Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Win 32 message during shutdown [Closed] [Solved]

Started by ron26 , Mar 24 2012 05:54 PM

  • This topic is locked This topic is locked

#16
ron26
Posted 26 March 2012 - 08:52 AM

ron26

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 169 posts
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-03-26 10:29:24
-----------------------------
10:29:24.734 OS Version: Windows 5.1.2600 Service Pack 3
10:29:24.734 Number of processors: 1 586 0x401
10:29:24.734 ComputerName: RON UserName:
10:30:19.718 Initialize success
10:31:12.671 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
10:31:12.687 Disk 0 Vendor: SAMSUNG_SP0802N TK100-28 Size: 76293MB BusType: 3
10:31:12.765 Disk 0 MBR read successfully
10:31:12.765 Disk 0 MBR scan
10:31:12.765 Disk 0 unknown MBR code
10:31:12.765 Disk 0 Partition 1 00 DE Dell Utility Dell 4.1 39 MB offset 63
10:31:12.781 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 73139 MB offset 80325
10:31:12.812 Disk 0 Partition 3 00 DB CP/M / CTOS MSWIN4.1 3106 MB offset 149870385
10:31:12.890 Disk 0 scanning sectors +156232125
10:31:13.609 Disk 0 scanning C:\WINDOWS\system32\drivers
10:33:42.968 Service scanning
10:36:01.203 Service vsdatant C:\WINDOWS\System32\vsdatant.sys **LOCKED** 32
10:36:12.468 Modules scanning
10:37:14.046 Disk 0 trace - called modules:
10:37:14.078 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
10:37:14.078 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a326ab8]
10:37:14.078 3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a34ad98]
10:37:14.093 Scan finished successfully
10:41:53.703 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\GretaM\Desktop\MBR.dat"
10:41:53.781 The log file has been saved successfully to "C:\Documents and Settings\GretaM\Desktop\aswMBR.txt"
  • 0

Advertisements

#17
ron26
Posted 26 March 2012 - 09:04 AM

ron26

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 169 posts
Farbar Service Scanner Version: 01-03-2012
Ran by GretaM (administrator) on 26-03-2012 at 11:02:58
Running from "C:\Documents and Settings\GretaM\My Documents\Downloads"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error: Google IP is offline
Attempt to access Yahoo IP returend error: Yahoo IP is offline


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall"=DWORD:0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
AegisP(9) AvgTdiX(86) Gpc(6) IPSec(4) NaiAvTdi1(8) NetBT(5) PSched(7) Tcpip(3)
0x0B000000040000000100000002000000030000005A000000560000000800000005000000060000000700000009000000
IpSec Tag value is correct.

**** End of log ****
  • 0

#18
Essexboy
Posted 26 March 2012 - 02:02 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Are you still getting the error on shutdown ?

Go to control panel
Select Folder options
Select the view tab
[attachment=56839:Capture.JPG]
Select show hidden files
Deselect hide system files
OK out

Then go to C:\windows\system32\drivers\etc
Right click the Host file and select open (use notepad)
From the file delete the following lines :


91.212.127.226 aviraplatinum.microsoft.com
91.212.127.226 aviraplatinum.com
91.212.127.226 www.aviraplatinum.com

Save the file

Reboot the computer and let me know what problems remain
  • 0

#19
ron26
Posted 26 March 2012 - 03:07 PM

ron26

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 169 posts
Followed those steps.

Still getting this pop-up message:

zlclient.exe
The file or directory C:\WINDOWS\Internet Logs\tvDebug.log is corrupt and unreadable. Please run the Chkdsk utility.
  • 0

#20
Essexboy
Posted 26 March 2012 - 03:21 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
We need to delete that file so close ZA down and then manually delete the file, it will be recreated.

If you are unable to do that I will use OTL to remove it
  • 0

#21
ron26
Posted 26 March 2012 - 04:10 PM

ron26

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 169 posts
Okay, did that. There is also a tvDebug.zip.

Delete that as well? Or just the .log?
  • 0

#22
Essexboy
Posted 27 March 2012 - 01:19 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
The zip is just an archive so yes that can go as well

How is the computer behaving now ?
  • 0

#23
ron26
Posted 27 March 2012 - 03:45 PM

ron26

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 169 posts
Okay, I'll get rid of the zip as well.

I ran Malwarebytes scanner again, nothing malicious found.

Everything seems fine - no messages, no pop-ups, nothing wacky.

Do you think that means I'm done or do we need to reinstall/reset/follow up?

Thanks for all your help!
  • 0

#24
Essexboy
Posted 28 March 2012 - 01:28 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Did you manage to change the Host file ?
  • 0

#25
ron26
Posted 29 March 2012 - 02:55 PM

ron26

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 169 posts
Hello,

Not sure what you mean/what you want me to do to "change the Host file."

Sorry. I went back to delete the tvDebug.zip file and there is also a tvDeg.log. That looks to be a notepad log. Should I delete that? Or is it fine.

Please let me know about changing the Host file.

Thanks.
ron
  • 0

Advertisements

#26
ron26
Posted 30 March 2012 - 09:46 AM

ron26

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 169 posts
And something else I've noticed that I thought you might know more about...

So my computer used to go into hibernation and wake back up when I moved my mouse or hit a key on the keyboard.

Now it only turns on when I press the on/off on the tower.

Haven't changed any settings.

Cause for concern? Can I alter this setting? I'm just curious why this would happen if I didn't change anything myself manually.
  • 0

#27
Essexboy
Posted 30 March 2012 - 12:49 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
The host file data is within post 18

could you run a fresh OTL quickscan please and ensure all users is selected
  • 0

#28
Essexboy
Posted 03 April 2012 - 02:48 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0

#29
Essexboy
Posted 06 April 2012 - 01:27 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
User returned

Could you update me on the current situation please
  • 0

#30
ron26
Posted 06 April 2012 - 02:42 PM

ron26

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 169 posts
OTL logfile created on: 4/6/2012 3:48:28 PM - Run 3
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\GretaM\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.25 Gb Total Physical Memory | 0.09 Gb Available Physical Memory | 7.14% Memory free
2.30 Gb Paging File | 0.33 Gb Available in Paging File | 14.33% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.43 Gb Total Space | 8.01 Gb Free Space | 11.21% Space Free | Partition Type: NTFS
Drive F: | 372.37 Gb Total Space | 68.04 Gb Free Space | 18.27% Space Free | Partition Type: FAT32

Computer Name: RON | User Name: GretaM | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/26 10:19:21 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/03/24 19:28:59 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\GretaM\My Documents\Downloads\OTL.exe
PRC - [2012/03/19 16:32:24 | 009,413,712 | ---- | M] (SugarSync, Inc.) -- C:\Program Files\SugarSync\SugarSyncManager.exe
PRC - [2012/02/14 19:03:14 | 024,246,216 | ---- | M] (Dropbox, Inc.) -- C:\Documents and Settings\GretaM\Application Data\Dropbox\bin\Dropbox.exe
PRC - [2012/02/13 08:36:32 | 009,040,792 | ---- | M] (Mendeley Ltd.) -- C:\Program Files\Mendeley Desktop\MendeleyDesktop.exe
PRC - [2012/01/03 09:10:44 | 001,494,424 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe
PRC - [2009/12/28 09:57:31 | 000,761,600 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgscanx.exe
PRC - [2009/11/22 15:44:16 | 002,384,240 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe
PRC - [2009/11/22 15:42:50 | 001,037,192 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2009/10/14 09:30:26 | 000,476,528 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe
PRC - [2009/10/14 09:30:06 | 000,730,480 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
PRC - [2009/09/06 10:32:27 | 000,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
PRC - [2009/09/06 10:32:25 | 000,693,016 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgcsrvx.exe
PRC - [2009/09/06 10:31:55 | 000,595,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe
PRC - [2009/09/06 10:30:29 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2009/05/21 10:55:32 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2009/04/17 20:01:32 | 000,929,792 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Program Files\REALTEK\11n USB Wireless LAN Utility\RtWLan.exe
PRC - [2008/08/13 18:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/09/22 20:00:00 | 000,221,191 | ---- | M] (Network Associates, Inc.) -- C:\Program Files\Network Associates\VirusScan\mcshield.exe
PRC - [2004/09/22 20:00:00 | 000,094,208 | ---- | M] (Network Associates, Inc.) -- C:\Program Files\Network Associates\VirusScan\shstat.exe
PRC - [2004/09/22 20:00:00 | 000,028,672 | ---- | M] (Network Associates, Inc.) -- C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
PRC - [2004/09/22 20:00:00 | 000,009,728 | ---- | M] (Network Associates, Inc.) -- C:\Program Files\Network Associates\VirusScan\scan32.exe
PRC - [2004/08/06 03:50:00 | 000,237,623 | ---- | M] (Network Associates, Inc.) -- C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe
PRC - [2004/08/06 03:50:00 | 000,139,320 | ---- | M] (Network Associates, Inc.) -- C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
PRC - [2004/08/06 03:50:00 | 000,102,463 | ---- | M] (Network Associates, Inc.) -- C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
PRC - [2004/03/04 10:46:24 | 000,172,032 | ---- | M] (HP) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
PRC - [2003/10/07 09:48:56 | 000,147,514 | ---- | M] (Network Associates, Inc.) -- C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe


========== Modules (No Company Name) ==========

MOD - [2012/03/26 10:18:56 | 001,969,080 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/02/16 16:01:24 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\77e1279cbf4eecfb0284b63316fe43fe\System.Xml.ni.dll
MOD - [2012/02/16 15:36:59 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\9e3803cd2a11f056291862e306a8e2b2\System.ni.dll
MOD - [2012/02/13 08:24:58 | 000,203,264 | ---- | M] () -- C:\Program Files\Mendeley Desktop\Mendeley.dll
MOD - [2012/01/03 09:10:44 | 000,249,232 | ---- | M] () -- C:\Program Files\Adobe\Reader 10.0\Reader\sqlite.dll
MOD - [2011/11/24 00:05:40 | 000,921,600 | ---- | M] () -- C:\Program Files\Yahoo!\Messenger\yui.dll
MOD - [2011/10/12 22:11:14 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
MOD - [2011/09/04 09:44:20 | 006,277,280 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2011/07/26 13:06:30 | 000,206,336 | ---- | M] () -- C:\Program Files\Mendeley Desktop\imageformats\qjpeg4.dll
MOD - [2011/07/26 13:03:08 | 014,984,192 | ---- | M] () -- C:\Program Files\Mendeley Desktop\QtWebKit4.dll
MOD - [2011/07/26 11:14:48 | 000,315,392 | ---- | M] () -- C:\Program Files\Mendeley Desktop\QtSvg4.dll
MOD - [2011/07/26 11:13:48 | 000,317,952 | ---- | M] () -- C:\Program Files\Mendeley Desktop\phonon4.dll
MOD - [2011/07/26 11:06:20 | 009,078,784 | ---- | M] () -- C:\Program Files\Mendeley Desktop\QtGui4.dll
MOD - [2011/07/26 10:54:32 | 001,090,048 | ---- | M] () -- C:\Program Files\Mendeley Desktop\QtNetwork4.dll
MOD - [2011/07/26 10:53:20 | 000,382,976 | ---- | M] () -- C:\Program Files\Mendeley Desktop\QtXml4.dll
MOD - [2011/07/26 10:53:10 | 002,569,216 | ---- | M] () -- C:\Program Files\Mendeley Desktop\QtCore4.dll
MOD - [2009/04/03 17:32:10 | 000,110,592 | ---- | M] () -- C:\Program Files\REALTEK\11n USB Wireless LAN Utility\EnumDevLib.dll
MOD - [2007/07/12 12:11:54 | 001,163,264 | ---- | M] () -- C:\Program Files\REALTEK\11n USB Wireless LAN Utility\acAuth.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/10/28 20:35:26 | 002,152,152 | ---- | M] (Lavasoft Limited) [Auto | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2009/11/22 15:44:16 | 002,384,240 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2009/10/14 09:30:26 | 000,476,528 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe -- (IswSvc)
SRV - [2009/09/06 10:30:29 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd)
SRV - [2008/08/29 10:00:30 | 000,033,752 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe -- (getPlus® Helper) getPlus®
SRV - [2008/08/13 18:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2007/03/07 15:47:46 | 000,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2006/03/03 21:03:10 | 000,069,632 | ---- | M] (HP) [Auto | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2004/09/22 20:00:00 | 000,221,191 | ---- | M] (Network Associates, Inc.) [Auto | Running] -- C:\Program Files\Network Associates\VirusScan\mcshield.exe -- (McShield)
SRV - [2004/09/22 20:00:00 | 000,028,672 | ---- | M] (Network Associates, Inc.) [Auto | Running] -- C:\Program Files\Network Associates\VirusScan\vstskmgr.exe -- (McTaskManager)
SRV - [2004/08/06 03:50:00 | 000,102,463 | ---- | M] (Network Associates, Inc.) [Auto | Running] -- C:\Program Files\Network Associates\Common Framework\FrameworkService.exe -- (McAfeeFramework)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\GretaM\LOCALS~1\Temp\cpuz132\cpuz132_x32.sys -- (cpuz132)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2011/10/28 20:35:28 | 000,064,512 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\Lbd.sys -- (Lbd)
DRV - [2011/10/28 20:35:26 | 000,015,232 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2010/10/06 15:59:51 | 000,008,832 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\rasacd.sys -- (RasAcd)
DRV - [2010/07/08 07:09:10 | 000,606,056 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8192su.sys -- (RTL8192su)
DRV - [2009/11/22 15:42:54 | 000,486,280 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2009/10/14 09:30:02 | 000,025,208 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
DRV - [2009/09/06 10:32:26 | 000,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/09/06 10:32:25 | 000,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/09/06 10:31:47 | 000,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2008/05/06 16:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2007/02/25 12:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2006/10/05 16:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2006/04/07 17:06:38 | 000,038,496 | ---- | M] (OLYMPUS IMAGING CORP.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VNUSB.sys -- (VNUSB)
DRV - [2005/01/14 20:00:00 | 000,108,480 | ---- | M] (Network Associates, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\naiavf5x.sys -- (NaiAvFilter1)
DRV - [2005/01/14 20:00:00 | 000,058,464 | ---- | M] (Network Associates, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mvstdi5x.sys -- (NaiAvTdi1)
DRV - [2005/01/14 20:00:00 | 000,008,320 | ---- | M] (Network Associates, Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\entdrv51.sys -- (EntDrv51)
DRV - [2004/09/29 16:36:29 | 000,015,360 | RH-- | M] (Motorola Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NetMotCM.sys -- (ndiscm)
DRV - [2004/09/17 15:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/mywaybiz
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/mywaybiz
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/mywaybiz
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/mywaybiz
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3650238891-4050404084-1215222253-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz
IE - HKU\S-1-5-21-3650238891-4050404084-1215222253-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com...chlft.html?p=DS
IE - HKU\S-1-5-21-3650238891-4050404084-1215222253-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.chase.com/
IE - HKU\S-1-5-21-3650238891-4050404084-1215222253-1005\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-3650238891-4050404084-1215222253-1005\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKU\S-1-5-21-3650238891-4050404084-1215222253-1005\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...ie7&rlz=1I7ADBR
IE - HKU\S-1-5-21-3650238891-4050404084-1215222253-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/...TDF&PC=BBLN&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://nauticom.net/.../asti/asti.htm"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5.0.429
FF - prefs.js..extensions.enabledItems: {FFB96CC1-7EB3-449D-B827-DB661701C6BB}:1.5.53.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..keyword.URL: "http://www.bing.com/...TDF&PC=BBLN&q="
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Program Files\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Documents and Settings\GretaM\Local Settings\Application Data\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2009/12/22 10:39:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2012/03/09 23:01:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/03/26 10:19:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/01/16 20:53:40 | 000,000,000 | ---D | M]

[2008/09/12 08:29:14 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\GretaM\Application Data\Mozilla\Extensions
[2012/03/30 07:17:40 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\GretaM\Application Data\Mozilla\Firefox\Profiles\n990emq9.default\extensions
[2010/04/28 06:40:26 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\GretaM\Application Data\Mozilla\Firefox\Profiles\n990emq9.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/02/18 12:24:28 | 000,000,000 | ---D | M] (Zotero) -- C:\Documents and Settings\GretaM\Application Data\Mozilla\Firefox\Profiles\n990emq9.default\extensions\[email protected]
[2010/09/30 16:39:45 | 000,001,832 | ---- | M] () -- C:\Documents and Settings\GretaM\Application Data\Mozilla\Firefox\Profiles\n990emq9.default\searchplugins\bing.xml
[2007/12/28 19:28:52 | 000,000,274 | ---- | M] () -- C:\Documents and Settings\GretaM\Application Data\Mozilla\Firefox\Profiles\n990emq9.default\searchplugins\search.xml
[2011/11/09 13:39:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/01/22 12:40:56 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
() (No name found) -- C:\DOCUMENTS AND SETTINGS\GRETAM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\N990EMQ9.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\GRETAM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\N990EMQ9.DEFAULT\EXTENSIONS\[email protected]
[2012/03/26 10:19:25 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/10/10 17:35:31 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/09 13:37:35 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2009/09/16 14:17:30 | 000,000,152 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 91.212.127.226 aviraplatinum.microsoft.com
O1 - Hosts: 91.212.127.226 aviraplatinum.com
O1 - Hosts: 91.212.127.226 www.aviraplatinum.com
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Reg Error: Value error.) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (ZoneAlarm Toolbar Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (ZoneAlarm Toolbar) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKU\S-1-5-21-3650238891-4050404084-1215222253-1005\..\Toolbar\WebBrowser: (ZoneAlarm Toolbar) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe (HP)
O4 - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe (Network Associates, Inc.)
O4 - HKLM..\Run: [Network Associates Error Reporting Service] C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe (Network Associates, Inc.)
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE (Network Associates, Inc.)
O4 - HKLM..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u File not found
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKU\S-1-5-21-3650238891-4050404084-1215222253-1005..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKU\S-1-5-21-3650238891-4050404084-1215222253-1005..\Run: [SugarSync] C:\Program Files\SugarSync\SugarSyncManager.exe (SugarSync, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\REALTEK 11n USB Wireless LAN Utility.lnk = C:\Program Files\REALTEK\11n USB Wireless LAN Utility\RtWLan.exe (Realtek Semiconductor Corp.)
O4 - Startup: C:\Documents and Settings\GretaM\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\GretaM\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3650238891-4050404084-1215222253-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1188521143281 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1188600970968 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://wwwimages.ado...obat/nos/gp.cab (get_atlcom Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E6983708-23DB-4B86-992B-1344F03C25E8}: DhcpNameServer = 192.168.1.1 209.18.47.61 209.18.47.62
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (C:\WINDOWS\SYSTEM32\RtlGina\RtlGina.DLL) - C:\WINDOWS\system32\RtlGina\RtlGina.dll (Realtek)
O20 - Winlogon\Notify\avgrsstarter: DllName - (avgrsstx.dll) - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop WallPaper: C:\Documents and Settings\GretaM\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\GretaM\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 18:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{a6aa0a22-06ef-11e1-9ffb-0810747877c1}\Shell - "" = AutoRun
O33 - MountPoints2\{a6aa0a22-06ef-11e1-9ffb-0810747877c1}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a6aa0a22-06ef-11e1-9ffb-0810747877c1}\Shell\AutoRun\command - "" = F:\unlock.exe autoplay=true
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/03/30 23:27:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\GretaM\My Documents\Magic Briefcase
[2012/03/30 23:04:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\GretaM\Local Settings\Application Data\SugarSync
[2012/03/30 23:02:11 | 000,000,000 | ---D | C] -- C:\Program Files\SugarSync
[2012/03/30 22:19:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\GretaM\Local Settings\Application Data\Mendeley Ltd
[2012/03/30 22:15:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Mendeley Desktop
[2012/03/30 22:15:00 | 000,000,000 | ---D | C] -- C:\Program Files\Mendeley Desktop
[2012/03/23 16:54:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\GretaM\Local Settings\Application Data\WMTools Downloaded Files

========== Files - Modified Within 30 Days ==========

[2012/04/06 16:20:02 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{09AB3340-D6B8-4652-9B2A-6A92D2D3DC27}.job
[2012/04/06 14:32:47 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\GretaM\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2003.lnk
[2012/04/06 12:26:23 | 000,000,512 | ---- | M] () -- C:\WINDOWS\randseed.rnd
[2012/04/06 11:55:55 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2012/04/06 11:55:39 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat
[2012/04/06 11:55:39 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat
[2012/04/06 08:22:32 | 073,777,249 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2012/04/06 06:59:27 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/04/06 06:54:35 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/04/04 16:26:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/04/03 08:44:58 | 000,070,656 | ---- | M] () -- C:\Documents and Settings\GretaM\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/03/30 23:28:14 | 000,000,522 | ---- | M] () -- C:\Documents and Settings\GretaM\Desktop\Magic Briefcase.lnk
[2012/03/30 23:03:01 | 000,001,613 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SugarSync Manager.lnk
[2012/03/30 22:15:51 | 000,000,773 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mendeley Desktop.lnk
[2012/03/26 10:41:53 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\GretaM\Desktop\MBR.dat
[2012/03/14 20:44:41 | 000,362,528 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/03/14 19:44:08 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/03/11 07:49:52 | 000,559,334 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/03/11 07:49:52 | 000,109,032 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

========== Files Created - No Company Name ==========

[2012/03/30 23:28:13 | 000,000,522 | ---- | C] () -- C:\Documents and Settings\GretaM\Desktop\Magic Briefcase.lnk
[2012/03/30 23:03:01 | 000,001,613 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SugarSync Manager.lnk
[2012/03/30 23:03:00 | 000,001,619 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\SugarSync Manager.lnk
[2012/03/30 22:15:49 | 000,000,773 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mendeley Desktop.lnk
[2012/03/26 10:41:53 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\GretaM\Desktop\MBR.dat
[2012/02/16 12:09:19 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/12/13 09:24:59 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/12/13 09:24:59 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2011/05/10 20:45:35 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/01/22 12:43:01 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/10/18 08:19:08 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat

========== LOP Check ==========

[2010/09/30 16:28:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Driver Mender
[2009/01/19 09:09:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Juniper Networks
[2005/07/21 12:02:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Network Associates
[2008/02/08 09:57:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2009/05/22 01:21:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2007/08/31 12:51:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dennis&Denise\Application Data\3M
[2009/01/19 09:23:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dennis&Denise\Application Data\Juniper Networks
[2009/06/08 21:47:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dennis&Denise\Application Data\Leadertech
[2009/09/20 10:12:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dennis&Denise\Application Data\Windows Desktop Search
[2009/10/30 16:21:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dennis&Denise\Application Data\Windows Search
[2005/07/26 14:42:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GretaM\Application Data\3M
[2010/10/18 08:19:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GretaM\Application Data\CheckPoint
[2012/04/06 06:59:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GretaM\Application Data\Dropbox
[2005/08/17 09:39:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GretaM\Application Data\Leadertech
[2008/11/08 02:47:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GretaM\Application Data\MSNInstaller
[2005/08/10 16:22:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GretaM\Application Data\SAS
[2010/06/17 22:19:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GretaM\Application Data\uTorrent
[2009/09/19 09:54:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GretaM\Application Data\Windows Desktop Search
[2009/09/19 11:27:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GretaM\Application Data\Windows Search
[2005/08/17 10:11:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\3M
[2010/08/11 16:26:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Dropbox
[2012/04/06 11:55:55 | 000,000,486 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2012/04/06 16:20:02 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{09AB3340-D6B8-4652-9B2A-6A92D2D3DC27}.job

========== Purity Check ==========



< End of report >
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP