Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Windows Antivirus Software messages [Closed]

Started by major_help_needed , Mar 17 2010 02:26 AM

  • This topic is locked This topic is locked

#1
major_help_needed
Posted 17 March 2010 - 02:26 AM

major_help_needed

    New Member

  • Member
  • Pip
  • 8 posts
Hi im not very good with computer terms or anything but i'll try and describe the problem im having. I have AVG free virus protection and last night a message popped up saying that a threat had been detected and it gave the option of moving it to the vault which i did but it said the vault was full so it deleted it. A few minutes later a box popped up saying that multiple threats had been detected and that i needed to run windows antivirus software to remove them. A window then popped up that said windows antivirus software at the top and it said that it was running a computer scan but it did it really fast before i could react or read everything in the window. There was then the option to ignore the threats that were found or go to a website and purchase a window antivirus kit. I didnt click either option and when i tried to open the internet it took me straight to the website to buy the antivirus and when i tried to open a new tab it said that the website i was attempting to access was potentially dangerous and it would not let me open any internet programs. Whenever i try to open any program on my desktop it says that they are all infected. This problem is only on my user account on my home computer all the other user accounts seem to be working fine as of now. I have attached some pictures of the pop-up messages just in case it might help to identify the problem.

New_Image.JPG
20100317023810_1_.JPG
20100317023703_1_.JPG
20100317023634_1_.JPG
  • 0

Advertisements

#2
Mjöllnir
Posted 17 March 2010 - 09:21 PM

Mjöllnir

    Trusted Helper

  • Retired Staff
  • 1,207 posts
Welcome to Geeks to Go, major_help_needed.

I will be helping you with your malware issues.

Before we get started, please read the following.
  • Be advised that I am still in training, so there may be a delay between replies. Each reply must be approved by a resident expert before I will be allowed to post them to you.
  • Please completely read through all instructions given you before attempting to follow them. If you are confused about any part of the instructions, post back with your questions and we'll figure things out.
  • Please post all logs in their entirety. DO NOT attach logs to a post unless I ask you to do that. Rather copy and paste the contents of the logs directly into the post.
  • Please refrain from running any tools or otherwise performing any fixes other than what I ask you to do.
  • Finally, do not PM me directly for help. If you have any questions, post them in this topic.



Please follow these instructions.


Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file that you will need to extract first. If you use this mirror, please extract the zip file to your desktop.

  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection
    so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.
    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.




OTL Scan
  • Download OTL to your desktop.
  • Double-click on the icon to run it. Make sure all other windows are closed to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Under Custom Scan paste this in
    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %SYSTEMDRIVE%\*.exe
    %systemroot%\*. /mp /s
    %ALLUSERSPROFILE%\Application Data\*.
    %ALLUSERSPROFILE%\Application Data\*.exe /s
    %APPDATA%\*.
    %APPDATA%\*.exe /s
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    beep.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    ahcix86s.sys
    KR10N.sys
    nvstor32.sys
    nvrd32.sys
    explorer.exe
    svchost.exe
    userinit.exe
    symmpi.sys
    qmgr.dll
    ws2_32.dll
    proquota.exe
    imm32.dll
    kernel32.dll
    ndis.sys
    autochk.exe
    spoolsv.exe
    xmlprov.dll
    ntmssvc.dll
    mswsock.dll
    ntfs.sys
    termsrv.dll
    sfcfiles.dll
    st3shark.sys
    srsvc.dll
    adp3132.sys
    mv61xx.sys
    /md5stop
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav

  • Click the Run Scan button. Do not change any settings unless otherwise told to do so.
  • When the scan completes, it will open two notepad windows. OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.

  • 0

#3
major_help_needed
Posted 18 March 2010 - 06:11 AM

major_help_needed

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Earlier yesterday my cousin put a program called Malwarebytes' Anyi-Malware and told me to run that program which i did and it seemed like it helped a little so if u would like i could post that log as well but it is very long since it did a full scan.

Here is the Gmer log though


GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-03-18 06:48:09
Windows 5.1.2600 Service Pack 3
Running: tp59i9oz[1].exe; Driver: C:\DOCUME~1\Amber\LOCALS~1\Temp\awaoifod.sys


---- System - GMER 1.0.15 ----

SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwCreateKey [0xBA8F887E]
SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwSetValueKey [0xBA8F8BFE]

---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB9B4C360, 0x1FE48D, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Internet Explorer\iexplore.exe[2808] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E1DF4B9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2808] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E351FF7 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2808] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E351F78 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2808] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E351FBC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2808] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E351F04 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2808] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E351F3E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2808] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E352032 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2808] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E2017EA C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2808] ole32.dll!OleLoadFromStream 77529C85 5 Bytes JMP 3E3521F4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp Lbd.sys (Boot Driver/Lavasoft AB)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp Lbd.sys (Boot Driver/Lavasoft AB)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp Lbd.sys (Boot Driver/Lavasoft AB)

---- EOF - GMER 1.0.15 ----
  • 0

#4
major_help_needed
Posted 18 March 2010 - 07:31 AM

major_help_needed

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Here is the OTL.txt

OTL logfile created on: 3/18/2010 7:20:25 AM - Run 1
OTL by OldTimer - Version 3.1.37.2 Folder = C:\Documents and Settings\Amber\My Documents\My Pictures
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 42.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 61.00% Paging File free
Paging file location(s): C:\pagefile.sys 336 672 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 93.15 Gb Total Space | 3.67 Gb Free Space | 3.93% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SUSCC-611665749
Current User Name: Amber
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Amber\My Documents\My Pictures\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
PRC - C:\Program Files\AVG\AVG8\avgscanx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Xobni\XobniService.exe (Xobni Corporation)
PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\AVG\AVG8\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgemc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Search Guard Plus\SearchGuardPlus.exe ()
PRC - C:\Program Files\Samsung\EmoDio\SMSTray.exe (SAMSUNG ELECTRONICS)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Lexmark 5000 Series\lxdmmon.exe ()
PRC - C:\WINDOWS\system32\lxdmcoms.exe ( )
PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdmserv.exe (Lexmark International, Inc.)
PRC - C:\Program Files\Lexmark 5000 Series\lxdmamon.exe ()
PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
PRC - C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Amber\My Documents\My Pictures\OTL.exe (OldTimer Tools)


========== Win32 Services (SafeList) ==========

SRV - (Seekeen Service) -- File not found
SRV - (iPod Service) -- File not found
SRV - (gusvc) -- File not found
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (XobniService) -- C:\Program Files\Xobni\XobniService.exe (Xobni Corporation)
SRV - (avg8emc) -- C:\Program Files\AVG\AVG8\avgemc.exe (AVG Technologies CZ, s.r.o.)
SRV - (avg8wd) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (lxdm_device) -- C:\WINDOWS\System32\lxdmcoms.exe ( )
SRV - (lxdmCATSCustConnectService) -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdmserv.exe ()


========== Driver Services (SafeList) ==========

DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (AvgLdx86) -- C:\WINDOWS\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Lbd) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (SASENUM) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (AvgTdiX) -- C:\WINDOWS\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (MREMP50) -- C:\Program Files\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (MRESP50) -- C:\Program Files\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\alcxwdm.sys (Realtek Semiconductor Corp.)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (nvata) -- C:\WINDOWS\system32\DRIVERS\nvata.sys (NVIDIA Corporation)
DRV - (nvnetbus) -- C:\WINDOWS\system32\drivers\nvnetbus.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- C:\WINDOWS\system32\drivers\NVENETFD.sys (NVIDIA Corporation)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (HSFHWBS2) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...p...ER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Use Custom Search URL = 0

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKCU\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

========== FireFox ==========



FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Hotbar\bin\10.0.356.0\firefox\extensions
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2009/12/22 10:32:45 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{98e34367-8df7-42b4-837b-20b892ff0847}: C:\Program Files\iWin Games\firefox\
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/01/04 23:52:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/02 03:00:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord\firefox\ext [2009/10/14 23:08:08 | 000,000,000 | ---D | M]

[2009/07/05 14:58:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Amber\Application Data\Mozilla\Extensions
[2009/07/05 14:58:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Amber\Application Data\Mozilla\Extensions\[email protected]
[2009/03/15 17:15:18 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2007/03/29 09:59:08 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009/01/04 23:52:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2008/11/08 17:50:39 | 000,002,386 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\seekeen.xml

O1 HOSTS File: ([2004/08/04 07:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: () - {45A4902E-4479-4EAE-A186-8D0F7E4C78DE} - C:\Program Files\Starware316\bin\Starware316.dll File not found
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (PageRage Toolbar) - {9565115d-c7d6-46d3-bd63-b67b481a4368} - C:\Program Files\PageRage\tbPage.dll (Conduit Ltd.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Gamevance Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (Search Assistant) - {F0626A63-410B-45E2-99A1-3F2475B2D695} - C:\Program Files\SGPSA\BHO.dll (MTWB)
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers Client\YontooIEClient.dll (Yontoo Technology, Inc.)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKLM\..\Toolbar: (PageRage Toolbar) - {9565115d-c7d6-46d3-bd63-b67b481a4368} - C:\Program Files\PageRage\tbPage.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Starware Screensavers Toolbar) - {9FB3908C-6565-4CB0-95F8-E9F85258723C} - C:\Program Files\Starware316\bin\Starware316.dll File not found
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (Gamevance Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (PageRage Toolbar) - {9565115D-C7D6-46D3-BD63-B67B481A4368} - C:\Program Files\PageRage\tbPage.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Gamevance Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Amazing3DAquariumWallpaper] C:\Program Files\At The Depth - Animated 3D Wallpaper\wallpaper.exe File not found
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [EleFunAnimatedWallpaper] File not found
O4 - HKLM..\Run: [FBSearch] C:\Program Files\Search Guard Plus\SearchGuardPlus.exe ()
O4 - HKLM..\Run: [Lexmark 5000 Series Fax Server] C:\Program Files\Lexmark 5000 Series\fm3032.exe ()
O4 - HKLM..\Run: [lxdmamon] C:\Program Files\Lexmark 5000 Series\lxdmamon.exe ()
O4 - HKLM..\Run: [lxdmmon.exe] C:\Program Files\Lexmark 5000 Series\lxdmmon.exe ()
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [SGPUpdater] C:\Program Files\Search Guard PlusU\sgpUpdaters.exe ()
O4 - HKLM..\Run: [SMSTray] C:\Program Files\Samsung\EmoDio\SMSTray.exe (SAMSUNG ELECTRONICS)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe File not found
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [DW6] C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe (The Weather Channel Interactive, Inc.)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [WeatherDPA] C:\Program Files\Hotbar\bin\10.0.356.0\Weather.exe File not found
O4 - HKCU..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\RunOnce: [Shockwave Updater] C:\WINDOWS\System32\Adobe\Shockwave 11\SwHelper_1150596.exe -Update -1150596 -Mozilla\4.0 (compatible; MSIE 7.0; Windows NT 5.1; GTB6; Mozilla\4.0 ( File not found
O4 - Startup: C:\Documents and Settings\Amber\Start Menu\Programs\Startup\IMVU.lnk = C:\Documents and Settings\Amber\Application Data\IMVUClient\IMVUQualityAgent.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_11.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Amber\Start Menu\Programs\IMVU\Run IMVU.lnk ()
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Go PlaySushi! - {EBD24BD3-E272-4FA3-A8BA-C5D709757CAB} - C:\Program Files\PlaySushi\PSText.dll ()
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Amber\Local Settings\Application Data\Microsoft\Wallpaper3.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Amber\Local Settings\Application Data\Microsoft\Wallpaper3.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/03/13 19:41:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2007/03/13 19:41:23 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 0

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: Lavasoft Ad-Aware Service - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: Lavasoft Ad-Aware Service - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {1a3e09be-1e45-494b-9174-d7385b45bbf5} - Reg Error: Value error.
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {0291E591-EA41-4c82-8106-3DC6CE7F7664} - Reg Error: Value error.
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 11.0
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 11.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - Reg Error: Value error.
ActiveX: {347B0667-C7ED-429B-BDE3-CC8D3BACAA31} - Reg Error: Value error.
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Security Update for Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {A17E30C4-A9BA-11D4-8673-60DB54C10000} - Reg Error: Value error.
ActiveX: {AA218328-0EA8-4D70-8972-E987A9190FF4} - Reg Error: Value error.
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D} - Microsoft .NET Framework 1.1 Security Update (KB953297)
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16891891626803200)

========== Files/Folders - Created Within 30 Days ==========

[2010/03/18 01:43:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2010/03/17 23:26:54 | 000,000,000 | ---D | C] -- C:\Avenger
[2010/03/17 18:10:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Amber\Application Data\Malwarebytes
[2010/03/17 17:33:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Amber\Local Settings\Application Data\The Weather Channel
[2010/03/17 16:19:04 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2010/03/17 16:19:04 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2010/03/17 16:19:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010/03/17 16:19:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2010/03/17 01:23:47 | 000,000,000 | ---D | C] -- C:\scc_40
[2010/03/16 20:57:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Amber\Application Data\SUPERAntiSpyware.com
[2010/03/16 20:41:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Amber\Local Settings\Application Data\qcpqbw
[2010/03/14 17:42:39 | 000,000,000 | ---D | C] -- C:\Program Files\Dogpile Toolbar
[2010/02/26 18:04:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Amber\Local Settings\Application Data\AskToolbar
[2010/02/24 21:43:20 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com
[2009/11/30 16:07:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2009/11/30 15:31:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2009/10/16 23:36:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Xobni
[2008/11/18 07:45:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Mozilla
[2008/11/08 22:09:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Mozilla
[2008/09/07 19:59:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\AVGTOOLBAR
[2008/09/07 18:07:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2008/09/07 18:07:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2008/09/07 18:01:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Google
[2008/01/06 20:05:54 | 000,434,176 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdmhcp.dll
[2008/01/06 20:05:54 | 000,356,352 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdminpa.dll
[2008/01/06 20:05:53 | 001,200,128 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdmserv.dll
[2008/01/06 20:05:53 | 000,950,272 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdmusb1.dll
[2008/01/06 20:05:53 | 000,339,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdmiesc.dll
[2008/01/06 20:05:52 | 000,647,168 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdmpmui.dll
[2008/01/06 20:05:52 | 000,565,248 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdmlmpm.dll
[2008/01/06 20:05:52 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdmprox.dll
[2008/01/06 20:05:50 | 000,663,552 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdmhbn3.dll
[2008/01/06 20:05:49 | 000,860,160 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdmcomc.dll
[2008/01/06 20:05:49 | 000,364,544 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdmcomm.dll
[2007/06/27 21:13:14 | 000,774,144 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RngInterstitial.dll
[9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\Documents and Settings\All Users\*.tmp files -> C:\Documents and Settings\All Users\*.tmp -> ]
[18 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/03/18 07:01:00 | 000,000,248 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2010/03/17 23:37:01 | 000,000,914 | ---- | M] () -- C:\Documents and Settings\Amber\Start Menu\Programs\Startup\IMVU.lnk
[2010/03/17 23:33:31 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/03/17 23:32:54 | 000,030,277 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/03/17 23:32:32 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/03/17 23:32:27 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/03/17 23:25:14 | 006,029,312 | -H-- | M] () -- C:\Documents and Settings\Amber\NTUSER.DAT
[2010/03/17 23:25:14 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Amber\ntuser.ini
[2010/03/17 17:26:51 | 057,253,522 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/03/17 15:53:48 | 000,000,094 | ---- | M] () -- C:\WINDOWS\System32\bad_packet
[2010/03/17 00:19:45 | 000,000,245 | ---- | M] () -- C:\WINDOWS\System32\query.raw
[2010/03/16 19:23:30 | 000,000,075 | ---- | M] () -- C:\WINDOWS\popcinfo.dat
[2010/03/15 19:52:07 | 000,443,918 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/03/15 19:52:07 | 000,072,050 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/03/15 19:52:06 | 000,525,448 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/03/15 15:13:29 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/03/08 16:42:32 | 000,034,791 | ---- | M] () -- C:\Documents and Settings\All Users\lxdm
[2010/03/08 16:03:25 | 000,000,054 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat
[2010/03/08 16:03:25 | 000,000,039 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat
[2010/03/06 11:40:39 | 000,008,192 | ---- | M] () -- C:\mtwb.dat
[2010/02/28 18:28:28 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/02/27 04:02:16 | 000,001,924 | ---- | M] () -- C:\Documents and Settings\Amber\Desktop\IMVU.lnk
[2010/02/26 23:19:30 | 000,000,042 | ---- | M] () -- C:\Documents and Settings\Amber\default.pls
[2010/02/19 23:17:13 | 000,052,736 | ---- | M] () -- C:\Documents and Settings\Amber\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\Documents and Settings\All Users\*.tmp files -> C:\Documents and Settings\All Users\*.tmp -> ]
[18 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/03/08 16:03:25 | 000,000,054 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2010/03/08 16:03:25 | 000,000,039 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2010/02/24 21:43:26 | 000,000,248 | ---- | C] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2009/12/04 14:00:36 | 000,000,140 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\xobni_installer_updater.log
[2009/11/29 16:17:58 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\AVERM.dll
[2009/11/29 16:17:58 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\AVEQT.dll
[2009/07/02 20:12:47 | 000,000,065 | ---- | C] () -- C:\WINDOWS\FISHUI.INI
[2009/06/28 19:07:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Habim34.ini
[2009/06/28 18:54:57 | 000,000,065 | ---- | C] () -- C:\WINDOWS\iltwain.ini
[2009/03/28 13:19:37 | 000,000,072 | ---- | C] () -- C:\WINDOWS\Adams65.ini
[2008/10/19 19:12:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ka.ini
[2008/09/17 13:36:22 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll
[2008/09/17 13:36:20 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2008/09/17 13:36:20 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2008/09/17 13:36:20 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2008/07/22 07:32:10 | 000,000,090 | ---- | C] () -- C:\WINDOWS\consys.ini
[2008/03/24 11:24:23 | 000,012,800 | ---- | C] () -- C:\Documents and Settings\Amber\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/01/06 20:15:18 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxdmvs.dll
[2008/01/06 20:15:14 | 000,348,160 | ---- | C] () -- C:\WINDOWS\System32\lxdmcoin.dll
[2008/01/06 20:14:16 | 000,692,224 | ---- | C] () -- C:\WINDOWS\System32\lxdmdrs.dll
[2008/01/06 20:14:16 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\lxdmcnv4.dll
[2008/01/06 20:14:16 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\lxdmcaps.dll
[2008/01/06 20:13:46 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\LXDMPMON.DLL
[2008/01/06 20:13:46 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\LXDMFXPU.DLL
[2008/01/06 20:13:26 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\lxdmoem.dll
[2008/01/06 20:06:09 | 000,000,060 | ---- | C] () -- C:\WINDOWS\System32\lxdmrwrd.ini
[2008/01/06 20:05:54 | 000,348,160 | ---- | C] () -- C:\WINDOWS\System32\lxdminst.dll
[2008/01/06 20:05:50 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lxdmgrd.dll
[2007/06/24 16:54:34 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/04/24 21:51:28 | 000,018,916 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/04/04 19:54:15 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2007/03/17 12:28:08 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/03/14 12:35:19 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\CNMVS75.DLL
[2007/03/13 22:12:26 | 000,219,952 | ---- | C] () -- C:\Program Files\utorrent.exe
[2007/03/13 21:52:41 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/03/05 13:34:28 | 000,676,224 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2005/09/20 15:43:20 | 000,229,376 | ---- | C] () -- C:\WINDOWS\System32\ISP2000.dll
[2005/09/18 09:32:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2005/09/18 09:32:00 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2005/09/18 09:32:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2005/09/18 09:32:00 | 000,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2005/09/18 09:32:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2005/09/18 09:32:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2005/09/18 09:32:00 | 000,046,080 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2008/01/06 20:13:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\5000 Series
[2007/05/30 16:39:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\55-95-pn-3s-rp-7s
[2008/12/24 15:01:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\7Wonders2
[2010/02/19 22:13:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2008/06/14 15:40:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG7
[2007/11/04 16:20:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cabela's Big Game Hunter - Alaskan Adventure Saves
[2007/03/14 12:34:59 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2009/12/03 21:48:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Christmasville
[2009/03/20 10:41:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eGames
[2009/10/06 20:49:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Flood Light Games
[2008/09/18 05:21:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fugazo
[2009/10/06 20:49:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GameHouse
[2008/09/18 04:10:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Go Go Gourmet
[2009/12/04 23:34:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gogii
[2009/12/15 03:17:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gogii Games
[2007/03/13 21:54:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2008/12/29 19:42:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Intenium
[2009/12/15 03:22:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iWin Games
[2009/12/20 20:42:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\JollyBear
[2009/12/27 19:15:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo
[2007/05/26 20:34:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\n7-89-o9-3r-4t-r9
[2009/10/06 22:06:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NeoEdge Networks
[2009/10/06 20:03:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2008/06/04 02:38:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2009/01/02 14:50:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games
[2010/01/20 12:06:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer
[2010/01/30 23:28:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/06/16 22:22:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TERMINAL Studio
[2009/12/03 23:35:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TheRace_dev
[2008/03/01 23:07:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zylom
[2009/11/30 15:31:01 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}
[2008/11/21 19:05:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Amber\Application Data\5000 Series
[2008/06/14 10:38:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Amber\Application Data\AVG7
[2009/01/17 08:10:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Amber\Application Data\AVGTOOLBAR
[2007/06/13 22:07:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Amber\Application Data\bang
[2008/03/01 23:06:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Amber\Application Data\BloodTies
[2009/01/02 16:56:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Amber\Application Data\cerasus.media
[2009/03/20 10:38:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Amber\Application Data\eGames
[2008/03/01 23:12:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Amber\Application Data\Eyeblaster
[2008/12/24 11:43:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Amber\Application Data\Friday's games
[2008/03/01 23:07:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Amber\Application Data\GameHouse
[2009/11/29 16:02:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Amber\Application Data\GetRightToGo
[2009/12/21 04:51:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Amber\Application Data\Go-Go Gourmet Chef of the Year
[2009/12/13 01:54:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Amber\Application Data\Gogii Games
[2007/09/20 17:58:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Amber\Application Data\HbTools
[2009/03/20 03:59:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Amber\Application Data\Home Sweet Home
[2010/03/17 23:37:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Amber\Application Data\IMVU
[2010/02/05 08:19:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Amber\Application Data\IMVUClient
[2009/06/12 22:00:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Amber\Application Data\iWin
[2008/02/01 15:11:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Amber\Application Data\Lexmark Productivity Studio
[2008/12/26 06:25:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Amber\Application Data\PlayFirst
[2009/03/04 17:38:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Amber\Application Data\Playrix Entertainment
[2008/09/18 11:59:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Amber\Application Data\Sandlot Games
[2008/07/30 20:51:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Amber\Application Data\uTorrent
[2010/01/23 23:46:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Amber\Application Data\Vivox
[2010/03/15 15:13:29 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2010/03/18 07:01:00 | 000,000,248 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >

< %systemroot%\*. /mp /s >

< %ALLUSERSPROFILE%\Application Data\*. >
[2008/01/06 20:13:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\5000 Series
[2007/05/30 16:39:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\55-95-pn-3s-rp-7s
[2008/12/24 15:01:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\7Wonders2
[2009/12/17 21:22:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2007/03/31 15:47:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2010/02/19 22:13:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2008/06/14 15:40:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG7
[2010/03/17 16:18:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg8
[2007/11/04 16:20:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cabela's Big Game Hunter - Alaskan Adventure Saves
[2007/03/14 12:34:59 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2009/12/03 21:48:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Christmasville
[2008/07/10 21:59:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Creative
[2009/03/20 10:41:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eGames
[2009/10/06 20:49:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Flood Light Games
[2008/09/18 05:21:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fugazo
[2009/10/06 20:49:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GameHouse
[2008/09/18 04:10:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Go Go Gourmet
[2009/12/04 23:34:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gogii
[2009/12/15 03:17:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gogii Games
[2009/12/09 01:46:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Google
[2007/03/13 21:54:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2008/12/29 19:42:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Intenium
[2009/12/15 03:22:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iWin Games
[2009/12/20 20:42:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\JollyBear
[2008/10/19 20:02:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Knowledge Adventure
[2009/11/30 15:30:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2009/11/30 17:21:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/02/12 04:04:00 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2008/09/27 21:03:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Motive
[2009/12/27 19:15:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo
[2007/05/26 20:34:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\n7-89-o9-3r-4t-r9
[2009/10/06 22:06:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NeoEdge Networks
[2009/12/31 09:24:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Norton
[2009/12/13 19:07:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[2007/03/13 21:50:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\nView_Profiles
[2007/03/31 13:01:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
[2009/10/06 20:03:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2008/06/04 02:38:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2010/03/09 00:59:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Real
[2009/01/02 14:50:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games
[2009/12/24 02:25:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2009/12/03 18:09:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2009/07/17 18:05:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Symantec
[2010/01/20 12:06:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer
[2010/01/30 23:28:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/06/16 22:22:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TERMINAL Studio
[2009/12/03 23:35:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TheRace_dev
[2007/06/22 13:06:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trymedia
[2007/03/13 22:44:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2009/05/31 22:28:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\yahoo!
[2008/08/07 16:33:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
[2008/03/01 23:07:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zylom
[2009/11/30 15:31:01 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}

< %ALLUSERSPROFILE%\Application Data\*.exe /s >
[2009/07/08 12:28:49 | 002,920,112 | ---- | M] (Lavasoft ) -- C:\Documents and Settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}\Ad-AwareAE.exe
[2005/03/08 13:16:10 | 000,023,040 | ---- | M] (CANON INC.) -- C:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP1600 Installer\Inst2\Cnmvsa.exe
[2005/03/25 00:00:00 | 000,045,056 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP1600 Installer\Inst2\helpkicker.exe
[2009/12/15 03:22:29 | 000,108,544 | ---- | M] (iWin Inc.) -- C:\Documents and Settings\All Users\Application Data\iWin Games\DesktopAlerts\DesktopAlerts.exe
[2009/12/15 03:22:29 | 000,076,800 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\iWin Games\DesktopAlerts\WebUpdater.exe
[2010/03/01 16:03:28 | 001,029,456 | ---- | M] (Lavasoft) -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
[2010/03/01 16:03:32 | 000,524,632 | ---- | M] (Lavasoft) -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
[2009/11/30 15:57:35 | 000,640,760 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWWSC.exe
[2010/03/01 16:03:39 | 002,357,064 | ---- | M] (Lavasoft) -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
[2010/03/01 16:03:42 | 000,567,144 | ---- | M] (Lavasoft) -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
[2010/03/01 16:03:45 | 000,566,648 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
[2010/03/01 16:04:00 | 003,701,760 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AutoLaunch.exe
[2010/03/01 16:04:33 | 000,015,688 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
[2010/03/01 16:04:36 | 000,315,736 | ---- | M] (Lavasoft) -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe
[2009/11/30 15:59:43 | 000,303,976 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\64\AAWDriverTool.exe
[2010/03/17 18:06:39 | 005,115,824 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
[2009/07/17 18:51:56 | 000,139,264 | ---- | M] (PlayFirst, Inc.) -- C:\Documents and Settings\All Users\Application Data\PlayFirst\Games\PlayFirst.EXE
[2002/07/26 17:02:06 | 000,153,088 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\PlayFirst\Games\womens-murder-club-3\UNWISE.EXE
[2009/09/09 12:04:20 | 001,650,688 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\PlayFirst\Games\womens-murder-club-3\WMC3.exe
[2009/09/09 12:04:16 | 002,973,696 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\PlayFirst\Games\womens-murder-club-3\game\WMC3.exe
[2009/09/08 02:13:14 | 000,224,256 | R-S- | M] (Tarma Software Research Pty Ltd) -- C:\Documents and Settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.exe
[2009/05/26 19:50:14 | 000,607,472 | ---- | M] (Yahoo! Inc.) -- C:\Documents and Settings\All Users\Application Data\yahoo!\YUpdater\yupdater.exe

< %APPDATA%\*. >
[2008/11/21 19:05:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Amber\Application Data\5000 Series
[2009/06/12 21:52:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Amber\Application Data\Adobe
[2007/03/16 10:17:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Amber\Application Data\AdobeUM
[2008/02/16 22:11:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Amber\Application Data\Ahead
[2007/08/17 16:14:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Amber\Application Data\Apple Computer
[2008/06/14 10:38:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Amber\Application Data\AVG7
[2009/11/13 15:12:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Amber\Application Data\AVG8
[2009/01/17 08:10:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Amber\Application Data\AVGTOOLBAR
[2007/06/13 22:07:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Amber\Application Data\bang
[2008/03/01 23:06:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Amber\Application Data\BloodTies
[2009/01/02 16:56:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Amber\Application Data\cerasus.media
[2008/07/11 15:51:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Amber\Application Data\Creative
[2009/03/20 10:38:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Amber\Application Data\eGames
[2008/03/01 23:12:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Amber\Application Data\Eyeblaster
[2008/12/24 11:43:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Amber\Application Data\Friday's games
[2008/03/01 23:07:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Amber\Application Data\GameHouse
[2009/11/29 16:02:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Amber\Application Data\GetRightToGo
[2009/12/21 04:51:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Amber\Application Data\Go-Go Gourmet Chef of the Year
[2009/12/13 01:54:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Amber\Application Data\Gogii Games
[2007/04/16 15:50:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Amber\Application Data\Google
[2007/09/20 17:58:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Amber\Application Data\HbTools
[2007/12/26 03:34:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Amber\Application Data\Help
[2009/03/20 03:59:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Amber\Application Data\Home Sweet Home
[2007/03/14 13:05:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Amber\Application Data\Identities
[2010/03/17 23:37:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Amber\Application Data\IMVU
[2010/02/05 08:19:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Amber\Application Data\IMVUClient
[2009/06/12 22:00:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Amber\Application Data\iWin
[2008/02/01 15:11:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Amber\Application Data\Lexmark Productivity Studio
[2007/06/19 21:40:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Amber\Application Data\Macromedia
[2010/03/17 18:10:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Amber\Application Data\Malwarebytes
[2008/12/11 12:53:24 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Amber\Application Data\Microsoft
[2008/11/01 17:57:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Amber\Application Data\Move Networks
[2009/07/05 14:58:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Amber\Application Data\Mozilla
[2008/12/26 06:25:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Amber\Application Data\PlayFirst
[2009/03/04 17:38:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Amber\Application Data\Playrix Entertainment
[2009/07/09 16:26:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Amber\Application Data\Real
[2008/09/18 11:59:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Amber\Application Data\Sandlot Games
[2007/03/16 04:51:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Amber\Application Data\Sun
[2010/03/16 20:57:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Amber\Application Data\SUPERAntiSpyware.com
[2008/07/30 20:51:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Amber\Application Data\uTorrent
[2010/01/23 23:46:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Amber\Application Data\Vivox
[2008/08/07 07:48:11 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\Amber\Application Data\yahoo!

< %APPDATA%\*.exe /s >
[2010/02/12 17:53:54 | 007,506,576 | ---- | M] (Vivox, Inc.) -- C:\Documents and Settings\Amber\Application Data\IMVUClient\1VivoxVoice.exe
[2010/02/18 19:27:50 | 000,052,992 | ---- | M] () -- C:\Documents and Settings\Amber\Application Data\IMVUClient\IMVUClient.exe
[2010/02/18 19:27:52 | 000,021,760 | ---- | M] () -- C:\Documents and Settings\Amber\Application Data\IMVUClient\IMVUQualityAgent.exe
[2010/02/18 19:27:52 | 000,092,320 | ---- | M] () -- C:\Documents and Settings\Amber\Application Data\IMVUClient\IMVUupdater.exe
[2010/02/27 04:02:14 | 000,076,774 | ---- | M] () -- C:\Documents and Settings\Amber\Application Data\IMVUClient\Uninstall.exe
[2009/08/04 13:03:40 | 000,049,664 | ---- | M] () -- C:\Documents and Settings\Amber\Application Data\IMVUClient\w9xpopen.exe
[2010/02/12 19:24:12 | 000,121,856 | ---- | M] () -- C:\Documents and Settings\Amber\Application Data\IMVUClient\WriteMiniDump.exe
[2009/10/26 13:09:36 | 000,040,448 | ---- | M] () -- C:\Documents and Settings\Amber\Application Data\IMVUClient\GeckoBin\BadPlugin.exe
[2009/10/26 13:09:38 | 000,113,664 | ---- | M] () -- C:\Documents and Settings\Amber\Application Data\IMVUClient\GeckoBin\certutil.exe
[2009/10/26 13:09:38 | 000,095,744 | ---- | M] (Mozilla Foundation) -- C:\Documents and Settings\Amber\Application Data\IMVUClient\GeckoBin\crashreporter.exe
[2009/10/26 13:09:38 | 000,010,240 | ---- | M] (Mozilla Foundation) -- C:\Documents and Settings\Amber\Application Data\IMVUClient\GeckoBin\DetectCharset.exe
[2009/10/26 13:09:38 | 000,040,448 | ---- | M] () -- C:\Documents and Settings\Amber\Application Data\IMVUClient\GeckoBin\GoodPlugin.exe
[2009/10/26 13:09:36 | 000,011,776 | ---- | M] (Mozilla Foundation) -- C:\Documents and Settings\Amber\Application Data\IMVUClient\GeckoBin\grabpage.exe
[2009/10/26 13:09:38 | 000,843,776 | ---- | M] (Netscape Communications Corporation) -- C:\Documents and Settings\Amber\Application Data\IMVUClient\GeckoBin\js.exe
[2009/10/26 13:09:38 | 000,008,192 | ---- | M] () -- C:\Documents and Settings\Amber\Application Data\IMVUClient\GeckoBin\mangle.exe
[2009/10/26 13:09:38 | 000,011,776 | ---- | M] () -- C:\Documents and Settings\Amber\Application Data\IMVUClient\GeckoBin\NormalizationTest.exe
[2009/10/26 13:09:36 | 000,009,728 | ---- | M] () -- C:\Documents and Settings\Amber\Application Data\IMVUClient\GeckoBin\nsIFileEnumerator.exe
[2009/10/26 13:09:36 | 000,012,800 | ---- | M] () -- C:\Documents and Settings\Amber\Application Data\IMVUClient\GeckoBin\nsIFileTest.exe
[2009/10/26 13:09:36 | 000,010,240 | ---- | M] () -- C:\Documents and Settings\Amber\Application Data\IMVUClient\GeckoBin\nsTestSample.exe
[2009/10/26 13:09:38 | 000,063,488 | ---- | M] () -- C:\Documents and Settings\Amber\Application Data\IMVUClient\GeckoBin\pk12util.exe
[2009/10/26 13:09:36 | 000,011,776 | ---- | M] () -- C:\Documents and Settings\Amber\Application Data\IMVUClient\GeckoBin\PrimitiveTest.exe
[2009/10/26 13:09:38 | 000,010,240 | ---- | M] () -- C:\Documents and Settings\Amber\Application Data\IMVUClient\GeckoBin\PropertiesTest.exe
[2009/10/26 13:09:38 | 000,009,728 | ---- | M] () -- C:\Documents and Settings\Amber\Application Data\IMVUClient\GeckoBin\proxy-create-threadsafety.exe
[2009/10/26 13:09:38 | 000,013,824 | ---- | M] () -- C:\Documents and Settings\Amber\Application Data\IMVUClient\GeckoBin\proxytests.exe
[2009/10/26 13:09:38 | 000,010,752 | ---- | M] (Mozilla Foundation) -- C:\Documents and Settings\Amber\Application Data\IMVUClient\GeckoBin\rdfcat.exe
[2009/10/26 13:09:38 | 000,011,776 | ---- | M] (Mozilla Foundation) -- C:\Documents and Settings\Amber\Application Data\IMVUClient\GeckoBin\rdfpoll.exe
[2009/10/26 13:09:36 | 000,010,752 | ---- | M] () -- C:\Documents and Settings\Amber\Application Data\IMVUClient\GeckoBin\ReadNTLM.exe
[2009/10/26 13:09:36 | 000,008,704 | ---- | M] (Mozilla Foundation) -- C:\Documents and Settings\Amber\Application Data\IMVUClient\GeckoBin\redit.exe
[2009/10/26 13:09:38 | 000,013,312 | ---- | M] () -- C:\Documents and Settings\Amber\Application Data\IMVUClient\GeckoBin\regxpcom.exe
[2009/10/26 13:09:36 | 000,019,456 | ---- | M] () -- C:\Documents and Settings\Amber\Application Data\IMVUClient\GeckoBin\shlibsign.exe
[2009/10/26 13:09:38 | 000,014,848 | ---- | M] () -- C:\Documents and Settings\Amber\Application Data\IMVUClient\GeckoBin\SimpleTypeLib.exe
[2009/10/26 13:09:38 | 000,024,064 | ---- | M] (Mozilla Foundation) -- C:\Documents and Settings\Amber\Application Data\IMVUClient\GeckoBin\ssltunnel.exe
[2009/10/26 13:09:38 | 000,007,168 | ---- | M] () -- C:\Documents and Settings\Amber\Application Data\IMVUClient\GeckoBin\TestArguments.exe
[2009/10/26 13:09:38 | 000,073,728 | ---- | M] () -- C:\Documents and Settings\Amber\Application Data\IMVUClient\GeckoBin\TestAUSReadStrings.exe
[2009/10/26 13:09:38 | 000,014,848 | ---- | M] () -- C:\Documents and Settings\Amber\Application Data\IMVUClient\GeckoBin\TestAutoPtr.exe
[2009/10/26 13:09:38 | 000,006,656 | ---- | M] () -- C:\Documents and Settings\Amber\Application Data\IMVUClient\GeckoBin\TestBlockingProcess.exe
[2009/10/26 13:09:38 | 000,008,192 | ---- | M] () -- C:\Documents and Settings\Amber\Application Data\IMVUClient\GeckoBin\TestBlockingSocket.exe
[2009/10/26 13:09:36 | 000,011,264 | ---- | M] () -- C:\Documents and Settings\Amber\Application Data\IMVUClient\GeckoBin\TestCallbacks.exe
[2009/10/26 13:09:38 | 000,007,168 | ---- | M] () -- C:\Documents and Settings\Amber\Application Data\IMVUClient\GeckoBin\TestCallTemplates.exe
[2009/10/26 13:09:38 | 000,007,680 | ---- | M] () -- C:\Documents and Settings\Amber\Application Data\IMVUClient\GeckoBin\TestCOM.exe
[2009/10/26 13:09:36 | 000,014,848 | ---- | M] () -- C:\Documents and Settings\Amber\Application Data\IMVUClient\GeckoBin\TestCOMPtr.exe
[2009/10/26 13:09:38 | 000,007,168 | ---- | M] () -- C:\Documents and Settings\Amber\Application Data\IMVUClient\GeckoBin\TestCOMPtrEq.exe
[2009/10/26 13:09:38 | 000,027,648 | ---- | M] () -- C:\Documents and Settings\Amber\Application Data\IMVUClient\GeckoBin\TestCookie.exe
[2009/10/26 13:09:38 | 000,009,728 | ---- | M] () -- C:\Documents and Settings\Amber\Application Data\IMVUClient\GeckoBin\TestDNS.exe
[2009/10/26 13:09:38 | 000,008,192 | ---- | M] () -- C:\Documents and Settings\Amber\Application Data\IMVUClient\GeckoBin\TestFactory.exe
[2009/10/26 13:09:36 | 000,022,528 | ---- | M] () -- C:\Documents and Settings\Amber\Application Data\IMVUClient\GeckoBin\TestHashtables.exe
[2009/10/26 13:09:38 | 000,008,192 | ---- | M] () -- C:\Documents and Settings\Amber\Application Data\IMVUClient\GeckoBin\TestID.exe
[2009/10/26 13:09:38 | 000,010,240 | ---- | M] () -- C:\Documents and Settings\Amber\Application Data\IMVUClient\GeckoBin\TestIncrementalDownload.exe
[2009/10/26 13:09:36 | 000,012,288 | ---- | M] () -- C:\Documents and Settings\Amber\Application Data\IMVUClient\GeckoBin\TestINIParser.exe
[2009/10/26 13:09:36 | 000,014,336 | ---- | M] (Mozilla Foundation) -- C:\Documents and Settings\Amber\Application Data\IMVUClient\GeckoBin\TestLineBreak.exe
[2009/10/26 13:09:36 | 000,018,432 | ---- | M] () -- C:\Documents and Settings\Amber\Application Data\IMVUClient\GeckoBin\TestMinStringAPI.exe
[2009/10/26 13:09:36 | 000,010,240 | ---- | M] () -- C:\Documents and Settings\Amber\Application Data\IMVUClient\GeckoBin\TestNativeXMLHttpRequest.exe
[2009/10/26 13:09:38 | 000,011,776 | ---- | M] () -- C:\Documents and Settings\Amber\Application Data\IMVUClient\GeckoBin\TestObserverService.exe
[2009/10/26 13:09:38 | 000,007,168 | ---- | M] () -- C:\Documents and Settings\Amber\Application Data\IMVUClient\GeckoBin\TestOOM.exe
[2009/10/26 13:09:38 | 000,008,192 | ---- | M] () -- C:\Documents and Settings\Amber\Application Data\IMVUClient\GeckoBin\TestOpen.exe
[2009/10/26 13:09:36 | 000,012,800 | ---- | M] () -- C:\Documents and Settings\Amber\Application Data\IMVUClient\GeckoBin\TestPageLoad.exe
[2009/10/26 13:09:36 | 000,009,728 | ---- | M] (Mozilla Foundation) -- C:\Documents and Settings\Amber\Application Data\IMVUClient\GeckoBin\TestParser.exe
[2009/10/26 13:09:38 | 000,010,240 | ---- | M] () -- C:\Documents and Settings\Amber\Application Data\IMVUClient\GeckoBin\TestPipe.exe
[2009/10/26 13:09:38 | 000,009,728 | ---- | M] () -- C:\Documents and Settings\Amber\Application Data\IMVUClient\GeckoBin\TestPlainTextSerializer.exe
[2009/10/26 13:09:36 | 000,006,656 | ---- | M] () -- C:\Documents and Settings\Amber\Application Data\IMVUClient\GeckoBin\TestQuickReturn.exe
[2009/10/26 13:09:38 | 000,011,776 | ---- | M] () -- C:\Documents and Settings\Amber\Application Data\IMVUClient\GeckoBin\TestRacingServiceManager.exe
[2009/10/26 13:09:38 | 000,013,312 | ---- | M] () -- C:\Documents and Settings\Amber\Application Data\IMVUClient\GeckoBin\TestRegistrationOrder.exe
[2009/10/26 13:09:38 | 000,009,728 | ---- | M] () -- C:\Documents and Settings\Amber\Application Data\IMVUClient\GeckoBin\TestServ.exe
[2009/10/26 13:09:36 | 000,007,168 | ---- | M] () -- C:\Documents and Settings\Amber\Application Data\IMVUClient\GeckoBin\TestServMgr.exe
[2009/10/26 13:09:38 | 000,009,216 | ---- | M] () -- C:\Documents and Settings\Amber\Application Data\IMVUClient\GeckoBin\TestStandardURL.exe
[2009/10/26 13:09:38 | 000,013,312 | ---- | M] (Mozilla Foundation) -- C:\Documents and Settings\Amber\Application Data\IMVUClient\GeckoBin\teststorage1.exe
[2009/10/26 13:09:38 | 000,013,312 | ---- | M] (Mozilla Foundation) -- C:\Documents and Settings\Amber\Application Data\IMVUClient\GeckoBin\TestStreamConv.exe
[2009/10/26 13:09:38 | 000,009,728 | ---- | M] () -- C:\Documents and Settings\Amber\Application Data\IMVUClient\GeckoBin\TestStreamLoader.exe
[2009/10/26 13:09:36 | 000,017,920 | ---- | M] () -- C:\Documents and Settings\Amber\Application Data\IMVUClient\GeckoBin\TestStringAPI.exe
[2009/10/26 13:09:36 | 000,013,824 | ---- | M] () -- C:\Documents and Settings\Amber\Application Data\IMVUClient\GeckoBin\TestTextFormatter.exe
[2009/10/26 13:09:36 | 000,011,264 | ---- | M] () -- C:\Documents and Settings\Amber\Application Data\IMVUClient\GeckoBin\TestThreadPoolListener.exe
[2009/10/26 13:09:38 | 000,010,752 | ---- | M] () -- C:\Documents and Settings\Amber\Application Data\IMVUClient\GeckoBin\TestTimers.exe
[2009/10/26 13:09:38 | 000,049,152 | ---- | M] () -- C:\Documents and Settings\Amber\Application Data\IMVUClient\GeckoBin\TestTXMgr.exe
[2009/10/26 13:09:36 | 000,011,264 | ---- | M] () -- C:\Documents and Settings\Amber\Application Data\IMVUClient\GeckoBin\TestUpload.exe
[2009/10/26 13:09:38 | 000,007,680 | ---- | M] () -- C:\Documents and Settings\Amber\Application Data\IMVUClient\GeckoBin\TestURLParser.exe
[2009/10/26 13:09:38 | 000,007,680 | ---- | M] () -- C:\Documents and Settings\Amber\Application Data\IMVUClient\GeckoBin\TestVersionComparator.exe
[2009/10/26 13:09:36 | 000,018,944 | ---- | M] () -- C:\Documents and Settings\Amber\Application Data\IMVUClient\GeckoBin\TestXPC.exe
[2009/10/26 13:09:36 | 000,011,264 | ---- | M] () -- C:\Documents and Settings\Amber\Application Data\IMVUClient\GeckoBin\TestXREMakeCommandLineWin.exe
[2009/10/26 13:09:36 | 000,010,752 | ---- | M] (Mozilla Foundation) -- C:\Documents and Settings\Amber\Application Data\IMVUClient\GeckoBin\triplescat.exe
[2009/10/26 13:09:36 | 000,013,824 | ---- | M] () -- C:\Documents and Settings\Amber\Application Data\IMVUClient\GeckoBin\UnicharSelfTest.exe
[2009/10/26 13:09:36 | 000,089,088 | ---- | M] () -- C:\Documents and Settings\Amber\Application Data\IMVUClient\GeckoBin\UniversalChardetTest.exe
[2009/10/26 13:09:36 | 000,241,152 | ---- | M] (Mozilla Foundation) -- C:\Documents and Settings\Amber\Application Data\IMVUClient\GeckoBin\updater.exe
[2009/10/26 13:09:38 | 000,016,384 | ---- | M] () -- C:\Documents and Settings\Amber\Application Data\IMVUClient\GeckoBin\urltest.exe
[2009/10/26 13:09:38 | 000,007,168 | ---- | M] () -- C:\Documents and Settings\Amber\Application Data\IMVUClient\GeckoBin\WriteArgument.exe
[2009/10/26 13:09:38 | 000,024,064 | ---- | M] (Mozilla Foundation) -- C:\Documents and Settings\Amber\Application Data\IMVUClient\GeckoBin\xpcshell.exe
[2009/10/26 13:09:36 | 000,311,296 | ---- | M] (Mozilla Foundation) -- C:\Documents and Settings\Amber\Application Data\IMVUClient\GeckoBin\xpidl.exe
[2009/10/26 13:09:36 | 000,022,016 | ---- | M] () -- C:\Documents and Settings\Amber\Application Data\IMVUClient\GeckoBin\xpt_dump.exe
[2009/10/26 13:09:38 | 000,018,432 | ---- | M] () -- C:\Documents and Settings\Amber\Application Data\IMVUClient\GeckoBin\xpt_link.exe
[2009/10/26 13:09:38 | 000,110,592 | ---- | M] (Mozilla Foundation) -- C:\Documents and Settings\Amber\Application Data\IMVUClient\GeckoBin\xulrunner-stub.exe
[2009/10/26 13:09:38 | 000,093,184 | ---- | M] (Mozilla Foundation) -- C:\Documents and Settings\Amber\Application Data\IMVUClient\GeckoBin\xulrunner.exe
[2010/02/27 04:00:54 | 024,479,624 | ---- | M] () -- C:\Documents and Settings\Amber\Application Data\IMVUClient\installer\SetupImvu_update.exe
[2009/12/01 18:58:20 | 007,490,192 | ---- | M] (Vivox, Inc.) -- C:\Documents and Settings\Amber\Application Data\IMVUClient\ui\plugins\VivoxVoiceManager.exe
[2007/11/03 14:35:54 | 000,003,262 | R--- | M] () -- C:\Documents and Settings\Amber\Application Data\Microsoft\Installer\{17D2AF72-1448-4C43-A1C4-842757E4DEB6}\_26e91eb.exe
[2007/11/03 14:35:54 | 000,003,262 | R--- | M] () -- C:\Documents and Settings\Amber\Application Data\Microsoft\Installer\{17D2AF72-1448-4C43-A1C4-842757E4DEB6}\_5af141bb.exe
[2007/11/03 14:35:54 | 000,004,286 | R--- | M] () -- C:\Documents and Settings\Amber\Application Data\Microsoft\Installer\{17D2AF72-1448-4C43-A1C4-842757E4DEB6}\_bb32ea6.exe
[2008/09/17 11:03:04 | 000,099,704 | ---- | M] () -- C:\Documents and Settings\Amber\Application Data\Move Networks\ie_bin\MovePlayerUpgrade.exe
[2008/10/24 09:34:36 | 000,034,063 | ---- | M] () -- C:\Documents and Settings\Amber\Application Data\Move Networks\ie_bin\Uninst.exe
[2009/02/08 05:57:10 | 000,382,472 | ---- | M] (RealNetworks, Inc.) -- C:\Documents and Settings\Amber\Application Data\Real\RealPlayer\setup\AU_setup4.exe
[2009/03/31 22:51:48 | 000,390,664 | ---- | M] (RealNetworks, Inc.) -- C:\Documents and Settings\Amber\Application Data\Real\RealPlayer\setup\AU_setup6.exe
[2004/08/04 07:00:00 | 000,114,688 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Amber\Application Data\yahoo!\Mail\attach\calc.exe


< MD5 for: AGP440.SYS >
[2004/08/04 07:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/09/18 17:44:24 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/09/18 17:44:24 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 07:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/09/18 17:44:24 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/09/18 17:44:24 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 07:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/04 07:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0009\DriverFiles\i386\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2008/04/13 19:12:12 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=23043C91A0F9DFB4B9E9F87B680863B4 -- C:\WINDOWS\ServicePackFiles\i386\autochk.exe
[2008/04/13 19:12:12 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=23043C91A0F9DFB4B9E9F87B680863B4 -- C:\WINDOWS\system32\autochk.exe
[2004/08/04 07:00:00 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=B3415B9D6026F65E43089ABED096C38C -- C:\WINDOWS\$NtServicePackUninstall$\autochk.exe

< MD5 for: BEEP.SYS >
[2004/08/04 07:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\dllcache\beep.sys
[2004/08/04 07:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\drivers\beep.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 07:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: EXPLORER.EXE >
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2007/06/13 06:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007/06/13 05:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2004/08/04 07:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe

< MD5 for: IMM32.DLL >
[2008/04/13 19:11:54 | 000,110,080 | ---- | M] (Microsoft Corporation) MD5=0DA85218E92526972A821587E6A8BF8F -- C:\WINDOWS\ServicePackFiles\i386\imm32.dll
[2008/04/13 19:11:54 | 000,110,080 | ---- | M] (Microsoft Corporation) MD5=0DA85218E92526972A821587E6A8BF8F -- C:\WINDOWS\system32\imm32.dll
[2004/08/04 07:00:00 | 000,110,080 | ---- | M] (Microsoft Corporation) MD5=87CA7CE6469577F059297B9D6556D66D -- C:\WINDOWS\$NtServicePackUninstall$\imm32.dll

< MD5 for: KERNEL32.DLL >
[2007/04/16 11:07:27 | 000,986,112 | ---- | M] (Microsoft Corporation) MD5=09F7CB3687F86EDAA4CA081F7AB66C03 -- C:\WINDOWS\$hf_mig$\KB935839\SP2QFE\kernel32.dll
[2006/07/05 05:57:10 | 000,985,088 | ---- | M] (Microsoft Corporation) MD5=0FDD84928A5DDE2510761B7EC76CCEC9 -- C:\WINDOWS\$hf_mig$\KB917422\SP2QFE\kernel32.dll
[2004/08/04 07:00:00 | 000,983,552 | ---- | M] (Microsoft Corporation) MD5=888190E31455FAD793312F8D087146EB -- C:\WINDOWS\$NtUninstallKB917422$\kernel32.dll
[2007/04/16 10:52:53 | 000,984,576 | ---- | M] (Microsoft Corporation) MD5=A01F9CA902A88F7CED06884174D6419D -- C:\WINDOWS\$NtServicePackUninstall$\kernel32.dll
[2009/03/21 09:06:58 | 000,989,696 | ---- | M] (Microsoft Corporation) MD5=B921FB870C9AC0D509B2CCABBBBE95F3 -- C:\WINDOWS\system32\dllcache\kernel32.dll
[2009/03/21 09:06:58 | 000,989,696 | ---- | M] (Microsoft Corporation) MD5=B921FB870C9AC0D509B2CCABBBBE95F3 -- C:\WINDOWS\system32\kernel32.dll
[2008/04/13 19:11:56 | 000,989,696 | ---- | M] (Microsoft Corporation) MD5=C24B983D211C34DA8FCC1AC38477971D -- C:\WINDOWS\$NtUninstallKB959426$\kernel32.dll
[2008/04/13 19:11:56 | 000,989,696 | ---- | M] (Microsoft Corporation) MD5=C24B983D211C34DA8FCC1AC38477971D -- C:\WINDOWS\ServicePackFiles\i386\kernel32.dll
[2006/07/05 05:55:01 | 000,984,064 | ---- | M] (Microsoft Corporation) MD5=D8DB5397DE07577C1CB50BA6D23B3AD4 -- C:\WINDOWS\$NtUninstallKB935839$\kernel32.dll
[2009/03/21 08:59:23 | 000,991,744 | ---- | M] (Microsoft Corporation) MD5=DA11D9D6ECBDF0F93436A4B7C13F7BEC -- C:\WINDOWS\$hf_mig$\KB959426\SP3QFE\kernel32.dll

< MD5 for: MSWSOCK.DLL >
[2008/06/20 12:41:10 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=097722F235A1FB698BF9234E01B52637 -- C:\WINDOWS\$NtServicePackUninstall$\mswsock.dll
[2008/06/20 12:36:11 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=1DFCA7713EA5A70D5D93B436AEA0317A -- C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\mswsock.dll
[2004/08/04 07:00:00 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=4E74AF063C3271FBEA20DD940CFD1184 -- C:\WINDOWS\$NtUninstallKB951748_0$\mswsock.dll
[2008/06/20 12:46:57 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=832E4DD8964AB7ACC880B2837CB1ED20 -- C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\mswsock.dll
[2008/06/20 12:46:57 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=832E4DD8964AB7ACC880B2837CB1ED20 -- C:\WINDOWS\system32\dllcache\mswsock.dll
[2008/06/20 12:46:57 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=832E4DD8964AB7ACC880B2837CB1ED20 -- C:\WINDOWS\system32\mswsock.dll
[2008/04/13 19:12:01 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=B4138E99236F0F57D4CF49BAE98A0746 -- C:\WINDOWS\$NtUninstallKB951748$\mswsock.dll
[2008/04/13 19:12:01 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=B4138E99236F0F57D4CF49BAE98A0746 -- C:\WINDOWS\ServicePackFiles\i386\mswsock.dll
[2008/06/20 12:43:05 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=FCEE5FCB99F7C724593365C706D28388 -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\mswsock.dll

< MD5 for: NDIS.SYS >
[2008/04/13 14:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ServicePackFiles\i386\ndis.sys
[2008/04/13 14:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys
[2004/08/04 07:00:00 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\$NtServicePackUninstall$\ndis.sys

< MD5 for: NETLOGON.DLL >
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 07:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: NTFS.SYS >
[2007/02/09 06:23:36 | 000,574,976 | ---- | M] (Microsoft Corporation) MD5=05AB81909514BFD69CBB1F2C147CF6B9 -- C:\WINDOWS\$hf_mig$\KB930916\SP2QFE\ntfs.sys
[2007/02/09 06:10:35 | 000,574,464 | ---- | M] (Microsoft Corporation) MD5=19A811EF5F1ED5C926A028CE107FF1AF -- C:\WINDOWS\$NtServicePackUninstall$\ntfs.sys
[2008/04/13 14:15:53 | 000,574,976 | ---- | M] (Microsoft Corporation) MD5=78A08DD6A8D65E697C18E1DB01C5CDCA -- C:\WINDOWS\ServicePackFiles\i386\ntfs.sys
[2008/04/13 14:15:53 | 000,574,976 | ---- | M] (Microsoft Corporation) MD5=78A08DD6A8D65E697C18E1DB01C5CDCA -- C:\WINDOWS\system32\drivers\ntfs.sys
[2004/08/04 07:00:00 | 000,574,592 | ---- | M] (Microsoft Corporation) MD5=B78BE402C3F63DD55521F73876951CDD -- C:\WINDOWS\$NtUninstallKB930916$\ntfs.sys

< MD5 for: NTMSSVC.DLL >
[2008/04/13 19:12:02 | 000,435,200 | ---- | M] (Microsoft Corporation) MD5=156F64A3345BD23C600655FB4D10BC08 -- C:\WINDOWS\ServicePackFiles\i386\ntmssvc.dll
[2008/04/13 19:12:02 | 000,435,200 | ---- | M] (Microsoft Corporation) MD5=156F64A3345BD23C600655FB4D10BC08 -- C:\WINDOWS\system32\ntmssvc.dll
[2004/08/04 07:00:00 | 000,435,200 | ---- | M] (Microsoft Corporation) MD5=B62F29C00AC55A761B2E45877D85EA0F -- C:\WINDOWS\$NtServicePackUninstall$\ntmssvc.dll

< MD5 for: NVATA.SYS >
[2005/08/12 15:31:12 | 000,098,432 | ---- | M] (NVIDIA Corporation) MD5=11D1AD7E946538E02F9EF6A6E1792061 -- C:\cabs\K8MC51GMBD\IDE\Win2K\sata_ide\nvata.sys
[2005/08/12 15:31:12 | 000,098,432 | ---- | M] (NVIDIA Corporation) MD5=11D1AD7E946538E02F9EF6A6E1792061 -- C:\cabs\K8MC51GMBD\IDE\WinXP\sata_ide\nvata.sys
[2005/08/12 15:31:12 | 000,098,432 | ---- | M] (NVIDIA Corporation) MD5=11D1AD7E946538E02F9EF6A6E1792061 -- C:\WINDOWS\system32\drivers\nvata.sys

< MD5 for: NVATABUS.SYS >
[2005/08/12 15:31:12 | 000,098,432 | ---- | M] (NVIDIA Corporation) MD5=11D1AD7E946538E02F9EF6A6E1792061 -- C:\cabs\K8MC51GMBD\IDE\Win2K\sataraid\nvatabus.sys
[2005/08/12 15:31:12 | 000,098,432 | ---- | M] (NVIDIA Corporation) MD5=11D1AD7E946538E02F9EF6A6E1792061 -- C:\cabs\K8MC51GMBD\IDE\WinXP\sataraid\nvatabus.sys

< MD5 for: PROQUOTA.EXE >
[2004/08/04 07:00:00 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=4D9D45A4370E0C2AD00C362B7118E2A4 -- C:\WINDOWS\$NtServicePackUninstall$\proquota.exe
[2008/04/13 19:12:32 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=F6465A2EEF75468988A4FCF124148FA8 -- C:\WINDOWS\ServicePackFiles\i386\proquota.exe
[2008/04/13 19:12:32 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=F6465A2EEF75468988A4FCF124148FA8 -- C:\WINDOWS\system32\proquota.exe

< MD5 for: QMGR.DLL >
[2004/08/04 07:00:00 | 000,382,464 | ---- | M] (Microsoft Corporation) MD5=2C69EC7E5A311334D10DD95F338FCCEA -- C:\WINDOWS\$NtServicePackUninstall$\qmgr.dll
[2008/04/13 19:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\ServicePackFiles\i386\qmgr.dll
[2008/04/13 19:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\system32\bits\qmgr.dll
[2008/04/13 19:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\system32\qmgr.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 07:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: SFCFILES.DLL >
[2004/08/04 07:00:00 | 001,580,544 | ---- | M] (Microsoft Corporation) MD5=30A609E00BD1D4FFC49D6B5A432BE7F2 -- C:\WINDOWS\$NtServicePackUninstall$\sfcfiles.dll
[2008/04/13 19:12:05 | 001,614,848 | ---- | M] (Microsoft Corporation) MD5=9DD07AF82244867CA36681EA2D29CE79 -- C:\WINDOWS\ServicePackFiles\i386\sfcfiles.dll
[2008/04/13 19:12:05 | 001,614,848 | ---- | M] (Microsoft Corporation) MD5=9DD07AF82244867CA36681EA2D29CE79 -- C:\WINDOWS\system32\sfcfiles.dll

< MD5 for: SPOOLSV.EXE >
[2004/08/04 07:00:00 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=7435B108B935E42EA92CA94F59C8E717 -- C:\WINDOWS\$NtUninstallKB896423$\spoolsv.exe
[2005/06/10 19:17:13 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=AD3D9D191AEA7B5445FE1D82FFBB4788 -- C:\WINDOWS\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
[2008/04/13 19:12:36 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=D8E14A61ACC1D4A6CD0D38AEBAC7FA3B -- C:\WINDOWS\ServicePackFiles\i386\spoolsv.exe
[2008/04/13 19:12:36 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=D8E14A61ACC1D4A6CD0D38AEBAC7FA3B -- C:\WINDOWS\system32\spoolsv.exe
[2005/06/10 18:53:32 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=DA81EC57ACD4CDC3D4C51CF3D409AF9F -- C:\WINDOWS\$NtServicePackUninstall$\spoolsv.exe

< MD5 for: SRSVC.DLL >
[2008/04/13 19:12:07 | 000,171,008 | ---- | M] (Microsoft Corporation) MD5=3805DF0AC4296A34BA4BF93B346CC378 -- C:\WINDOWS\ServicePackFiles\i386\srsvc.dll
[2008/04/13 19:12:07 | 000,171,008 | ---- | M] (Microsoft Corporation) MD5=3805DF0AC4296A34BA4BF93B346CC378 -- C:\WINDOWS\system32\srsvc.dll
[2004/08/04 07:00:00 | 000,170,496 | ---- | M] (Microsoft Corporation) MD5=92BDF74F12D6CBEC43C94D4B7F804838 -- C:\WINDOWS\$NtServicePackUninstall$\srsvc.dll

< MD5 for: SVCHOST.EXE >
[2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2004/08/04 07:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: TERMSRV.DLL >
[2004/08/04 07:00:00 | 000,295,424 | ---- | M] (Microsoft Corporation) MD5=B60C877D16D9C880B952FDA04ADF16E6 -- C:\WINDOWS\$NtServicePackUninstall$\termsrv.dll
[2008/04/13 19:12:07 | 000,295,424 | ---- | M] (Microsoft Corporation) MD5=FF3477C03BE7201C294C35F684B3479F -- C:\WINDOWS\ServicePackFiles\i386\termsrv.dll
[2008/04/13 19:12:07 | 000,295,424 | ---- | M] (Microsoft Corporation) MD5=FF3477C03BE7201C294C35F684B3479F -- C:\WINDOWS\system32\termsrv.dll

< MD5 for: USERINIT.EXE >
[2004/08/04 07:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WS2_32.DLL >
[2008/04/13 19:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll
[2008/04/13 19:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\system32\ws2_32.dll
[2004/08/04 07:00:00 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=2ED0B7F12A60F90092081C50FA0EC2B2 -- C:\WINDOWS\$NtServicePackUninstall$\ws2_32.dll

< MD5 for: XMLPROV.DLL >
[2008/04/13 19:12:11 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=295D21F14C335B53CB8154E5B1F892B9 -- C:\WINDOWS\ServicePackFiles\i386\xmlprov.dll
[2008/04/13 19:12:11 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=295D21F14C335B53CB8154E5B1F892B9 -- C:\WINDOWS\system32\xmlprov.dll
[2004/08/04 07:00:00 | 000,129,536 | ---- | M] (Microsoft Corporation) MD5=EEF46DAB68229A14DA3D8E73C99E2959 -- C:\WINDOWS\$NtServicePackUninstall$\xmlprov.dll

< %systemroot%\system32\*.dll /lockedfiles >
[9 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2007/03/13 13:31:49 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2007/03/13 13:31:49 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2007/03/13 13:31:49 | 000,913,408 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FA94A934
@Alternate Data Stream - 305 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E2533C29
@Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6ECD2470
@Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3F9A3DFF
@Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:172B8774
@Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CEDA49F4
@Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4CEC0A38
@Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4A74A9A7
@Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0C9C1FE0
@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:721C42E8
@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:52110139
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9F222B60
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:32758ED6
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0DCCEC7C
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:090FB735
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F5D81BA1
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:98DFF516
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0AC32449
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C7F3F179
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:898109B4
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6D3CAFDD
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:362B7440
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A42A9F39
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5EE52088
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2D61FFEE
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9D6A0800
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:489F57C3
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:37724E88
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C3CB23B4
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:09B77012
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FAF6860A
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C46995DA
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8C8DBFC0
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1C4D3509
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DAB8A3C0
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E73AD533
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:91E2E553
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:49111367
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0FC57F99
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:10069262
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F498C545
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C8B517A2
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:38337420
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:15812AD1
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F4B0D5C7
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EE9AD6CC
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5F3235B3
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:15606AA7
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4D066AD2
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7F74B4CE
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3220AB18
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FC270C5D
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E3E01C22
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3BAE765B
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3BA31186
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:17927369
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:395C0D36
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:172EB9B5
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:451F9341
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7F4C2C65
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05113FB9
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:429EC15A
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5070F1A6
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3EA10C5C
< End of report >
  • 0

#5
major_help_needed
Posted 18 March 2010 - 07:33 AM

major_help_needed

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Here is the Extras.Txt

OTL Extras logfile created on: 3/18/2010 7:20:25 AM - Run 1
OTL by OldTimer - Version 3.1.37.2 Folder = C:\Documents and Settings\Amber\My Documents\My Pictures
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 42.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 61.00% Paging File free
Paging file location(s): C:\pagefile.sys 336 672 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 93.15 Gb Total Space | 3.67 Gb Free Space | 3.93% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SUSCC-611665749
Current User Name: Amber
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Grisoft\AVG Free\avginet.exe" = C:\Program Files\Grisoft\AVG Free\avginet.exe:*:Enabled:avginet.exe -- File not found
"C:\Program Files\Grisoft\AVG Free\avgamsvr.exe" = C:\Program Files\Grisoft\AVG Free\avgamsvr.exe:*:Enabled:avgamsvr.exe -- File not found
"C:\Program Files\Grisoft\AVG Free\avgcc.exe" = C:\Program Files\Grisoft\AVG Free\avgcc.exe:*:Enabled:avgcc.exe -- File not found
"C:\Program Files\utorrent.exe" = C:\Program Files\utorrent.exe:*:Enabled:µTorrent -- ()
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- File not found
"C:\Program Files\Internet Explorer\iexplore.exe" = C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer -- (Microsoft Corporation)
"C:\Program Files\funkitron\SCRABBLE\Scrabble.exe" = C:\Program Files\funkitron\SCRABBLE\Scrabble.exe:*:Disabled:SCRABBLE ® -- File not found
"C:\Program Files\Valusoft\Construction Destruction\ConstructionDestruction.exe" = C:\Program Files\Valusoft\Construction Destruction\ConstructionDestruction.exe:*:Enabled:ConstructionDestruction -- File not found
"C:\WINDOWS\system32\lxdmcoms.exe" = C:\WINDOWS\system32\lxdmcoms.exe:*:Enabled:Lexmark Communications System -- ( )
"C:\Program Files\Lexmark 5000 Series\lxdmamon.exe" = C:\Program Files\Lexmark 5000 Series\lxdmamon.exe:*:Enabled:Lexmark Device Monitor -- ()
"C:\Program Files\Lexmark 5000 Series\frun.exe" = C:\Program Files\Lexmark 5000 Series\frun.exe:*:Enabled:Lexmark Productivity Studio -- ()
"C:\Program Files\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe" = C:\Program Files\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe:*:Enabled:ABBYY FineReader -- File not found
"C:\Program Files\Lexmark 5000 Series\lxdmmon.exe" = C:\Program Files\Lexmark 5000 Series\lxdmmon.exe:*:Enabled:Printer Device Monitor -- ()
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdmpswx.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdmpswx.exe:*:Enabled:Printer Status Window Interface -- ()
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdmtime.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdmtime.exe:*:Enabled:Lexmark Connect Time Executable -- (Lexmark International, Inc.)
"C:\Program Files\Lexmark 5000 Series\LXDMFax.exe" = C:\Program Files\Lexmark 5000 Series\LXDMFax.exe:*:Enabled:Fax Solutions Software -- ()
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdmjswx.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdmjswx.exe:*:Enabled:Job Status Window Interface -- ()
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdmwbgw.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdmwbgw.exe:*:Enabled:Lexmark Web Gateway -- ()
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG8\avgemc.exe" = C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe -- (AVG Technologies CZ, s.r.o.)
"C:\WINDOWS\system32\muzapp.exe" = C:\WINDOWS\system32\muzapp.exe:*:Enabled:MUZ AOD APP player -- (Musiccity Co.Ltd.)
"C:\Program Files\Best Buy Rhapsody\rhapsody.exe" = C:\Program Files\Best Buy Rhapsody\rhapsody.exe:*:Enabled:Rhapsody Media Player -- File not found


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0
"{10C69612-017B-45F5-B986-7D113D5A2EA3}" = MSN Toolbar
"{17D2AF72-1448-4C43-A1C4-842757E4DEB6}" = Cabela's Big Game Hunter - Alaskan Adventures
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 11
"{28E7B64D-150F-4A9E-B7A3-5A6AC8C2F822}" = ebgcSDK
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{39B1BD87-561E-4762-AED9-7C5213B06C24}" = ebgcInfra
"{660EA583-164F-42F8-8A08-D1DE81BD764B}" = ebgcRes
"{70AB1576-7883-2313-C650-7A71270B1033}" = Nero 7 Ultra Edition
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo Layers Client 1.10.01
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8BBF6DFD-0AD9-43A7-9FBD-BF065E3866AF}" = URGE
"{8DC069E7-893C-41E1-9442-DE89FEC33371}" = Xobni Core
"{8EAC0298-F4FD-4F27-8B54-5C7D4BED2852}" = Perfect Attorney Premium
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{97F81AF1-0E47-DC99-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 ATL (x86) WinSXS MSM
"{98CB24AD-52FB-DB5F-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 CRT (x86) WinSXS MSM
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A3D44AD8-D3C9-45E4-B861-3B653C6EF620}" = Rhapsody MP3 Download Manager
"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C19BE821-89B1-4A96-AC7C-873810C0CB5F}" = ContentSAFER for Wizmax
"{C20CE592-B0F8-4D20-BF31-0151CA6331A6}" = EmoDio
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{EB7E5D86-B84C-41A8-8BDA-7C854CA46153}" = Creative MuVo V100
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AudibleManager" = AudibleManager
"AVG8Uninstall" = AVG Free 8.5
"Bookworm Deluxe 1.03" = Bookworm Deluxe 1.03
"CANONBJ_Deinstall_CNMCP75.DLL" = Canon iP1600
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200014F1" = Soft Data Fax Modem with SmartCP
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Easy-WebPrint" = Easy-WebPrint
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{C20CE592-B0F8-4D20-BF31-0151CA6331A6}" = EmoDio
"Lexmark 5000 Series" = Lexmark 5000 Series
"LimeWire" = LimeWire 4.18.8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"OggDS" = Direct Show Ogg Vorbis Filter (remove only)
"PageRage Toolbar" = PageRage Toolbar
"PlayerRecoveryDriver" = Player Recovery Drivers
"Playsushi" = Playsushi
"RealArcade" = RealArcade
"RealPlayer 12.0" = RealPlayer
"Search Guard Plus" = Search Guard Plus (My Web Tattoo)
"Search Guard Plus Updater" = Search Guard Plus Updater (My Web Tattoo)
"Super TextTwist" = Super TextTwist
"SysInfo" = Creative System Information
"The Weather Channel Desktop 6" = The Weather Channel Desktop 6
"Ultra Mobile 3GP Video Converter_is1" = Ultra Mobile 3GP Video Converter 5.0.0521
"UnityWebPlayer" = Unity Web Player
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMC - Twice in a Blue Moon" = WMC - Twice in a Blue Moon
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XobniMain" = Xobni
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Customizations" = Yahoo! Browser Services
"Yahoo! Internet Mail" = Yahoo! Internet Mail
"Yahoo! Messenger" = Yahoo! Messenger
"YInstHelper" = Yahoo! Install Manager

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"IMVU Avatar chat client software BETA" = IMVU Avatar Chat Software
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/17/2010 6:17:33 PM | Computer Name = SUSCC-611665749 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16915, faulting
module unknown, version 0.0.0.0, fault address 0x03970fce.

Error - 3/17/2010 6:18:20 PM | Computer Name = SUSCC-611665749 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16915, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3/17/2010 6:45:14 PM | Computer Name = SUSCC-611665749 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16915, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3/17/2010 6:45:51 PM | Computer Name = SUSCC-611665749 | Source = Application Hang | ID = 1001
Description = Fault bucket 1484861422.

Error - 3/17/2010 7:03:23 PM | Computer Name = SUSCC-611665749 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16915, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3/17/2010 7:12:28 PM | Computer Name = SUSCC-611665749 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16915, faulting
module unknown, version 0.0.0.0, fault address 0x02c40f32.

Error - 3/17/2010 10:23:49 PM | Computer Name = SUSCC-611665749 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16915, faulting
module unknown, version 0.0.0.0, fault address 0x03200f32.

Error - 3/18/2010 12:15:58 AM | Computer Name = SUSCC-611665749 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16915, faulting
module unknown, version 0.0.0.0, fault address 0x031d0f20.

Error - 3/18/2010 1:05:20 AM | Computer Name = SUSCC-611665749 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16915, faulting
module unknown, version 0.0.0.0, fault address 0x02b40f06.

Error - 3/18/2010 8:18:07 AM | Computer Name = SUSCC-611665749 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16915, faulting
module yietagbm.dll, version 2006.7.28.1, fault address 0x00001dec.

[ System Events ]
Error - 3/17/2010 7:09:34 PM | Computer Name = SUSCC-611665749 | Source = DCOM | ID = 10005
Description = DCOM got error "%3" attempting to start the service gusvc with arguments
"" in order to run the server: {89DAE4CD-9F17-4980-902A-99BA84A8F5C8}

Error - 3/17/2010 7:10:17 PM | Computer Name = SUSCC-611665749 | Source = DCOM | ID = 10005
Description = DCOM got error "%3" attempting to start the service gusvc with arguments
"" in order to run the server: {89DAE4CD-9F17-4980-902A-99BA84A8F5C8}

Error - 3/17/2010 7:11:16 PM | Computer Name = SUSCC-611665749 | Source = DCOM | ID = 10005
Description = DCOM got error "%3" attempting to start the service gusvc with arguments
"" in order to run the server: {89DAE4CD-9F17-4980-902A-99BA84A8F5C8}

Error - 3/17/2010 7:12:25 PM | Computer Name = SUSCC-611665749 | Source = DCOM | ID = 10005
Description = DCOM got error "%3" attempting to start the service gusvc with arguments
"" in order to run the server: {89DAE4CD-9F17-4980-902A-99BA84A8F5C8}

Error - 3/17/2010 8:50:18 PM | Computer Name = SUSCC-611665749 | Source = DCOM | ID = 10005
Description = DCOM got error "%3" attempting to start the service gusvc with arguments
"" in order to run the server: {89DAE4CD-9F17-4980-902A-99BA84A8F5C8}

Error - 3/17/2010 9:41:40 PM | Computer Name = SUSCC-611665749 | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x800b0100: Automatic Updates.

Error - 3/17/2010 9:59:53 PM | Computer Name = SUSCC-611665749 | Source = DCOM | ID = 10005
Description = DCOM got error "%3" attempting to start the service gusvc with arguments
"" in order to run the server: {89DAE4CD-9F17-4980-902A-99BA84A8F5C8}

Error - 3/17/2010 11:39:54 PM | Computer Name = SUSCC-611665749 | Source = DCOM | ID = 10005
Description = DCOM got error "%3" attempting to start the service gusvc with arguments
"" in order to run the server: {89DAE4CD-9F17-4980-902A-99BA84A8F5C8}

Error - 3/18/2010 12:19:13 AM | Computer Name = SUSCC-611665749 | Source = Service Control Manager | ID = 7034
Description = The SearchSpiderSvc service terminated unexpectedly. It has done
this 1 time(s).

Error - 3/18/2010 12:29:58 AM | Computer Name = SUSCC-611665749 | Source = Service Control Manager | ID = 7000
Description = The MCSTRM service failed to start due to the following error: %%2


< End of report >
  • 0

#6
Mjöllnir
Posted 18 March 2010 - 08:38 AM

Mjöllnir

    Trusted Helper

  • Retired Staff
  • 1,207 posts
Yes, please post the Malwarebytes log. :)
  • 0

#7
Mjöllnir
Posted 19 March 2010 - 01:34 PM

Mjöllnir

    Trusted Helper

  • Retired Staff
  • 1,207 posts
Hello.


Please continue with the steps below.


»» Step 1 ««

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
SRV - (Seekeen Service) -- File not found
SRV - (iPod Service) -- File not found
SRV - (gusvc) -- File not found
IE - HKCU\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - Reg Error: Key error. File not found
O2 - BHO: () - {45A4902E-4479-4EAE-A186-8D0F7E4C78DE} - C:\Program Files\Starware316\bin\Starware316.dll File not found
O2 - BHO: (Search Assistant) - {F0626A63-410B-45E2-99A1-3F2475B2D695} - C:\Program Files\SGPSA\BHO.dll (MTWB)
O3 - HKLM\..\Toolbar: (Starware Screensavers Toolbar) - {9FB3908C-6565-4CB0-95F8-E9F85258723C} - C:\Program Files\Starware316\bin\Starware316.dll File not found
O4 - HKLM..\Run: [Amazing3DAquariumWallpaper] C:\Program Files\At The Depth - Animated 3D Wallpaper\wallpaper.exe File not found
O4 - HKLM..\Run: [EleFunAnimatedWallpaper] File not found
O4 - HKLM..\Run: [FBSearch] C:\Program Files\Search Guard Plus\SearchGuardPlus.exe ()
O4 - HKLM..\Run: [SGPUpdater] C:\Program Files\Search Guard PlusU\sgpUpdaters.exe ()
O4 - HKCU..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe File not found
O4 - HKCU..\Run: [WeatherDPA] C:\Program Files\Hotbar\bin\10.0.356.0\Weather.exe File not found
[2010/03/16 20:41:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Amber\Local Settings\Application Data\qcpqbw
[2010/03/14 17:42:39 | 000,000,000 | ---D | C] -- C:\Program Files\Dogpile Toolbar
[9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\Documents and Settings\All Users\*.tmp files -> C:\Documents and Settings\All Users\*.tmp -> ]
[18 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

:Services
Seekeen Service
iPod Service
gusvc

:Reg

:Files
C:\Program Files\Search Guard Plus\SearchGuardPlus.exe

:Commands
[purity]
[resethosts]
[emptytemp]
[emptyflash]
[create]
[start explorer]
[reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post the log it produces in your next reply.




»» Step 2 ««

Malwarebytes' Anti-Malware
Please download Malwarebytes' Anti-Malware from Here or Here

Double-click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy & Paste the entire report in your next reply.
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer, please do so immediately.




»» Step 3 ««

OTL Scan
  • Download OTL to your desktop.
  • Double-click on the icon to run it. Make sure all other windows are closed to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Click the Quick Scan button. Do not change any other settings.
  • Please copy (Edit->Select All, Edit->Copy) the contents of OTL.txt and post it in your next reply.




»» Step 4 ««

Post Logs
Please post back with the following information:
  • OTL Fix Log
  • MBAM Log
  • OTL Scan Log
  • How your computer is running now

  • 0

#8
major_help_needed
Posted 19 March 2010 - 08:00 PM

major_help_needed

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Here is OTL Fix log

All processes killed
========== OTL ==========
Service Seekeen Service stopped successfully!
Service Seekeen Service deleted successfully!
File File not found not found.
Service iPod Service stopped successfully!
Service iPod Service deleted successfully!
File File not found not found.
Service gusvc stopped successfully!
Service gusvc deleted successfully!
File File not found not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{EEE6C35D-6118-11DC-9C72-001320C79847} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{45A4902E-4479-4EAE-A186-8D0F7E4C78DE}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{45A4902E-4479-4EAE-A186-8D0F7E4C78DE}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F0626A63-410B-45E2-99A1-3F2475B2D695}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F0626A63-410B-45E2-99A1-3F2475B2D695}\ deleted successfully.
C:\Program Files\SGPSA\BHO.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{9FB3908C-6565-4CB0-95F8-E9F85258723C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9FB3908C-6565-4CB0-95F8-E9F85258723C}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Amazing3DAquariumWallpaper deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\EleFunAnimatedWallpaper deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\FBSearch deleted successfully.
C:\Program Files\Search Guard Plus\SearchGuardPlus.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SGPUpdater deleted successfully.
C:\Program Files\Search Guard PlusU\sgpUpdaters.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeUpdater deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\WeatherDPA deleted successfully.
C:\Documents and Settings\Amber\Local Settings\Application Data\qcpqbw folder moved successfully.
C:\Program Files\Dogpile Toolbar folder moved successfully.
C:\WINDOWS\System32\cnm1A.tmp deleted successfully.
C:\WINDOWS\System32\cnm48.tmp deleted successfully.
C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
C:\WINDOWS\System32\SET3E.tmp deleted successfully.
C:\WINDOWS\System32\SET40.tmp deleted successfully.
C:\WINDOWS\System32\SET44.tmp deleted successfully.
C:\WINDOWS\System32\SET45.tmp deleted successfully.
C:\WINDOWS\System32\SET4C.tmp deleted successfully.
C:\WINDOWS\System32\SET4E.tmp deleted successfully.
C:\Documents and Settings\All Users\SPL15F.tmp deleted successfully.
C:\Documents and Settings\All Users\SPL1E1.tmp deleted successfully.
C:\WINDOWS\003054_.tmp deleted successfully.
C:\WINDOWS\DUMP226c.tmp deleted successfully.
C:\WINDOWS\DUMP5469.tmp deleted successfully.
C:\WINDOWS\DUMP563e.tmp deleted successfully.
C:\WINDOWS\DUMP567c.tmp deleted successfully.
C:\WINDOWS\DUMP5738.tmp deleted successfully.
C:\WINDOWS\DUMP57a5.tmp deleted successfully.
C:\WINDOWS\DUMP57b5.tmp deleted successfully.
C:\WINDOWS\DUMP591c.tmp deleted successfully.
C:\WINDOWS\DUMP5a16.tmp deleted successfully.
C:\WINDOWS\DUMP5af1.tmp deleted successfully.
C:\WINDOWS\DUMP5b5e.tmp deleted successfully.
C:\WINDOWS\DUMP5f27.tmp deleted successfully.
C:\WINDOWS\DUMP659f.tmp deleted successfully.
C:\WINDOWS\DUMP6eb7.tmp deleted successfully.
C:\WINDOWS\SET3.tmp deleted successfully.
C:\WINDOWS\SET4.tmp deleted successfully.
C:\WINDOWS\SET8.tmp deleted successfully.
========== SERVICES/DRIVERS ==========
Error: No service named Seekeen Service was found to stop!
Service\Driver key Seekeen Service not found.
Error: No service named iPod Service was found to stop!
Service\Driver key iPod Service not found.
Error: No service named gusvc was found to stop!
Service\Driver key gusvc not found.
========== REGISTRY ==========
========== FILES ==========
File\Folder C:\Program Files\Search Guard Plus\SearchGuardPlus.exe not found.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 150183 bytes

User: Alexsis
->Temp folder emptied: 44787566 bytes
->Temporary Internet Files folder emptied: 727120793 bytes
->Java cache emptied: 14999050 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 53075 bytes

User: All Users

User: Amber
->Temp folder emptied: 16965578797 bytes
->Temporary Internet Files folder emptied: 845126635 bytes
->Java cache emptied: 30825386 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 1497417 bytes

User: Brailyn

User: Dee
->Temp folder emptied: 20691921 bytes
->Temporary Internet Files folder emptied: 178202975 bytes
->Java cache emptied: 769250 bytes
->Flash cache emptied: 1546350 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Ellen Renee'
->Temp folder emptied: 6781913300 bytes
->Temporary Internet Files folder emptied: 82138465 bytes
->Java cache emptied: 38425306 bytes
->FireFox cache emptied: 2471154 bytes
->Flash cache emptied: 229871 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 5309277 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 405 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 747768 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2508382033 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 23946434 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 1021659 bytes

Total Files Cleaned = 26,966.00 mb


[EMPTYFLASH]

User: Administrator

User: Alexsis
->Flash cache emptied: 0 bytes

User: All Users

User: Amber
->Flash cache emptied: 0 bytes

User: Brailyn

User: Dee
->Flash cache emptied: 0 bytes

User: Default User

User: Ellen Renee'
->Flash cache emptied: 0 bytes

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService

Total Flash Files Cleaned = 0.00 mb

Error: Unable to interpret <[create]> in the current context!

OTL by OldTimer - Version 3.1.37.2 log created on 03192010_200621

Files\Folders moved on Reboot...
C:\Documents and Settings\Amber\Local Settings\Temp\~DF4412.tmp moved successfully.
File\Folder C:\Documents and Settings\Amber\Local Settings\Temp\~DF8B5C.tmp not found!
File\Folder C:\Documents and Settings\Amber\Local Settings\Temp\~DF8BF7.tmp not found!
C:\Documents and Settings\Amber\Local Settings\Temporary Internet Files\Content.IE5\W3YIIN7Y\favicon[4].ico moved successfully.
C:\Documents and Settings\Amber\Local Settings\Temporary Internet Files\Content.IE5\W3YIIN7Y\iframe[1].htm moved successfully.
C:\Documents and Settings\Amber\Local Settings\Temporary Internet Files\Content.IE5\W3YIIN7Y\opensearch[1] moved successfully.
C:\Documents and Settings\Amber\Local Settings\Temporary Internet Files\Content.IE5\W3YIIN7Y\Windows-Antivirus-Software-messages-t271551[1].htm moved successfully.
C:\Documents and Settings\Amber\Local Settings\Temporary Internet Files\Content.IE5\TLBM3OM0\favicon-vfl147246[1].ico moved successfully.
C:\Documents and Settings\Amber\Local Settings\Temporary Internet Files\Content.IE5\S2KR9EAG\10jfw8tc[1].xml moved successfully.
C:\Documents and Settings\Amber\Local Settings\Temporary Internet Files\Content.IE5\CSWLLF9V\favicon[5].ico moved successfully.
C:\Documents and Settings\Amber\Local Settings\Temporary Internet Files\AntiPhishing\A0AB7674-8D67-4F4D-B5E1-96FAEADFB79D.dat moved successfully.

Registry entries deleted on Reboot...
  • 0

#9
major_help_needed
Posted 19 March 2010 - 09:23 PM

major_help_needed

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Here is the newest Mbam log

Malwarebytes' Anti-Malware 1.44
Database version: 3886
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.11

3/19/2010 10:21:35 PM
mbam-log-2010-03-19 (22-21-35).txt

Scan type: Quick Scan
Objects scanned: 170134
Time elapsed: 1 hour(s), 17 minute(s), 41 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

#10
Mjöllnir
Posted 19 March 2010 - 11:18 PM

Mjöllnir

    Trusted Helper

  • Retired Staff
  • 1,207 posts
Have you been able to get another OTL scan? Also, how is your computer behaving now?
:)
  • 0

Advertisements

#11
Mjöllnir
Posted 20 March 2010 - 10:59 AM

Mjöllnir

    Trusted Helper

  • Retired Staff
  • 1,207 posts
Hello.


IMPORTANT
I have noticed that you have peer-to-peer (P2P) software installed on your computer. P2P applications open holes in your computer's security, giving unsecure routes for malware to access your machine. P2P programs are widely used to distribute viruses. Many of the highly successful viruses in circulation today use P2P programs running on an infected computer as an additional mechanism for propagation. In some cases, virus writers may anonymously introduce newly created viruses to the Internet via P2P. In the wild, such newly created viruses are less likely to be detected by your antivirus program. You might consider removing these applications: Limewire, uTorrent



Posted Image Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application. NOT supported for use in 9x or ME

Upgrading Java:
  • Download the latest version of Java SE Runtime Environment (JRE)JRE 6 Update 18.
  • Click the "Download" button to the right.
  • Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
  • Click on Continue.
  • Click on the link to download Windows Offline Installation (jre-6u18-windows-i586.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.(Vista users, right click on the jre-6u18-windows-i586.exe and select "Run as an Administrator.")





Download TFC by OldTimer to your desktop
  • Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run as administrator).
  • It will close all programs when run, so make sure you have saved all your work before you begin.
  • Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
  • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.



NOTE: This scan can take a while. You might start it when you are not going to be using the computer for several hours.


Using Internet Explorer or Firefox, visit Kaspersky Online Scanner

1. Click Accept, when prompted to download and install the program files and database of malware definitions.

2. To optimize scanning time and produce a more sensible report for review:
  • Close any open programs
  • Turn off the real time scanner of any existing antivirus program while performing the online scan. Click HERE to see how to disable the most common antivirus programs.
3. Click Run at the security prompt.

The program will then begin downloading and installing and will also update the database.
Please be patient as this can take quite a long time to download.
  • Once the update is complete, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, adware, dialers, and other riskware
    • Archives
    • E-mail databases
  • Click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View report... at the bottom.
  • Click the Save report... button.

    Posted Image

  • Change the Files of type dropdown box to Text file (.txt) and name the file KasReport.txt to save the file to your desktop so that you may post it in your next reply

  • 0

#12
major_help_needed
Posted 21 March 2010 - 02:06 AM

major_help_needed

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Here is the OTL.log quick scan

OTL logfile created on: 3/21/2010 2:12:15 AM - Run 2
OTL by OldTimer - Version 3.1.37.2 Folder = C:\Documents and Settings\Amber\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 0.00 Gb Available Physical Memory | 40.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 40.00% Paging File free
Paging file location(s): C:\pagefile.sys 336 672 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 93.15 Gb Total Space | 28.44 Gb Free Space | 30.54% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SUSCC-611665749
Current User Name: Amber
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Minimal
Quick Scan

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Amber\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
PRC - C:\Program Files\Xobni\XobniService.exe (Xobni Corporation)
PRC - C:\Program Files\AVG\AVG8\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgemc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Samsung\EmoDio\SMSTray.exe (SAMSUNG ELECTRONICS)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Lexmark 5000 Series\lxdmmon.exe ()
PRC - C:\WINDOWS\system32\lxdmcoms.exe ( )
PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdmserv.exe (Lexmark International, Inc.)
PRC - C:\Program Files\Lexmark 5000 Series\lxdmamon.exe ()
PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
PRC - C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Amber\Desktop\OTL.exe (OldTimer Tools)


========== Win32 Services (SafeList) ==========

SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (XobniService) -- C:\Program Files\Xobni\XobniService.exe (Xobni Corporation)
SRV - (avg8emc) -- C:\Program Files\AVG\AVG8\avgemc.exe (AVG Technologies CZ, s.r.o.)
SRV - (avg8wd) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (lxdm_device) -- C:\WINDOWS\System32\lxdmcoms.exe ( )
SRV - (lxdmCATSCustConnectService) -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdmserv.exe ()


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Use Custom Search URL = 0

IE - HKCU\..\URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: *{EEE6C35D-6118-11DC-9C72-001320C79847} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: *{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

========== FireFox ==========



FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Hotbar\bin\10.0.356.0\firefox\extensions
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2009/12/22 10:32:45 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{98e34367-8df7-42b4-837b-20b892ff0847}: C:\Program Files\iWin Games\firefox\

[2009/07/05 14:58:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Amber\Application Data\Mozilla\Extensions
[2009/07/05 14:58:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Amber\Application Data\Mozilla\Extensions\[email protected]
[2009/03/15 17:15:18 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2007/03/29 09:59:08 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2008/11/08 17:50:39 | 000,002,386 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\seekeen.xml

O1 HOSTS File: ([2010/03/19 20:07:03 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (PageRage Toolbar) - {9565115d-c7d6-46d3-bd63-b67b481a4368} - C:\Program Files\PageRage\tbPage.dll (Conduit Ltd.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Gamevance Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers Client\YontooIEClient.dll (Yontoo Technology, Inc.)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKLM\..\Toolbar: (PageRage Toolbar) - {9565115d-c7d6-46d3-bd63-b67b481a4368} - C:\Program Files\PageRage\tbPage.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (Gamevance Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (PageRage Toolbar) - {9565115D-C7D6-46D3-BD63-B67B481A4368} - C:\Program Files\PageRage\tbPage.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Gamevance Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O4 - HKLM..\Run: [Lexmark 5000 Series Fax Server] C:\Program Files\Lexmark 5000 Series\fm3032.exe ()
O4 - HKLM..\Run: [lxdmamon] C:\Program Files\Lexmark 5000 Series\lxdmamon.exe ()
O4 - HKLM..\Run: [lxdmmon.exe] C:\Program Files\Lexmark 5000 Series\lxdmmon.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [SMSTray] C:\Program Files\Samsung\EmoDio\SMSTray.exe (SAMSUNG ELECTRONICS)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [DW6] C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe (The Weather Channel Interactive, Inc.)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\RunOnce: [Shockwave Updater] C:\WINDOWS\System32\Adobe\Shockwave 11\SwHelper_1150596.exe -Update -1150596 -Mozilla\4.0 (compatible; MSIE 7.0; Windows NT 5.1; GTB6; Mozilla\4.0 ( File not found
O4 - Startup: C:\Documents and Settings\Amber\Start Menu\Programs\Startup\IMVU.lnk = C:\Documents and Settings\Amber\Application Data\IMVUClient\IMVUQualityAgent.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_11.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Amber\Start Menu\Programs\IMVU\Run IMVU.lnk ()
O9 - Extra Button: Go PlaySushi! - {EBD24BD3-E272-4FA3-A8BA-C5D709757CAB} - C:\Program Files\PlaySushi\PSText.dll ()
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop WallPaper: C:\Documents and Settings\Amber\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Amber\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/03/13 19:41:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 14 Days ==========

[2010/03/20 14:05:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2010/03/19 20:06:21 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/03/18 07:15:16 | 000,556,032 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Amber\Desktop\OTL.exe
[2010/03/17 23:26:54 | 000,000,000 | ---D | C] -- C:\Avenger
[2010/03/17 18:10:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Amber\Application Data\Malwarebytes
[2010/03/17 17:33:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Amber\Local Settings\Application Data\The Weather Channel
[2010/03/17 16:19:04 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2010/03/17 16:19:04 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2010/03/17 16:19:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010/03/17 16:19:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2010/03/17 01:23:47 | 000,000,000 | ---D | C] -- C:\scc_40
[2010/03/16 20:57:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Amber\Application Data\SUPERAntiSpyware.com
[2009/11/30 16:07:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2009/11/30 15:31:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2009/10/16 23:36:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Xobni
[2008/11/18 07:45:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Mozilla
[2008/11/08 22:09:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Mozilla
[2008/09/07 19:59:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\AVGTOOLBAR
[2008/09/07 18:07:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2008/09/07 18:07:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2008/09/07 18:01:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Google
[2008/01/06 20:05:54 | 000,434,176 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdmhcp.dll
[2008/01/06 20:05:54 | 000,356,352 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdminpa.dll
[2008/01/06 20:05:53 | 001,200,128 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdmserv.dll
[2008/01/06 20:05:53 | 000,950,272 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdmusb1.dll
[2008/01/06 20:05:53 | 000,339,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdmiesc.dll
[2008/01/06 20:05:52 | 000,647,168 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdmpmui.dll
[2008/01/06 20:05:52 | 000,565,248 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdmlmpm.dll
[2008/01/06 20:05:52 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdmprox.dll
[2008/01/06 20:05:50 | 000,663,552 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdmhbn3.dll
[2008/01/06 20:05:49 | 000,860,160 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdmcomc.dll
[2008/01/06 20:05:49 | 000,364,544 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdmcomm.dll
[2007/06/27 21:13:14 | 000,774,144 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RngInterstitial.dll

========== Files - Modified Within 14 Days ==========

[2010/03/21 02:01:05 | 000,000,248 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2010/03/20 21:08:02 | 057,451,645 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/03/20 15:49:36 | 000,000,914 | ---- | M] () -- C:\Documents and Settings\Amber\Start Menu\Programs\Startup\IMVU.lnk
[2010/03/20 15:47:37 | 000,030,277 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/03/20 15:47:36 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/03/20 14:59:10 | 000,000,075 | ---- | M] () -- C:\WINDOWS\popcinfo.dat
[2010/03/20 13:25:36 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/03/20 13:25:31 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/03/20 13:24:00 | 006,029,312 | -H-- | M] () -- C:\Documents and Settings\Amber\NTUSER.DAT
[2010/03/20 13:24:00 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Amber\ntuser.ini
[2010/03/20 13:23:12 | 000,001,004 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/03/20 13:23:12 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/03/20 13:23:12 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2010/03/19 20:07:03 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2010/03/18 07:13:51 | 000,556,032 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Amber\Desktop\OTL.exe
[2010/03/17 15:53:48 | 000,000,094 | ---- | M] () -- C:\WINDOWS\System32\bad_packet
[2010/03/17 00:19:45 | 000,000,245 | ---- | M] () -- C:\WINDOWS\System32\query.raw
[2010/03/15 19:52:07 | 000,443,918 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/03/15 19:52:07 | 000,072,050 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/03/15 19:52:06 | 000,525,448 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/03/15 15:13:29 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/03/08 16:42:32 | 000,034,791 | ---- | M] () -- C:\Documents and Settings\All Users\lxdm
[2010/03/08 16:03:25 | 000,000,054 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat
[2010/03/08 16:03:25 | 000,000,039 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat

========== Files Created - No Company Name ==========

[2010/03/08 16:03:25 | 000,000,054 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2010/03/08 16:03:25 | 000,000,039 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2009/12/04 14:00:36 | 000,000,140 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\xobni_installer_updater.log
[2009/11/29 16:17:58 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\AVERM.dll
[2009/11/29 16:17:58 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\AVEQT.dll
[2009/07/02 20:12:47 | 000,000,065 | ---- | C] () -- C:\WINDOWS\FISHUI.INI
[2009/06/28 19:07:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Habim34.ini
[2009/06/28 18:54:57 | 000,000,065 | ---- | C] () -- C:\WINDOWS\iltwain.ini
[2009/03/28 13:19:37 | 000,000,072 | ---- | C] () -- C:\WINDOWS\Adams65.ini
[2008/10/19 19:12:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ka.ini
[2008/09/17 13:36:22 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll
[2008/09/17 13:36:20 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2008/09/17 13:36:20 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2008/09/17 13:36:20 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2008/07/22 07:32:10 | 000,000,090 | ---- | C] () -- C:\WINDOWS\consys.ini
[2008/03/24 11:24:23 | 000,012,800 | ---- | C] () -- C:\Documents and Settings\Amber\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/01/06 20:15:18 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxdmvs.dll
[2008/01/06 20:15:14 | 000,348,160 | ---- | C] () -- C:\WINDOWS\System32\lxdmcoin.dll
[2008/01/06 20:14:16 | 000,692,224 | ---- | C] () -- C:\WINDOWS\System32\lxdmdrs.dll
[2008/01/06 20:14:16 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\lxdmcnv4.dll
[2008/01/06 20:14:16 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\lxdmcaps.dll
[2008/01/06 20:13:46 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\LXDMPMON.DLL
[2008/01/06 20:13:46 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\LXDMFXPU.DLL
[2008/01/06 20:13:26 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\lxdmoem.dll
[2008/01/06 20:06:09 | 000,000,060 | ---- | C] () -- C:\WINDOWS\System32\lxdmrwrd.ini
[2008/01/06 20:05:54 | 000,348,160 | ---- | C] () -- C:\WINDOWS\System32\lxdminst.dll
[2008/01/06 20:05:50 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lxdmgrd.dll
[2007/06/24 16:54:34 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/04/24 21:51:28 | 000,018,916 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/04/04 19:54:15 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2007/03/17 12:28:08 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/03/14 12:35:19 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\CNMVS75.DLL
[2007/03/13 22:12:26 | 000,219,952 | ---- | C] () -- C:\Program Files\utorrent.exe
[2007/03/13 21:52:41 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/03/05 13:34:28 | 000,676,224 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2005/09/20 15:43:20 | 000,229,376 | ---- | C] () -- C:\WINDOWS\System32\ISP2000.dll
[2005/09/18 09:32:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2005/09/18 09:32:00 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2005/09/18 09:32:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2005/09/18 09:32:00 | 000,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2005/09/18 09:32:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2005/09/18 09:32:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2005/09/18 09:32:00 | 000,046,080 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2008/01/06 20:13:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\5000 Series
[2007/05/30 16:39:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\55-95-pn-3s-rp-7s
[2008/12/24 15:01:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\7Wonders2
[2010/02/19 22:13:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2008/06/14 15:40:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG7
[2007/11/04 16:20:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cabela's Big Game Hunter - Alaskan Adventure Saves
[2007/03/14 12:34:59 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2009/12/03 21:48:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Christmasville
[2009/03/20 10:41:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eGames
[2009/10/06 20:49:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Flood Light Games
[2008/09/18 05:21:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fugazo
[2009/10/06 20:49:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GameHouse
[2008/09/18 04:10:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Go Go Gourmet
[2009/12/04 23:34:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gogii
[2009/12/15 03:17:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gogii Games
[2007/03/13 21:54:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2008/12/29 19:42:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Intenium
[2009/12/15 03:22:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iWin Games
[2009/12/20 20:42:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\JollyBear
[2009/12/27 19:15:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo
[2007/05/26 20:34:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\n7-89-o9-3r-4t-r9
[2009/10/06 22:06:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NeoEdge Networks
[2009/10/06 20:03:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2008/06/04 02:38:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2009/01/02 14:50:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games
[2010/01/20 12:06:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer
[2010/01/30 23:28:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/06/16 22:22:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TERMINAL Studio
[2009/12/03 23:35:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TheRace_dev
[2008/03/01 23:07:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zylom
[2009/11/30 15:31:01 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}
[2008/11/21 19:05:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Amber\Application Data\5000 Series
[2008/06/14 10:38:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Amber\Application Data\AVG7
[2009/01/17 08:10:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Amber\Application Data\AVGTOOLBAR
[2007/06/13 22:07:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Amber\Application Data\bang
[2008/03/01 23:06:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Amber\Application Data\BloodTies
[2009/01/02 16:56:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Amber\Application Data\cerasus.media
[2009/03/20 10:38:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Amber\Application Data\eGames
[2008/03/01 23:12:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Amber\Application Data\Eyeblaster
[2008/12/24 11:43:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Amber\Application Data\Friday's games
[2008/03/01 23:07:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Amber\Application Data\GameHouse
[2009/11/29 16:02:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Amber\Application Data\GetRightToGo
[2009/12/21 04:51:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Amber\Application Data\Go-Go Gourmet Chef of the Year
[2009/12/13 01:54:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Amber\Application Data\Gogii Games
[2007/09/20 17:58:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Amber\Application Data\HbTools
[2009/03/20 03:59:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Amber\Application Data\Home Sweet Home
[2010/03/20 15:49:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Amber\Application Data\IMVU
[2010/02/05 08:19:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Amber\Application Data\IMVUClient
[2009/06/12 22:00:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Amber\Application Data\iWin
[2008/02/01 15:11:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Amber\Application Data\Lexmark Productivity Studio
[2008/12/26 06:25:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Amber\Application Data\PlayFirst
[2009/03/04 17:38:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Amber\Application Data\Playrix Entertainment
[2008/09/18 11:59:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Amber\Application Data\Sandlot Games
[2008/07/30 20:51:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Amber\Application Data\uTorrent
[2010/01/23 23:46:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Amber\Application Data\Vivox
[2010/03/15 15:13:29 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2010/03/21 02:01:05 | 000,000,248 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FA94A934
@Alternate Data Stream - 305 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E2533C29
@Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6ECD2470
@Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3F9A3DFF
@Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:172B8774
@Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CEDA49F4
@Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4CEC0A38
@Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4A74A9A7
@Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0C9C1FE0
@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:721C42E8
@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:52110139
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9F222B60
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:32758ED6
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0DCCEC7C
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:090FB735
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F5D81BA1
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:98DFF516
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0AC32449
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C7F3F179
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:898109B4
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6D3CAFDD
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:362B7440
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A42A9F39
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5EE52088
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2D61FFEE
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9D6A0800
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:489F57C3
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:37724E88
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C3CB23B4
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:09B77012
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FAF6860A
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C46995DA
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8C8DBFC0
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1C4D3509
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DAB8A3C0
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E73AD533
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:91E2E553
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:49111367
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0FC57F99
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:10069262
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F498C545
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C8B517A2
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:38337420
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:15812AD1
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F4B0D5C7
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EE9AD6CC
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5F3235B3
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:15606AA7
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4D066AD2
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7F74B4CE
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3220AB18
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FC270C5D
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E3E01C22
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3BAE765B
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3BA31186
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:17927369
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:395C0D36
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:172EB9B5
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:451F9341
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7F4C2C65
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05113FB9
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:429EC15A
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5070F1A6
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3EA10C5C
< End of report >
  • 0

#13
Mjöllnir
Posted 21 March 2010 - 02:42 AM

Mjöllnir

    Trusted Helper

  • Retired Staff
  • 1,207 posts
Let me know how things are running now.
  • 0

#14
major_help_needed
Posted 21 March 2010 - 06:57 PM

major_help_needed

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
As of now there have been no signs of a virus everything is up and running. Computer is pretty slow but thats about all. I will post the other logs asap but it might take a few days because i have to go out of town but everything seems better so far thank you so much.
  • 0

#15
Mjöllnir
Posted 21 March 2010 - 07:41 PM

Mjöllnir

    Trusted Helper

  • Retired Staff
  • 1,207 posts

I will post the other logs asap but it might take a few days because i have to go out of town but everything seems better so far thank you so much.

No problem. i am just looking forward to the Kaspersky online scan log.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP