Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

ERUNT problem [Solved]

Started by Cinnamoroll , May 13 2010 09:20 PM

This topic is locked

#16
azarl

Posted 23 May 2010 - 03:52 AM

GeekU Admin

Community Leader
25,310 posts

Let's start from the basics then

Please follow all of the steps in this section of the Malware Forum, then please post the MBAM, GMER and OTL Logs in this thread.

#17
Cinnamoroll

Posted 23 May 2010 - 12:27 PM

Member

Topic Starter
Member
155 posts

MBAM LOG:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4133

Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18904

5/23/2010 2:26:48 PM
mbam-log-2010-05-23 (14-26-48).txt

Scan type: Quick scan
Objects scanned: 134459
Time elapsed: 6 minute(s), 51 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#18
Cinnamoroll

Posted 23 May 2010 - 05:10 PM

Member

Topic Starter
Member
155 posts

following problems with GMER:

1. I didn't unchecked the "showed all" box so when I realized it I stopped it but it froze my comp. and it shut down automatically.

2. I re open and scan it but it lag so i master shut down it

3. I tried it again but I forgot to save the log so when I re-open it didn't work. Loaded too slow-_-'''

so should I download GMER again? or continue the OTL log?

Note: when I was replying to you I was in safe mode and not long after the comp. shut down by itself again. I tried opening the comp. but it didn't work for awhile. So I figure it need to recharge its battery. I hope that's wasn't a problem.....

Edited by Cinnamoroll, 23 May 2010 - 05:23 PM.

#19
azarl

Posted 24 May 2010 - 02:16 AM

GeekU Admin

Community Leader
25,310 posts

I could do with seeing a GMER log too please

#20
Cinnamoroll

Posted 24 May 2010 - 03:47 PM

Member

Topic Starter
Member
155 posts

I could do with seeing a GMER log too please

When I used the GMER it

1. shut down my comp.

2. lags and not responding-.-

can I used a different program because I'm afraid it will harm my computer if I continue to use it.

#21
azarl

Posted 24 May 2010 - 03:58 PM

GeekU Admin

Community Leader
25,310 posts

Currently GMER is the most effective way of checking for a particalur Rootkit that is doing the rounds, It won't harm your computer.

Please download DeFogger to your desktop.

Double click DeFogger to run the tool.

The application window will appear
Click the Disable button to disable your CD Emulation drivers
Click Yes to continue
A 'Finished!' message will appear
Click OK
DeFogger will now ask to reboot the machine - click OK

IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

Do not re-enable these drivers until otherwise instructed.

Then try GMER again please.

#22
Cinnamoroll

Posted 24 May 2010 - 05:10 PM

Member

Topic Starter
Member
155 posts

After several tries, here is the GMER log:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-05-24 19:08:16
Windows 6.0.6001 Service Pack 1
Running: gmer.exe; Driver: C:\Users\maggie\AppData\Local\Temp\pwryypod.sys

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e376092e0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x04 0x71 0x86 0x01 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x5A 0x0B 0x1F 0x04 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xE9 0x22 0x12 0x4A ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001e376092e0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x04 0x71 0x86 0x01 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x5A 0x0B 0x1F 0x04 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xE9 0x22 0x12 0x4A ...

---- EOF - GMER 1.0.15 ----

#23
Cinnamoroll

Posted 24 May 2010 - 05:23 PM

Member

Topic Starter
Member
155 posts

OTL LOG:

OTL logfile created on: 5/24/2010 7:12:39 PM - Run 1
OTL by OldTimer - Version 3.2.5.0 Folder = C:\Users\maggie\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 78.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 94.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 103.61 Gb Total Space | 35.80 Gb Free Space | 34.56% Space Free | Partition Type: NTFS
Drive D: | 111.79 Gb Total Space | 111.69 Gb Free Space | 99.91% Space Free | Partition Type: NTFS
Drive E: | 7.16 Gb Total Space | 0.71 Gb Free Space | 9.87% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 1.01 Gb Total Space | 0.97 Gb Free Space | 95.86% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded

Computer Name: MAGGIE-PC
Current User Name: maggie
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/05/24 19:12:18 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Users\maggie\Downloads\OTL.exe
PRC - [2008/10/29 02:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

========== Modules (SafeList) ==========

MOD - [2010/05/24 19:12:18 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Users\maggie\Downloads\OTL.exe
MOD - [2008/01/19 03:33:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
MOD - [2008/01/19 03:26:34 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (npkcmsvc)
SRV - [2010/03/19 10:49:20 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/03/12 18:36:54 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2009/03/21 20:10:54 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/12/05 16:11:54 | 000,935,208 | ---- | M] (Nero AG) [Auto | Stopped] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2008/01/19 03:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/01/09 17:55:34 | 000,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb)
SRV - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Stopped] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2004/10/22 06:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)

========== Driver Services (SafeList) ==========

DRV - [2010/04/20 18:37:03 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/03/12 18:36:58 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Stopped] -- C:\Windows\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/03/12 18:35:45 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\Windows\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2008/03/03 13:10:44 | 000,182,272 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2008/01/19 01:56:08 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usb8023.sys -- (USB_RNDIS_XP)
DRV - [2007/12/30 06:21:40 | 000,715,248 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2007/06/28 12:44:58 | 000,137,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcd.sys -- (nmwcd)
DRV - [2007/06/28 12:44:18 | 000,012,288 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdcm.sys -- (nmwcdcm)
DRV - [2007/06/28 12:44:18 | 000,012,288 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdcj.sys -- (nmwcdcj)
DRV - [2007/06/28 12:44:16 | 000,008,320 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdc.sys -- (nmwcdc)
DRV - [2007/02/28 14:26:00 | 004,465,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007/02/22 12:24:48 | 000,159,232 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CHDART.sys -- (HdAudAddService)
DRV - [2007/02/16 04:50:32 | 000,012,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2007/01/12 23:59:02 | 000,181,432 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2007/01/03 11:43:12 | 000,534,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XX)
DRV - [2007/01/03 11:43:12 | 000,534,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XV)
DRV - [2007/01/02 06:45:30 | 000,080,688 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btwavdt.sys -- (btwavdt)
DRV - [2007/01/02 06:45:30 | 000,078,128 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btwaudio.sys -- (btwaudio)
DRV - [2007/01/02 06:45:30 | 000,016,560 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btwrchid.sys -- (btwrchid)
DRV - [2006/12/22 17:28:56 | 000,100,648 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvstor32.sys -- (nvstor32)
DRV - [2006/11/30 13:24:58 | 000,008,192 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2006/11/15 13:16:24 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2006/11/15 08:42:46 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/11/15 06:35:20 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2006/11/02 05:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 05:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 05:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 05:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 05:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 05:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 05:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 05:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 05:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 05:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 05:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 05:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 05:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 05:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 05:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 05:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 05:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 05:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 05:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 05:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 05:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 05:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 05:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 05:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 05:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 05:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 05:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 05:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 05:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 05:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 05:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 05:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 05:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006/11/02 05:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006/11/02 05:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006/11/02 04:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 04:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 04:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 04:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 04:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 04:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 03:41:49 | 000,200,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTAZL3.SYS -- (HSFHWAZL)
DRV - [2006/11/02 03:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 03:30:56 | 000,429,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvm60x32.sys -- (NVENETFD)
DRV - [2006/11/02 03:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2006/10/18 23:09:26 | 000,986,624 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2006/10/18 23:08:14 | 000,206,848 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2006/10/18 23:08:04 | 000,659,968 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2006/10/18 22:10:57 | 001,380,864 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\igdkmd32.sys -- (ialm)
DRV - [2006/08/05 05:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2006/06/28 12:54:00 | 000,009,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBttn.sys -- (HBtnKey)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...n&pf=laptop

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.812
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.12514
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..keyword.URL: "http://search.aol.co.../search?query="

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/04/21 15:57:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/02 19:36:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/24 13:27:22 | 000,000,000 | ---D | M]

[2009/02/21 14:18:53 | 000,000,000 | ---D | M] -- C:\Users\maggie\AppData\Roaming\mozilla\Extensions
[2010/05/24 18:11:48 | 000,000,000 | ---D | M] -- C:\Users\maggie\AppData\Roaming\mozilla\Firefox\Profiles\24dbrpag.default\extensions
[2009/03/19 18:03:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\maggie\AppData\Roaming\mozilla\Firefox\Profiles\24dbrpag.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2009/03/16 21:23:07 | 000,000,000 | ---D | M] (FlashGot) -- C:\Users\maggie\AppData\Roaming\mozilla\Firefox\Profiles\24dbrpag.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}(1323)
[2010/05/01 08:58:16 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\maggie\AppData\Roaming\mozilla\Firefox\Profiles\24dbrpag.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/05/01 08:58:16 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\maggie\AppData\Roaming\mozilla\Firefox\Profiles\24dbrpag.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/03/09 17:42:43 | 000,000,891 | ---- | M] () -- C:\Users\maggie\AppData\Roaming\Mozilla\FireFox\Profiles\24dbrpag.default\searchplugins\dictionarycom.xml
[2010/04/24 13:27:24 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2007/12/30 06:32:39 | 000,000,000 | ---D | M] (AdVantage) -- C:\Program Files\Mozilla Firefox\extensions\{A89AED22-9133-424c-88E7-C8235C5FF302}
[2010/04/24 13:27:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/05/24 19:08:38 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
[2009/02/21 14:18:46 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
[2010/04/24 13:27:02 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/09/26 22:02:19 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Program Files\Mozilla Firefox\plugins\npPandoWebInst.dll
[2007/04/16 13:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll
[2007/12/30 06:45:52 | 000,001,948 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\AOL Search.xml

O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (IeCatch5 Class) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\Jccatch.dll (FlashGet)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll File not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (gFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll ()
O3 - HKLM\..\Toolbar: (FlashGet Bar) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\Program Files\FlashGet\fgiebar.dll (Amaze Soft)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Aim] C:\Program Files\AIM\aim.exe (AOL Inc.)
O4 - HKLM..\RunOnce: [Launcher] C:\Windows\SMINST\Launcher.exe (soft thinks)
O4 - Startup: C:\Users\maggie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm ()
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (FlashGet.com)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll File not found
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\Windows\System32\avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\maggie\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\maggie\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/04/20 04:22:06 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 11:18:54 | 000,000,340 | -HS- | M] () - E:\AUTOMODE -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2009/03/27 15:07:29 | 000,000,000 | ---D | M]
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - File not found
Drivers32: msacm.siren - C:\Windows\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Error creating restore point.

========== Files/Folders - Created Within 90 Days ==========

[2010/05/14 23:53:06 | 000,000,000 | ---D | C] -- C:\Users\maggie\geo fair
[2010/05/14 17:22:33 | 000,000,000 | ---D | C] -- C:\Program Files\Redbana
[2010/05/14 16:45:43 | 000,000,000 | ---D | C] -- C:\Users\maggie\Desktop\Audition
[2010/04/24 16:44:51 | 000,000,000 | ---D | C] -- C:\Users\maggie\Desktop\Flowers-and-Butterflies
[2010/04/23 16:43:46 | 000,000,000 | ---D | C] -- C:\Users\maggie\Desktop\Coffee-Break
[2010/04/06 15:32:14 | 000,000,000 | ---D | C] -- C:\Users\maggie\Documents\My Digital Editions
[2010/03/31 21:56:43 | 000,000,000 | ---D | C] -- C:\Users\maggie\AppData\Roaming\Facebook
[2010/03/30 21:03:43 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/03/30 21:03:06 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/03/30 21:03:06 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/03/30 20:58:08 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/03/27 23:23:21 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2010/03/27 23:15:32 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/03/27 23:15:28 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010/03/27 23:15:28 | 000,000,000 | ---D | C] -- C:\Users\maggie\AppData\Local\temp
[2010/03/27 22:59:54 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/03/27 22:59:54 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/03/27 22:59:54 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/03/27 22:56:46 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/03/27 22:56:32 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/03/25 17:01:15 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010/03/23 22:09:59 | 000,000,000 | ---D | C] -- C:\Avenger
[2010/03/22 23:32:04 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2010/03/22 23:32:03 | 000,000,000 | ---D | C] -- C:\rsit
[2010/03/19 22:44:07 | 000,000,000 | ---D | C] -- C:\Users\maggie\AppData\Roaming\Malwarebytes
[2010/03/19 22:44:03 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/03/19 22:44:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/03/19 22:44:01 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/03/19 22:44:01 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/03/19 22:42:20 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/03/19 22:41:58 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/03/16 17:41:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Software Update Utility
[2010/03/12 18:36:58 | 000,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2010/03/12 00:49:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2 C:\Users\maggie\Desktop\*.tmp files -> C:\Users\maggie\Desktop\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/05/24 19:12:42 | 003,932,160 | -HS- | M] () -- C:\Users\maggie\ntuser.dat
[2010/05/24 19:00:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/05/24 18:52:45 | 060,343,739 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2010/05/24 18:51:41 | 000,000,310 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2010/05/24 18:50:54 | 000,013,072 | ---- | M] () -- C:\Users\maggie\AppData\Roaming\nvModes.001
[2010/05/24 18:48:53 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/05/24 18:48:53 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/05/24 18:48:50 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/05/24 18:47:08 | 000,524,288 | -HS- | M] () -- C:\Users\maggie\ntuser.dat{d0596cb0-14ca-11de-9e65-000fdbb8c83d}.TMContainer00000000000000000001.regtrans-ms
[2010/05/24 18:47:08 | 000,065,536 | -HS- | M] () -- C:\Users\maggie\ntuser.dat{d0596cb0-14ca-11de-9e65-000fdbb8c83d}.TM.blf
[2010/05/24 18:28:39 | 000,013,072 | ---- | M] () -- C:\Users\maggie\AppData\Roaming\nvModes.dat
[2010/05/24 18:26:52 | 000,000,158 | ---- | M] () -- C:\Users\maggie\defogger_reenable
[2010/05/24 16:25:37 | 000,293,376 | ---- | M] () -- C:\Users\maggie\Desktop\gmer.exe
[2010/05/23 21:18:18 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010/05/23 19:53:56 | 000,000,000 | ---- | M] () -- C:\Users\maggie\AppData\Local\prvlcl.dat
[2010/05/23 19:05:35 | 000,057,856 | ---- | M] () -- C:\Users\maggie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/23 14:18:29 | 000,000,915 | ---- | M] () -- C:\Users\maggie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/05/23 14:18:27 | 000,000,735 | ---- | M] () -- C:\Users\maggie\Desktop\NTREGOPT.lnk
[2010/05/23 14:18:27 | 000,000,716 | ---- | M] () -- C:\Users\maggie\Desktop\ERUNT.lnk
[2010/05/23 14:11:41 | 060,300,038 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm.old
[2010/05/17 17:44:25 | 000,710,152 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/05/17 17:44:25 | 000,595,684 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/05/17 17:44:25 | 000,119,758 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/05/17 12:37:00 | 000,143,521 | ---- | M] () -- C:\Users\maggie\Documents\DSC04097.JPG
[2010/05/17 12:32:50 | 000,152,350 | ---- | M] () -- C:\Users\maggie\Documents\DSC04092 - Copy.JPG
[2010/05/17 12:32:16 | 000,157,747 | ---- | M] () -- C:\Users\maggie\Documents\DSC04091 - Copy.JPG
[2010/05/17 12:15:28 | 000,143,779 | ---- | M] () -- C:\Users\maggie\Documents\DSC04090 - Copy.JPG
[2010/05/17 12:15:12 | 000,137,189 | ---- | M] () -- C:\Users\maggie\Documents\DSC04089 - Copy.JPG
[2010/05/17 12:14:14 | 000,153,432 | ---- | M] () -- C:\Users\maggie\Documents\DSC04088 - Copy.JPG
[2010/05/17 12:13:30 | 000,152,810 | ---- | M] () -- C:\Users\maggie\Documents\DSC04086 - Copy.JPG
[2010/05/17 11:24:46 | 000,152,088 | ---- | M] () -- C:\Users\maggie\Documents\DSC04083 - Copy.JPG
[2010/05/17 11:24:18 | 000,144,374 | ---- | M] () -- C:\Users\maggie\Documents\DSC04082 - Copy.JPG
[2010/05/17 11:24:08 | 000,145,568 | ---- | M] () -- C:\Users\maggie\Documents\DSC04081 - Copy.JPG
[2010/05/17 11:22:56 | 000,137,600 | ---- | M] () -- C:\Users\maggie\Documents\DSC04079 - Copy.JPG
[2010/05/17 11:22:38 | 000,136,356 | ---- | M] () -- C:\Users\maggie\Documents\DSC04078 - Copy.JPG
[2010/05/17 11:21:44 | 000,145,057 | ---- | M] () -- C:\Users\maggie\Documents\DSC04077 - Copy.JPG
[2010/05/17 11:21:18 | 000,136,385 | ---- | M] () -- C:\Users\maggie\Documents\DSC04076 - Copy.JPG
[2010/05/17 11:20:54 | 000,140,719 | ---- | M] () -- C:\Users\maggie\Documents\DSC04075 - Copy.JPG
[2010/05/17 11:19:24 | 000,144,141 | ---- | M] () -- C:\Users\maggie\Documents\DSC04073 - Copy.JPG
[2010/05/17 11:19:16 | 000,145,578 | ---- | M] () -- C:\Users\maggie\Documents\DSC04072 - Copy.JPG
[2010/05/17 11:18:44 | 000,145,825 | ---- | M] () -- C:\Users\maggie\Documents\DSC04071 - Copy.JPG
[2010/05/17 11:17:42 | 000,134,319 | ---- | M] () -- C:\Users\maggie\Documents\DSC04070 - Copy.JPG
[2010/05/17 11:16:12 | 000,147,407 | ---- | M] () -- C:\Users\maggie\Documents\DSC04069 - Copy.JPG
[2010/05/17 11:14:42 | 000,150,346 | ---- | M] () -- C:\Users\maggie\Documents\DSC04067 - Copy.JPG
[2010/05/17 11:14:30 | 000,140,807 | ---- | M] () -- C:\Users\maggie\Documents\DSC04066 - Copy.JPG
[2010/05/17 11:13:52 | 000,111,464 | ---- | M] () -- C:\Users\maggie\Documents\DSC04065 - Copy.JPG
[2010/05/17 11:13:24 | 000,134,828 | ---- | M] () -- C:\Users\maggie\Documents\DSC04064 - Copy.JPG
[2010/05/17 11:12:56 | 000,130,793 | ---- | M] () -- C:\Users\maggie\Documents\DSC04063 - Copy.JPG
[2010/05/17 11:12:22 | 000,144,125 | ---- | M] () -- C:\Users\maggie\Documents\DSC04062 - Copy.JPG
[2010/05/17 11:11:56 | 000,139,075 | ---- | M] () -- C:\Users\maggie\Documents\DSC04061 - Copy.JPG
[2010/05/17 11:11:40 | 000,148,732 | ---- | M] () -- C:\Users\maggie\Documents\DSC04060 - Copy.JPG
[2010/05/17 11:11:24 | 000,153,964 | ---- | M] () -- C:\Users\maggie\Documents\DSC04059 - Copy.JPG
[2010/05/17 11:11:00 | 000,150,349 | ---- | M] () -- C:\Users\maggie\Documents\DSC04058 - Copy.JPG
[2010/05/17 11:10:12 | 000,143,742 | ---- | M] () -- C:\Users\maggie\Documents\DSC04055 - Copy.JPG
[2010/05/17 11:09:52 | 000,159,723 | ---- | M] () -- C:\Users\maggie\Documents\DSC04054 - Copy.JPG
[2010/05/17 11:09:26 | 000,151,585 | ---- | M] () -- C:\Users\maggie\Documents\DSC04053 - Copy.JPG
[2010/05/17 11:01:14 | 000,144,810 | ---- | M] () -- C:\Users\maggie\Documents\DSC04052 - Copy.JPG
[2010/05/17 11:01:08 | 000,150,353 | ---- | M] () -- C:\Users\maggie\Documents\DSC04051 - Copy.JPG
[2010/05/17 11:00:10 | 000,154,066 | ---- | M] () -- C:\Users\maggie\Documents\DSC04050 - Copy.JPG
[2010/05/17 10:59:44 | 000,151,148 | ---- | M] () -- C:\Users\maggie\Documents\DSC04048 - Copy.JPG
[2010/05/17 10:56:50 | 000,149,518 | ---- | M] () -- C:\Users\maggie\Documents\DSC04047 - Copy.JPG
[2010/05/13 23:15:54 | 000,038,574 | ---- | M] () -- C:\Users\maggie\Desktop\Untitled.jpg
[2010/05/13 17:43:31 | 000,000,326 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleFormaggie.job
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/04/28 23:58:46 | 001,786,392 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/04/22 22:13:54 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
[2010/04/20 18:37:03 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2010/04/11 18:26:11 | 000,261,632 | ---- | M] () -- C:\Windows\PEV.exe
[2010/04/06 15:32:11 | 000,001,961 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Digital Editions.lnk
[2010/03/30 21:39:00 | 006,943,170 | ---- | M] () -- C:\Users\maggie\Desktop\tattoo-kiss.mp3
[2010/03/30 21:05:29 | 000,001,804 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/03/27 23:13:06 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
[2010/03/19 22:44:06 | 000,000,820 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/03/16 17:41:55 | 000,001,110 | -H-- | M] () -- C:\IPH.PH
[2010/03/16 17:41:50 | 000,001,698 | ---- | M] () -- C:\Users\Public\Desktop\AIM.lnk
[2010/03/12 18:36:58 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2010/03/12 18:36:58 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2010/03/12 18:35:45 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2010/03/05 01:16:50 | 000,245,248 | ---- | M] () -- C:\Users\maggie\Documents\anatomy.doc
[2010/03/04 19:59:22 | 000,137,448 | ---- | M] () -- C:\Users\maggie\AppData\Roaming\GDIPFONTCACHEV1.DAT
[2010/03/04 02:10:02 | 2490,104,320 | ---- | M] () -- C:\Users\maggie\Desktop\History of the Medieval Knight.avi
[2010/02/25 18:59:35 | 000,001,356 | ---- | M] () -- C:\Users\maggie\AppData\Local\d3d9caps.dat
[2010/02/24 12:58:53 | 000,137,448 | ---- | M] () -- C:\Users\maggie\AppData\Local\GDIPFONTCACHEV1.DAT
[2 C:\Users\maggie\Desktop\*.tmp files -> C:\Users\maggie\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/05/24 18:26:35 | 000,000,158 | ---- | C] () -- C:\Users\maggie\defogger_reenable
[2010/05/24 16:25:37 | 000,293,376 | ---- | C] () -- C:\Users\maggie\Desktop\gmer.exe
[2010/05/17 17:43:30 | 000,159,723 | ---- | C] () -- C:\Users\maggie\Documents\DSC04054 - Copy.JPG
[2010/05/17 17:43:30 | 000,157,747 | ---- | C] () -- C:\Users\maggie\Documents\DSC04091 - Copy.JPG
[2010/05/17 17:43:30 | 000,154,066 | ---- | C] () -- C:\Users\maggie\Documents\DSC04050 - Copy.JPG
[2010/05/17 17:43:30 | 000,153,964 | ---- | C] () -- C:\Users\maggie\Documents\DSC04059 - Copy.JPG
[2010/05/17 17:43:30 | 000,153,432 | ---- | C] () -- C:\Users\maggie\Documents\DSC04088 - Copy.JPG
[2010/05/17 17:43:30 | 000,152,810 | ---- | C] () -- C:\Users\maggie\Documents\DSC04086 - Copy.JPG
[2010/05/17 17:43:30 | 000,152,350 | ---- | C] () -- C:\Users\maggie\Documents\DSC04092 - Copy.JPG
[2010/05/17 17:43:30 | 000,152,088 | ---- | C] () -- C:\Users\maggie\Documents\DSC04083 - Copy.JPG
[2010/05/17 17:43:30 | 000,151,585 | ---- | C] () -- C:\Users\maggie\Documents\DSC04053 - Copy.JPG
[2010/05/17 17:43:30 | 000,151,148 | ---- | C] () -- C:\Users\maggie\Documents\DSC04048 - Copy.JPG
[2010/05/17 17:43:30 | 000,150,353 | ---- | C] () -- C:\Users\maggie\Documents\DSC04051 - Copy.JPG
[2010/05/17 17:43:30 | 000,150,349 | ---- | C] () -- C:\Users\maggie\Documents\DSC04058 - Copy.JPG
[2010/05/17 17:43:30 | 000,150,346 | ---- | C] () -- C:\Users\maggie\Documents\DSC04067 - Copy.JPG
[2010/05/17 17:43:30 | 000,149,518 | ---- | C] () -- C:\Users\maggie\Documents\DSC04047 - Copy.JPG
[2010/05/17 17:43:30 | 000,148,732 | ---- | C] () -- C:\Users\maggie\Documents\DSC04060 - Copy.JPG
[2010/05/17 17:43:30 | 000,147,407 | ---- | C] () -- C:\Users\maggie\Documents\DSC04069 - Copy.JPG
[2010/05/17 17:43:30 | 000,145,825 | ---- | C] () -- C:\Users\maggie\Documents\DSC04071 - Copy.JPG
[2010/05/17 17:43:30 | 000,145,578 | ---- | C] () -- C:\Users\maggie\Documents\DSC04072 - Copy.JPG
[2010/05/17 17:43:30 | 000,145,568 | ---- | C] () -- C:\Users\maggie\Documents\DSC04081 - Copy.JPG
[2010/05/17 17:43:30 | 000,145,057 | ---- | C] () -- C:\Users\maggie\Documents\DSC04077 - Copy.JPG
[2010/05/17 17:43:30 | 000,144,810 | ---- | C] () -- C:\Users\maggie\Documents\DSC04052 - Copy.JPG
[2010/05/17 17:43:30 | 000,144,374 | ---- | C] () -- C:\Users\maggie\Documents\DSC04082 - Copy.JPG
[2010/05/17 17:43:30 | 000,144,141 | ---- | C] () -- C:\Users\maggie\Documents\DSC04073 - Copy.JPG
[2010/05/17 17:43:30 | 000,144,125 | ---- | C] () -- C:\Users\maggie\Documents\DSC04062 - Copy.JPG
[2010/05/17 17:43:30 | 000,143,779 | ---- | C] () -- C:\Users\maggie\Documents\DSC04090 - Copy.JPG
[2010/05/17 17:43:30 | 000,143,742 | ---- | C] () -- C:\Users\maggie\Documents\DSC04055 - Copy.JPG
[2010/05/17 17:43:30 | 000,143,521 | ---- | C] () -- C:\Users\maggie\Documents\DSC04097.JPG
[2010/05/17 17:43:30 | 000,140,807 | ---- | C] () -- C:\Users\maggie\Documents\DSC04066 - Copy.JPG
[2010/05/17 17:43:30 | 000,140,719 | ---- | C] () -- C:\Users\maggie\Documents\DSC04075 - Copy.JPG
[2010/05/17 17:43:30 | 000,139,075 | ---- | C] () -- C:\Users\maggie\Documents\DSC04061 - Copy.JPG
[2010/05/17 17:43:30 | 000,137,600 | ---- | C] () -- C:\Users\maggie\Documents\DSC04079 - Copy.JPG
[2010/05/17 17:43:30 | 000,137,189 | ---- | C] () -- C:\Users\maggie\Documents\DSC04089 - Copy.JPG
[2010/05/17 17:43:30 | 000,136,385 | ---- | C] () -- C:\Users\maggie\Documents\DSC04076 - Copy.JPG
[2010/05/17 17:43:30 | 000,136,356 | ---- | C] () -- C:\Users\maggie\Documents\DSC04078 - Copy.JPG
[2010/05/17 17:43:30 | 000,134,828 | ---- | C] () -- C:\Users\maggie\Documents\DSC04064 - Copy.JPG
[2010/05/17 17:43:30 | 000,134,319 | ---- | C] () -- C:\Users\maggie\Documents\DSC04070 - Copy.JPG
[2010/05/17 17:43:30 | 000,130,793 | ---- | C] () -- C:\Users\maggie\Documents\DSC04063 - Copy.JPG
[2010/05/17 17:43:30 | 000,111,464 | ---- | C] () -- C:\Users\maggie\Documents\DSC04065 - Copy.JPG
[2010/05/13 23:15:54 | 000,038,574 | ---- | C] () -- C:\Users\maggie\Desktop\Untitled.jpg
[2010/05/10 19:34:13 | 000,000,915 | ---- | C] () -- C:\Users\maggie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/05/05 19:25:46 | 000,000,326 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleFormaggie.job
[2010/04/22 22:13:54 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
[2010/04/11 18:26:11 | 000,261,632 | ---- | C] () -- C:\Windows\PEV.exe
[2010/04/06 15:32:11 | 000,001,961 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Digital Editions.lnk
[2010/03/30 21:05:29 | 000,001,804 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/03/27 22:59:54 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/03/27 22:59:54 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/03/27 22:59:54 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010/03/27 22:59:54 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/03/27 22:53:51 | 006,943,170 | ---- | C] () -- C:\Users\maggie\Desktop\tattoo-kiss.mp3
[2010/03/19 22:44:06 | 000,000,820 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/03/19 22:42:01 | 000,000,735 | ---- | C] () -- C:\Users\maggie\Desktop\NTREGOPT.lnk
[2010/03/19 22:42:01 | 000,000,716 | ---- | C] () -- C:\Users\maggie\Desktop\ERUNT.lnk
[2010/03/05 01:16:49 | 000,245,248 | ---- | C] () -- C:\Users\maggie\Documents\anatomy.doc
[2009/11/25 18:26:36 | 000,003,071 | ---- | C] () -- C:\Windows\System32\msexcr.ini
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/04/03 20:12:41 | 000,004,767 | ---- | C] () -- C:\Windows\Irremote.ini
[2007/12/30 06:38:25 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2007/02/27 16:43:02 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/12/20 13:00:12 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2006/12/14 02:01:36 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/12/14 02:01:36 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/03/09 20:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2005/05/07 08:06:00 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2001/11/14 13:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll

========== LOP Check ==========

[2007/12/30 06:46:17 | 000,000,000 | ---D | M] -- C:\Users\maggie\AppData\Roaming\acccore
[2007/12/30 06:32:10 | 000,000,000 | ---D | M] -- C:\Users\maggie\AppData\Roaming\DAEMON Tools
[2010/03/31 21:56:46 | 000,000,000 | ---D | M] -- C:\Users\maggie\AppData\Roaming\Facebook
[2009/03/20 04:40:28 | 000,000,000 | ---D | M] -- C:\Users\maggie\AppData\Roaming\muvee Technologies
[2007/12/30 00:29:36 | 000,000,000 | ---D | M] -- C:\Users\maggie\AppData\Roaming\Nexon
[2007/12/31 13:40:07 | 000,000,000 | ---D | M] -- C:\Users\maggie\AppData\Roaming\PeerNetworking
[2010/01/27 13:08:25 | 000,000,000 | ---D | M] -- C:\Users\maggie\AppData\Roaming\PlayFirst
[2009/03/21 20:06:32 | 000,000,000 | ---D | M] -- C:\Users\maggie\AppData\Roaming\Publish Providers
[2009/03/27 19:31:22 | 000,000,000 | ---D | M] -- C:\Users\maggie\AppData\Roaming\Sony
[2010/01/14 19:50:07 | 000,000,000 | ---D | M] -- C:\Users\maggie\AppData\Roaming\Transparent
[2010/01/27 12:55:40 | 000,000,000 | ---D | M] -- C:\Users\maggie\AppData\Roaming\WildTangent
[2008/02/18 19:32:51 | 000,000,000 | ---D | M] -- C:\Users\maggie\AppData\Roaming\Windows Live Writer
[2010/05/23 21:18:19 | 000,032,584 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2007/04/20 04:22:06 | 000,000,074 | ---- | M] () -- C:\autoexec.bat
[2010/03/23 22:09:59 | 000,000,892 | ---- | M] () -- C:\avenger.txt
[2008/01/19 03:45:45 | 000,333,203 | RHS- | M] () -- C:\bootmgr
[2010/03/27 23:15:27 | 000,019,247 | ---- | M] () -- C:\ComboFix.txt
[2006/09/18 17:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2009/03/27 19:55:52 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/03/16 17:41:55 | 000,001,110 | -H-- | M] () -- C:\IPH.PH
[2010/05/10 19:35:37 | 000,000,109 | ---- | M] () -- C:\mbam-error.txt
[2009/03/27 19:55:52 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/05/24 18:59:56 | 2392,715,264 | -HS- | M] () -- C:\pagefile.sys

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2006/11/02 06:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006/11/02 06:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006/11/02 06:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 06:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 06:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %systemroot%\system32\drivers\*.sys /180 >
[2010/03/12 18:35:45 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2010/03/12 18:36:58 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2010/04/20 18:37:03 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2010/02/20 17:18:40 | 000,411,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\http.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/02/23 07:32:31 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb.sys
[2010/02/23 07:32:36 | 000,212,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb10.sys
[2010/02/23 07:32:33 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb20.sys
[2009/12/11 08:07:30 | 000,301,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\srv.sys
[2009/12/11 08:07:11 | 000,098,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\srvnet.sys
[2010/02/18 10:49:38 | 000,898,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tcpip.sys
[2010/02/18 07:52:00 | 000,025,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tunnel.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 64 bytes -> C:\Users\maggie\Desktop\rar.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\maggie\Desktop\History of the Medieval Knight.avi:TOC.WMV
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:888AFB86

< End of report >

#24
azarl

Posted 25 May 2010 - 10:47 AM

GeekU Admin

Community Leader
25,310 posts

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:Processes 

:Services

:OTL
[2007/12/30 06:32:39 | 000,000,000 | ---D | M] (AdVantage) -- C:\Program Files\Mozilla Firefox\extensions\{A89AED22-9133-424c-88E7-C8235C5FF302}

:Commands
[purity]
[emptytemp]

[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

#25
Cinnamoroll

Posted 25 May 2010 - 03:18 PM

Member

Topic Starter
Member
155 posts

OTL LOG:

OTL logfile created on: 5/25/2010 4:58:18 PM - Run 2
OTL by OldTimer - Version 3.2.5.0 Folder = c:\Users\maggie\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 50.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 74.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 103.61 Gb Total Space | 35.89 Gb Free Space | 34.64% Space Free | Partition Type: NTFS
Drive D: | 111.79 Gb Total Space | 111.69 Gb Free Space | 99.91% Space Free | Partition Type: NTFS
Drive E: | 7.16 Gb Total Space | 0.71 Gb Free Space | 9.87% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 1.01 Gb Total Space | 0.97 Gb Free Space | 95.86% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded

Computer Name: MAGGIE-PC
Current User Name: maggie
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/05/24 19:12:18 | 000,571,904 | ---- | M] (OldTimer Tools) -- c:\Users\maggie\Downloads\OTL.exe
PRC - [2010/04/20 18:37:02 | 000,620,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/04/01 12:44:23 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/03/19 10:49:20 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/03/12 18:36:59 | 000,508,184 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/03/12 18:36:54 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/03/12 18:35:44 | 000,710,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/03/08 17:04:49 | 003,972,440 | ---- | M] (AOL Inc.) -- C:\Program Files\AIM\aim.exe
PRC - [2008/12/05 16:11:54 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2008/10/29 02:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/10/15 02:04:34 | 000,039,792 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
PRC - [2008/06/10 04:27:04 | 000,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
PRC - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe

========== Modules (SafeList) ==========

MOD - [2010/05/24 19:12:18 | 000,571,904 | ---- | M] (OldTimer Tools) -- c:\Users\maggie\Downloads\OTL.exe
MOD - [2008/01/19 03:33:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
MOD - [2008/01/19 03:26:34 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (npkcmsvc)
SRV - [2010/03/19 10:49:20 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/03/12 18:36:54 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2009/08/24 08:16:12 | 000,378,368 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2009/03/21 20:10:54 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/12/05 16:11:54 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2008/01/19 03:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/01/09 17:55:34 | 000,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb)
SRV - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2004/10/22 06:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)

========== Driver Services (SafeList) ==========

DRV - [2010/04/20 18:37:03 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/03/12 18:36:58 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/03/12 18:35:45 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2008/03/03 13:10:44 | 000,182,272 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2008/01/19 01:56:08 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usb8023.sys -- (USB_RNDIS_XP)
DRV - [2007/12/30 06:21:40 | 000,715,248 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2007/06/28 12:44:58 | 000,137,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcd.sys -- (nmwcd)
DRV - [2007/06/28 12:44:18 | 000,012,288 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdcm.sys -- (nmwcdcm)
DRV - [2007/06/28 12:44:18 | 000,012,288 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdcj.sys -- (nmwcdcj)
DRV - [2007/06/28 12:44:16 | 000,008,320 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdc.sys -- (nmwcdc)
DRV - [2007/02/28 14:26:00 | 004,465,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007/02/22 12:24:48 | 000,159,232 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CHDART.sys -- (HdAudAddService)
DRV - [2007/02/16 04:50:32 | 000,012,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2007/01/12 23:59:02 | 000,181,432 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2007/01/03 11:43:12 | 000,534,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XX)
DRV - [2007/01/03 11:43:12 | 000,534,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XV)
DRV - [2007/01/02 06:45:30 | 000,080,688 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwavdt.sys -- (btwavdt)
DRV - [2007/01/02 06:45:30 | 000,078,128 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwaudio.sys -- (btwaudio)
DRV - [2007/01/02 06:45:30 | 000,016,560 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwrchid.sys -- (btwrchid)
DRV - [2006/12/22 17:28:56 | 000,100,648 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvstor32.sys -- (nvstor32)
DRV - [2006/11/30 13:24:58 | 000,008,192 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System | Running] -- C:\Windows\System32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2006/11/15 13:16:24 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2006/11/15 08:42:46 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/11/15 06:35:20 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2006/11/02 05:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 05:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 05:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 05:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 05:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 05:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 05:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 05:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 05:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 05:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 05:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 05:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 05:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 05:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 05:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 05:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 05:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 05:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 05:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 05:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 05:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 05:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 05:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 05:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 05:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 05:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 05:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 05:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 05:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 05:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 05:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 05:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 05:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006/11/02 05:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006/11/02 05:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006/11/02 04:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 04:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 04:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 04:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 04:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 04:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 03:41:49 | 000,200,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTAZL3.SYS -- (HSFHWAZL)
DRV - [2006/11/02 03:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 03:30:56 | 000,429,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvm60x32.sys -- (NVENETFD)
DRV - [2006/11/02 03:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2006/10/18 23:09:26 | 000,986,624 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2006/10/18 23:08:14 | 000,206,848 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2006/10/18 23:08:04 | 000,659,968 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2006/10/18 22:10:57 | 001,380,864 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\igdkmd32.sys -- (ialm)
DRV - [2006/08/05 05:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2006/06/28 12:54:00 | 000,009,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBttn.sys -- (HBtnKey)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...n&pf=laptop

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.812
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.12514
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..keyword.URL: "http://search.aol.co.../search?query="

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/04/21 15:57:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/02 19:36:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/24 13:27:22 | 000,000,000 | ---D | M]

[2009/02/21 14:18:53 | 000,000,000 | ---D | M] -- C:\Users\maggie\AppData\Roaming\mozilla\Extensions
[2010/05/24 18:11:48 | 000,000,000 | ---D | M] -- C:\Users\maggie\AppData\Roaming\mozilla\Firefox\Profiles\24dbrpag.default\extensions
[2009/03/19 18:03:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\maggie\AppData\Roaming\mozilla\Firefox\Profiles\24dbrpag.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2009/03/16 21:23:07 | 000,000,000 | ---D | M] (FlashGot) -- C:\Users\maggie\AppData\Roaming\mozilla\Firefox\Profiles\24dbrpag.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}(1323)
[2010/05/01 08:58:16 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\maggie\AppData\Roaming\mozilla\Firefox\Profiles\24dbrpag.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/05/01 08:58:16 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\maggie\AppData\Roaming\mozilla\Firefox\Profiles\24dbrpag.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/03/09 17:42:43 | 000,000,891 | ---- | M] () -- C:\Users\maggie\AppData\Roaming\Mozilla\FireFox\Profiles\24dbrpag.default\searchplugins\dictionarycom.xml
[2010/04/24 13:27:24 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/24 13:27:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/05/25 16:56:32 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
[2009/02/21 14:18:46 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
[2010/04/24 13:27:02 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/09/26 22:02:19 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Program Files\Mozilla Firefox\plugins\npPandoWebInst.dll
[2007/04/16 13:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll
[2007/12/30 06:45:52 | 000,001,948 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\AOL Search.xml

O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (IeCatch5 Class) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\Jccatch.dll (FlashGet)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll File not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (gFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll ()
O3 - HKLM\..\Toolbar: (FlashGet Bar) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\Program Files\FlashGet\fgiebar.dll (Amaze Soft)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Aim] C:\Program Files\AIM\aim.exe (AOL Inc.)
O4 - HKLM..\RunOnce: [Launcher] C:\Windows\SMINST\Launcher.exe (soft thinks)
O4 - Startup: C:\Users\maggie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm ()
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (FlashGet.com)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll File not found
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\Windows\System32\avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\maggie\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\maggie\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/04/20 04:22:06 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 11:18:54 | 000,000,340 | -HS- | M] () - E:\AUTOMODE -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2009/03/27 15:07:29 | 000,000,000 | ---D | M]
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: aux - wdmaud.drv (Microsoft Corporation)
Drivers32: midi - wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - wdmaud.drv (Microsoft Corporation)
Drivers32: midi2 - wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - midimap.dll (Microsoft Corporation)
Drivers32: mixer - wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - wdmaud.drv (Microsoft Corporation)
Drivers32: mixer2 - wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.imaadpcm - imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - File not found
Drivers32: msacm.msadpcm - msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - msg711.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.siren - sirenacm.dll (Microsoft Corporation)
Drivers32: MSVideo8 - VfWWDM32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - iccvid.dll (Radius Inc.)
Drivers32: vidc.i420 - iyuv_32.dll (Microsoft Corporation)
Drivers32: VIDC.IYUV - iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.mrle - msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - msvidc32.dll (Microsoft Corporation)
Drivers32: VIDC.UYVY - msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YUY2 - msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVU9 - tsbyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVYU - msyuv.dll (Microsoft Corporation)
Drivers32: wave - wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - wdmaud.drv (Microsoft Corporation)
Drivers32: wave2 - wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - msacm32.drv (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 90 Days ==========

[2010/05/25 16:52:12 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/05/14 23:53:06 | 000,000,000 | ---D | C] -- C:\Users\maggie\geo fair
[2010/05/14 17:22:33 | 000,000,000 | ---D | C] -- C:\Program Files\Redbana
[2010/05/14 16:45:43 | 000,000,000 | ---D | C] -- C:\Users\maggie\Desktop\Audition
[2010/04/24 16:44:51 | 000,000,000 | ---D | C] -- C:\Users\maggie\Desktop\Flowers-and-Butterflies
[2010/04/23 16:43:46 | 000,000,000 | ---D | C] -- C:\Users\maggie\Desktop\Coffee-Break
[2010/04/06 15:32:14 | 000,000,000 | ---D | C] -- C:\Users\maggie\Documents\My Digital Editions
[2010/03/31 21:56:43 | 000,000,000 | ---D | C] -- C:\Users\maggie\AppData\Roaming\Facebook
[2010/03/30 21:03:43 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/03/30 21:03:06 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/03/30 21:03:06 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/03/30 20:58:08 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/03/27 23:23:21 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2010/03/27 23:15:32 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/03/27 23:15:28 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010/03/27 23:15:28 | 000,000,000 | ---D | C] -- C:\Users\maggie\AppData\Local\temp
[2010/03/27 22:59:54 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/03/27 22:59:54 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/03/27 22:59:54 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/03/27 22:56:46 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/03/27 22:56:32 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/03/25 17:01:15 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010/03/23 22:09:59 | 000,000,000 | ---D | C] -- C:\Avenger
[2010/03/22 23:32:04 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2010/03/22 23:32:03 | 000,000,000 | ---D | C] -- C:\rsit
[2010/03/19 22:44:07 | 000,000,000 | ---D | C] -- C:\Users\maggie\AppData\Roaming\Malwarebytes
[2010/03/19 22:44:03 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/03/19 22:44:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/03/19 22:44:01 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/03/19 22:44:01 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/03/19 22:42:20 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/03/19 22:41:58 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/03/16 17:41:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Software Update Utility
[2010/03/12 18:36:58 | 000,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2010/03/12 00:49:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2 C:\Users\maggie\Desktop\*.tmp files -> C:\Users\maggie\Desktop\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/05/25 17:06:41 | 003,932,160 | -HS- | M] () -- C:\Users\maggie\ntuser.dat
[2010/05/25 16:55:27 | 000,013,072 | ---- | M] () -- C:\Users\maggie\AppData\Roaming\nvModes.dat
[2010/05/25 16:55:27 | 000,013,072 | ---- | M] () -- C:\Users\maggie\AppData\Roaming\nvModes.001
[2010/05/25 16:55:20 | 000,000,310 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2010/05/25 16:54:52 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/05/25 16:54:52 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/05/25 16:54:48 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/05/25 16:54:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/05/25 16:52:48 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010/05/25 16:52:44 | 000,524,288 | -HS- | M] () -- C:\Users\maggie\ntuser.dat{d0596cb0-14ca-11de-9e65-000fdbb8c83d}.TMContainer00000000000000000001.regtrans-ms
[2010/05/25 16:52:44 | 000,065,536 | -HS- | M] () -- C:\Users\maggie\ntuser.dat{d0596cb0-14ca-11de-9e65-000fdbb8c83d}.TM.blf
[2010/05/25 16:48:31 | 060,360,981 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2010/05/24 18:26:52 | 000,000,158 | ---- | M] () -- C:\Users\maggie\defogger_reenable
[2010/05/24 16:25:37 | 000,293,376 | ---- | M] () -- C:\Users\maggie\Desktop\gmer.exe
[2010/05/23 19:53:56 | 000,000,000 | ---- | M] () -- C:\Users\maggie\AppData\Local\prvlcl.dat
[2010/05/23 19:05:35 | 000,057,856 | ---- | M] () -- C:\Users\maggie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/23 14:18:29 | 000,000,915 | ---- | M] () -- C:\Users\maggie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/05/23 14:18:27 | 000,000,735 | ---- | M] () -- C:\Users\maggie\Desktop\NTREGOPT.lnk
[2010/05/23 14:18:27 | 000,000,716 | ---- | M] () -- C:\Users\maggie\Desktop\ERUNT.lnk
[2010/05/17 17:44:25 | 000,710,152 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/05/17 17:44:25 | 000,595,684 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/05/17 17:44:25 | 000,119,758 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/05/17 12:37:00 | 000,143,521 | ---- | M] () -- C:\Users\maggie\Documents\DSC04097.JPG
[2010/05/17 12:32:50 | 000,152,350 | ---- | M] () -- C:\Users\maggie\Documents\DSC04092 - Copy.JPG
[2010/05/17 12:32:16 | 000,157,747 | ---- | M] () -- C:\Users\maggie\Documents\DSC04091 - Copy.JPG
[2010/05/17 12:15:28 | 000,143,779 | ---- | M] () -- C:\Users\maggie\Documents\DSC04090 - Copy.JPG
[2010/05/17 12:15:12 | 000,137,189 | ---- | M] () -- C:\Users\maggie\Documents\DSC04089 - Copy.JPG
[2010/05/17 12:14:14 | 000,153,432 | ---- | M] () -- C:\Users\maggie\Documents\DSC04088 - Copy.JPG
[2010/05/17 12:13:30 | 000,152,810 | ---- | M] () -- C:\Users\maggie\Documents\DSC04086 - Copy.JPG
[2010/05/17 11:24:46 | 000,152,088 | ---- | M] () -- C:\Users\maggie\Documents\DSC04083 - Copy.JPG
[2010/05/17 11:24:18 | 000,144,374 | ---- | M] () -- C:\Users\maggie\Documents\DSC04082 - Copy.JPG
[2010/05/17 11:24:08 | 000,145,568 | ---- | M] () -- C:\Users\maggie\Documents\DSC04081 - Copy.JPG
[2010/05/17 11:22:56 | 000,137,600 | ---- | M] () -- C:\Users\maggie\Documents\DSC04079 - Copy.JPG
[2010/05/17 11:22:38 | 000,136,356 | ---- | M] () -- C:\Users\maggie\Documents\DSC04078 - Copy.JPG
[2010/05/17 11:21:44 | 000,145,057 | ---- | M] () -- C:\Users\maggie\Documents\DSC04077 - Copy.JPG
[2010/05/17 11:21:18 | 000,136,385 | ---- | M] () -- C:\Users\maggie\Documents\DSC04076 - Copy.JPG
[2010/05/17 11:20:54 | 000,140,719 | ---- | M] () -- C:\Users\maggie\Documents\DSC04075 - Copy.JPG
[2010/05/17 11:19:24 | 000,144,141 | ---- | M] () -- C:\Users\maggie\Documents\DSC04073 - Copy.JPG
[2010/05/17 11:19:16 | 000,145,578 | ---- | M] () -- C:\Users\maggie\Documents\DSC04072 - Copy.JPG
[2010/05/17 11:18:44 | 000,145,825 | ---- | M] () -- C:\Users\maggie\Documents\DSC04071 - Copy.JPG
[2010/05/17 11:17:42 | 000,134,319 | ---- | M] () -- C:\Users\maggie\Documents\DSC04070 - Copy.JPG
[2010/05/17 11:16:12 | 000,147,407 | ---- | M] () -- C:\Users\maggie\Documents\DSC04069 - Copy.JPG
[2010/05/17 11:14:42 | 000,150,346 | ---- | M] () -- C:\Users\maggie\Documents\DSC04067 - Copy.JPG
[2010/05/17 11:14:30 | 000,140,807 | ---- | M] () -- C:\Users\maggie\Documents\DSC04066 - Copy.JPG
[2010/05/17 11:13:52 | 000,111,464 | ---- | M] () -- C:\Users\maggie\Documents\DSC04065 - Copy.JPG
[2010/05/17 11:13:24 | 000,134,828 | ---- | M] () -- C:\Users\maggie\Documents\DSC04064 - Copy.JPG
[2010/05/17 11:12:56 | 000,130,793 | ---- | M] () -- C:\Users\maggie\Documents\DSC04063 - Copy.JPG
[2010/05/17 11:12:22 | 000,144,125 | ---- | M] () -- C:\Users\maggie\Documents\DSC04062 - Copy.JPG
[2010/05/17 11:11:56 | 000,139,075 | ---- | M] () -- C:\Users\maggie\Documents\DSC04061 - Copy.JPG
[2010/05/17 11:11:40 | 000,148,732 | ---- | M] () -- C:\Users\maggie\Documents\DSC04060 - Copy.JPG
[2010/05/17 11:11:24 | 000,153,964 | ---- | M] () -- C:\Users\maggie\Documents\DSC04059 - Copy.JPG
[2010/05/17 11:11:00 | 000,150,349 | ---- | M] () -- C:\Users\maggie\Documents\DSC04058 - Copy.JPG
[2010/05/17 11:10:12 | 000,143,742 | ---- | M] () -- C:\Users\maggie\Documents\DSC04055 - Copy.JPG
[2010/05/17 11:09:52 | 000,159,723 | ---- | M] () -- C:\Users\maggie\Documents\DSC04054 - Copy.JPG
[2010/05/17 11:09:26 | 000,151,585 | ---- | M] () -- C:\Users\maggie\Documents\DSC04053 - Copy.JPG
[2010/05/17 11:01:14 | 000,144,810 | ---- | M] () -- C:\Users\maggie\Documents\DSC04052 - Copy.JPG
[2010/05/17 11:01:08 | 000,150,353 | ---- | M] () -- C:\Users\maggie\Documents\DSC04051 - Copy.JPG
[2010/05/17 11:00:10 | 000,154,066 | ---- | M] () -- C:\Users\maggie\Documents\DSC04050 - Copy.JPG
[2010/05/17 10:59:44 | 000,151,148 | ---- | M] () -- C:\Users\maggie\Documents\DSC04048 - Copy.JPG
[2010/05/17 10:56:50 | 000,149,518 | ---- | M] () -- C:\Users\maggie\Documents\DSC04047 - Copy.JPG
[2010/05/13 23:15:54 | 000,038,574 | ---- | M] () -- C:\Users\maggie\Desktop\Untitled.jpg
[2010/05/13 17:43:31 | 000,000,326 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleFormaggie.job
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/04/28 23:58:46 | 001,786,392 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/04/22 22:13:54 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
[2010/04/20 18:37:03 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2010/04/11 18:26:11 | 000,261,632 | ---- | M] () -- C:\Windows\PEV.exe
[2010/04/06 15:32:11 | 000,001,961 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Digital Editions.lnk
[2010/03/30 21:39:00 | 006,943,170 | ---- | M] () -- C:\Users\maggie\Desktop\tattoo-kiss.mp3
[2010/03/30 21:05:29 | 000,001,804 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/03/27 23:13:06 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
[2010/03/19 22:44:06 | 000,000,820 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/03/16 17:41:55 | 000,001,110 | -H-- | M] () -- C:\IPH.PH
[2010/03/16 17:41:50 | 000,001,698 | ---- | M] () -- C:\Users\Public\Desktop\AIM.lnk
[2010/03/12 18:36:58 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2010/03/12 18:36:58 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2010/03/12 18:35:45 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2010/03/05 01:16:50 | 000,245,248 | ---- | M] () -- C:\Users\maggie\Documents\anatomy.doc
[2010/03/04 19:59:22 | 000,137,448 | ---- | M] () -- C:\Users\maggie\AppData\Roaming\GDIPFONTCACHEV1.DAT
[2010/03/04 02:10:02 | 2490,104,320 | ---- | M] () -- C:\Users\maggie\Desktop\History of the Medieval Knight.avi
[2010/02/25 18:59:35 | 000,001,356 | ---- | M] () -- C:\Users\maggie\AppData\Local\d3d9caps.dat
[2 C:\Users\maggie\Desktop\*.tmp files -> C:\Users\maggie\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/05/24 18:26:35 | 000,000,158 | ---- | C] () -- C:\Users\maggie\defogger_reenable
[2010/05/24 16:25:37 | 000,293,376 | ---- | C] () -- C:\Users\maggie\Desktop\gmer.exe
[2010/05/17 17:43:30 | 000,159,723 | ---- | C] () -- C:\Users\maggie\Documents\DSC04054 - Copy.JPG
[2010/05/17 17:43:30 | 000,157,747 | ---- | C] () -- C:\Users\maggie\Documents\DSC04091 - Copy.JPG
[2010/05/17 17:43:30 | 000,154,066 | ---- | C] () -- C:\Users\maggie\Documents\DSC04050 - Copy.JPG
[2010/05/17 17:43:30 | 000,153,964 | ---- | C] () -- C:\Users\maggie\Documents\DSC04059 - Copy.JPG
[2010/05/17 17:43:30 | 000,153,432 | ---- | C] () -- C:\Users\maggie\Documents\DSC04088 - Copy.JPG
[2010/05/17 17:43:30 | 000,152,810 | ---- | C] () -- C:\Users\maggie\Documents\DSC04086 - Copy.JPG
[2010/05/17 17:43:30 | 000,152,350 | ---- | C] () -- C:\Users\maggie\Documents\DSC04092 - Copy.JPG
[2010/05/17 17:43:30 | 000,152,088 | ---- | C] () -- C:\Users\maggie\Documents\DSC04083 - Copy.JPG
[2010/05/17 17:43:30 | 000,151,585 | ---- | C] () -- C:\Users\maggie\Documents\DSC04053 - Copy.JPG
[2010/05/17 17:43:30 | 000,151,148 | ---- | C] () -- C:\Users\maggie\Documents\DSC04048 - Copy.JPG
[2010/05/17 17:43:30 | 000,150,353 | ---- | C] () -- C:\Users\maggie\Documents\DSC04051 - Copy.JPG
[2010/05/17 17:43:30 | 000,150,349 | ---- | C] () -- C:\Users\maggie\Documents\DSC04058 - Copy.JPG
[2010/05/17 17:43:30 | 000,150,346 | ---- | C] () -- C:\Users\maggie\Documents\DSC04067 - Copy.JPG
[2010/05/17 17:43:30 | 000,149,518 | ---- | C] () -- C:\Users\maggie\Documents\DSC04047 - Copy.JPG
[2010/05/17 17:43:30 | 000,148,732 | ---- | C] () -- C:\Users\maggie\Documents\DSC04060 - Copy.JPG
[2010/05/17 17:43:30 | 000,147,407 | ---- | C] () -- C:\Users\maggie\Documents\DSC04069 - Copy.JPG
[2010/05/17 17:43:30 | 000,145,825 | ---- | C] () -- C:\Users\maggie\Documents\DSC04071 - Copy.JPG
[2010/05/17 17:43:30 | 000,145,578 | ---- | C] () -- C:\Users\maggie\Documents\DSC04072 - Copy.JPG
[2010/05/17 17:43:30 | 000,145,568 | ---- | C] () -- C:\Users\maggie\Documents\DSC04081 - Copy.JPG
[2010/05/17 17:43:30 | 000,145,057 | ---- | C] () -- C:\Users\maggie\Documents\DSC04077 - Copy.JPG
[2010/05/17 17:43:30 | 000,144,810 | ---- | C] () -- C:\Users\maggie\Documents\DSC04052 - Copy.JPG
[2010/05/17 17:43:30 | 000,144,374 | ---- | C] () -- C:\Users\maggie\Documents\DSC04082 - Copy.JPG
[2010/05/17 17:43:30 | 000,144,141 | ---- | C] () -- C:\Users\maggie\Documents\DSC04073 - Copy.JPG
[2010/05/17 17:43:30 | 000,144,125 | ---- | C] () -- C:\Users\maggie\Documents\DSC04062 - Copy.JPG
[2010/05/17 17:43:30 | 000,143,779 | ---- | C] () -- C:\Users\maggie\Documents\DSC04090 - Copy.JPG
[2010/05/17 17:43:30 | 000,143,742 | ---- | C] () -- C:\Users\maggie\Documents\DSC04055 - Copy.JPG
[2010/05/17 17:43:30 | 000,143,521 | ---- | C] () -- C:\Users\maggie\Documents\DSC04097.JPG
[2010/05/17 17:43:30 | 000,140,807 | ---- | C] () -- C:\Users\maggie\Documents\DSC04066 - Copy.JPG
[2010/05/17 17:43:30 | 000,140,719 | ---- | C] () -- C:\Users\maggie\Documents\DSC04075 - Copy.JPG
[2010/05/17 17:43:30 | 000,139,075 | ---- | C] () -- C:\Users\maggie\Documents\DSC04061 - Copy.JPG
[2010/05/17 17:43:30 | 000,137,600 | ---- | C] () -- C:\Users\maggie\Documents\DSC04079 - Copy.JPG
[2010/05/17 17:43:30 | 000,137,189 | ---- | C] () -- C:\Users\maggie\Documents\DSC04089 - Copy.JPG
[2010/05/17 17:43:30 | 000,136,385 | ---- | C] () -- C:\Users\maggie\Documents\DSC04076 - Copy.JPG
[2010/05/17 17:43:30 | 000,136,356 | ---- | C] () -- C:\Users\maggie\Documents\DSC04078 - Copy.JPG
[2010/05/17 17:43:30 | 000,134,828 | ---- | C] () -- C:\Users\maggie\Documents\DSC04064 - Copy.JPG
[2010/05/17 17:43:30 | 000,134,319 | ---- | C] () -- C:\Users\maggie\Documents\DSC04070 - Copy.JPG
[2010/05/17 17:43:30 | 000,130,793 | ---- | C] () -- C:\Users\maggie\Documents\DSC04063 - Copy.JPG
[2010/05/17 17:43:30 | 000,111,464 | ---- | C] () -- C:\Users\maggie\Documents\DSC04065 - Copy.JPG
[2010/05/13 23:15:54 | 000,038,574 | ---- | C] () -- C:\Users\maggie\Desktop\Untitled.jpg
[2010/05/10 19:34:13 | 000,000,915 | ---- | C] () -- C:\Users\maggie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/05/05 19:25:46 | 000,000,326 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleFormaggie.job
[2010/04/22 22:13:54 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
[2010/04/11 18:26:11 | 000,261,632 | ---- | C] () -- C:\Windows\PEV.exe
[2010/04/06 15:32:11 | 000,001,961 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Digital Editions.lnk
[2010/03/30 21:05:29 | 000,001,804 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/03/27 22:59:54 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/03/27 22:59:54 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/03/27 22:59:54 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010/03/27 22:59:54 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/03/27 22:53:51 | 006,943,170 | ---- | C] () -- C:\Users\maggie\Desktop\tattoo-kiss.mp3
[2010/03/19 22:44:06 | 000,000,820 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/03/19 22:42:01 | 000,000,735 | ---- | C] () -- C:\Users\maggie\Desktop\NTREGOPT.lnk
[2010/03/19 22:42:01 | 000,000,716 | ---- | C] () -- C:\Users\maggie\Desktop\ERUNT.lnk
[2010/03/05 01:16:49 | 000,245,248 | ---- | C] () -- C:\Users\maggie\Documents\anatomy.doc
[2009/11/25 18:26:36 | 000,003,071 | ---- | C] () -- C:\Windows\System32\msexcr.ini
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/04/03 20:12:41 | 000,004,767 | ---- | C] () -- C:\Windows\Irremote.ini
[2007/12/30 06:38:25 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2007/02/27 16:43:02 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/12/20 13:00:12 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2006/12/14 02:01:36 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/12/14 02:01:36 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/03/09 20:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2005/05/07 08:06:00 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2001/11/14 13:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll

========== LOP Check ==========

[2007/12/30 06:46:17 | 000,000,000 | ---D | M] -- C:\Users\maggie\AppData\Roaming\acccore
[2007/12/30 06:32:10 | 000,000,000 | ---D | M] -- C:\Users\maggie\AppData\Roaming\DAEMON Tools
[2010/03/31 21:56:46 | 000,000,000 | ---D | M] -- C:\Users\maggie\AppData\Roaming\Facebook
[2009/03/20 04:40:28 | 000,000,000 | ---D | M] -- C:\Users\maggie\AppData\Roaming\muvee Technologies
[2007/12/30 00:29:36 | 000,000,000 | ---D | M] -- C:\Users\maggie\AppData\Roaming\Nexon
[2007/12/31 13:40:07 | 000,000,000 | ---D | M] -- C:\Users\maggie\AppData\Roaming\PeerNetworking
[2010/01/27 13:08:25 | 000,000,000 | ---D | M] -- C:\Users\maggie\AppData\Roaming\PlayFirst
[2009/03/21 20:06:32 | 000,000,000 | ---D | M] -- C:\Users\maggie\AppData\Roaming\Publish Providers
[2009/03/27 19:31:22 | 000,000,000 | ---D | M] -- C:\Users\maggie\AppData\Roaming\Sony
[2010/01/14 19:50:07 | 000,000,000 | ---D | M] -- C:\Users\maggie\AppData\Roaming\Transparent
[2010/01/27 12:55:40 | 000,000,000 | ---D | M] -- C:\Users\maggie\AppData\Roaming\WildTangent
[2008/02/18 19:32:51 | 000,000,000 | ---D | M] -- C:\Users\maggie\AppData\Roaming\Windows Live Writer
[2010/05/25 16:52:49 | 000,032,584 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2007/04/20 04:22:06 | 000,000,074 | ---- | M] () -- C:\autoexec.bat
[2010/03/23 22:09:59 | 000,000,892 | ---- | M] () -- C:\avenger.txt
[2008/01/19 03:45:45 | 000,333,203 | RHS- | M] () -- C:\bootmgr
[2010/03/27 23:15:27 | 000,019,247 | ---- | M] () -- C:\ComboFix.txt
[2006/09/18 17:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2009/03/27 19:55:52 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/03/16 17:41:55 | 000,001,110 | -H-- | M] () -- C:\IPH.PH
[2010/05/10 19:35:37 | 000,000,109 | ---- | M] () -- C:\mbam-error.txt
[2009/03/27 19:55:52 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/05/25 16:54:17 | 2392,715,264 | -HS- | M] () -- C:\pagefile.sys

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/03/08 07:31:42 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtmsft.dll
[2009/03/08 07:31:37 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtrans.dll
[2008/01/19 03:38:03 | 000,242,744 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2008/01/19 03:36:10 | 000,225,792 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2006/11/02 06:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006/11/02 06:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006/11/02 06:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 06:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 06:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %systemroot%\system32\drivers\*.sys /180 >
[2010/03/12 18:35:45 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2010/03/12 18:36:58 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2010/04/20 18:37:03 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2010/02/20 17:18:40 | 000,411,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\http.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/02/23 07:32:31 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb.sys
[2010/02/23 07:32:36 | 000,212,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb10.sys
[2010/02/23 07:32:33 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb20.sys
[2009/12/11 08:07:30 | 000,301,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\srv.sys
[2009/12/11 08:07:11 | 000,098,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\srvnet.sys
[2010/02/18 10:49:38 | 000,898,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tcpip.sys
[2010/02/18 07:52:00 | 000,025,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tunnel.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 64 bytes -> C:\Users\maggie\Desktop\rar.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\maggie\Desktop\History of the Medieval Knight.avi:TOC.WMV
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:888AFB86

< End of report >

#26
azarl

Posted 26 May 2010 - 01:38 AM

GeekU Admin

Community Leader
25,310 posts

Kaspersky WebScanner
Please do an online scan with Kaspersky WebScanner

Kaspersky online scanner uses JAVA technology to perform the scan. If you do not have the latest JAVA version, follow the instructions below under Upgrading Java, to download and install the latest vision.

Upgrading Java

Download the latest version of Java Runtime Environment (JRE) 6 Update 20.
Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
Click the "Download" button to the right.
Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
Click on Continue.
Click on the link to download Windows Offline Installation (jre-6u18-windows-i586-p.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
Check any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java version.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on the download to install the newest version.(Vista users, right click on the jre-6u18-windows-i586-p.exe and select "Run as an Administrator.")

Running Kaspersky WebScanner

Read through the requirements and privacy statement and click on Accept button.
It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
When the downloads have finished, click on Settings.
Make sure the following is checked.
- Spyware, Adware, Diallers, and other potentially dangerous programs
  Archives
  Mail databases
Click on My Computer under Scan.
Once the scan is complete, it will display the results. Click on View Scan Report.
You will see a list of infected items there. Click on Save Report As....
Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
Please post this log in your next reply.

#27
Cinnamoroll

Posted 26 May 2010 - 09:01 PM

Member

Topic Starter
Member
155 posts

I'm sorry that I didn't post the Kaspersky Webscanner log

I'm going to post it tomorrow.

#28
azarl

Posted 27 May 2010 - 01:27 AM

GeekU Admin

Community Leader
25,310 posts

No probs

#29
Cinnamoroll

Posted 27 May 2010 - 09:21 PM

Member

Topic Starter
Member
155 posts

Kaspersky Web SCanner Log:

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Thursday, May 27, 2010
Operating system: Microsoft Windows Vista Home Premium Edition, 32-bit Service Pack 1 (build 6001)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Thursday, May 27, 2010 17:33:33
Records in database: 4190279
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
H:\

Scan statistics:
Objects scanned: 214435
Threats found: 0
Infected objects found: 0
Suspicious objects found: 0
Scan duration: 06:04:11

No threats found. Scanned area is clean.

Selected area has been scanned.

#30
azarl

Posted 28 May 2010 - 05:27 AM

GeekU Admin

Community Leader
25,310 posts

There's a file I'd like you to upload for checking

Please go to VirSCAN.org FREE on-line scan service
Copy and paste the following file path into the "Suspicious files to scan" box on the top of the page:
- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll
Click on the Upload button
If a pop-up appears saying the file has been scanned already, please select the ReScan button.
Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
Paste the contents of the Clipboard in your next reply.