Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Need help removing FBI Ransomware virus [Solved]


  • This topic is locked This topic is locked

#61
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

Let's try this again. Sometimes the Forum messes up the formatting. Hopefully, this works.

/md5start 
user32.* 
services.* 
explorer.*
winlogon.* 
Userinit.* 
svchost.* 
qmgr.* 
mpsvc.* 
winsock.* 
rpcss.* 
/md5stop

  • 0

Advertisements


#62
Stargeneral

Stargeneral

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts

Error: Unable to interpret </md5start > in the current context!
Error: Unable to interpret <user32.* > in the current context!
Error: Unable to interpret <services.* > in the current context!
Error: Unable to interpret <explorer.*> in the current context!
Error: Unable to interpret <winlogon.* > in the current context!
Error: Unable to interpret <Userinit.* > in the current context!
Error: Unable to interpret <svchost.* > in the current context!
Error: Unable to interpret <qmgr.* > in the current context!
Error: Unable to interpret <mpsvc.* > in the current context!
Error: Unable to interpret <winsock.* > in the current context!
Error: Unable to interpret <rpcss.* > in the current context!
Error: Unable to interpret </md5stop> in the current context!

OTLPE by OldTimer - Version 3.1.48.0 log created on 06252014_201841


  • 0

#63
Stargeneral

Stargeneral

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts

Sorry I messed up. Ran fix instead of scan. Here is the scan result

 

OTL logfile created on: 6/25/2014 4:46:09 AM - Run
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 82.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 96.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 34.21 Gb Total Space | 16.70 Gb Free Space | 48.82% Space Free | Partition Type: NTFS
Drive D: | 29.71 Gb Total Space | 10.31 Gb Free Space | 34.69% Space Free | Partition Type: FAT32
Drive E: | 3.68 Gb Total Space | 2.63 Gb Free Space | 71.42% Space Free | Partition Type: FAT32
Drive F: | 14.83 Gb Total Space | 12.92 Gb Free Space | 87.13% Space Free | Partition Type: FAT32
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - [2014/06/17 22:27:38 | 000,106,248 | ---- | M] (SurfRight B.V.) [Auto] -- C:\Program Files\HitmanPro\hmpsched.exe -- (HitmanProScheduler)
SRV - [2014/05/13 15:23:04 | 003,644,432 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- C:\Program Files\AVG\AVG2014\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2014/05/13 15:15:28 | 000,292,424 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- C:\Program Files\AVG\AVG2014\avgwdsvc.exe -- (avgwd)
SRV - [2014/05/09 18:35:32 | 001,801,752 | ---- | M] (AVG Secure Search) [Auto] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.5\ToolbarUpdater.exe -- (vToolbarUpdater18.1.5)
SRV - [2014/03/15 14:14:31 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/08/14 17:19:24 | 000,039,056 | ---- | M] () [Disabled] -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2010/09/03 02:45:02 | 000,227,232 | ---- | M] (McAfee, Inc.) [Disabled] -- C:\Program Files\McAfee Security Scan\2.1.121\McCHSvc.exe -- (McComponentHostService)
SRV - [2008/06/13 23:55:31 | 000,028,739 | ---- | M] (MyWebSearch.com) [Auto] -- C:\Program Files\MyWebSearch\bar\1.bin\MWSSVC.EXE -- (MyWebSearchService)
SRV - [2008/02/22 12:33:00 | 000,104,960 | ---- | M] (ArcSoft Inc.) [Auto] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2004/04/07 14:07:32 | 001,135,728 | ---- | M] (America Online, Inc.) [Auto] -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -- (AOL ACS)


========== Driver Services (SafeList) ==========

DRV - [2014/06/24 07:01:32 | 000,030,976 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hitmanpro37.sys -- (hitmanpro37)
DRV - [2014/05/13 15:19:14 | 000,192,280 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2014/05/13 15:17:24 | 000,237,848 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot] -- C:\WINDOWS\system32\drivers\avglogx.sys -- (Avglogx)
DRV - [2014/05/13 15:17:22 | 000,210,200 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2014/05/13 15:17:22 | 000,122,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System] -- C:\WINDOWS\system32\drivers\avgdiskx.sys -- (Avgdiskx)
DRV - [2014/05/13 15:17:20 | 000,149,784 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot] -- C:\WINDOWS\system32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2014/05/13 15:17:20 | 000,107,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2014/05/13 15:09:12 | 000,198,936 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System] -- C:\WINDOWS\system32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2014/05/13 15:04:36 | 000,027,416 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2014/05/13 15:04:34 | 000,021,272 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- C:\WINDOWS\system32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2014/05/09 18:35:33 | 000,042,784 | ---- | M] (AVG Technologies) [Kernel | System] -- C:\WINDOWS\system32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2014/04/13 17:17:48 | 000,007,936 | ---- | M] (FNet Co., Ltd.) [Kernel | System] -- C:\WINDOWS\system32\drivers\FNETURPX.SYS -- (FNETURPX)
DRV - [2006/11/10 17:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2006/01/03 15:56:37 | 000,008,552 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2004/10/26 13:22:50 | 000,002,410 | ---- | M] () [Kernel | On_Demand] -- C:\Program Files\FreshDevices\FreshDiagnose\FreshIO.sys -- (FreshIO)
DRV - [2004/09/17 16:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2004/06/16 05:52:40 | 000,061,157 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\IntelC53.sys -- (IntelC53)
DRV - [2004/03/06 06:15:34 | 000,647,929 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\IntelC52.sys -- (IntelC52)
DRV - [2004/03/06 06:14:42 | 001,233,525 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\IntelC51.sys -- (IntelC51)
DRV - [2004/03/06 06:13:38 | 000,037,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mohfilt.sys -- (mohfilt)
DRV - [2003/06/12 09:33:00 | 000,059,977 | ---- | M] (FarStone Inc.) [Kernel | System] -- C:\WINDOWS\system32\drivers\gdxwdm.sys -- (gdxwdm)
DRV - [2003/01/10 18:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://my.netzero.ne...ch?r=minisearch
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.ne...ch?r=minisearch
IE - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en
IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://my.netzero.ne...ch?r=minisearch
IE - HKLM\Software\Microsoft\Internet Explorer\Search,Start Page = http://www.google.com/ig/dell?hl=en


IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/dell?hl=en
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin:  File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_39: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: 
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.3.51: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.3: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.3: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.3: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.3.51: C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Documents and Settings\All Users\Application Data\AVG SafeGuard toolbar\FireFoxExt\17.3.1.204 [2014/02/08 20:18:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2014/02/23 22:50:01 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2014/06/25 13:52:03 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AVG SafeGuard toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG SafeGuard toolbar\18.1.5.514\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} -  File not found
O2 - BHO: (CPrintEnhancer Object) - {AE84A6AA-A333-4B92-B276-C11E2212E4FE} - C:\Program Files\HP\Smart Web Printing\SmartWebPrinting.dll (Hewlett-Packard Co.)
O2 - BHO: (Free Download Manager) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Free Download Manager\iefdm2.dll (FreeDownloadManager.ORG)
O2 - BHO: (NetZero Toolbar Helper) - {FE3098B0-04A3-41fd-8CA9-BEA39CB14C87} - C:\Program Files\NetZero\UCReg.dll (NetZero, Inc.)
O3 - HKLM\..\Toolbar: (AVG SafeGuard toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG SafeGuard toolbar\18.1.5.514\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
O3 - HKLM\..\Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O3 - HKLM\..\Toolbar: (ZeroBar) - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\Toolbar.dll (NetZero, Inc.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [GameDrive] C:\Program Files\FarStone\GameDrive\gdtask.exe (FarStone Technology Inc.)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG SafeGuard toolbar\vprot.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O9 - Extra Button: Poker.com - {6FDD5236-C9F0-49ef-935D-385F5E21991A} - Reg Error: Value error. File not found
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1375492197765 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_39)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_39)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_39)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://download.mac...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.5\ViProtocol.dll (AVG Secure Search)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [2004/08/10 15:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2014\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG2014\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2014/06/25 13:54:50 | 002,237,440 | R--- | C] (OldTimer Tools) -- C:\OTLPE.exe
[2014/06/24 13:51:57 | 000,000,000 | ---D | C] -- C:\[bleep]
[2014/06/24 05:55:50 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/06/21 07:58:18 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0
[2014/06/20 14:52:30 | 000,000,000 | -HSD | C] -- C:\found.001
[2014/06/18 16:11:02 | 000,000,000 | ---D | C] -- C:\frst
[2014/06/17 22:27:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\HitmanPro
[2014/06/17 22:27:22 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2014/06/17 22:26:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HitmanPro
[2014/06/05 14:37:14 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Documents\Report
[2014/06/04 00:10:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Vega Strike
[2014/06/04 00:03:47 | 000,000,000 | ---D | C] -- C:\Program Files\Vega Strike
[2014/05/12 05:57:19 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Program Files\DSETUP.DLL
[2014/05/12 05:57:03 | 000,273,408 | R--- | C] (Mpath Interactive) -- C:\Program Files\mplaynow.exe
[2014/05/12 05:57:01 | 004,094,464 | ---- | C] (Hothouse Creations) -- C:\Program Files\gangsters.exe
[2013/12/16 22:19:30 | 000,216,064 | ---- | C] ( ) -- C:\WINDOWS\System32\Lagarith.dll

========== Files - Modified Within 30 Days ==========

[2014/06/25 16:05:52 | 000,000,898 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2014/06/25 16:05:49 | 000,000,296 | ---- | M] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3312560122-1070824374-1967851052-1006.job
[2014/06/25 16:05:48 | 000,000,318 | ---- | M] () -- C:\WINDOWS\tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3312560122-1070824374-1967851052-1006.job
[2014/06/25 16:05:00 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2014/06/25 16:04:57 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/06/25 16:04:56 | 1340,133,376 | -HS- | M] () -- C:\hiberfil.sys
[2014/06/24 07:01:32 | 000,030,976 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro37.sys
[2014/06/17 22:27:36 | 000,001,610 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HitmanPro.lnk
[2014/06/17 22:27:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\HitmanPro
[2014/06/05 15:34:32 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2014/06/05 15:33:13 | 000,000,902 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2014/06/04 00:10:36 | 000,444,952 | ---- | M] (Creative Labs) -- C:\WINDOWS\System32\wrap_oal.dll
[2014/06/04 00:10:35 | 000,109,080 | ---- | M] (Portions © Creative Labs Inc. and NVIDIA Corp.) -- C:\WINDOWS\System32\OpenAL32.dll
[2014/06/04 00:10:28 | 000,000,713 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Vega Strike.lnk
[2014/06/04 00:10:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Vega Strike
[2014/06/03 16:04:02 | 000,000,304 | ---- | M] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3312560122-1070824374-1967851052-1006.job
[2014/06/02 14:36:18 | 000,000,326 | ---- | M] () -- C:\WINDOWS\tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3312560122-1070824374-1967851052-1006.job
[2014/05/26 22:12:30 | 000,001,670 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\NetZero Quick Help.lnk
[2014/05/26 22:12:30 | 000,001,595 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\NetZero Internet.lnk
[2014/05/26 22:12:30 | 000,001,589 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\NetZero Internet.lnk

========== Files Created - No Company Name ==========

[2014/06/24 07:01:31 | 000,030,976 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro37.sys
[2014/06/17 22:27:36 | 000,001,610 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HitmanPro.lnk
[2014/06/04 00:10:28 | 000,000,713 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Vega Strike.lnk
[2014/05/12 05:57:20 | 000,096,256 | ---- | C] () -- C:\Program Files\SMACKW32.DLL
[2014/05/12 05:57:04 | 000,093,696 | ---- | C] () -- C:\Program Files\GameConfiguration.dll
[2014/05/12 05:57:04 | 000,058,880 | ---- | C] () -- C:\Program Files\readme.rtf
[2014/05/12 05:57:04 | 000,010,752 | R--- | C] () -- C:\Program Files\MplayerReadme.wri
[2014/05/12 05:57:04 | 000,000,229 | R--- | C] () -- C:\Program Files\MPLAYNOW.INI
[2014/05/12 05:56:36 | 000,000,018 | ---- | C] () -- C:\Program Files\Security.key
[2014/04/11 17:03:53 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2014/04/11 17:03:53 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2014/04/11 17:03:53 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2014/04/11 17:03:53 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2014/04/11 17:03:53 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2014/01/14 15:40:58 | 000,238,736 | ---- | C] () -- C:\WINDOWS\System32\libbluray.dll
[2013/12/16 23:28:08 | 003,916,288 | ---- | C] () -- C:\WINDOWS\System32\ffmpeg.dll
[2013/12/16 23:27:32 | 000,112,640 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2013/12/16 23:27:00 | 000,271,360 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2013/12/16 23:26:40 | 000,157,184 | ---- | C] () -- C:\WINDOWS\System32\ff_unrar.dll
[2013/12/16 23:26:40 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\ff_libmad.dll
[2013/12/16 23:26:40 | 000,099,840 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2013/12/16 23:26:38 | 001,525,760 | ---- | C] () -- C:\WINDOWS\System32\ff_samplerate.dll
[2013/12/16 23:26:38 | 000,211,968 | ---- | C] () -- C:\WINDOWS\System32\ff_libdts.dll
[2013/12/16 23:26:38 | 000,136,704 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2013/12/16 23:26:38 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\ff_liba52.dll
[2013/12/16 22:38:54 | 000,877,296 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2013/12/16 22:38:52 | 000,242,259 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2013/12/16 22:15:32 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OptimFROG.dll
[2013/12/16 22:15:32 | 000,000,236 | ---- | C] () -- C:\WINDOWS\System32\Formats.ini
[2013/12/16 22:15:30 | 000,047,104 | ---- | C] () -- C:\WINDOWS\System32\bass_tak.dll
[2013/12/16 21:28:34 | 000,097,792 | ---- | C] () -- C:\WINDOWS\System32\ac3config.exe
[2013/12/16 21:28:26 | 001,021,440 | ---- | C] () -- C:\WINDOWS\System32\ac3filter_intl.dll
[2013/12/16 21:28:18 | 000,109,568 | ---- | C] () -- C:\WINDOWS\System32\avi.dll
[2013/12/16 21:28:18 | 000,097,792 | ---- | C] () -- C:\WINDOWS\System32\avs.dll
[2013/12/16 21:28:18 | 000,093,184 | ---- | C] () -- C:\WINDOWS\System32\avss.dll
[2013/12/16 21:27:52 | 000,113,152 | ---- | C] () -- C:\WINDOWS\System32\dsmux.exe
[2013/12/16 21:27:50 | 000,249,856 | ---- | C] () -- C:\WINDOWS\System32\dxr.dll
[2013/12/16 21:27:40 | 000,358,400 | ---- | C] () -- C:\WINDOWS\System32\gdsmux.exe
[2013/12/16 21:27:16 | 000,137,728 | ---- | C] () -- C:\WINDOWS\System32\mkv2vfr.exe
[2013/12/16 21:27:16 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\mkunicode.dll
[2013/12/16 21:27:14 | 000,150,528 | ---- | C] () -- C:\WINDOWS\System32\mkx.dll
[2013/12/16 21:27:14 | 000,080,384 | ---- | C] () -- C:\WINDOWS\System32\mkzlib.dll
[2013/12/16 21:27:10 | 000,142,336 | ---- | C] () -- C:\WINDOWS\System32\mp4.dll
[2013/12/16 21:26:52 | 000,123,392 | ---- | C] () -- C:\WINDOWS\System32\ogm.dll
[2013/12/16 21:26:46 | 000,198,144 | ---- | C] () -- C:\WINDOWS\System32\spdif_test.exe
[2013/12/16 21:26:40 | 000,154,624 | ---- | C] () -- C:\WINDOWS\System32\ts.dll
[2013/09/02 01:47:30 | 000,026,514 | ---- | C] () -- C:\WINDOWS\DIIUnin.dat
[2013/02/01 00:25:54 | 000,000,025 | ---- | C] () -- C:\WINDOWS\csgme96.ini
[2012/10/15 20:30:21 | 000,000,053 | ---- | C] () -- C:\WINDOWS\Kyor.ini
[2012/09/12 00:35:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\FSDataSvr.sys
[2012/09/12 00:35:21 | 000,005,501 | ---- | C] () -- C:\WINDOWS\System32\dptlcg32.dll
[2012/08/08 20:45:20 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2012/08/08 20:45:20 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2012/08/08 20:45:20 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2011/04/11 15:52:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2011/01/16 13:17:59 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2011/01/10 20:34:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2011/01/10 20:15:12 | 000,000,475 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2008/12/09 11:48:33 | 000,539,599 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\phn.dat
[2007/09/14 17:59:18 | 000,130,509 | ---- | C] () -- C:\WINDOWS\HPHins13.dat
[2007/09/14 17:59:18 | 000,002,977 | ---- | C] () -- C:\WINDOWS\hphmdl13.dat
[2007/03/22 16:47:35 | 000,046,344 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.EXE
[2006/11/22 21:31:35 | 000,000,016 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2006/11/15 21:56:15 | 000,000,933 | ---- | C] () -- C:\WINDOWS\ARCADE.INI
[2006/11/15 21:48:18 | 000,000,095 | ---- | C] () -- C:\WINDOWS\LTANK.INI
[2006/11/03 13:54:58 | 000,083,968 | ---- | C] () -- C:\WINDOWS\UnGins.exe
[2006/11/03 13:54:33 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\Unlha32.dll
[2006/11/03 13:54:32 | 000,473,600 | ---- | C] () -- C:\WINDOWS\System32\Harmony.dll
[2006/01/09 14:56:16 | 000,000,430 | ---- | C] () -- C:\WINDOWS\LEXSTAT.INI
[2006/01/08 22:01:26 | 000,005,018 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/01/08 22:01:26 | 000,000,104 | RHS- | C] () -- C:\WINDOWS\System32\780B9A934A.sys
[2006/01/08 17:29:14 | 000,003,106 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2006/01/03 16:14:14 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/01/03 16:04:27 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2006/01/03 15:57:24 | 000,000,202 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/01/03 15:55:35 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/01/03 15:34:40 | 000,049,152 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe
[2006/01/03 15:34:24 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2006/01/03 15:34:18 | 000,000,392 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/01/28 10:08:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/10 15:12:05 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 15:07:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/10 15:02:15 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/10 15:01:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/10 14:57:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/10 14:57:15 | 000,232,776 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/10 14:51:21 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/10 14:51:20 | 000,407,170 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/10 14:51:20 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/10 14:51:20 | 000,063,952 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/10 14:51:20 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/10 14:51:18 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/10 14:51:17 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/10 14:51:16 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/10 14:51:12 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/10 14:51:11 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/10 14:51:10 | 000,578,560 | ---- | C] () -- C:\WINDOWS\System32\user32.ini
[2004/08/10 14:51:05 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/10 14:50:56 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2003/07/21 17:38:30 | 000,006,398 | ---- | C] () -- C:\WINDOWS\System32\drivers\SmartCdx.sys
[2003/07/08 12:54:00 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\VDExtend.dll
[2003/07/08 12:54:00 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\GDExtend.dll
[2003/06/07 10:57:00 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\fsmesbox.dll
[2003/06/07 10:57:00 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\FsLodLib.dll
[2003/06/07 10:56:00 | 000,040,960 | ---- | C] () -- C:\WINDOWS\DxpApp.exe
[2003/02/14 11:56:00 | 000,016,384 | ---- | C] () -- C:\WINDOWS\FSRunCmd.exe
[1997/06/13 22:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll

========== LOP Check ==========

[2014/03/14 19:52:50 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\config\systemprofile\Application Data\AVG2014
[2009/09/12 02:53:43 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\config\systemprofile\Application Data\SACore
[2012/11/18 23:41:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\041890C4AF0DD1A3000004188CB3D95A
[2012/10/02 02:46:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\1637A
[2014/04/08 00:25:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Auslogics
[2014/03/20 03:23:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG
[2013/12/17 01:54:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG SafeGuard toolbar
[2014/03/14 18:52:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Secure Search
[2014/03/14 19:53:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2013
[2014/03/23 12:32:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2014
[2012/07/23 23:32:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Babylon
[2013/03/28 00:00:29 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2014/04/13 17:18:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FNET
[2013/01/18 01:20:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Free Download Manager
[2014/06/17 22:26:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HitmanPro
[2012/10/02 02:45:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iMesh
[2013/11/10 03:44:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallMate
[2006/08/11 21:50:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\JollyBear
[2014/06/19 10:01:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2006/02/14 00:12:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Netscape Internet Service
[2011/10/30 01:13:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NetZero
[2012/09/14 02:04:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2012/06/29 22:46:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer
[2006/01/03 15:56:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2014/03/20 03:44:39 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
[2014/03/20 03:44:42 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{3002E08A-4925-4821-8D06-D5FC4EBFF034}

========== Purity Check ==========



========== Custom Scans ==========



< MD5 for: EXPLORER.EX_  >
[2004/08/04 07:00:00 | 000,359,533 | ---- | M] () MD5=4F061B12F3D5457315A0314954E7EF46 -- C:\i386\EXPLORER.EX_

< MD5 for: EXPLORER.EXE  >
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2007/06/13 07:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007/06/13 06:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2004/08/04 07:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe

< MD5 for: EXPLORER.EXE-02121B1A.PF  >
[2014/06/25 16:06:15 | 000,073,436 | ---- | M] () MD5=69C0473490EFE8AF452263A85196F003 -- C:\WINDOWS\Prefetch\EXPLORER.EXE-02121B1A.pf

< MD5 for: EXPLORER.SC_  >
[2004/08/04 07:00:00 | 000,000,181 | ---- | M] () MD5=BC5B38879C56DFBC05C8B5C43AC4D739 -- C:\i386\EXPLORER.SC_

< MD5 for: EXPLORER.SCF  >
[2004/08/04 07:00:00 | 000,000,080 | ---- | M] () MD5=A3975A7D2C98B30A2AE010754FFB9392 -- C:\WINDOWS\explorer.scf

< MD5 for: QMGR.DLL  >
[2004/08/04 07:00:00 | 000,382,464 | ---- | M] (Microsoft Corporation) MD5=2C69EC7E5A311334D10DD95F338FCCEA -- C:\i386\qmgr.dll
[2004/08/04 07:00:00 | 000,382,464 | ---- | M] (Microsoft Corporation) MD5=2C69EC7E5A311334D10DD95F338FCCEA -- C:\WINDOWS\$NtServicePackUninstall$\qmgr.dll
[2008/04/13 20:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\ServicePackFiles\i386\qmgr.dll
[2008/04/13 20:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\system32\bits\qmgr.dll
[2008/04/13 20:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\system32\qmgr.dll

< MD5 for: QMGR.INF  >
[2004/08/04 07:00:00 | 000,006,140 | ---- | M] () MD5=9041EF9BB79D9527FCC4FB2C52C98211 -- C:\i386\qmgr.inf
[2004/08/04 07:00:00 | 000,006,140 | ---- | M] () MD5=9041EF9BB79D9527FCC4FB2C52C98211 -- C:\WINDOWS\$NtServicePackUninstall$\qmgr.inf
[2007/04/26 06:13:44 | 000,006,547 | ---- | M] () MD5=D0A9F3678D9EBF23467D0B32705A0AF3 -- C:\WINDOWS\inf\qmgr.inf
[2007/04/26 06:13:44 | 000,006,547 | ---- | M] () MD5=D0A9F3678D9EBF23467D0B32705A0AF3 -- C:\WINDOWS\ServicePackFiles\i386\qmgr.inf

< MD5 for: QMGR.PNF  >
[2010/05/10 01:10:24 | 000,011,920 | ---- | M] () MD5=2D9ADDD081E194CA1231C9CC853A3C7F -- C:\WINDOWS\inf\qmgr.PNF

< MD5 for: RPCSS.DLL  >
[2008/04/13 20:12:04 | 000,399,360 | ---- | M] (Microsoft Corporation) MD5=2589FE6015A316C0F5D5112B4DA7B509 -- C:\WINDOWS\$NtUninstallKB956572$\rpcss.dll
[2008/04/13 20:12:04 | 000,399,360 | ---- | M] (Microsoft Corporation) MD5=2589FE6015A316C0F5D5112B4DA7B509 -- C:\WINDOWS\ServicePackFiles\i386\rpcss.dll
[2004/08/04 07:00:00 | 000,395,776 | ---- | M] (Microsoft Corporation) MD5=5C83A4408604F737717AB96371201680 -- C:\i386\rpcss.dll
[2004/08/04 07:00:00 | 000,395,776 | ---- | M] (Microsoft Corporation) MD5=5C83A4408604F737717AB96371201680 -- C:\WINDOWS\$NtUninstallKB894391$\rpcss.dll
[2009/02/09 08:10:48 | 000,401,408 | ---- | M] (Microsoft Corporation) MD5=6B27A5C03DFB94B4245739065431322C -- C:\WINDOWS\system32\dllcache\rpcss.dll
[2009/02/09 08:10:48 | 000,401,408 | ---- | M] (Microsoft Corporation) MD5=6B27A5C03DFB94B4245739065431322C -- C:\WINDOWS\system32\rpcss.dll
[2009/02/09 06:56:36 | 000,401,408 | ---- | M] (Microsoft Corporation) MD5=9222562D44021B988B9F9F62207FB6F2 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\rpcss.dll
[2005/07/26 00:20:40 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=C369DF215D352B6F3A0B8C3469AA34F8 -- C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\rpcss.dll
[2005/04/28 15:31:11 | 000,395,776 | ---- | M] (Microsoft Corporation) MD5=C8061F289E000703E7672916B7FE1571 -- C:\WINDOWS\$NtUninstallKB902400$\rpcss.dll
[2005/07/26 00:39:49 | 000,397,824 | ---- | M] (Microsoft Corporation) MD5=CE94A2BD25E3E9F4D46A7373FF455C6D -- C:\WINDOWS\$NtServicePackUninstall$\rpcss.dll
[2005/04/28 15:35:01 | 000,396,288 | ---- | M] (Microsoft Corporation) MD5=DA383FB39A6F1C445F3AFC94B3EB1248 -- C:\WINDOWS\$hf_mig$\KB894391\SP2QFE\rpcss.dll

< MD5 for: SERVICES  >
[2004/08/04 07:00:00 | 000,007,116 | ---- | M] () MD5=95826940E657FE0567A8EC0F2A6AD11A -- C:\i386\services
[2004/08/04 07:00:00 | 000,007,116 | ---- | M] () MD5=95826940E657FE0567A8EC0F2A6AD11A -- C:\WINDOWS\system32\drivers\etc\services

< MD5 for: SERVICES.EXE  >
[2009/02/06 07:06:24 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=020CEAAEDC8EB655B6506B8C70D53BB6 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe
[2008/04/13 20:12:34 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\$NtUninstallKB956572$\services.exe
[2008/04/13 20:12:34 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\ServicePackFiles\i386\services.exe
[2009/02/06 07:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\dllcache\services.exe
[2009/02/06 07:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\services.exe
[2004/08/04 07:00:00 | 000,108,032 | ---- | M] (Microsoft Corporation) MD5=C6CE6EEC82F187615D1002BB3BB50ED4 -- C:\i386\services.exe
[2004/08/04 07:00:00 | 000,108,032 | ---- | M] (Microsoft Corporation) MD5=C6CE6EEC82F187615D1002BB3BB50ED4 -- C:\WINDOWS\$NtServicePackUninstall$\services.exe

< MD5 for: SERVICES.LNK  >
[2008/01/01 03:02:01 | 000,001,602 | ---- | M] () MD5=A670AC0BB054065F5BF0674F6AEB88FE -- C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Services.lnk

< MD5 for: SERVICES.MSC  >
[2004/08/04 07:00:00 | 000,033,464 | ---- | M] () MD5=E8089AA2A6F7FEE89B38C1F2D77BA6C6 -- C:\i386\services.msc
[2004/08/04 07:00:00 | 000,033,464 | ---- | M] () MD5=E8089AA2A6F7FEE89B38C1F2D77BA6C6 -- C:\WINDOWS\system32\services.msc

< MD5 for: SVCHOST.EXE  >
[2008/04/13 20:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/13 20:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2004/08/04 07:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\i386\svchost.exe
[2004/08/04 07:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: SVCHOST.EXE-2D5FBD18.PF  >
[2014/06/25 16:06:14 | 000,020,376 | ---- | M] () MD5=C2E01E9B6EDB36D1636E1B2BD6F4E1AB -- C:\WINDOWS\Prefetch\SVCHOST.EXE-2D5FBD18.pf

< MD5 for: USER32.DLL  >
[2005/03/02 14:19:56 | 000,577,024 | ---- | M] (Microsoft Corporation) MD5=1800F293BCCC8EDE8A70E12B88D80036 -- C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll
[2012/10/03 00:58:13 | 000,617,984 | ---- | M] (Microsoft Corporation) MD5=1CF4FF12F6AE7ADAD82CA4AE55BD8B46 -- C:\WINDOWS\ServicePackFiles\i386\user32.dll
[2012/10/03 00:58:13 | 000,617,984 | ---- | M] (Microsoft Corporation) MD5=1CF4FF12F6AE7ADAD82CA4AE55BD8B46 -- C:\WINDOWS\system32\user32.dll
[2007/03/08 11:48:36 | 000,578,048 | ---- | M] (Microsoft Corporation) MD5=7AA4F6C00405DFC4B70ED4214E7D687B -- C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll
[2007/03/08 11:36:28 | 000,577,536 | ---- | M] (Microsoft Corporation) MD5=B409909F6E2E8A7067076ED748ABF1E7 -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll
[2004/08/04 07:00:00 | 000,577,024 | ---- | M] (Microsoft Corporation) MD5=C72661F8552ACE7C5C85E16A3CF505C4 -- C:\i386\user32.dll
[2004/08/04 07:00:00 | 000,577,024 | ---- | M] (Microsoft Corporation) MD5=C72661F8552ACE7C5C85E16A3CF505C4 -- C:\WINDOWS\$NtUninstallKB890859$\user32.dll
[2005/03/02 14:09:30 | 000,577,024 | ---- | M] (Microsoft Corporation) MD5=DE2DB164BBB35DB061AF0997E4499054 -- C:\WINDOWS\$NtUninstallKB925902$\user32.dll

< MD5 for: USER32.INI  >
[2012/10/03 00:58:13 | 000,578,560 | ---- | M] () MD5=DF74697FB06A25F2D119ECA1AC4AE8C2 -- C:\WINDOWS\ServicePackFiles\i386\user32.ini
[2012/10/03 00:58:13 | 000,578,560 | ---- | M] () MD5=DF74697FB06A25F2D119ECA1AC4AE8C2 -- C:\WINDOWS\system32\user32.ini

< MD5 for: USERINIT.EXE  >
[2004/08/04 07:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\i386\userinit.exe
[2004/08/04 07:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: USERINIT.EXE-0743FDA9.PF  >
[2014/06/25 16:06:14 | 000,016,110 | ---- | M] () MD5=10E05E797E4C4FC28102E95FAFEBD6AD -- C:\WINDOWS\Prefetch\USERINIT.EXE-0743FDA9.pf

< MD5 for: WINLOGON.EXE  >
[2004/08/04 07:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\i386\winlogon.exe
[2004/08/04 07:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< MD5 for: WINSOCK.DLL  >
[2004/08/04 07:00:00 | 000,002,864 | ---- | M] (Microsoft Corporation) MD5=68485C5EF0E2EFCEBF21BBB1042B823B -- C:\i386\winsock.dll
[2004/08/04 07:00:00 | 000,002,864 | ---- | M] (Microsoft Corporation) MD5=68485C5EF0E2EFCEBF21BBB1042B823B -- C:\WINDOWS\system32\dllcache\winsock.dll
[2004/08/04 07:00:00 | 000,002,864 | ---- | M] (Microsoft Corporation) MD5=68485C5EF0E2EFCEBF21BBB1042B823B -- C:\WINDOWS\system32\winsock.dll
< End of report >


  • 0

#64
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

I'm glad that you saw and corrected that :thumbsup:

 

Now, let's revisit the fix in Post 55. Perhaps you did a Scan instead of a Fix because it doesn't look like the fix worked.

 

Could you try it again (The fix in post 55) and then post the results of the fix. It will be in C:\_OTL\Moved Files


  • 0

#65
Stargeneral

Stargeneral

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts

8 files at that location. I need to delete and run again so that I know which to post.


  • 0

#66
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts
I meant do everything that is in post 55.
  • 0

#67
Stargeneral

Stargeneral

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts

Virus still there. Here is the log

 

========== COMMANDS ==========
Error: Unable to interpret <[CREATERESTOREPOINT]> in the current context!
========== FILES ==========
Invalid Switch: replace
Invalid Switch: replace
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: Nancy Langston
->Temp folder emptied: 3418 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Owner

User: pictures

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 56720 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes

Total Files Cleaned = 0.00 mb


OTLPE by OldTimer - Version 3.1.48.0 log created on 06252014_101008


  • 0

#68
Stargeneral

Stargeneral

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts

I found 2 more log files similar to the posted results. I think one is the first run. Do want me to post?


  • 0

#69
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

Ok, forget the other two logs. Let's go with just this much of a fix.

 

 
:Files
C:\WINDOWS\system32\user32.dll|C:\WINDOWS\$NtServicePackUninstall$\user32.dll /replace
C
:\WINDOWS\ServicePackFiles\i386\user32.dll|C:\WINDOWS\$NtServicePackUninstall$\user32.dll /replace
 

Could you assure that when you paste the lines, there is a space before the "/replace". I can see one now on the post, but the system seems to pull it off at some point.

 

So, copy just those three lines into OTL, assure the space is there before the /replace switch and then press Run Fix. It won't reboot, so you should be able to see the log. Save it so you know where it is and if the copy was successful (read it in the log), try a reboot and let me know and paste the log.


  • 0

#70
Stargeneral

Stargeneral

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts

It worked. I am using now. here is the log

 

========== FILES ==========
File C:\WINDOWS\system32\user32.dll successfully replaced with C:\WINDOWS\$NtServicePackUninstall$\user32.dll
File C:\WINDOWS\ServicePackFiles\i386\user32.dll successfully replaced with C:\WINDOWS\$NtServicePackUninstall$\user32.dll

OTLPE by OldTimer - Version 3.1.48.0 log created on 06252014_123330


  • 0

Advertisements


#71
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

Did it fix the ransomware?


  • 0

#72
Stargeneral

Stargeneral

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts

Thank you. My day just improved greatly.


  • 0

#73
Stargeneral

Stargeneral

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
Seems to have. So far no blocker screen.
  • 0

#74
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

That's great! I'm happy too. That infection was a rough one to find and remove.

 

Let's make sure that we've got everything. Can you run OTL, do a Quick Scan and post the log.


  • 0

#75
Stargeneral

Stargeneral

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts

Ok. Forgot how slow internet explorer is. Here is the log

 

OTL logfile created on: 6/25/2014 2:57:58 PM - Run
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 82.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 96.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 34.21 Gb Total Space | 16.64 Gb Free Space | 48.63% Space Free | Partition Type: NTFS
Drive D: | 29.71 Gb Total Space | 10.31 Gb Free Space | 34.69% Space Free | Partition Type: FAT32
Drive E: | 3.68 Gb Total Space | 2.63 Gb Free Space | 71.41% Space Free | Partition Type: FAT32
Drive F: | 14.83 Gb Total Space | 12.92 Gb Free Space | 87.13% Space Free | Partition Type: FAT32
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - [2014/05/13 15:23:04 | 003,644,432 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- C:\Program Files\AVG\AVG2014\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2014/05/13 15:15:28 | 000,292,424 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- C:\Program Files\AVG\AVG2014\avgwdsvc.exe -- (avgwd)
SRV - [2014/05/09 18:35:32 | 001,801,752 | ---- | M] (AVG Secure Search) [Auto] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.5\ToolbarUpdater.exe -- (vToolbarUpdater18.1.5)
SRV - [2014/03/15 14:14:31 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/08/14 17:19:24 | 000,039,056 | ---- | M] () [Disabled] -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2010/09/03 02:45:02 | 000,227,232 | ---- | M] (McAfee, Inc.) [Disabled] -- C:\Program Files\McAfee Security Scan\2.1.121\McCHSvc.exe -- (McComponentHostService)
SRV - [2008/06/13 23:55:31 | 000,028,739 | ---- | M] (MyWebSearch.com) [Auto] -- C:\Program Files\MyWebSearch\bar\1.bin\MWSSVC.EXE -- (MyWebSearchService)
SRV - [2008/02/22 12:33:00 | 000,104,960 | ---- | M] (ArcSoft Inc.) [Auto] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2004/04/07 14:07:32 | 001,135,728 | ---- | M] (America Online, Inc.) [Auto] -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -- (AOL ACS)


========== Driver Services (SafeList) ==========

DRV - [2014/05/13 15:19:14 | 000,192,280 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2014/05/13 15:17:24 | 000,237,848 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot] -- C:\WINDOWS\system32\drivers\avglogx.sys -- (Avglogx)
DRV - [2014/05/13 15:17:22 | 000,210,200 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2014/05/13 15:17:22 | 000,122,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System] -- C:\WINDOWS\system32\drivers\avgdiskx.sys -- (Avgdiskx)
DRV - [2014/05/13 15:17:20 | 000,149,784 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot] -- C:\WINDOWS\system32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2014/05/13 15:17:20 | 000,107,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2014/05/13 15:09:12 | 000,198,936 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System] -- C:\WINDOWS\system32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2014/05/13 15:04:36 | 000,027,416 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2014/05/13 15:04:34 | 000,021,272 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- C:\WINDOWS\system32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2014/05/09 18:35:33 | 000,042,784 | ---- | M] (AVG Technologies) [Kernel | System] -- C:\WINDOWS\system32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2014/04/13 17:17:48 | 000,007,936 | ---- | M] (FNet Co., Ltd.) [Kernel | System] -- C:\WINDOWS\system32\drivers\FNETURPX.SYS -- (FNETURPX)
DRV - [2006/11/10 17:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2006/01/03 15:56:37 | 000,008,552 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2004/10/26 13:22:50 | 000,002,410 | ---- | M] () [Kernel | On_Demand] -- C:\Program Files\FreshDevices\FreshDiagnose\FreshIO.sys -- (FreshIO)
DRV - [2004/09/17 16:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2004/06/16 05:52:40 | 000,061,157 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\IntelC53.sys -- (IntelC53)
DRV - [2004/03/06 06:15:34 | 000,647,929 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\IntelC52.sys -- (IntelC52)
DRV - [2004/03/06 06:14:42 | 001,233,525 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\IntelC51.sys -- (IntelC51)
DRV - [2004/03/06 06:13:38 | 000,037,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mohfilt.sys -- (mohfilt)
DRV - [2003/06/12 09:33:00 | 000,059,977 | ---- | M] (FarStone Inc.) [Kernel | System] -- C:\WINDOWS\system32\drivers\gdxwdm.sys -- (gdxwdm)
DRV - [2003/01/10 18:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://my.netzero.ne...ch?r=minisearch
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.ne...ch?r=minisearch
IE - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en
IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://my.netzero.ne...ch?r=minisearch
IE - HKLM\Software\Microsoft\Internet Explorer\Search,Start Page = http://www.google.com/ig/dell?hl=en


IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/dell?hl=en
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin:  File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_39: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: 
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.3.51: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.3: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.3: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.3: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.3.51: C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Documents and Settings\All Users\Application Data\AVG SafeGuard toolbar\FireFoxExt\17.3.1.204 [2014/02/08 20:18:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2014/02/23 22:50:01 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2014/06/25 10:10:09 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AVG SafeGuard toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG SafeGuard toolbar\18.1.5.514\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} -  File not found
O2 - BHO: (CPrintEnhancer Object) - {AE84A6AA-A333-4B92-B276-C11E2212E4FE} - C:\Program Files\HP\Smart Web Printing\SmartWebPrinting.dll (Hewlett-Packard Co.)
O2 - BHO: (Free Download Manager) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Free Download Manager\iefdm2.dll (FreeDownloadManager.ORG)
O2 - BHO: (NetZero Toolbar Helper) - {FE3098B0-04A3-41fd-8CA9-BEA39CB14C87} - C:\Program Files\NetZero\UCReg.dll (NetZero, Inc.)
O3 - HKLM\..\Toolbar: (AVG SafeGuard toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG SafeGuard toolbar\18.1.5.514\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
O3 - HKLM\..\Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O3 - HKLM\..\Toolbar: (ZeroBar) - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\Toolbar.dll (NetZero, Inc.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [GameDrive] C:\Program Files\FarStone\GameDrive\gdtask.exe (FarStone Technology Inc.)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG SafeGuard toolbar\vprot.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O9 - Extra Button: Poker.com - {6FDD5236-C9F0-49ef-935D-385F5E21991A} - Reg Error: Value error. File not found
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1375492197765 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_39)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_39)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_39)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://download.mac...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.5\ViProtocol.dll (AVG Secure Search)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [2004/08/10 15:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2014\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG2014\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2014/06/25 13:54:50 | 002,237,440 | R--- | C] (OldTimer Tools) -- C:\OTLPE.exe
[2014/06/25 09:49:53 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Common Files
[2014/06/24 13:51:57 | 000,000,000 | ---D | C] -- C:\[bleep]
[2014/06/24 05:55:50 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/06/21 07:58:18 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0
[2014/06/20 14:52:30 | 000,000,000 | -HSD | C] -- C:\found.001
[2014/06/18 16:11:02 | 000,000,000 | ---D | C] -- C:\frst
[2014/06/17 22:26:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HitmanPro
[2014/06/05 14:37:14 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Documents\Report
[2014/06/04 00:10:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Vega Strike
[2014/06/04 00:03:47 | 000,000,000 | ---D | C] -- C:\Program Files\Vega Strike
[2014/05/12 05:57:19 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Program Files\DSETUP.DLL
[2014/05/12 05:57:03 | 000,273,408 | R--- | C] (Mpath Interactive) -- C:\Program Files\mplaynow.exe
[2014/05/12 05:57:01 | 004,094,464 | ---- | C] (Hothouse Creations) -- C:\Program Files\gangsters.exe
[2013/12/16 22:19:30 | 000,216,064 | ---- | C] ( ) -- C:\WINDOWS\System32\Lagarith.dll

========== Files - Modified Within 30 Days ==========

[2014/06/25 14:51:55 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/06/25 14:34:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2014/06/25 14:05:01 | 000,000,902 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2014/06/25 13:38:25 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2014/06/25 13:37:16 | 000,000,296 | ---- | M] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3312560122-1070824374-1967851052-1006.job
[2014/06/25 13:37:15 | 000,000,318 | ---- | M] () -- C:\WINDOWS\tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3312560122-1070824374-1967851052-1006.job
[2014/06/25 13:37:06 | 000,000,898 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2014/06/25 13:36:16 | 1340,133,376 | -HS- | M] () -- C:\hiberfil.sys
[2014/06/04 00:10:36 | 000,444,952 | ---- | M] (Creative Labs) -- C:\WINDOWS\System32\wrap_oal.dll
[2014/06/04 00:10:28 | 000,000,713 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Vega Strike.lnk
[2014/06/04 00:10:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Vega Strike
[2014/06/03 16:04:02 | 000,000,304 | ---- | M] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3312560122-1070824374-1967851052-1006.job
[2014/06/02 14:36:18 | 000,000,326 | ---- | M] () -- C:\WINDOWS\tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3312560122-1070824374-1967851052-1006.job
[2014/05/26 22:12:30 | 000,001,670 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\NetZero Quick Help.lnk
[2014/05/26 22:12:30 | 000,001,595 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\NetZero Internet.lnk
[2014/05/26 22:12:30 | 000,001,589 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\NetZero Internet.lnk

========== Files Created - No Company Name ==========

[2014/06/04 00:10:28 | 000,000,713 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Vega Strike.lnk
[2014/05/12 05:57:20 | 000,096,256 | ---- | C] () -- C:\Program Files\SMACKW32.DLL
[2014/05/12 05:57:04 | 000,093,696 | ---- | C] () -- C:\Program Files\GameConfiguration.dll
[2014/05/12 05:57:04 | 000,058,880 | ---- | C] () -- C:\Program Files\readme.rtf
[2014/05/12 05:57:04 | 000,010,752 | R--- | C] () -- C:\Program Files\MplayerReadme.wri
[2014/05/12 05:57:04 | 000,000,229 | R--- | C] () -- C:\Program Files\MPLAYNOW.INI
[2014/05/12 05:56:36 | 000,000,018 | ---- | C] () -- C:\Program Files\Security.key
[2014/04/11 17:03:53 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2014/04/11 17:03:53 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2014/04/11 17:03:53 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2014/04/11 17:03:53 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2014/04/11 17:03:53 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2014/01/14 15:40:58 | 000,238,736 | ---- | C] () -- C:\WINDOWS\System32\libbluray.dll
[2013/12/16 23:28:08 | 003,916,288 | ---- | C] () -- C:\WINDOWS\System32\ffmpeg.dll
[2013/12/16 23:27:32 | 000,112,640 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2013/12/16 23:27:00 | 000,271,360 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2013/12/16 23:26:40 | 000,157,184 | ---- | C] () -- C:\WINDOWS\System32\ff_unrar.dll
[2013/12/16 23:26:40 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\ff_libmad.dll
[2013/12/16 23:26:40 | 000,099,840 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2013/12/16 23:26:38 | 001,525,760 | ---- | C] () -- C:\WINDOWS\System32\ff_samplerate.dll
[2013/12/16 23:26:38 | 000,211,968 | ---- | C] () -- C:\WINDOWS\System32\ff_libdts.dll
[2013/12/16 23:26:38 | 000,136,704 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2013/12/16 23:26:38 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\ff_liba52.dll
[2013/12/16 22:38:54 | 000,877,296 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2013/12/16 22:38:52 | 000,242,259 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2013/12/16 22:15:32 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OptimFROG.dll
[2013/12/16 22:15:32 | 000,000,236 | ---- | C] () -- C:\WINDOWS\System32\Formats.ini
[2013/12/16 22:15:30 | 000,047,104 | ---- | C] () -- C:\WINDOWS\System32\bass_tak.dll
[2013/12/16 21:28:34 | 000,097,792 | ---- | C] () -- C:\WINDOWS\System32\ac3config.exe
[2013/12/16 21:28:26 | 001,021,440 | ---- | C] () -- C:\WINDOWS\System32\ac3filter_intl.dll
[2013/12/16 21:28:18 | 000,109,568 | ---- | C] () -- C:\WINDOWS\System32\avi.dll
[2013/12/16 21:28:18 | 000,097,792 | ---- | C] () -- C:\WINDOWS\System32\avs.dll
[2013/12/16 21:28:18 | 000,093,184 | ---- | C] () -- C:\WINDOWS\System32\avss.dll
[2013/12/16 21:27:52 | 000,113,152 | ---- | C] () -- C:\WINDOWS\System32\dsmux.exe
[2013/12/16 21:27:50 | 000,249,856 | ---- | C] () -- C:\WINDOWS\System32\dxr.dll
[2013/12/16 21:27:40 | 000,358,400 | ---- | C] () -- C:\WINDOWS\System32\gdsmux.exe
[2013/12/16 21:27:16 | 000,137,728 | ---- | C] () -- C:\WINDOWS\System32\mkv2vfr.exe
[2013/12/16 21:27:16 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\mkunicode.dll
[2013/12/16 21:27:14 | 000,150,528 | ---- | C] () -- C:\WINDOWS\System32\mkx.dll
[2013/12/16 21:27:14 | 000,080,384 | ---- | C] () -- C:\WINDOWS\System32\mkzlib.dll
[2013/12/16 21:27:10 | 000,142,336 | ---- | C] () -- C:\WINDOWS\System32\mp4.dll
[2013/12/16 21:26:52 | 000,123,392 | ---- | C] () -- C:\WINDOWS\System32\ogm.dll
[2013/12/16 21:26:46 | 000,198,144 | ---- | C] () -- C:\WINDOWS\System32\spdif_test.exe
[2013/12/16 21:26:40 | 000,154,624 | ---- | C] () -- C:\WINDOWS\System32\ts.dll
[2013/09/02 01:47:30 | 000,026,514 | ---- | C] () -- C:\WINDOWS\DIIUnin.dat
[2013/02/01 00:25:54 | 000,000,025 | ---- | C] () -- C:\WINDOWS\csgme96.ini
[2012/10/15 20:30:21 | 000,000,053 | ---- | C] () -- C:\WINDOWS\Kyor.ini
[2012/09/12 00:35:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\FSDataSvr.sys
[2012/09/12 00:35:21 | 000,005,501 | ---- | C] () -- C:\WINDOWS\System32\dptlcg32.dll
[2012/08/08 20:45:20 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2012/08/08 20:45:20 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2012/08/08 20:45:20 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2011/04/11 15:52:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2011/01/16 13:17:59 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2011/01/10 20:34:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2011/01/10 20:15:12 | 000,000,475 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2008/12/09 11:48:33 | 000,539,599 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\phn.dat
[2007/09/14 17:59:18 | 000,130,509 | ---- | C] () -- C:\WINDOWS\HPHins13.dat
[2007/09/14 17:59:18 | 000,002,977 | ---- | C] () -- C:\WINDOWS\hphmdl13.dat
[2007/03/22 16:47:35 | 000,046,344 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.EXE
[2006/11/22 21:31:35 | 000,000,016 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2006/11/15 21:56:15 | 000,000,933 | ---- | C] () -- C:\WINDOWS\ARCADE.INI
[2006/11/15 21:48:18 | 000,000,095 | ---- | C] () -- C:\WINDOWS\LTANK.INI
[2006/11/03 13:54:58 | 000,083,968 | ---- | C] () -- C:\WINDOWS\UnGins.exe
[2006/11/03 13:54:33 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\Unlha32.dll
[2006/11/03 13:54:32 | 000,473,600 | ---- | C] () -- C:\WINDOWS\System32\Harmony.dll
[2006/01/09 14:56:16 | 000,000,430 | ---- | C] () -- C:\WINDOWS\LEXSTAT.INI
[2006/01/08 22:01:26 | 000,005,018 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/01/08 22:01:26 | 000,000,104 | RHS- | C] () -- C:\WINDOWS\System32\780B9A934A.sys
[2006/01/08 17:29:14 | 000,003,106 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2006/01/03 16:14:14 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/01/03 16:04:27 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2006/01/03 15:57:24 | 000,000,202 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/01/03 15:55:35 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/01/03 15:34:40 | 000,049,152 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe
[2006/01/03 15:34:24 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2006/01/03 15:34:18 | 000,000,392 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/01/28 10:08:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/10 15:12:05 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 15:07:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/10 15:02:15 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/10 15:01:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/10 14:57:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/10 14:57:15 | 000,232,776 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/10 14:51:21 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/10 14:51:20 | 000,407,170 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/10 14:51:20 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/10 14:51:20 | 000,063,952 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/10 14:51:20 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/10 14:51:18 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/10 14:51:17 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/10 14:51:16 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/10 14:51:12 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/10 14:51:11 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/10 14:51:10 | 000,578,560 | ---- | C] () -- C:\WINDOWS\System32\user32.ini
[2004/08/10 14:51:05 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/10 14:50:56 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2003/07/21 17:38:30 | 000,006,398 | ---- | C] () -- C:\WINDOWS\System32\drivers\SmartCdx.sys
[2003/07/08 12:54:00 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\VDExtend.dll
[2003/07/08 12:54:00 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\GDExtend.dll
[2003/06/07 10:57:00 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\fsmesbox.dll
[2003/06/07 10:57:00 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\FsLodLib.dll
[2003/06/07 10:56:00 | 000,040,960 | ---- | C] () -- C:\WINDOWS\DxpApp.exe
[2003/02/14 11:56:00 | 000,016,384 | ---- | C] () -- C:\WINDOWS\FSRunCmd.exe
[1997/06/13 22:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll

========== LOP Check ==========

[2014/03/14 19:52:50 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\config\systemprofile\Application Data\AVG2014
[2009/09/12 02:53:43 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\config\systemprofile\Application Data\SACore
[2012/11/18 23:41:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\041890C4AF0DD1A3000004188CB3D95A
[2012/10/02 02:46:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\1637A
[2014/04/08 00:25:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Auslogics
[2014/03/20 03:23:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG
[2013/12/17 01:54:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG SafeGuard toolbar
[2014/03/14 18:52:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Secure Search
[2014/03/14 19:53:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2013
[2014/03/23 12:32:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2014
[2012/07/23 23:32:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Babylon
[2013/03/28 00:00:29 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2014/04/13 17:18:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FNET
[2013/01/18 01:20:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Free Download Manager
[2014/06/17 22:26:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HitmanPro
[2012/10/02 02:45:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iMesh
[2013/11/10 03:44:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallMate
[2006/08/11 21:50:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\JollyBear
[2014/06/25 14:44:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2006/02/14 00:12:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Netscape Internet Service
[2011/10/30 01:13:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NetZero
[2012/09/14 02:04:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2012/06/29 22:46:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer
[2006/01/03 15:56:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2014/03/20 03:44:39 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
[2014/03/20 03:44:42 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{3002E08A-4925-4821-8D06-D5FC4EBFF034}

========== Purity Check ==========


< End of report >


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP