Here we go!! :
1. Extras
OTL Extras logfile created on: 10/15/2012 1:00:24 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\User\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1.75 Gb Total Physical Memory | 0.16 Gb Available Physical Memory | 9.38% Memory free
3.60 Gb Paging File | 2.01 Gb Available in Paging File | 55.75% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 698.63 Gb Total Space | 618.95 Gb Free Space | 88.59% Space Free | Partition Type: NTFS
Computer Name: USER-3E71C3E04B | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
[HKEY_USERS\S-1-5-21-796845957-1659004503-839522115-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"ANTIVIRUSDISABLENOTIFY" = 0
"FIREWALLDISABLENOTIFY" = 0
"UPDATESDISABLENOTIFY" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AIM
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Documents and Settings\User\Desktop\Marketing info\Nginx\nginx-0.9.4\nginx.exe" = C:\Documents and Settings\User\Desktop\Marketing info\Nginx\nginx-0.9.4\nginx.exe:*:Enabled:nginx
"C:\xampp\apache\bin\httpd.exe" = C:\xampp\apache\bin\httpd.exe:*:Enabled:Apache HTTP Server
"C:\Documents and Settings\User\My Documents\Downloads\PDFConverterSetup.exe" = C:\Documents and Settings\User\My Documents\Downloads\PDFConverterSetup.exe:*:Enabled:InstallCore™
"C:\Documents and Settings\User\Application Data\mjusbsp\magicJack.exe" = C:\Documents and Settings\User\Application Data\mjusbsp\magicJack.exe:*:Enabled:magicJack
"C:\Documents and Settings\User\Local Settings\Application Data\Akamai\netsession_win.exe" = C:\Documents and Settings\User\Local Settings\Application Data\Akamai\netsession_win.exe:*:Enabled:Akamai NetSession Interface -- (Akamai Technologies, Inc.)
"C:\Documents and Settings\User\Desktop\Skype\Phone\Skype.exe" = C:\Documents and Settings\User\Desktop\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{023C9E50-C216-4E7A-A8A5-3457DE58106C}" = Catalyst Control Center - Branding
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{03D8A0D6-8455-B550-A808-391C82127447}" = CCC Help Greek
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{068724F8-D8BE-4B43-8DDD-B9FE9E49FD76}" = Scansoft PDF Professional
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{09756AF6-AFAD-EF82-AB78-3297FD81E821}" = CCC Help Japanese
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{10CD9AF7-5D3A-2772-F617-8BD9D82EC3A3}" = CCC Help Dutch
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{1447E6D2-1015-AE95-5976-E15EF8684347}" = CCC Help Portuguese
"{17B4113F-D6AA-3970-127A-C09D10886EB0}" = CCC Help German
"{187DC7F2-3C76-62C6-575B-03EC8B9B0BC8}" = Catalyst Control Center Graphics Full Existing
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1A4B2698-683C-769B-7E67-339F23858DEB}" = Catalyst Control Center Graphics Full New
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200BFFBD-3B5F-47C7-F6DB-3162EF559880}" = Skins
"{24A0F2A6-4DAF-4FE4-9A64-4DAE0D9287B1}" = Phalanger 2.0 (April 2011)
"{24A6F0B6-E6F3-46AE-BB7E-81D6AFA6E926}" = ATI AVIVO Codecs
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java 6 Update 26
"{26A24AE4-039D-4CA4-87B4-2F83216023F0}" = Java 6 Update 23
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{28656860-4728-433C-8AD4-D1A930437BC8}" = Nuance PDF Viewer Plus
"{337A4845-48F0-3363-4424-5047FD6AB456}" = CCC Help Hungarian
"{33CFCF98-F8D6-4549-B469-6F4295676D83}" = Symantec AntiVirus
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{36CDA33B-909B-4719-97D1-C4B99309BDC7}" = ATI Parental Control & Encoder
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E33D05D-76CF-5D3C-4D5D-7727530FA161}" = Adobe Content Viewer
"{511CD3D6-8A90-8D4F-B16B-DA80BD0E0FBE}" = CCC Help Turkish
"{53C06EDE-6FB0-643E-7193-7053F9C7190A}" = ccc-utility
"{5C9C1AD9-CBA2-8EBD-8252-D39F40C29F4B}" = CCC Help Thai
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63717D97-103F-4310-E8E9-22F26F9E2C38}" = CCC Help Korean
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6A13436F-4D18-D4B5-181E-B6AC603BFED7}" = CCC Help Czech
"{6C0A559F-8583-4B5A-8B50-20BEE15D8E64}" = Nuance PaperPort 12
"{6C878433-FDDC-6C9E-2E6C-55F979761B30}" = Catalyst Control Center Core Implementation
"{6EF2FDAB-7FBF-4AB9-92CD-594BDDB6A56B}" = PaperPort Image Printer
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7CA5C4DF-8327-4035-AE2B-CA76336A04FD}" = Snagit 11
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8E0696CF-2869-578B-F8AB-C82B80F9EF12}" = CCC Help Italian
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90A8E958-F3F9-CE7C-B084-F90B8F40F3C3}" = Catalyst Control Center Graphics Light
"{91F7F3F3-CE80-48C3-8327-7D24A0A5716A}" = iTunes
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A1B36B88-AF90-43A3-8906-6DBEE89B4FBD}" = Brother MFL-Pro Suite MFC-J835DW
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A51026AB-F833-413F-5BB3-AE1B3CF3F539}" = ccc-core-static
"{A879106A-9275-0397-CA14-76B24943ACE3}" = CCC Help Swedish
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
"{B22C04E5-C923-94E2-A33A-25B988686934}" = CCC Help Finnish
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{BB6BB891-CA30-060D-5D63-860F59DBD29D}" = CCC Help Spanish
"{BDE646E8-86E0-50E1-37BC-0AEBB2185D76}" = Adobe Widget Browser
"{BFB91468-460B-68B6-C666-BB5CC09BC93B}" = Catalyst Control Center Localization All
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C0E8FE43-C35B-451D-B35F-D4BD056D70E7}" = Camtasia Studio 7
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C5CFF65B-1E1E-489E-86E2-C2A3AF4C88D9}" = Web-Based Email Tools
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF287D73-E32C-19C1-E895-2EC4BC7334AE}" = CCC Help Chinese Traditional
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
"{D85D835B-E26E-99E0-CB4E-9DEA34EC19FD}" = CCC Help Russian
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DA57EFCC-90DA-A202-9AC8-A1278918F481}" = CCC Help Polish
"{DC0C5A78-6DBF-3444-0120-0FE8F0134FCD}" = Adobe Download Assistant
"{DCB51FBC-68AD-42FF-8426-199F1FE2C4F5}" = AMD USB Filter Driver
"{DD97597E-7AB9-8A67-5C18-31015D91B337}" = ccc-core-preinstall
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E2958428-E345-CB5E-239D-FE031BDA3A89}" = CCC Help Chinese Standard
"{EA36EFF1-DFB9-E5A7-29C0-9DBAF7EBAEF6}" = CCC Help English
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3A4A3DA-D7E8-C3CD-966D-9B57762739FF}" = CCC Help French
"{F87DA817-8D53-42CC-AA45-93A100341033}" = Nero 7 Essentials
"{F8C3DA4D-3837-50E7-10B2-0EE0D656B63C}" = CCC Help Danish
"{FFB7426F-1531-6AB4-BFB9-3CC1336FE406}" = CCC Help Norwegian
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Akamai" = Akamai NetSession Interface Service
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"avast" = avast! Free Antivirus
"CCleaner" = CCleaner
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.dmp.contentviewer" = Adobe Content Viewer
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1" = Adobe Widget Browser
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FLV Player2.0.25" = FLV Player
"Google Chrome" = Google Chrome
"HMA! Pro VPN" = HMA! Pro VPN 2.6.9
"ie8" = Windows Internet Explorer 8
"LiveUpdate" = LiveUpdate 3.1 (Symantec Corporation)
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"MiPony" = MiPony 2.0.1
"Mozilla Firefox 15.0.1 (x86 en-US)" = Mozilla Firefox 15.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Nmap" = Nmap 5.51
"NSS" = Norton Security Scan
"Revo Uninstaller" = Revo Uninstaller 1.92
"thinkorswim" = thinkorswim
"Traffic Travis_is1" = Traffic Travis 3.3.17
"VLC media player" = VLC media player 2.0.3
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinPcapInst" = WinPcap 4.1.2
"WinRAR archiver" = WinRAR 4.00 (32-bit)
========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-796845957-1659004503-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"AIM" = AIM for Windows
"Akamai" = Akamai NetSession Interface
"GoToMeeting" = GoToMeeting 5.1.0.880
"JoinMe" = join.me
"Smad" = SanctionedMedia
========== Last 20 Event Log Errors ========== [ Application Events ]
Error - 10/14/2012 9:40:59 PM | Computer Name = USER-3E71C3E04B | Source = Symantec AntiVirus | ID = 16711725
Description = SYMANTEC TAMPER PROTECTION ALERT Target: C:\Program Files\Symantec
AntiVirus\Rtvscan.exe Event Info: Set Information Process Action Taken: Blocked
Actor
Process: C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (PID 5528) Time:
Sunday, October 14, 2012 9:40:59 PM
Error - 10/14/2012 9:40:59 PM | Computer Name = USER-3E71C3E04B | Source = Symantec AntiVirus | ID = 16711725
Description = SYMANTEC TAMPER PROTECTION ALERT Target: C:\Program Files\Common Files\Symantec
Shared\ccApp.exe Event Info: Set Information Process Action Taken: Blocked Actor
Process: C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (PID 5528) Time:
Sunday, October 14, 2012 9:40:59 PM
Error - 10/14/2012 9:40:59 PM | Computer Name = USER-3E71C3E04B | Source = Symantec AntiVirus | ID = 16711725
Description = SYMANTEC TAMPER PROTECTION ALERT Target: C:\Program Files\Symantec
AntiVirus\VPTray.exe Event Info: Set Information Process Action Taken: Blocked Actor
Process: C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (PID 5528) Time:
Sunday, October 14, 2012 9:40:59 PM
Error - 10/14/2012 10:17:03 PM | Computer Name = USER-3E71C3E04B | Source = Symantec AntiVirus | ID = 16711725
Description = SYMANTEC TAMPER PROTECTION ALERT Target: C:\Program Files\Common Files\Symantec
Shared\ccSetMgr.exe Event Info: Set Information Process Action Taken: Blocked Actor
Process: C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (PID 5528) Time:
Sunday, October 14, 2012 10:17:02 PM
Error - 10/14/2012 10:17:03 PM | Computer Name = USER-3E71C3E04B | Source = Symantec AntiVirus | ID = 16711725
Description = SYMANTEC TAMPER PROTECTION ALERT Target: C:\Program Files\Common Files\Symantec
Shared\ccEvtMgr.exe Event Info: Set Information Process Action Taken: Blocked Actor
Process: C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (PID 5528) Time:
Sunday, October 14, 2012 10:17:03 PM
Error - 10/14/2012 10:17:03 PM | Computer Name = USER-3E71C3E04B | Source = Symantec AntiVirus | ID = 16711725
Description = SYMANTEC TAMPER PROTECTION ALERT Target: C:\Program Files\Common Files\Symantec
Shared\SPBBC\SPBBCSvc.exe Event Info: Set Information Process Action Taken: Blocked
Actor
Process: C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (PID 5528) Time:
Sunday, October 14, 2012 10:17:03 PM
Error - 10/14/2012 10:17:03 PM | Computer Name = USER-3E71C3E04B | Source = Symantec AntiVirus | ID = 16711725
Description = SYMANTEC TAMPER PROTECTION ALERT Target: C:\Program Files\Symantec
AntiVirus\DefWatch.exe Event Info: Set Information Process Action Taken: Blocked
Actor
Process: C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (PID 5528) Time:
Sunday, October 14, 2012 10:17:03 PM
Error - 10/14/2012 10:17:03 PM | Computer Name = USER-3E71C3E04B | Source = Symantec AntiVirus | ID = 16711725
Description = SYMANTEC TAMPER PROTECTION ALERT Target: C:\Program Files\Symantec
AntiVirus\Rtvscan.exe Event Info: Set Information Process Action Taken: Blocked
Actor
Process: C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (PID 5528) Time:
Sunday, October 14, 2012 10:17:03 PM
Error - 10/14/2012 10:17:03 PM | Computer Name = USER-3E71C3E04B | Source = Symantec AntiVirus | ID = 16711725
Description = SYMANTEC TAMPER PROTECTION ALERT Target: C:\Program Files\Symantec
AntiVirus\VPTray.exe Event Info: Set Information Process Action Taken: Blocked Actor
Process: C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (PID 5528) Time:
Sunday, October 14, 2012 10:17:03 PM
Error - 10/14/2012 10:17:03 PM | Computer Name = USER-3E71C3E04B | Source = Symantec AntiVirus | ID = 16711725
Description = SYMANTEC TAMPER PROTECTION ALERT Target: C:\Program Files\Common Files\Symantec
Shared\ccApp.exe Event Info: Set Information Process Action Taken: Blocked Actor
Process: C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (PID 5528) Time:
Sunday, October 14, 2012 10:17:03 PM
[ System Events ]
Error - 10/13/2012 2:17:55 AM | Computer Name = USER-3E71C3E04B | Source = DCOM | ID = 10010
Description = The server {4EB61BAC-A3B6-4760-9581-655041EF4D69} did not register
with DCOM within the required timeout.
Error - 10/14/2012 10:46:24 AM | Computer Name = USER-3E71C3E04B | Source = Service Control Manager | ID = 7000
Description = The FileZilla Server FTP server service failed to start due to the
following error: %%3
Error - 10/14/2012 10:46:24 AM | Computer Name = USER-3E71C3E04B | Source = Service Control Manager | ID = 7000
Description = The GoToMyPC service failed to start due to the following error: %%3
Error - 10/14/2012 10:46:24 AM | Computer Name = USER-3E71C3E04B | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
PCIIde
Error - 10/14/2012 3:24:16 PM | Computer Name = USER-3E71C3E04B | Source = Service Control Manager | ID = 7000
Description = The FileZilla Server FTP server service failed to start due to the
following error: %%3
Error - 10/14/2012 3:24:16 PM | Computer Name = USER-3E71C3E04B | Source = Service Control Manager | ID = 7000
Description = The GoToMyPC service failed to start due to the following error: %%3
Error - 10/14/2012 10:18:19 PM | Computer Name = USER-3E71C3E04B | Source = Service Control Manager | ID = 7034
Description = The CodeMeter Runtime Server service terminated unexpectedly. It
has done this 1 time(s).
Error - 10/14/2012 10:18:28 PM | Computer Name = USER-3E71C3E04B | Source = Service Control Manager | ID = 7034
Description = The PDFProFiltSrvPP service terminated unexpectedly. It has done
this 1 time(s).
Error - 10/14/2012 11:27:56 PM | Computer Name = USER-3E71C3E04B | Source = Service Control Manager | ID = 7000
Description = The FileZilla Server FTP server service failed to start due to the
following error: %%3
Error - 10/14/2012 11:27:56 PM | Computer Name = USER-3E71C3E04B | Source = Service Control Manager | ID = 7000
Description = The GoToMyPC service failed to start due to the following error: %%3
< End of report >
-----------------------------------------------------------------------------------------------------------------------------
2. OTL
OTL logfile created on: 10/15/2012 1:00:24 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\User\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1.75 Gb Total Physical Memory | 0.16 Gb Available Physical Memory | 9.38% Memory free
3.60 Gb Paging File | 2.01 Gb Available in Paging File | 55.75% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 698.63 Gb Total Space | 618.95 Gb Free Space | 88.59% Space Free | Partition Type: NTFS
Computer Name: USER-3E71C3E04B | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ========== PRC - [2012/10/15 12:40:55 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL(1).exe
PRC - [2012/10/14 13:43:17 | 000,161,768 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2012/10/10 06:06:17 | 001,239,064 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2012/09/05 21:26:39 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/08/21 05:12:26 | 004,282,728 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/08/21 05:12:25 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/08/10 18:59:52 | 004,440,896 | ---- | M] (Akamai Technologies, Inc.) -- C:\Documents and Settings\User\Local Settings\Application Data\Akamai\netsession_win.exe
PRC - [2012/07/19 15:18:38 | 002,568,120 | ---- | M] (WIBU-SYSTEMS AG) -- C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe
PRC - [2012/03/28 18:49:37 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
PRC - [2011/08/03 06:05:04 | 001,694,720 | ---- | M] (NetcoSolutions) -- C:\Program Files\HMA! Pro VPN\bin\HMA! Pro VPN.exe
PRC - [2011/07/13 10:00:16 | 000,592,384 | ---- | M] () -- C:\Program Files\HMA! Pro VPN\bin\openvpn.exe
PRC - [2011/07/13 10:00:16 | 000,036,352 | ---- | M] () -- C:\Program Files\HMA! Pro VPN\bin\openvpnserv.exe
PRC - [2010/03/09 00:40:36 | 000,144,672 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/11/16 19:04:20 | 000,139,264 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2006/11/16 18:58:32 | 000,884,736 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2006/09/27 20:33:44 | 000,125,168 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\VPTray.exe
PRC - [2006/09/27 20:33:32 | 001,813,232 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe
PRC - [2006/09/27 20:33:22 | 000,031,472 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe
PRC - [2006/07/19 19:26:12 | 000,169,632 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
PRC - [2006/07/19 19:26:06 | 000,192,160 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
PRC - [2006/07/19 19:26:04 | 000,052,896 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2006/04/11 17:13:38 | 001,160,848 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
PRC - [2001/08/17 08:36:38 | 000,032,256 | ---- | M] (Brother Industries, Ltd.) -- C:\WINDOWS\system32\BrmfRsmg.exe
========== Modules (No Company Name) ========== MOD - [2012/10/15 03:34:53 | 001,816,576 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\12101500\algo.dll
MOD - [2012/10/10 06:06:15 | 000,460,312 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\22.0.1229.94\ppgooglenaclpluginchrome.dll
MOD - [2012/10/10 06:06:13 | 012,435,992 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\22.0.1229.94\PepperFlash\pepflashplayer.dll
MOD - [2012/10/10 06:06:12 | 004,005,912 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\22.0.1229.94\pdf.dll
MOD - [2012/10/10 06:04:44 | 000,156,712 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\22.0.1229.94\avutil-51.dll
MOD - [2012/10/10 06:04:43 | 000,275,496 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\22.0.1229.94\avformat-54.dll
MOD - [2012/10/10 06:04:42 | 002,168,360 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\22.0.1229.94\avcodec-54.dll
MOD - [2012/10/04 18:18:17 | 004,051,456 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\SwiftShader\1.0.1.3\libGLESv2.dll
MOD - [2012/10/04 18:18:17 | 000,100,864 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\SwiftShader\1.0.1.3\libEGL.dll
MOD - [2012/09/05 21:26:41 | 002,244,064 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/01/11 04:12:28 | 011,817,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\62e34cfb5a8b233667c7c5a47a32ad93\System.Web.ni.dll
MOD - [2012/01/11 04:08:19 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2011/10/15 03:11:42 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\abef85f2fb8ba830eda73e2d12e8d41e\System.ServiceProcess.ni.dll
MOD - [2011/10/15 03:10:20 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\bce0720436dc6cb76006377f295ea365\System.Configuration.ni.dll
MOD - [2011/10/15 03:09:31 | 000,025,600 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\d86a3346c3d90ff12d0df9d7726f3ece\Accessibility.ni.dll
MOD - [2011/10/15 03:07:53 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\70cacc44f0b4257f6037eda7a59a0aeb\System.Xml.ni.dll
MOD - [2011/10/15 03:07:48 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\71a2ae9ad561a62181cbd9fb11e9de7a\System.Windows.Forms.ni.dll
MOD - [2011/10/15 03:07:35 | 001,587,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\c10bea3c4bb7ef654651141bf9419090\System.Drawing.ni.dll
MOD - [2011/10/15 03:07:15 | 002,295,296 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Core\d507b9e0e50e453793ee5e01c07a5485\System.Core.ni.dll
MOD - [2011/10/15 03:06:26 | 007,950,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll
MOD - [2011/10/15 03:06:19 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
MOD - [2011/07/19 11:23:02 | 000,117,760 | ---- | M] () -- C:\Documents and Settings\User\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
MOD - [2011/07/18 06:45:20 | 000,100,352 | ---- | M] () -- C:\Program Files\HMA! Pro VPN\bin\ForceInterfaceLSP.dll
MOD - [2011/07/13 10:00:16 | 001,207,296 | ---- | M] () -- C:\Program Files\HMA! Pro VPN\bin\libeay32.dll
MOD - [2011/07/13 10:00:16 | 000,592,384 | ---- | M] () -- C:\Program Files\HMA! Pro VPN\bin\openvpn.exe
MOD - [2011/07/13 10:00:16 | 000,245,760 | ---- | M] () -- C:\Program Files\HMA! Pro VPN\bin\libssl32.dll
MOD - [2011/07/13 10:00:16 | 000,086,528 | ---- | M] () -- C:\Program Files\HMA! Pro VPN\bin\libpkcs11-helper-1.dll
MOD - [2011/07/13 10:00:16 | 000,036,352 | ---- | M] () -- C:\Program Files\HMA! Pro VPN\bin\openvpnserv.exe
MOD - [2011/07/11 16:27:18 | 006,271,136 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2011/03/02 12:40:51 | 000,140,288 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2010/08/22 10:58:20 | 000,052,224 | ---- | M] () -- C:\Documents and Settings\User\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
MOD - [2009/10/23 12:59:14 | 008,007,680 | ---- | M] () -- C:\WINDOWS\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll
MOD - [2009/10/23 12:29:03 | 001,732,608 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3463.30830__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll
MOD - [2009/10/23 12:29:03 | 000,339,968 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3463.30812__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll
MOD - [2009/10/23 12:29:03 | 000,204,800 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3463.30831__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll
MOD - [2009/10/23 12:29:03 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3463.30826__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll
MOD - [2009/10/23 12:29:03 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3463.30820__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll
MOD - [2009/10/23 12:29:02 | 000,491,520 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3463.30901__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll
MOD - [2009/10/23 12:29:02 | 000,331,776 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3463.30868__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll
MOD - [2009/10/23 12:29:02 | 000,094,208 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3463.30869__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll
MOD - [2009/10/23 12:29:02 | 000,077,824 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3463.30882__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll
MOD - [2009/10/23 12:29:02 | 000,073,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3463.30820__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll
MOD - [2009/10/23 12:29:02 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3463.30863__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll
MOD - [2009/10/23 12:29:02 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3463.30868__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll
MOD - [2009/10/23 12:29:02 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3463.30902__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll
MOD - [2009/10/23 12:29:02 | 000,036,864 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3463.30854__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll
MOD - [2009/10/23 12:29:01 | 000,782,336 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3463.30856__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll
MOD - [2009/10/23 12:29:01 | 000,573,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3463.30832__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll
MOD - [2009/10/23 12:29:01 | 000,409,600 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3463.30877__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll
MOD - [2009/10/23 12:29:01 | 000,409,600 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3463.30821__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll
MOD - [2009/10/23 12:29:01 | 000,196,608 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3463.30832__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll
MOD - [2009/10/23 12:29:01 | 000,094,208 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3463.30861__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll
MOD - [2009/10/23 12:29:01 | 000,081,920 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3463.30856__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll
MOD - [2009/10/23 12:29:01 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3463.30836__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll
MOD - [2009/10/23 12:29:01 | 000,036,864 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3463.30861__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll
MOD - [2009/10/23 12:29:00 | 000,393,216 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3463.30855__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll
MOD - [2009/10/23 12:29:00 | 000,360,448 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3463.30850__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll
MOD - [2009/10/23 12:29:00 | 000,270,336 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2009/10/23 12:29:00 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3463.30855__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll
MOD - [2009/10/23 12:29:00 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3463.30855__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll
MOD - [2009/10/23 12:29:00 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3463.30862__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll
MOD - [2009/10/23 12:29:00 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3428.28304__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll
MOD - [2009/10/23 12:29:00 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3428.28302__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll
MOD - [2009/10/23 12:29:00 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3428.28311__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll
MOD - [2009/10/23 12:29:00 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3428.28329__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll
MOD - [2009/10/23 12:29:00 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3428.28327__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll
MOD - [2009/10/23 12:29:00 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3428.28311__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll
MOD - [2009/10/23 12:29:00 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3428.28327__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll
MOD - [2009/10/23 12:29:00 | 000,007,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll
MOD - [2009/10/23 12:28:59 | 000,098,304 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3428.28305__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll
MOD - [2009/10/23 12:28:59 | 000,094,208 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation\2.0.3428.28298__90ba9c70f846762e\CLI.Foundation.dll
MOD - [2009/10/23 12:28:59 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3428.28315__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll
MOD - [2009/10/23 12:28:59 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll
MOD - [2009/10/23 12:28:59 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3428.28324__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll
MOD - [2009/10/23 12:28:59 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation\2.0.3428.28296__90ba9c70f846762e\LOG.Foundation.dll
MOD - [2009/10/23 12:28:59 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3428.28297__90ba9c70f846762e\NEWAEM.Foundation.dll
MOD - [2009/10/23 12:28:59 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3428.28354__90ba9c70f846762e\CLI.Foundation.XManifest.dll
MOD - [2009/10/23 12:28:59 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3428.28304__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll
MOD - [2009/10/23 12:28:59 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.OverDrive3.Graphics.Shared\2.0.3428.28313__90ba9c70f846762e\CLI.Aspect.OverDrive3.Graphics.Shared.dll
MOD - [2009/10/23 12:28:59 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3428.28308__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll
MOD - [2009/10/23 12:28:59 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3428.28302__90ba9c70f846762e\CLI.Component.Client.Shared.dll
MOD - [2009/10/23 12:28:59 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\MOM.Foundation\2.0.3428.28310__90ba9c70f846762e\MOM.Foundation.dll
MOD - [2009/10/23 12:28:59 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll
MOD - [2009/10/23 12:28:59 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics\2.0.3428.28324__90ba9c70f846762e\DEM.Graphics.dll
MOD - [2009/10/23 12:28:59 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll
MOD - [2009/10/23 12:28:59 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3428.28303__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll
MOD - [2009/10/23 12:28:59 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3428.28313__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll
MOD - [2009/10/23 12:28:59 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3428.28312__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll
MOD - [2009/10/23 12:28:58 | 000,651,264 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ResourceManagement.Foundation.Implementation\2.0.3463.30925__90ba9c70f846762e\ResourceManagement.Foundation.Implementation.dll
MOD - [2009/10/23 12:28:58 | 000,106,496 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\MOM.Implementation\2.0.3463.30896__90ba9c70f846762e\MOM.Implementation.dll
MOD - [2009/10/23 12:28:58 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3463.30894__90ba9c70f846762e\LOG.Foundation.Implementation.dll
MOD - [2009/10/23 12:28:58 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3428.28316__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll
MOD - [2009/10/23 12:28:58 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3428.28314__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll
MOD - [2009/10/23 12:28:58 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3428.28314__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll
MOD - [2009/10/23 12:28:58 | 000,049,152 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3428.28314__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll
MOD - [2009/10/23 12:28:58 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3463.30907__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll
MOD - [2009/10/23 12:28:58 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3428.28315__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll
MOD - [2009/10/23 12:28:58 | 000,036,864 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3428.28303__90ba9c70f846762e\LOG.Foundation.Private.dll
MOD - [2009/10/23 12:28:58 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3428.28309__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll
MOD - [2009/10/23 12:28:58 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3428.28313__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll
MOD - [2009/10/23 12:28:58 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3428.28312__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll
MOD - [2009/10/23 12:28:58 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3428.28311__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll
MOD - [2009/10/23 12:28:58 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3428.28314__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll
MOD - [2009/10/23 12:28:58 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3428.28303__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll
MOD - [2009/10/23 12:28:58 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3428.28310__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll
MOD - [2009/10/23 12:28:58 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3428.28312__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll
MOD - [2009/10/23 12:28:58 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\APM.Foundation\2.0.3428.28310__90ba9c70f846762e\APM.Foundation.dll
MOD - [2009/10/23 12:28:58 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3428.28304__90ba9c70f846762e\AEM.Server.Shared.dll
MOD - [2009/10/23 12:28:58 | 000,014,848 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll
MOD - [2009/10/23 12:28:58 | 000,013,312 | ---- | M] () -- C:\WINDOWS\assembly\GAC\Interop.WBOCXLib\1.0.0.0__90ba9c70f846762e\Interop.WBOCXLib.dll
MOD - [2009/10/23 12:28:58 | 000,007,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3463.30808__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll
MOD - [2009/10/23 12:28:57 | 001,212,416 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3463.30816__90ba9c70f846762e\CLI.Component.Dashboard.dll
MOD - [2009/10/23 12:28:57 | 001,060,864 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.AIB.VividDesktop.Dashboard\1.2.3464.19146__90ba9c70f846762e\CLI.AIB.VividDesktop.Dashboard.dll
MOD - [2009/10/23 12:28:57 | 000,552,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3463.30890__90ba9c70f846762e\CLI.Component.Systemtray.dll
MOD - [2009/10/23 12:28:57 | 000,417,792 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.AIB.VividVideoPlayback.Dashboard\1.2.3464.19144__90ba9c70f846762e\CLI.AIB.VividVideoPlayback.Dashboard.dll
MOD - [2009/10/23 12:28:57 | 000,405,504 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3463.30825__90ba9c70f846762e\CLI.Component.Wizard.dll
MOD - [2009/10/23 12:28:57 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\APM.Server\2.0.3463.30809__90ba9c70f846762e\APM.Server.dll
MOD - [2009/10/23 12:28:57 | 000,057,344 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3463.30811__90ba9c70f846762e\CLI.Component.SkinFactory.dll
MOD - [2009/10/23 12:28:57 | 000,057,344 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3463.30810__90ba9c70f846762e\CLI.Component.Runtime.dll
MOD - [2009/10/23 12:28:57 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3428.28311__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll
MOD - [2009/10/23 12:28:57 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Server\2.0.3463.30808__90ba9c70f846762e\AEM.Server.dll
MOD - [2009/10/23 12:28:57 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3428.28301__90ba9c70f846762e\CLI.Foundation.Private.dll
MOD - [2009/10/23 12:28:57 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3428.28308__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll
MOD - [2009/10/23 12:28:57 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll
MOD - [2009/10/23 12:28:57 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3428.28311__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll
MOD - [2009/10/23 12:28:57 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3428.28309__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll
MOD - [2009/10/23 12:28:57 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3428.28316__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll
MOD - [2009/10/23 12:28:57 | 000,019,456 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CCC.Implementation\2.0.3463.30895__90ba9c70f846762e\CCC.Implementation.dll
MOD - [2009/10/23 12:28:56 | 000,786,432 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.AIB.TutorialOverDrive3.Tutorial.Dashboard\1.2.3464.19145__90ba9c70f846762e\CLI.AIB.TutorialOverDrive3.Tutorial.Dashboard.dll
MOD - [2009/10/23 12:28:56 | 000,151,552 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.AIB.TutorialInfoCentre.Tutorial.Dashboard\1.2.3464.19145__90ba9c70f846762e\CLI.AIB.TutorialInfoCentre.Tutorial.Dashboard.dll
MOD - [2009/06/26 11:38:06 | 001,888,256 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll
MOD - [2008/04/13 20:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 20:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
========== Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- C:\Program Files\Citrix\GoToMyPC\g2svc.exe Start=service -- (GoToMyPC)
SRV - File not found [Auto | Stopped] -- C:\Documents and Settings\User\Desktop\FileZilla\FileZilla Server\FileZilla Server.exe -- (FileZilla Server)
SRV - [2012/10/14 13:43:17 | 000,161,768 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012/09/05 21:26:40 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/08/21 05:12:25 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012/07/19 15:18:38 | 002,568,120 | ---- | M] (WIBU-SYSTEMS AG) [Auto | Running] -- C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe -- (CodeMeter.exe)
SRV - [2012/05/20 13:02:00 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/03/28 18:49:37 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2012/02/29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Documents and Settings\User\Desktop\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/07/13 10:00:16 | 000,036,352 | ---- | M] () [On_Demand | Running] -- C:\Program Files\HMA! Pro VPN\bin\openvpnserv.exe -- (OpenVPNService)
SRV - [2010/03/09 00:40:36 | 000,144,672 | ---- | M] (Nuance Communications, Inc.) [Auto | Running] -- C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe -- (PDFProFiltSrvPP)
SRV - [2010/01/25 08:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Stopped] -- C:\Program Files\Browny02\BrYNSvc.exe -- (BrYNSvc)
SRV - [2006/09/27 20:33:38 | 000,116,464 | ---- | M] (symantec) [On_Demand | Stopped] -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam)
SRV - [2006/09/27 20:33:32 | 001,813,232 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2006/09/27 20:33:22 | 000,031,472 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
SRV - [2006/09/02 16:36:33 | 002,528,960 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_1.EXE -- (LiveUpdate)
SRV - [2006/08/07 16:03:02 | 000,214,720 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2006/07/19 19:26:12 | 000,169,632 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2006/07/19 19:26:06 | 000,192,160 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2006/04/11 17:13:38 | 001,160,848 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)
========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\usbaapl.sys -- (USBAAPL)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\CDriver.sys -- (MSICDSetup)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012/09/17 04:00:00 | 001,601,184 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20121012.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2012/09/17 04:00:00 | 000,092,704 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20121012.002\NAVENG.SYS -- (NAVENG)
DRV - [2012/08/21 05:13:15 | 000,729,752 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/08/21 05:13:15 | 000,355,632 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/08/21 05:13:15 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/08/21 05:13:14 | 000,097,608 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2012/08/21 05:13:14 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2012/08/21 05:13:13 | 000,025,256 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2012/08/21 05:13:13 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012/07/31 20:34:46 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012/07/31 20:34:45 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/08/04 10:01:02 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/08/04 10:01:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2011/07/13 10:00:14 | 000,026,112 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tap0901.sys -- (tap0901)
DRV - [2011/02/11 17:23:34 | 000,035,088 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (npf)
DRV - [2009/11/02 23:06:12 | 000,011,520 | R--- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrUsbSib.sys -- (BrUsbSIb)
DRV - [2009/11/02 23:06:11 | 000,071,424 | R--- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrSerIb.sys -- (BrSerIb)
DRV - [2009/07/06 05:10:22 | 005,788,672 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2009/06/25 07:22:30 | 004,125,696 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2009/05/25 03:21:28 | 000,142,336 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2009/04/14 17:25:06 | 003,732,608 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtKHDMI.sys -- (RTHDMIAzAudService)
DRV - [2009/02/09 02:32:16 | 000,022,328 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbfilter.sys -- (usbfilter)
DRV - [2008/08/05 08:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2008/05/21 12:26:40 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2008/04/13 14:36:41 | 000,063,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mf.sys -- (mf)
DRV - [2007/10/11 09:40:00 | 000,009,096 | R--- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\amdide.sys -- (amdide)
DRV - [2006/09/18 17:55:28 | 000,109,744 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2006/09/06 14:41:20 | 000,337,592 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\savrt.sys -- (SAVRT)
DRV - [2006/09/06 14:41:20 | 000,054,968 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL)
DRV - [2006/08/07 16:02:26 | 000,195,776 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\symtdi.sys -- (SYMTDI)
DRV - [2006/08/07 16:02:22 | 000,024,768 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\symredrv.sys -- (SYMREDRV)
DRV - [2006/04/11 17:13:34 | 000,389,776 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2006/01/04 03:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2001/08/17 14:12:22 | 000,010,368 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BrUsbScn.sys -- (BrUsbScn)
DRV - [2001/08/17 14:12:12 | 000,002,944 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BrFilt.sys -- (brfilt)
========== Standard Registry (All) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft....k/?LinkId=69157IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft....k/?LinkId=54896IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft....k/?LinkId=54896IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft....k/?LinkId=69157IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch =
http://ie.search.msn...st/srchcust.htmIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
http://ie.search.msn...st/srchasst.htmIE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" =
http://search.live.c...ferrer:source?} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-796845957-1659004503-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-796845957-1659004503-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\S-1-5-21-796845957-1659004503-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
http://www.microsoft...=ie&ar=iesearchIE - HKU\S-1-5-21-796845957-1659004503-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-796845957-1659004503-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache =
http://www.msn.com/?ocid=iehpIE - HKU\S-1-5-21-796845957-1659004503-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-796845957-1659004503-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A4 CE 99 EB 7C A2 CD 01 [binary data]
IE - HKU\S-1-5-21-796845957-1659004503-839522115-1003\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-21-796845957-1659004503-839522115-1003\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-796845957-1659004503-839522115-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" =
http://search.live.c...Box&Form=IE8SRCIE - HKU\S-1-5-21-796845957-1659004503-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-796845957-1659004503-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
========== FireFox ========== FF - prefs.js..extensions.enabledAddons: {972ce4c6-7e08-4474-a285-3208198ce6fd}:15.0.1
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/10/04 18:13:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
[2012/10/04 18:14:22 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Extensions
[2012/10/04 18:13:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/10/04 18:13:56 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012/09/05 21:27:05 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/09/05 21:26:22 | 000,001,607 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2012/09/05 21:26:22 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/09/05 21:26:22 | 000,001,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2012/09/05 21:26:22 | 000,003,581 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2012/09/05 21:26:22 | 000,002,253 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
[2012/09/05 21:26:22 | 000,001,391 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2012/09/05 21:26:22 | 000,001,309 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml
========== Chrome ========== CHR - homepage:
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage:
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.79\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.94\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.94\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java Platform SE 7 U5 (Enabled) = C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.50.255 (Enabled) = C:\WINDOWS\system32\npDeployJava1.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: avast! WebRep = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1466_0\
CHR - Extension: Ghostery = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij\4.0.0_0\
CHR - Extension: SEO for Chrome = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\oangcciaeihlfmhppegpdceadpfaoclj\0.9.5_0\
CHR - Extension: Gmail = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
O1 HOSTS File: ([2011/04/04 02:15:47 | 000,430,075 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts:
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 link-assistant.com
O1 - Hosts: 127.0.0.1 www.link-assistant.com
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 14806 more lines...
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (PlusIEEventHelper Class) - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files\Nuance\PDF Viewer Plus\bin\PlusIEContextMenu.dll (Zeon Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {E4E6BF2A-1667-11DF-A01F-1F9655D89593} - No CLSID value found.
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-796845957-1659004503-839522115-1003\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-796845957-1659004503-839522115-1003\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-796845957-1659004503-839522115-1003\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [PPort12reminder] C:\Program Files\Nuance\PaperPort\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKU\S-1-5-21-796845957-1659004503-839522115-1003..\Run: [Akamai NetSession Interface] C:\Documents and Settings\User\Local Settings\Application Data\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKU\S-1-5-21-796845957-1659004503-839522115-1003..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKU\S-1-5-21-796845957-1659004503-839522115-1003..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-796845957-1659004503-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Download with Mipony - C:\Program Files\MiPony\Browser\IEContext.htm ()
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\HMA! Pro VPN\bin\ForceInterfaceLSP.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\HMA! Pro VPN\bin\ForceInterfaceLSP.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\HMA! Pro VPN\bin\ForceInterfaceLSP.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\HMA! Pro VPN\bin\ForceInterfaceLSP.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 208.67.222.222 208.67.220.220
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2E9494AC-7D33-4288-A0A0-511A2BD4130E}: DhcpNameServer = 208.67.222.222 208.67.220.220
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FEE01FC6-7841-4928-A310-FDC74D7139C3}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\crypt32chain: DllName - (crypt32.dll) - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - (cryptnet.dll) - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - (cscdll.dll) - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - (%SystemRoot%\System32\dimsntfy.dll) - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - (C:\WINDOWS\system32\NavLogon.dll) - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - (sclgntfy.dll) - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - (WlNotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - (WgaLogon.dll) - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/10/23 12:13:42 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ========== [2012/10/15 12:40:48 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL(1).exe
[2012/10/14 13:44:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/10/14 13:43:47 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2012/10/14 13:43:35 | 000,093,672 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2012/10/14 13:43:34 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2012/10/14 13:43:34 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2012/10/14 10:42:51 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/10/14 10:37:05 | 002,212,440 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\User\Desktop\tdsskiller.exe
[2012/10/11 22:22:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\Mipony
[2012/10/11 22:22:03 | 000,000,000 | ---D | C] -- C:\Program Files\MiPony
[2012/10/11 22:22:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Start Menu\Programs\MiPony
[2012/10/11 21:44:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Desktop\HTA
[2012/10/11 09:53:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Desktop\New Folder
[2012/10/10 13:35:42 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\User\Recent
[2012/10/04 18:14:00 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012/10/04 18:14:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Mozilla
[2012/10/04 18:13:53 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012/10/04 18:13:19 | 017,790,056 | ---- | C] (Mozilla) -- C:\Documents and Settings\User\Desktop\Firefox Setup 15.0.1.exe
[2012/10/04 18:11:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome
[2012/09/23 16:43:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Desktop\Mass Confidence
[2012/09/20 09:16:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\FLEXnet
[2012/09/20 09:16:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\ControlCenter4
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\User\Desktop\*.tmp files -> C:\Documents and Settings\User\Desktop\*.tmp -> ]
[1 C:\Documents and Settings\User\*.tmp files -> C:\Documents and Settings\User\*.tmp -> ]
========== Files - Modified Within 30 Days ========== [2012/10/15 12:49:21 | 000,000,600 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\PUTTY.RND
[2012/10/15 12:40:55 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL(1).exe
[2012/10/15 12:36:02 | 000,000,316 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2012/10/15 12:17:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/10/15 12:13:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/10/15 02:17:00 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/10/14 23:31:44 | 000,496,854 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/10/14 23:31:44 | 000,085,338 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/10/14 23:28:44 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/10/14 23:28:39 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\PCConfidential.job
[2012/10/14 23:27:45 | 000,000,000 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\cm-lock
[2012/10/14 23:27:43 | 000,002,160 | ---- | M] () -- C:\WINDOWS\BrmfBidi.ini
[2012/10/14 23:26:44 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/10/14 23:26:39 | 000,219,120 | ---- | M] () -- C:\WINDOWS\System32\ativvaxx.cap
[2012/10/14 14:12:39 | 000,000,400 | -H-- | M] () -- C:\WINDOWS\tasks\Norton Security Scan for User.job
[2012/10/14 13:43:20 | 000,093,672 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2012/10/14 13:43:15 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2012/10/14 13:43:15 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2012/10/14 13:43:15 | 000,143,872 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2012/10/14 13:43:14 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\npDeployJava1.dll
[2012/10/14 13:43:14 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll
[2012/10/14 13:43:14 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2012/10/14 10:38:01 | 002,212,440 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\User\Desktop\tdsskiller.exe
[2012/10/12 00:46:12 | 000,041,679 | ---- | M] () -- C:\Documents and Settings\User\Desktop\media+forms.zip
[2012/10/11 22:22:04 | 000,000,670 | ---- | M] () -- C:\Documents and Settings\User\Desktop\MiPony.lnk
[2012/10/11 22:22:03 | 000,000,672 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\MiPony.lnk
[2012/10/10 02:01:38 | 033,381,914 | ---- | M] () -- C:\Documents and Settings\User\Desktop\MCSV 10-10.mp4
[2012/10/09 06:48:55 | 000,269,518 | ---- | M] () -- C:\Documents and Settings\User\Desktop\trafficspecial.pdf
[2012/10/07 13:07:56 | 037,311,625 | ---- | M] () -- C:\Documents and Settings\User\Desktop\MCSV 10-7.mp4
[2012/10/06 18:39:04 | 001,089,996 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Jo Han Mok -.pdf
[2012/10/04 18:14:04 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/10/04 18:14:04 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012/10/04 18:13:20 | 017,790,056 | ---- | M] (Mozilla) -- C:\Documents and Settings\User\Desktop\Firefox Setup 15.0.1.exe
[2012/10/04 18:12:05 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Google Chrome.lnk
[2012/10/04 18:12:05 | 000,001,791 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/10/03 13:15:24 | 034,462,427 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Mass+Confidence+SalesVid+Finalp.mp4
[2012/10/03 13:06:55 | 030,991,720 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Mass+Confidence+Sales+Vid+FINAL.mp4
[2012/10/03 12:36:26 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012/10/03 12:02:11 | 000,000,239 | -HS- | M] () -- C:\boot.ini
[2012/10/03 03:33:40 | 000,000,319 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2012/09/30 15:14:25 | 002,770,936 | ---- | M] () -- C:\Documents and Settings\User\Desktop\The_Venusian_Arts_Handbook.pdf
[2012/09/26 22:24:52 | 000,312,957 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Transcripts final.pdf
[2012/09/26 22:07:05 | 000,312,957 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Transcripts asw.pdf
[2012/09/26 04:01:07 | 000,054,480 | ---- | M] () -- C:\Documents and Settings\User\Desktop\mc logo.jpg
[2012/09/25 15:58:02 | 000,312,957 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Transcripts.pdf
[2012/09/24 01:06:04 | 033,675,219 | ---- | M] () -- C:\Documents and Settings\User\Desktop\MassConfidence SalesVid9-23.mp4
[2012/09/23 22:55:52 | 000,085,091 | ---- | M] () -- C:\Documents and Settings\User\Desktop\addtocart-3x97.png
[2012/09/20 09:13:38 | 003,568,584 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/09/17 16:42:48 | 000,001,780 | -H-- | M] () -- C:\Documents and Settings\User\My Documents\Default.rdp
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\User\Desktop\*.tmp files -> C:\Documents and Settings\User\Desktop\*.tmp -> ]
[1 C:\Documents and Settings\User\*.tmp files -> C:\Documents and Settings\User\*.tmp -> ]
========== Files Created - No Company Name ========== [2012/10/14 23:27:45 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\cm-lock
[2012/10/12 00:46:11 | 000,041,679 | ---- | C] () -- C:\Documents and Settings\User\Desktop\media+forms.zip
[2012/10/11 22:22:04 | 000,000,670 | ---- | C] () -- C:\Documents and Settings\User\Desktop\MiPony.lnk
[2012/10/11 22:22:03 | 000,000,672 | ---- | C] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\MiPony.lnk
[2012/10/10 02:05:15 | 033,381,914 | ---- | C] () -- C:\Documents and Settings\User\Desktop\MCSV 10-10.mp4
[2012/10/09 12:40:58 | 037,311,625 | ---- | C] () -- C:\Documents and Settings\User\Desktop\MCSV 10-7.mp4
[2012/10/09 06:48:53 | 000,269,518 | ---- | C] () -- C:\Documents and Settings\User\Desktop\trafficspecial.pdf
[2012/10/06 18:39:02 | 001,089,996 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Jo Han Mok -.pdf
[2012/10/04 18:14:04 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/10/04 18:14:03 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2012/10/04 18:14:03 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012/10/04 18:12:05 | 000,001,813 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Google Chrome.lnk
[2012/10/04 18:12:05 | 000,001,791 | ---- | C] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/10/03 13:15:16 | 034,462,427 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Mass+Confidence+SalesVid+Finalp.mp4
[2012/10/03 13:06:40 | 030,991,720 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Mass+Confidence+Sales+Vid+FINAL.mp4
[2012/10/03 12:36:25 | 000,000,316 | -H-- | C] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2012/10/03 03:33:37 | 000,000,319 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2012/09/30 15:14:25 | 002,770,936 | ---- | C] () -- C:\Documents and Settings\User\Desktop\The_Venusian_Arts_Handbook.pdf
[2012/09/26 22:24:52 | 000,312,957 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Transcripts final.pdf
[2012/09/26 22:07:13 | 000,312,957 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Transcripts asw.pdf
[2012/09/26 04:01:23 | 000,054,480 | ---- | C] () -- C:\Documents and Settings\User\Desktop\mc logo.jpg
[2012/09/25 15:58:02 | 000,312,957 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Transcripts.pdf
[2012/09/24 05:32:09 | 014,019,519 | ---- | C] () -- C:\Documents and Settings\User\Desktop\MC Day 3 Final 1.23.mp4
[2012/09/24 01:43:55 | 029,504,136 | ---- | C] () -- C:\Documents and Settings\User\Desktop\MC Day 2 Final 1.23.mp4
[2012/09/24 01:13:59 | 033,675,219 | ---- | C] () -- C:\Documents and Settings\User\Desktop\MassConfidence SalesVid9-23.mp4
[2012/09/23 22:56:04 | 000,085,091 | ---- | C] () -- C:\Documents and Settings\User\Desktop\addtocart-3x97.png
[2012/09/20 22:30:18 | 003,467,322 | ---- | C] ( ) -- C:\Documents and Settings\User\Desktop\S3RipperSetup.exe
[2012/09/14 23:12:13 | 000,000,235 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2012/09/14 23:12:13 | 000,000,093 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2012/09/14 23:11:47 | 000,003,303 | ---- | C] () -- C:\WINDOWS\BRPARAM.INI
[2012/09/14 23:09:27 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\BRTCPCON.DLL
[2012/09/14 23:09:27 | 000,000,114 | ---- | C] () -- C:\WINDOWS\System32\BRLMW03A.INI
[2012/09/14 23:09:04 | 000,000,086 | ---- | C] () -- C:\WINDOWS\Brfaxrx.ini
[2012/09/14 23:09:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brdfxspd.dat
[2012/06/06 23:03:12 | 000,361,562 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-796845957-1659004503-839522115-1003-0.dat
[2012/05/30 08:31:12 | 000,120,827 | ---- | C] () -- C:\Documents and Settings\User\refund
[2012/01/13 01:46:11 | 000,001,294 | -HS- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\386d2t4e0631
[2012/01/13 01:46:11 | 000,001,294 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\386d2t4e0631
[2011/05/12 00:33:31 | 000,361,562 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2011/04/12 20:05:06 | 000,060,304 | ---- | C] () -- C:\Documents and Settings\User\g2mdlhlpx.exe
[2011/04/02 16:15:30 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\phpc.exe
[2011/03/18 15:26:55 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\PUTTY.RND
[2011/02/28 12:07:59 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\redmonnt.dll
[2011/02/11 17:23:34 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2010/08/15 21:52:16 | 000,020,480 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
========== ZeroAccess Check ========== [2009/10/23 12:26:14 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2009/09/25 01:37:10 | 001,509,888 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 08:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/13 20:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== Custom Scans ========== ========== Base Services ==========SRV - [2008/04/13 20:12:12 | 000,044,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\alg.exe -- (ALG)
No service found with a name of wuauserv
SRV - [2008/04/13 20:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\qmgr.dll -- (BITS)
SRV - [2008/04/13 20:11:50 | 000,077,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\browser.dll -- (Browser)
SRV - [2008/04/13 20:11:51 | 000,062,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\cryptsvc.dll -- (CryptSvc)
SRV - [2008/04/13 20:11:51 | 000,126,976 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dhcpcsvc.dll -- (Dhcp)
SRV - [2009/04/20 13:17:26 | 000,045,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dnsrslvr.dll -- (Dnscache)
SRV - [2009/02/06 07:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\services.exe -- (Eventlog)
SRV - [2008/04/13 20:11:52 | 000,033,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\eapsvc.dll -- (EapHost)
SRV - [2009/07/27 19:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (FastUserSwitchingCompatibility)
SRV - [2008/04/13 20:12:08 | 000,015,872 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\w3ssl.dll -- (HTTPFilter)
SRV - [2008/04/13 21:11:54 | 000,021,504 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\hidserv.dll -- (HidServ)
SRV - [2008/04/13 20:12:22 | 000,150,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\imapi.exe -- (ImapiService)
SRV - [2008/04/13 20:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (PolicyAgent)
SRV - [2008/04/13 20:11:52 | 000,023,552 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\WINDOWS\system32\dmserver.dll -- (dmserver)
SRV - [2008/04/13 20:12:17 | 000,224,768 | ---- | M] (Microsoft Corp., Veritas Software) [On_Demand | Stopped] -- C:\WINDOWS\System32\dmadmin.exe -- (dmadmin)
SRV - [2008/04/13 20:12:17 | 000,005,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\dllhost.exe -- (SwPrv)
SRV - [2008/04/13 20:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\lsass.exe -- (Netlogon)
SRV - [2008/04/13 20:12:01 | 000,198,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\netman.dll -- (Netman)
SRV - [2008/06/20 12:02:47 | 000,245,248 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\mswsock.dll -- (Nla)
SRV - [2009/02/06 07:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\services.exe -- (PlugPlay)
SRV - [2010/08/17 09:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\spoolsv.exe -- (Spooler)
SRV - [2008/04/13 20:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (ProtectedStorage)
SRV - [2008/04/13 20:12:03 | 000,088,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\rasauto.dll -- (RasAuto)
SRV - [2008/04/13 20:12:03 | 000,186,368 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\rasmans.dll -- (RasMan)
SRV - [2009/02/09 08:10:48 | 000,401,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\rpcss.dll -- (RpcSs)
SRV - [2008/04/13 20:12:02 | 000,435,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\ntmssvc.dll -- (NtmsSvc)
SRV - [2008/04/13 20:12:05 | 000,018,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\seclogon.dll -- (seclogon)
SRV - [2008/04/13 20:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (SamSs)
No service found with a name of wscsvc
SRV - [2010/08/27 01:57:43 | 000,099,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\srvsvc.dll -- (lanmanserver)
SRV - [2009/07/27 19:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (ShellHWDetection)
SRV - [2008/04/13 20:12:07 | 000,171,008 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\srsvc.dll -- (srservice)
SRV - [2008/04/13 20:12:05 | 000,192,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\schedsvc.dll -- (Schedule)
SRV - [2008/04/13 20:11:56 | 000,013,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lmhsvc.dll -- (LmHosts)
SRV - [2008/04/13 20:12:07 | 000,249,856 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\tapisrv.dll -- (TapiSrv)
SRV - [2008/04/13 20:12:07 | 000,295,424 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\termsrv.dll -- (TermService)
SRV - [2009/07/27 19:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (Themes)
SRV - [2008/04/13 20:12:38 | 000,289,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\vssvc.exe -- (VSS)
SRV - [2008/04/13 20:11:50 | 000,042,496 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\audiosrv.dll -- (AudioSrv)
SRV - [2008/04/13 20:11:55 | 000,331,264 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\ipnathlp.dll -- (SharedAccess)
SRV - [2008/04/13 20:12:08 | 000,333,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wiaservc.dll -- (stisvc)
SRV - [2008/04/13 20:12:28 | 000,078,848 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\msiexec.exe -- (MSIServer)
SRV - [2008/04/13 20:12:09 | 000,144,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wbem\wmisvc.dll -- (winmgmt)
SRV - [2009/02/09 08:10:48 | 000,617,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\advapi32.dll -- (Wmi)
SRV - [2008/04/13 20:11:52 | 000,132,096 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\dot3svc.dll -- (Dot3svc)
SRV - [2008/04/13 20:12:11 | 000,483,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wzcsvc.dll -- (WZCSVC)
SRV - [2009/06/10 02:14:49 | 000,132,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wkssvc.dll -- (lanmanworkstation)
< %SYSTEMDRIVE%\*.exe > < MD5 for: EXPLORER.EXE >[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2004/08/04 08:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
< MD5 for: SERVICES >[2004/08/04 08:00:00 | 000,007,116 | ---- | M] () MD5=95826940E657FE0567A8EC0F2A6AD11A -- C:\WINDOWS\system32\drivers\etc\services
< MD5 for: SERVICES.CFG >[2011/09/05 13:04:56 | 000,584,808 | ---- | M] () MD5=B3B25937514C772FD2490108B91CE17F -- C:\Program Files\Adobe\Reader 10.0\Reader\Services\Services.cfg
[2011/06/06 13:55:30 | 000,584,045 | R--- | M] () MD5=B82DD53FA8C260DDD7FDC42182DB816E -- C:\WINDOWS\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\services.cfg
< MD5 for: SERVICES.CSS >[2011/02/07 15:58:41 | 000,002,955 | ---- | M] () MD5=322C2687D416AAEDB458EBD5939CF4C3 -- C:\Documents and Settings\User\Desktop\5-2012 Desktop\Folders\11-18 desktop\LGA 8-17\Marketing info\Eben Pagan’s Blog_files\services.css
[2011/01/29 15:05:14 | 000,002,955 | ---- | M] () MD5=322C2687D416AAEDB458EBD5939CF4C3 -- C:\Documents and Settings\User\Desktop\5-2012 Desktop\Folders\11-18 desktop\LGA 8-17\Marketing info\Success Kit _ Building_files\services.css
< MD5 for: SERVICES.EXE >[2009/02/06 07:06:24 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=020CEAAEDC8EB655B6506B8C70D53BB6 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe
[2008/04/13 20:12:34 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\$NtUninstallKB956572$\services.exe
[2008/04/13 20:12:34 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\ServicePackFiles\i386\services.exe
[2009/02/06 07:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\dllcache\services.exe
[2009/02/06 07:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\services.exe
[2004/08/04 08:00:00 | 000,108,032 | ---- | M] (Microsoft Corporation) MD5=C6CE6EEC82F187615D1002BB3BB50ED4 -- C:\WINDOWS\$NtServicePackUninstall$\services.exe
< MD5 for: SERVICES.EXE-2F433351.PF >[2012/10/14 23:27:17 | 000,064,412 | ---- | M] () MD5=B3A18F3728048EAE6C0C01EFBB932CE1 -- C:\WINDOWS\Prefetch\SERVICES.EXE-2F433351.pf
< MD5 for: SERVICES.H >[2010/12/03 19:58:24 | 000,001,008 | ---- | M] () MD5=62DA1F2270CF73E0DA79DD0748D7E36B -- C:\Documents and Settings\User\Desktop\5-2012 Desktop\Folders\11-18 desktop\LGA 8-17\Marketing info\MySQL\mysql-5.5.8-winx64\include\services.h
< MD5 for: SERVICES.LNK >[2009/10/23 12:13:44 | 000,001,602 | ---- | M] () MD5=9FB4BE972D06CC728140AAD374851C8E -- C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Services.lnk
< MD5 for: SERVICES.MSC >[2004/08/04 08:00:00 | 000,033,464 | ---- | M] () MD5=E8089AA2A6F7FEE89B38C1F2D77BA6C6 -- C:\WINDOWS\system32\services.msc
< MD5 for: SERVICES.SBS >[2011/03/01 09:58:46 | 000,034,818 | ---- | M] () MD5=62AFD4B2025CE6D4706B36F4C4808F9B -- C:\Program Files\Spybot - Search & Destroy\Includes\Services.sbs
< MD5 for: SVCHOST.EXE >[2008/04/13 20:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/13 20:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2004/08/04 08:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
< MD5 for: USERINIT.EXE >[2004/08/04 08:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe
< MD5 for: WINLOGON.EXE >[2004/08/04 08:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe
< MD5 for: WINSOCK.DLL >[2004/08/04 08:00:00 | 000,002,864 | ---- | M] (Microsoft Corporation) MD5=68485C5EF0E2EFCEBF21BBB1042B823B -- C:\WINDOWS\system32\dllcache\winsock.dll
[2004/08/04 08:00:00 | 000,002,864 | ---- | M] (Microsoft Corporation) MD5=68485C5EF0E2EFCEBF21BBB1042B823B -- C:\WINDOWS\system32\winsock.dll
========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========[C:\WINDOWS\$NtUninstallKB58077$] -> Error: Cannot create file handle -> Unknown point type
========== Alternate Data Streams ========== @Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:63238B95
< End of report >
----------------------------------------------------------------------------------------------------------------------------------
3. AwsMBR (did NOT complete it's run... program crashed!)
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-10-13 20:09:01
-----------------------------
20:09:01.109 OS Version: Windows 5.1.2600 Service Pack 3
20:09:01.109 Number of processors: 2 586 0x602
20:09:01.109 ComputerName: USER-3E71C3E04B UserName: User
20:09:02.953 Initialize success
20:09:03.046 AVAST engine defs: 12101301
20:09:35.812 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
20:09:35.812 Disk 0 Vendor: ST3750640AS 3.AAD Size: 715404MB BusType: 3
20:09:35.812 Device \Driver\atapi -> DriverStartIo 8a2bb2e2
20:09:35.812 Disk 0 MBR read successfully
20:09:35.812 Disk 0 MBR scan
20:09:35.812 Disk 0 Windows XP default MBR code
20:09:35.812 Disk 0 MBR hidden
20:09:35.812 Disk 0 Partition 1 00 07 HPFS/NTFS NTFS 715394 MB offset 63
20:09:35.812 Disk 0 scanning sectors +1465128000
20:09:35.875 Disk 0 scanning C:\WINDOWS\system32\drivers
20:09:42.421 Service scanning
20:09:47.218 Service MSICDSetup D:\CDriver.sys **LOCKED** 21
20:09:52.421 Modules scanning
20:10:40.234 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\User\Desktop\MBR.dat"
20:10:40.250 The log file has been saved successfully to "C:\Documents and Settings\User\Desktop\aswMBR.txt"
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-10-15 13:25:28
-----------------------------
13:25:28.593 OS Version: Windows 5.1.2600 Service Pack 3
13:25:28.593 Number of processors: 2 586 0x602
13:25:28.593 ComputerName: USER-3E71C3E04B UserName: User
13:25:36.078 Initialize success
13:25:37.671 AVAST engine defs: 12101500
13:25:45.468 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
13:25:45.468 Disk 0 Vendor: WDC_WD7500AADS-00M2B0 01.00A01 Size: 715404MB BusType: 3
13:25:45.500 Disk 0 MBR read successfully
13:25:45.500 Disk 0 MBR scan
13:25:45.593 Disk 0 Windows XP default MBR code
13:25:45.593 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 715394 MB offset 63
13:25:45.593 Disk 0 scanning sectors +1465128000
13:25:45.687 Disk 0 scanning C:\WINDOWS\system32\drivers
13:26:01.093 Service scanning
13:26:08.671 Service MSICDSetup D:\CDriver.sys **LOCKED** 21
13:26:16.656 Modules scanning
13:26:24.921 Disk 0 trace - called modules:
13:26:24.953 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys amdide.sys PCIIDEX.SYS
13:26:24.953 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a457ab8]
13:26:25.218 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\0000007a[0x8a3eaf18]
13:26:25.218 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x8a45a940]
13:26:27.781 AVAST engine scan C:\WINDOWS
13:26:42.656 AVAST engine scan C:\WINDOWS\system32
13:30:13.921 AVAST engine scan C:\WINDOWS\system32\drivers
13:30:51.046 AVAST engine scan C:\Documents and Settings\User
13:36:12.890 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\User\Desktop\MBR.dat"
13:36:12.968 The log file has been saved successfully to "C:\Documents and Settings\User\Desktop\aswMBR.txt"