Files


  • 0

#8
Render
Posted 20 February 2012 - 04:16 AM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Can you please give me an update on how your computer's running.
  • 0

#9
The Rabid One
Posted 20 February 2012 - 03:00 PM

The Rabid One

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
The system was shut down by a family member who didn't realize I left Kaspersky open, but I can always re-run if needed. The system rebooted faster and overall seems to be faster. Before there were a lot of "plugin containers" open in Processes when Firefox wasn't open. Now there is only one. One the Task Manager's Performance CPU usage with no programs open or active is from 3% to 8% useage and PF Usage is from 750mb to 796mb under same conditions. My main concern was anything that may pose a security threat since I take care of online student loan info among other security sensitive matters for the kids (and I thought college was going to kill me when I was a student, it zaps you twice as hard as a parent...Yikes!). I'm open to any advice you may have to offer, or other test needed to run. The boot process still halts at the screen to select Recovery Console or Windows XP and awaits an answer, or if not selected boots to XP after 20 sec.
  • 0

#10
Render
Posted 20 February 2012 - 03:11 PM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
How to remove or change boot choices please read here.

I recommend you to backup your important data on some external media.

Your logs shows that your system is clean. If you have no further issues with your computer, then please proceed with the following housekeeping procedures outlined below.

Removing the tools we used:

Reset System Restore points:

  • Please reopen Posted Image on your desktop.
  • Copy (select all lines inside quote box and press CTRL+C) and Paste (press CTRL+V) the following code into the Posted Image textbox.

    :Commands
    [ClearAllRestorePoints]

  • Click on Posted Image button.
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click on Posted Image button.

NEXT...

OTL Clean-Up:

  • Reopen Posted Image on your desktop.
  • Click on Posted Image
  • You will be prompted to reboot your system. Please do so.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.


There are a few things I recommend you to do once your computer is completely clean:

Updates for Windows - One of the essentials is to keep your computer updated with the latest operating system patches and security fixes. Windows Updates are constantly being revised to combat the newest hacks and threats, Microsoft releases security updates that help your computer from becoming vulnerable. It is best if you have these set to download automatically.

How to turn on Automatic Updates for Windows:

Updates for other installed software

A common attack method for hacking attempts and malware installs is to exploit known vulnerabilities in programs that are commonly installed on a person's computer. These vulnerabilities could allow a remote user or malware developer to install malware, keyloggers, and backdoors on to your computer without your knowledge or permission.
Some of the programs that are commonly exploited include Adobe Shockwave, Adobe Reader, Sun Java, Adobe Flash, and even Windows itself. Therefore it is crucial that everyone remain vigilant as to when a security vulnerability is found in our installed programs and to update it when a security update is released. Unfortunately, no one has the time to stay on top of these updates, which can happen frequently.

I highly recommend you to install Secunia Personal Software Inspector (PSI) that can be used to scan your computer for known vulnerable programs, provide information on the vulnerability, and provide a location to an update for the vulnerable program. A tutorial on how to use Secunia Personal Software Inspector (PSI) can be found here: Keep Software Updated with Secunia PSI.

Web Browsers - Picking the right internet browser is very important. You need to find one that suits your needs but that is also safe. All browsers listed below are far more secure than Internet Explorer, immune to almost all known browser hijackers, and also have the best built-in pop up blockers.

Although, if you prefer staying with Internet Explorer I highly recommend you do this :

Make Internet Explorer more secure:
  • Click Start > Run
  • Type Inetcpl.cpl & click OK
  • Click on the Security tab
  • Click Reset all zones to default level
  • Make sure the Internet Zone is selected & Click Custom level
  • In the ActiveX section, set the options Download signed and unsigned ActiveX controls to Prompt, and Initialize and Script ActiveX controls not marked as safe to Disable.
  • Next click OK, then Apply button and then OK to exit the Internet Properties page.

Tips to protect yourself against malware and reduce the potential for re-infection:

Now after all these steps, your PC will be more secure. However it is important to note that you can still get infected if you are not careful. One of the best security programs you can have is common sense. As malware gets more sophisticated, you need to be more wary. If you do get caught though and the above steps can't help prevent it, we will be here to help you out.

Stay secure and thank you for choosing GeeksToGo.
  • 0

Advertisements

#11
The Rabid One
Posted 23 February 2012 - 08:59 AM

The Rabid One

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
I went through the steps on cleanup, etc. I used PSI and I'm now at 99% system score. Some of the pgms that were problematic and wouldn't update properly I simply removed them since I don't use them often. The only one I left, which was at "end of life" was the DVD burning software for my external DVD/CD burner. In updating Windows XP one Security Update simply would not install (Security Update for Windows XP (KB973768). The security bulletin associated with this patch is, "Microsoft Security Bulletin MS09-037 - Critical Vulnerabilities in Microsoft Active Template Library (ATL) Could Allow Remote Code Execution (973908)". I tried several times to update and install, and followed the procedure of shutting down the computer so the update would be applied as Windows shut down. I'm not sure if there is another update that supersedes this patch, thus not allowing installation. All other procedures went well. The browser I use is Firefox 10.0.2. I have Internet Explorer 8 which is used only for MS updates. Overall speed of system is better, but one new issue has come to the forefront. Whenever I play any audio/video file (Youtube or Pandora for example) the playback is 'chopped' as though the data stream is being interrupted (scratchy sound). I checked "System" under the Control Panel and don't have any exclamation marks nor red 'x' indicators. I did try through the "update driver" selection to update in case drivers were corrupted but the attempt to update hardware driver failed. Sorry for being such a pain in the neck.
  • 0

#12
Render
Posted 23 February 2012 - 09:25 AM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts

In updating Windows XP one Security Update simply would not install (Security Update for Windows XP (KB973768). The security bulletin associated with this patch is, "Microsoft Security Bulletin MS09-037 - Critical Vulnerabilities in Microsoft Active Template Library (ATL) Could Allow Remote Code Execution (973908)".

Looking at the install log for KB973768 and the details from Microsoft on this update, it appears that it is only for Media Center 2005. You likely have Media Center 2002. Right click My Computer, choose properties. It should tell you what you have on the General tab.

Overall speed of system is better, but one new issue has come to the forefront. Whenever I play any audio/video file (Youtube or Pandora for example) the playback is 'chopped' as though the data stream is being interrupted (scratchy sound).

I don't know what to say here. Youtube works splendid for me during European night times (1080p in realtime) but won't stop buffering during the day. Even on 480p videos. It directly corresponds with ISP infrastructure utilization. Highly used during the day, much less during the night. You can click here to Analyze Video Playback Problems with YouTube Speed Test.
  • 0

#13
Render
Posted 08 March 2012 - 04:19 PM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0

#14
Render
Posted 10 March 2012 - 05:45 AM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
User returned.
  • 0

#15
Render
Posted 10 March 2012 - 05:47 AM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Are you able to connect this computer in network with Ethernet cable and see if problem persist?
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP