Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

No Autorun; Alureon, orsam detected [Closed]

Started by Gostchyld , Feb 10 2012 04:09 PM

  • This topic is locked This topic is locked

#31
Crag_Hack
Posted 10 April 2012 - 02:19 PM

Crag_Hack

    Trusted Helper

  • Malware Removal
  • 1,839 posts
Hi Gostchyld, it appears as if you changed your time zone before the most recent OTL scan. This complicates analyzing the OTL log for me. Please change your time zone to one that is 1 hour earlier than what you currently have. Then run and post an OTL quick scan. Afterwards you can change the time zone back to what is was.
  • 0

Advertisements

#32
Gostchyld
Posted 10 April 2012 - 05:03 PM

Gostchyld

    Member

  • Topic Starter
  • Member
  • PipPip
  • 74 posts
Accidentally ran the regular scan first, so I figured I may as well post it. Will run quick scan next and post that as well.
Here is the regular scan:

OTL logfile created on: 4/10/2012 5:49:39 PM - Run 9
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Michele\Desktop\Comp Cleanup
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.96 Gb Total Physical Memory | 0.61 Gb Available Physical Memory | 20.52% Memory free
5.77 Gb Paging File | 3.53 Gb Available in Paging File | 61.20% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 188.93 Gb Total Space | 29.17 Gb Free Space | 15.44% Space Free | Partition Type: NTFS
Drive D: | 29.19 Gb Total Space | 24.80 Gb Free Space | 84.96% Space Free | Partition Type: NTFS
Drive E: | 400.44 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: MGLAPTOP | User Name: Michele | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/03 21:56:42 | 001,224,176 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Michele\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2012/03/17 20:41:04 | 000,742,264 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe
PRC - [2012/02/10 17:40:26 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Michele\Desktop\Comp Cleanup\OTL.exe
PRC - [2011/12/11 01:41:00 | 001,187,072 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2011/12/11 01:40:51 | 002,152,152 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2011/10/27 16:23:10 | 002,743,310 | ---- | M] () -- C:\Program Files\Vidalia Bundle\Tor\tor.exe
PRC - [2011/10/13 18:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/10/12 11:06:14 | 005,407,850 | ---- | M] () -- C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe
PRC - [2011/10/08 22:40:59 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
PRC - [2011/10/04 20:47:48 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/06/15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/05/10 12:02:20 | 000,181,248 | ---- | M] () -- C:\Program Files\Vidalia Bundle\Polipo\polipo.exe
PRC - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2010/11/05 02:29:00 | 000,132,456 | ---- | M] (Lenovo.) -- C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE
PRC - [2010/11/05 02:29:00 | 000,053,248 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe
PRC - [2010/05/04 12:07:22 | 000,503,080 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Update\NASvc.exe
PRC - [2010/04/30 10:47:00 | 000,014,088 | ---- | M] (Memeo) -- C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe
PRC - [2009/07/20 13:30:50 | 000,813,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2009/07/10 13:42:32 | 000,055,824 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
PRC - [2009/06/12 15:59:14 | 004,464,640 | ---- | M] (Lenovo(Beijing)Limited) -- C:\Program Files\Lenovo\Energy Management\utility.exe
PRC - [2009/06/10 18:32:56 | 001,282,048 | ---- | M] (Lenovo (Beijing) Limited) -- C:\Program Files\Lenovo\Energy Management\Energy Management.exe
PRC - [2008/10/14 14:15:08 | 000,032,768 | ---- | M] () -- C:\WINDOWS\BisonC07\BisonM07.exe
PRC - [2008/04/13 17:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/05/28 12:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe


========== Modules (No Company Name) ==========

MOD - [2012/02/17 04:14:21 | 000,539,648 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\1552f18ca434c1dca6d082df476d089a\PresentationFramework.Luna.ni.dll
MOD - [2012/02/17 04:14:18 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\11dcb806c92f55111f5fa9f1a90e3bdd\System.ServiceProcess.ni.dll
MOD - [2012/02/17 04:14:18 | 000,141,312 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\28637135c6939e74450bbbf110b12643\System.Configuration.Install.ni.dll
MOD - [2012/02/17 04:13:56 | 000,771,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\c14e58265386feb509cc61bb5e8dd296\System.Runtime.Remoting.ni.dll
MOD - [2012/02/17 04:13:55 | 000,627,712 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\c0d15fb6308587fef8744d568e64bcda\System.EnterpriseServices.ni.dll
MOD - [2012/02/17 04:13:54 | 000,627,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\f25d114cb629d1f512f98883c6535a75\System.Transactions.ni.dll
MOD - [2012/02/17 04:13:53 | 006,616,576 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\ae888f8633fce3ff1de98e32bce0abbf\System.Data.ni.dll
MOD - [2012/02/17 04:13:19 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ad99ac6b5666edb8ee742dd64f9578af\System.Windows.Forms.ni.dll
MOD - [2012/02/17 04:13:10 | 001,587,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\9351cf29bb1ba951e45a9b3b0edab937\System.Drawing.ni.dll
MOD - [2012/02/17 04:13:05 | 012,215,808 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationCore\0665bba8c9962deadc418881eb3a2a2a\PresentationCore.ni.dll
MOD - [2012/02/17 04:12:50 | 003,325,440 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsBase\174c2f776741812aed02c337bbcd1dae\WindowsBase.ni.dll
MOD - [2012/02/17 04:12:40 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\77e1279cbf4eecfb0284b63316fe43fe\System.Xml.ni.dll
MOD - [2012/02/17 04:12:29 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\94a40f415bfa947e251888bbe88bb973\System.Configuration.ni.dll
MOD - [2012/02/17 04:12:19 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\9e3803cd2a11f056291862e306a8e2b2\System.ni.dll
MOD - [2012/02/17 04:11:29 | 002,933,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2012/02/17 04:11:19 | 000,261,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2012/02/05 13:41:50 | 000,181,616 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libMachoUniv.dll
MOD - [2012/02/05 13:41:48 | 000,210,288 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libBase64.dll
MOD - [2011/12/11 01:42:13 | 000,430,568 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware\VipreBridge.dll
MOD - [2011/12/11 01:41:52 | 000,591,232 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware\RPAPI.dll
MOD - [2011/12/11 01:06:02 | 000,508,776 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\thorax.aaw
MOD - [2011/12/02 08:49:14 | 000,308,560 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware\Vipre.dll
MOD - [2011/10/27 16:23:10 | 002,743,310 | ---- | M] () -- C:\Program Files\Vidalia Bundle\Tor\tor.exe
MOD - [2011/10/14 03:16:38 | 000,060,928 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\888b745ca99d39692c2e9af222e5eae8\UIAutomationProvider.ni.dll
MOD - [2011/10/14 03:15:35 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
MOD - [2011/10/12 11:06:14 | 005,407,850 | ---- | M] () -- C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe
MOD - [2011/10/04 20:47:48 | 001,015,256 | ---- | M] () -- C:\Program Files\Mozilla Firefox\js3250.dll
MOD - [2011/05/10 12:02:20 | 000,181,248 | ---- | M] () -- C:\Program Files\Vidalia Bundle\Polipo\polipo.exe
MOD - [2011/05/10 12:02:20 | 000,076,800 | ---- | M] () -- C:\Program Files\Vidalia Bundle\Polipo\libgnurx-0.dll
MOD - [2011/02/14 17:02:58 | 002,417,664 | ---- | M] () -- C:\Program Files\Vidalia Bundle\Vidalia\QtCore4.dll
MOD - [2010/12/25 23:28:22 | 000,839,680 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data.SQLite\1.0.60.0__db937bc2d44ff139\System.Data.SQLite.dll
MOD - [2010/12/25 23:28:22 | 000,429,080 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Memeo.ShellExtension\4.0.0.114__63b82a8957e80a37\Memeo.ShellExtension.dll
MOD - [2010/11/05 02:29:00 | 000,053,248 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\US\PWRMGRRO.DLL
MOD - [2010/11/05 02:29:00 | 000,053,248 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe
MOD - [2010/11/05 02:29:00 | 000,036,352 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\US\PWRMGRRT.DLL
MOD - [2010/06/24 03:02:41 | 005,279,744 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll
MOD - [2010/03/06 23:31:36 | 000,024,110 | ---- | M] () -- C:\Program Files\Vidalia Bundle\Vidalia\mingwm10.dll
MOD - [2010/02/10 12:36:20 | 009,565,184 | ---- | M] () -- C:\Program Files\Vidalia Bundle\Vidalia\QtGui4.dll
MOD - [2010/02/10 12:11:00 | 001,148,416 | ---- | M] () -- C:\Program Files\Vidalia Bundle\Vidalia\QtNetwork4.dll
MOD - [2010/02/10 12:08:16 | 000,398,336 | ---- | M] () -- C:\Program Files\Vidalia Bundle\Vidalia\QtXml4.dll
MOD - [2009/12/12 19:12:03 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2009/07/20 13:27:14 | 000,017,936 | ---- | M] () -- C:\Program Files\Logitech\SetPoint\khalwrapper.dll
MOD - [2009/06/22 14:42:42 | 000,043,008 | ---- | M] () -- C:\Program Files\Vidalia Bundle\Vidalia\libgcc_s_dw2-1.dll
MOD - [2008/10/14 14:15:08 | 000,032,768 | ---- | M] () -- C:\WINDOWS\BisonC07\BisonM07.exe
MOD - [2008/05/21 20:33:22 | 000,045,056 | ---- | M] () -- C:\Program Files\Lenovo\Energy Management\KbdHook.dll
MOD - [2005/06/24 06:05:02 | 000,045,056 | ---- | M] () -- C:\Program Files\Lenovo\Energy Management\HookLib.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (WD_FireWire_HID)
SRV - [2012/04/07 08:59:19 | 000,253,600 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2011/12/11 01:40:51 | 002,152,152 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011/10/21 16:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/10/13 18:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2011/10/08 22:40:59 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/11/16 02:10:14 | 000,267,568 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe -- (MatSvc)
SRV - [2010/11/05 02:29:00 | 000,132,456 | ---- | M] (Lenovo.) [Auto | Running] -- C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE -- (DozeSvc)
SRV - [2010/11/05 02:29:00 | 000,053,248 | ---- | M] () [Auto | Running] -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe -- (Power Manager DBC Service)
SRV - [2010/05/04 12:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2010/04/30 10:47:00 | 000,014,088 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe -- (SeagateDashboardService)
SRV - [2010/04/22 20:49:38 | 000,025,824 | ---- | M] (Memeo) [Disabled | Stopped] -- C:\Program Files\Memeo\AutoBackupPro\MemeoBackgroundService.exe -- (MemeoBackgroundService)
SRV - [2010/02/17 06:49:35 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/04/02 16:47:04 | 000,234,888 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe -- (ASKUpgrade)
SRV - [2009/04/02 16:47:02 | 000,464,264 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\AskBarDis\bar\bin\AskService.exe -- (ASKService)
SRV - [2008/01/11 20:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2007/05/28 12:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto | Running] -- C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2007/01/04 22:48:50 | 000,112,152 | ---- | M] (InterVideo) [Disabled | Stopped] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2004/09/29 12:14:36 | 000,069,632 | ---- | M] (HP) [Auto | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - [2011/12/02 08:49:14 | 000,064,512 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2011/12/02 08:49:14 | 000,015,232 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2011/10/08 22:40:27 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/10/08 22:40:26 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2011/06/27 11:54:30 | 000,022,640 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- c:\Program Files\PC-Doctor\pcdsrvc.pkms -- (PCDSRVC{3037D694-FD904ACA-06020200}_0)
DRV - [2011/05/17 00:30:35 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ggsemc.sys -- (ggsemc)
DRV - [2011/05/17 00:30:35 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ggflt.sys -- (ggflt)
DRV - [2010/12/13 16:38:07 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\seehcri.sys -- (seehcri)
DRV - [2010/11/05 02:29:00 | 000,024,304 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\DozeHDD.sys -- (DozeHDD)
DRV - [2010/11/05 02:29:00 | 000,004,442 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\TPPWRIF.SYS -- (TPPWRIF)
DRV - [2010/03/22 16:52:59 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)
DRV - [2010/03/22 16:52:57 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2009/12/30 04:25:26 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/12/18 11:58:52 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)
DRV - [2009/11/11 11:14:44 | 000,214,664 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2009/11/11 11:14:44 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2009/11/11 11:14:44 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/11/11 11:14:44 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009/11/11 11:14:12 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2009/11/08 23:21:18 | 000,059,388 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2009/06/17 12:56:32 | 000,028,560 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2009/06/17 12:56:16 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2009/06/17 12:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2009/06/17 12:55:34 | 000,010,384 | ---- | M] (Logitech, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE)
DRV - [2009/05/22 13:33:10 | 001,273,640 | ---- | M] (Bison Electronics. Inc. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BisonC07.sys -- (Cam5607)
DRV - [2009/04/23 13:54:36 | 000,814,592 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CHDAU32.sys -- (CnxtHdAudService)
DRV - [2009/03/25 16:48:00 | 000,114,728 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018mdm.sys -- (s1018mdm)
DRV - [2009/03/25 16:48:00 | 000,109,864 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018unic.sys -- (s1018unic) Sony Ericsson Device 1018 USB Ethernet Emulation (WDM)
DRV - [2009/03/25 16:48:00 | 000,106,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018mgmt.sys -- (s1018mgmt) Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM)
DRV - [2009/03/25 16:48:00 | 000,104,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018obex.sys -- (s1018obex)
DRV - [2009/03/25 16:48:00 | 000,086,824 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018bus.sys -- (s1018bus) Sony Ericsson Device 1018 driver (WDM)
DRV - [2009/03/25 16:48:00 | 000,026,024 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018nd5.sys -- (s1018nd5) Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS)
DRV - [2009/03/25 16:48:00 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018mdfl.sys -- (s1018mdfl)
DRV - [2008/10/23 16:49:18 | 000,187,392 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2008/09/10 22:14:48 | 001,386,624 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2008/03/14 09:23:12 | 000,169,008 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2008/01/11 17:58:42 | 000,009,472 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AcpiVpc.sys -- (ACPIVPC)
DRV - [2008/01/10 13:59:08 | 000,081,192 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WSVD.sys -- (WSVD)
DRV - [2007/07/23 15:04:24 | 000,022,528 | ---- | M] (SoundGenetics) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\aubridge.sys -- (audiobridge)
DRV - [2007/05/23 04:33:58 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2007/04/17 23:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\regi.sys -- (regi)
DRV - [2004/08/04 02:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ [binary data]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F8 1B F2 94 47 28 CB 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Yahoo-FLVTube"
FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.defaultthis.engineName: " "
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.order.1: "Yahoo-FLVTube"
FF - prefs.js..browser.search.selectedEngine: " "
FF - prefs.js..browser.search.selectedEngineURL: "http://flvtubesearch...={searchTerms}"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.7
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.%(version)s
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:3.3.5.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}:6.0.25
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {e0204bd5-9d31-402b-a99d-a6aa8ffebdca}:1.4.4.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}:6.0.30
FF - prefs.js..keyword.URL: "http://bing.zugotool...s&site=Bing&q="
FF - prefs.js..network.proxy.type: 4


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_228.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Michele\Application Data\Move Networks\plugins\npqmp071505000011.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Michele\Application Data\Move Networks\plugins\npqmp071505000011.dll (Move Networks)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\Michele\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\Michele\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Michele\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Michele\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/04 20:47:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/01/14 20:45:32 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Documents and Settings\Michele\Application Data\Move Networks [2010/01/05 02:29:35 | 000,000,000 | ---D | M]

[2010/01/05 02:29:35 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Michele\Application Data\Mozilla\Extensions
[2009/12/26 11:49:12 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Michele\Application Data\Mozilla\Firefox\extensions
[2009/12/26 11:49:13 | 000,000,000 | ---D | M] ("Ask Toolbar for Firefox") -- C:\Documents and Settings\Michele\Application Data\Mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2012/03/01 00:51:49 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Michele\Application Data\Mozilla\Firefox\Profiles\zx1479pg.default\extensions
[2010/05/25 20:45:13 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Michele\Application Data\Mozilla\Firefox\Profiles\zx1479pg.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/07/23 03:01:30 | 000,000,000 | ---D | M] (Zynga Community Toolbar) -- C:\Documents and Settings\Michele\Application Data\Mozilla\Firefox\Profiles\zx1479pg.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
[2011/12/01 23:15:11 | 000,000,000 | ---D | M] (Torbutton) -- C:\Documents and Settings\Michele\Application Data\Mozilla\Firefox\Profiles\zx1479pg.default\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}
[2011/07/23 03:01:29 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\Michele\Application Data\Mozilla\Firefox\Profiles\zx1479pg.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010/10/10 21:14:41 | 000,001,832 | ---- | M] () -- C:\Documents and Settings\Michele\Application Data\Mozilla\Firefox\Profiles\zx1479pg.default\searchplugins\bing.xml
[2010/12/11 20:22:47 | 000,000,863 | ---- | M] () -- C:\Documents and Settings\Michele\Application Data\Mozilla\Firefox\Profiles\zx1479pg.default\searchplugins\conduit.xml
[2012/03/01 00:51:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/14 13:55:06 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/03 05:31:28 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/12/06 09:43:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/05/17 00:29:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
[2011/06/12 02:57:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2012/01/19 22:21:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
[2010/01/05 02:29:35 | 000,000,000 | ---D | M] (Move Media Player) -- C:\DOCUMENTS AND SETTINGS\MICHELE\APPLICATION DATA\MOVE NETWORKS
[2011/05/17 00:29:45 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/11/10 06:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/10/05 04:16:05 | 000,001,175 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\FLVTube.xml.bak

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Michele\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.151\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Michele\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.151\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Michele\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.151\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\Michele\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_228.dll
CHR - plugin: Logitech Device Detection (Enabled) = C:\Documents and Settings\Michele\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\elncikmfipkphghakkmemnlnahadedno\1.24.0.9_0\npLogitechDeviceDetection.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Documents and Settings\Michele\Application Data\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Documents and Settings\Michele\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U30 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll
CHR - plugin: downloadUpdater (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdnu.dll
CHR - plugin: downloadUpdater2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Move Streaming Media Player (Enabled) = C:\Documents and Settings\Michele\Application Data\Move Networks\plugins\npqmp071505000011.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Michele\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - Extension: YouTube = C:\Documents and Settings\Michele\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Documents and Settings\Michele\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Logitech Device Detection = C:\Documents and Settings\Michele\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\elncikmfipkphghakkmemnlnahadedno\1.24.0.9_0\
CHR - Extension: AdBlock = C:\Documents and Settings\Michele\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.15_0\
CHR - Extension: Gmail = C:\Documents and Settings\Michele\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/04/08 19:12:45 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (TBSB05974 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Search Toolbar\tbcore3.dll File not found
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O4 - HKLM..\Run: [BisonMnt] C:\WINDOWS\BisonC07\BisonM07.exe ()
O4 - HKLM..\Run: [Energy Management] C:\Program Files\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
O4 - HKLM..\Run: [EnergyUtility] C:\Program Files\Lenovo\Energy Management\utility.exe (Lenovo(Beijing)Limited)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PWRMGRTR] C:\Program Files\ThinkPad\Utilities\PWRMGRTR.DLL (Lenovo Group Limited)
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [Vidalia] C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O4 - Startup: C:\Documents and Settings\Michele\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {2DAD3559-2923-4935-AD49-B673D2539944} http://www-307.ibm.c...pport/acpir.cab (IASRunner Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1261819129968 (WUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} http://www.superadbl...ivex/sabspx.cab (SABScanProcesses Class)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.syste...el_4.4.24.0.cab (SysInfo Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E352C986-9B29-4289-BE9A-FCB761F2C5F3}: DhcpNameServer = 10.0.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/08/10 13:41:02 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2011/11/21 13:40:41 | 000,000,122 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/04/08 21:50:30 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/04/08 18:48:15 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/04/07 12:07:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michele\My Documents\8floor
[2012/04/07 07:35:57 | 000,418,464 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/04/07 06:36:22 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/04/07 06:36:22 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/04/07 06:36:22 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/04/07 06:36:22 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/04/07 03:21:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michele\My Documents\DOTC
[2012/04/07 02:37:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2012/04/07 02:37:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2012/04/06 01:53:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michele\Application Data\IronCode
[2012/04/06 00:47:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ffdshow
[2012/04/06 00:47:30 | 000,000,000 | ---D | C] -- C:\Program Files\ffdshow
[2012/04/06 00:46:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michele\Start Menu\Programs\ef - a fairy tale of the two
[2012/03/29 22:51:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AIM
[2012/03/29 22:51:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Software Update Utility
[2012/03/25 04:59:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michele\Application Data\Anarchy
[2012/03/21 18:52:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michele\Application Data\Adore Games
[2012/03/21 18:52:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michele\Start Menu\Programs\Adore Puzzle
[2012/03/19 10:39:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michele\My Documents\Sinking Island
[2012/03/18 23:51:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michele\Start Menu\Programs\Fantastic Creations - House of Brass CE
[2010/12/15 18:53:56 | 000,004,096 | ---- | C] ( ) -- C:\WINDOWS\System32\IGFXDEVLib.dll

========== Files - Modified Within 30 Days ==========

[2012/04/09 23:59:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/04/09 23:59:00 | 000,000,466 | ---- | M] () -- C:\WINDOWS\tasks\SystemToolsDailyTest.job
[2012/04/09 23:19:00 | 000,000,888 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/04/09 23:15:00 | 000,000,986 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-4139560822-1196392724-1434190299-1007UA.job
[2012/04/09 20:35:50 | 000,000,304 | ---- | M] () -- C:\WINDOWS\tasks\PMTask.job
[2012/04/09 15:06:12 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2012/04/09 15:05:43 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat
[2012/04/09 15:05:43 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat
[2012/04/09 02:19:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/04/09 01:15:00 | 000,000,934 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-4139560822-1196392724-1434190299-1007Core.job
[2012/04/08 19:47:28 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/04/08 19:36:19 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/04/08 19:29:56 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2012/04/08 19:24:43 | 000,002,048 | ---- | M] () -- C:\WINDOWS\bootstat.dat
[2012/04/08 19:12:45 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/04/07 10:53:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/04/07 08:59:19 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/04/07 08:59:18 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/04/07 06:34:47 | 004,452,287 | R--- | M] (Swearware) -- C:\Documents and Settings\Michele\Desktop\ComboFix.exe
[2012/04/07 03:31:31 | 000,001,760 | ---- | M] () -- C:\Documents and Settings\Michele\Desktop\The Pini Society.lnk
[2012/04/07 03:20:18 | 000,000,877 | ---- | M] () -- C:\Documents and Settings\Michele\Desktop\Defender of the Crown - Heroes Live Forever.lnk
[2012/04/06 23:51:34 | 003,608,064 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/04/06 01:53:47 | 000,001,830 | ---- | M] () -- C:\Documents and Settings\Michele\Desktop\Pahelika Secret Legends.lnk
[2012/04/04 01:29:19 | 000,000,948 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Crazy Machines Complete Collection.lnk
[2012/03/30 04:24:21 | 000,001,864 | ---- | M] () -- C:\Documents and Settings\Michele\Desktop\Aldorlea Tales - Stars of Destiny.lnk
[2012/03/30 04:04:28 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\Michele\Application Data\Microsoft\Internet Explorer\Quick Launch\My Computer.lnk
[2012/03/29 22:51:46 | 000,001,403 | -H-- | M] () -- C:\IPH.PH
[2012/03/29 22:51:38 | 000,001,592 | ---- | M] () -- C:\Documents and Settings\Michele\Application Data\Microsoft\Internet Explorer\Quick Launch\AIM.lnk
[2012/03/29 22:51:38 | 000,001,574 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AIM.lnk
[2012/03/26 23:44:19 | 000,002,533 | ---- | M] () -- C:\Documents and Settings\Michele\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2007.lnk
[2012/03/24 22:15:48 | 000,000,866 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Angry Birds Space.lnk
[2012/03/21 18:52:05 | 000,001,903 | ---- | M] () -- C:\Documents and Settings\Michele\Desktop\Play Over 11.000 Online Games on The Playing Bay.lnk
[2012/03/21 18:52:05 | 000,001,708 | ---- | M] () -- C:\Documents and Settings\Michele\Desktop\Adore Puzzle.lnk
[2012/03/19 10:38:18 | 000,000,838 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Sinking Island.lnk
[2012/03/18 23:51:59 | 000,002,028 | ---- | M] () -- C:\Documents and Settings\Michele\Desktop\Fantastic Creations - House of Brass CE.lnk
[2012/03/17 20:41:06 | 000,000,648 | ---- | M] () -- C:\Documents and Settings\Michele\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2012/03/17 20:41:06 | 000,000,630 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\µTorrent.lnk
[2012/03/16 11:00:07 | 000,000,528 | ---- | M] () -- C:\WINDOWS\tasks\PCDoctorBackgroundMonitorTask.job
[2012/03/14 06:42:47 | 000,532,052 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/03/14 06:42:47 | 000,099,096 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/03/14 03:02:07 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/03/12 04:23:59 | 000,001,842 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Angry Birds Seasons.lnk
[2012/03/12 04:20:07 | 000,002,479 | ---- | M] () -- C:\Documents and Settings\Michele\Desktop\Angry Birds - Christmas Edition - Seasons HD .lnk
[2012/03/12 04:20:07 | 000,002,269 | ---- | M] () -- C:\Documents and Settings\Michele\Desktop\Read Before Install - Use This Key - Foxy Games.lnk
[2012/03/12 04:20:07 | 000,002,205 | ---- | M] () -- C:\Documents and Settings\Michele\Desktop\Download More Free Full Games from FoxyGames.Info.lnk
[2012/03/12 04:20:07 | 000,002,031 | ---- | M] () -- C:\Documents and Settings\Michele\Desktop\Crack Angry Birds.lnk

========== Files Created - No Company Name ==========

[2012/04/07 07:36:00 | 000,000,830 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/04/07 06:36:22 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/04/07 06:36:22 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/04/07 06:36:22 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/04/07 06:36:22 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/04/07 06:36:22 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/04/07 03:31:31 | 000,001,760 | ---- | C] () -- C:\Documents and Settings\Michele\Desktop\The Pini Society.lnk
[2012/04/07 03:20:18 | 000,000,877 | ---- | C] () -- C:\Documents and Settings\Michele\Desktop\Defender of the Crown - Heroes Live Forever.lnk
[2012/04/06 01:53:47 | 000,001,830 | ---- | C] () -- C:\Documents and Settings\Michele\Desktop\Pahelika Secret Legends.lnk
[2012/04/06 00:47:32 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2012/04/04 01:29:19 | 000,000,948 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Crazy Machines Complete Collection.lnk
[2012/03/30 04:24:21 | 000,001,864 | ---- | C] () -- C:\Documents and Settings\Michele\Desktop\Aldorlea Tales - Stars of Destiny.lnk
[2012/03/30 04:04:28 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\Michele\Application Data\Microsoft\Internet Explorer\Quick Launch\My Computer.lnk
[2012/03/24 22:15:48 | 000,000,866 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Angry Birds Space.lnk
[2012/03/21 18:52:05 | 000,001,708 | ---- | C] () -- C:\Documents and Settings\Michele\Desktop\Adore Puzzle.lnk
[2012/03/19 10:38:18 | 000,000,838 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Sinking Island.lnk
[2012/03/18 23:51:59 | 000,002,028 | ---- | C] () -- C:\Documents and Settings\Michele\Desktop\Fantastic Creations - House of Brass CE.lnk
[2012/03/12 04:23:59 | 000,001,842 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Angry Birds Seasons.lnk
[2012/03/12 04:20:07 | 000,002,479 | ---- | C] () -- C:\Documents and Settings\Michele\Desktop\Angry Birds - Christmas Edition - Seasons HD .lnk
[2012/03/12 04:20:07 | 000,002,269 | ---- | C] () -- C:\Documents and Settings\Michele\Desktop\Read Before Install - Use This Key - Foxy Games.lnk
[2012/03/12 04:20:07 | 000,002,205 | ---- | C] () -- C:\Documents and Settings\Michele\Desktop\Download More Free Full Games from FoxyGames.Info.lnk
[2012/03/12 04:20:07 | 000,002,031 | ---- | C] () -- C:\Documents and Settings\Michele\Desktop\Crack Angry Birds.lnk
[2012/02/20 00:31:47 | 000,016,432 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2012/02/17 01:02:21 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/01/11 04:21:16 | 001,492,920 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/09/13 01:20:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Captive.INI
[2011/08/14 20:20:09 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/07/11 18:02:27 | 000,113,040 | ---- | C] () -- C:\WINDOWS\hpoins07.dat
[2011/07/11 18:02:27 | 000,021,124 | ---- | C] () -- C:\WINDOWS\hpomdl07.dat
[2011/06/03 23:45:35 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/06/03 23:45:35 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2011/06/01 06:06:51 | 000,069,632 | R--- | C] () -- C:\WINDOWS\System32\xmltok.dll
[2011/06/01 06:06:51 | 000,036,864 | R--- | C] () -- C:\WINDOWS\System32\xmlparse.dll
[2011/05/18 18:42:02 | 000,027,136 | ---- | C] () -- C:\WINDOWS\System32\QTUninst.dll
[2011/02/23 07:41:52 | 000,000,346 | ---- | C] () -- C:\WINDOWS\QTW.ini
[2011/01/30 08:11:49 | 000,087,040 | ---- | C] () -- C:\WINDOWS\UnGins.exe
[2011/01/30 08:11:48 | 000,473,600 | ---- | C] () -- C:\WINDOWS\System32\Harmony.dll
[2011/01/30 08:11:48 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\Unlha32.dll
[2011/01/30 06:51:46 | 000,084,360 | ---- | C] () -- C:\WINDOWS\gamedelete.exe
[2010/12/15 18:53:55 | 000,000,151 | ---- | C] () -- C:\WINDOWS\System32\GfxUI.exe.config
[2010/12/10 23:52:47 | 000,196,608 | ---- | C] () -- C:\WINDOWS\PWMBTHLP.EXE
[2010/12/10 23:52:46 | 000,004,442 | ---- | C] () -- C:\WINDOWS\System32\drivers\TPPWRIF.SYS
[2010/12/07 17:58:00 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\pool.bin
[2010/12/05 12:22:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Shadow.INI
[2010/12/03 08:20:48 | 000,036,734 | ---- | C] () -- C:\WINDOWS\System32\OggDSuninst.exe
[2010/11/24 23:43:22 | 000,000,029 | ---- | C] () -- C:\WINDOWS\JMAN.INI
[2010/11/05 23:42:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2010/10/30 11:47:48 | 000,000,534 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2010/10/16 07:20:36 | 000,000,550 | ---- | C] () -- C:\Documents and Settings\Michele\Application Data\prefsdb.dat
[2010/10/05 04:21:39 | 000,000,037 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010/09/10 01:02:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Twister.INI
[2010/09/07 18:59:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Secrets.INI
[2010/08/23 16:45:44 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2010/07/24 14:16:09 | 000,003,054 | ---- | C] () -- C:\WINDOWS\CDPlayer.ini
[2010/07/20 14:21:37 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Adojusucamunu.dat
[2010/07/20 14:21:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Tcedifohahuroze.bin
[2010/04/22 21:06:16 | 000,000,190 | ---- | C] () -- C:\WINDOWS\settings.ini
[2010/03/24 21:47:11 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2010/03/23 00:44:34 | 000,046,080 | ---- | C] () -- C:\Documents and Settings\Michele\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/21 03:29:51 | 000,281,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2010/01/21 03:29:47 | 000,025,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2010/01/15 07:52:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\game.INI
[2010/01/14 00:01:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Curses.INI
[2010/01/13 18:44:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Waverly.INI
[2010/01/12 02:47:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Ransom.INI
[2010/01/10 09:04:07 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010/01/08 18:45:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\CastleMalloy.INI
[2010/01/05 02:28:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/12/30 04:37:55 | 000,000,032 | ---- | C] () -- C:\WINDOWS\CD_Start.INI
[2009/09/14 18:26:02 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009/09/14 18:15:26 | 000,015,190 | ---- | C] () -- C:\WINDOWS\M3000Twn.ini
[2009/09/14 18:14:12 | 000,982,240 | ---- | C] () -- C:\WINDOWS\System32\igkrng500.bin
[2009/09/14 18:14:11 | 000,439,308 | ---- | C] () -- C:\WINDOWS\System32\igcompkrng500.bin
[2009/09/14 18:14:11 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v5002.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/02/05 16:46:04 | 000,069,632 | ---- | C] () -- C:\WINDOWS\Memeo.ShellExtension.WicIO.dll
[2006/08/10 13:52:50 | 000,002,048 | ---- | C] () -- C:\WINDOWS\bootstat.dat
[2006/08/10 13:37:24 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/08/10 13:31:50 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/08/10 13:30:34 | 003,608,064 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/03/29 16:54:25 | 000,001,322 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/08/04 16:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 16:00:00 | 000,532,052 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 16:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 16:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 16:00:00 | 000,099,096 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 16:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 16:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 16:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 16:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 16:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2002/10/06 14:42:57 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2002/10/04 19:04:25 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll
[2002/10/04 19:04:24 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2002/10/04 19:04:17 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2001/10/09 21:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/10/09 20:59:00 | 000,004,492 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/07/06 15:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

< End of report >


Here is the quick scan

OTL logfile created on: 4/10/2012 5:59:21 PM - Run 9
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Michele\Desktop\Comp Cleanup
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.96 Gb Total Physical Memory | 0.58 Gb Available Physical Memory | 19.58% Memory free
5.77 Gb Paging File | 3.51 Gb Available in Paging File | 60.92% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 188.93 Gb Total Space | 29.17 Gb Free Space | 15.44% Space Free | Partition Type: NTFS
Drive D: | 29.19 Gb Total Space | 24.80 Gb Free Space | 84.96% Space Free | Partition Type: NTFS
Drive E: | 400.44 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: MGLAPTOP | User Name: Michele | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/03 21:56:42 | 001,224,176 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Michele\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2012/03/17 20:41:04 | 000,742,264 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe
PRC - [2012/02/10 17:40:26 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Michele\Desktop\Comp Cleanup\OTL.exe
PRC - [2011/12/11 01:41:00 | 001,187,072 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2011/12/11 01:40:51 | 002,152,152 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2011/10/27 16:23:10 | 002,743,310 | ---- | M] () -- C:\Program Files\Vidalia Bundle\Tor\tor.exe
PRC - [2011/10/13 18:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/10/12 11:06:14 | 005,407,850 | ---- | M] () -- C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe
PRC - [2011/10/08 22:40:59 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
PRC - [2011/10/04 20:47:48 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/06/15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/05/10 12:02:20 | 000,181,248 | ---- | M] () -- C:\Program Files\Vidalia Bundle\Polipo\polipo.exe
PRC - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2010/11/05 02:29:00 | 000,132,456 | ---- | M] (Lenovo.) -- C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE
PRC - [2010/11/05 02:29:00 | 000,053,248 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe
PRC - [2010/05/04 12:07:22 | 000,503,080 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Update\NASvc.exe
PRC - [2010/04/30 10:47:00 | 000,014,088 | ---- | M] (Memeo) -- C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe
PRC - [2009/07/20 13:30:50 | 000,813,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2009/07/10 13:42:32 | 000,055,824 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
PRC - [2009/06/12 15:59:14 | 004,464,640 | ---- | M] (Lenovo(Beijing)Limited) -- C:\Program Files\Lenovo\Energy Management\utility.exe
PRC - [2009/06/10 18:32:56 | 001,282,048 | ---- | M] (Lenovo (Beijing) Limited) -- C:\Program Files\Lenovo\Energy Management\Energy Management.exe
PRC - [2008/10/14 14:15:08 | 000,032,768 | ---- | M] () -- C:\WINDOWS\BisonC07\BisonM07.exe
PRC - [2008/04/13 17:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/05/28 12:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe


========== Modules (No Company Name) ==========

MOD - [2012/02/17 04:14:21 | 000,539,648 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\1552f18ca434c1dca6d082df476d089a\PresentationFramework.Luna.ni.dll
MOD - [2012/02/17 04:14:18 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\11dcb806c92f55111f5fa9f1a90e3bdd\System.ServiceProcess.ni.dll
MOD - [2012/02/17 04:14:18 | 000,141,312 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\28637135c6939e74450bbbf110b12643\System.Configuration.Install.ni.dll
MOD - [2012/02/17 04:13:56 | 000,771,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\c14e58265386feb509cc61bb5e8dd296\System.Runtime.Remoting.ni.dll
MOD - [2012/02/17 04:13:55 | 000,627,712 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\c0d15fb6308587fef8744d568e64bcda\System.EnterpriseServices.ni.dll
MOD - [2012/02/17 04:13:54 | 000,627,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\f25d114cb629d1f512f98883c6535a75\System.Transactions.ni.dll
MOD - [2012/02/17 04:13:53 | 006,616,576 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\ae888f8633fce3ff1de98e32bce0abbf\System.Data.ni.dll
MOD - [2012/02/17 04:13:19 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ad99ac6b5666edb8ee742dd64f9578af\System.Windows.Forms.ni.dll
MOD - [2012/02/17 04:13:10 | 001,587,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\9351cf29bb1ba951e45a9b3b0edab937\System.Drawing.ni.dll
MOD - [2012/02/17 04:13:05 | 012,215,808 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationCore\0665bba8c9962deadc418881eb3a2a2a\PresentationCore.ni.dll
MOD - [2012/02/17 04:12:50 | 003,325,440 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsBase\174c2f776741812aed02c337bbcd1dae\WindowsBase.ni.dll
MOD - [2012/02/17 04:12:40 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\77e1279cbf4eecfb0284b63316fe43fe\System.Xml.ni.dll
MOD - [2012/02/17 04:12:29 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\94a40f415bfa947e251888bbe88bb973\System.Configuration.ni.dll
MOD - [2012/02/17 04:12:19 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\9e3803cd2a11f056291862e306a8e2b2\System.ni.dll
MOD - [2012/02/17 04:11:29 | 002,933,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2012/02/17 04:11:19 | 000,261,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2012/02/05 13:41:50 | 000,181,616 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libMachoUniv.dll
MOD - [2012/02/05 13:41:48 | 000,210,288 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libBase64.dll
MOD - [2011/12/11 01:42:13 | 000,430,568 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware\VipreBridge.dll
MOD - [2011/12/11 01:41:52 | 000,591,232 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware\RPAPI.dll
MOD - [2011/12/11 01:06:02 | 000,508,776 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\thorax.aaw
MOD - [2011/12/02 08:49:14 | 000,308,560 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware\Vipre.dll
MOD - [2011/10/27 16:23:10 | 002,743,310 | ---- | M] () -- C:\Program Files\Vidalia Bundle\Tor\tor.exe
MOD - [2011/10/14 03:16:38 | 000,060,928 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\888b745ca99d39692c2e9af222e5eae8\UIAutomationProvider.ni.dll
MOD - [2011/10/14 03:15:35 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
MOD - [2011/10/12 11:06:14 | 005,407,850 | ---- | M] () -- C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe
MOD - [2011/10/04 20:47:48 | 001,015,256 | ---- | M] () -- C:\Program Files\Mozilla Firefox\js3250.dll
MOD - [2011/05/10 12:02:20 | 000,181,248 | ---- | M] () -- C:\Program Files\Vidalia Bundle\Polipo\polipo.exe
MOD - [2011/05/10 12:02:20 | 000,076,800 | ---- | M] () -- C:\Program Files\Vidalia Bundle\Polipo\libgnurx-0.dll
MOD - [2011/02/14 17:02:58 | 002,417,664 | ---- | M] () -- C:\Program Files\Vidalia Bundle\Vidalia\QtCore4.dll
MOD - [2010/12/25 23:28:22 | 000,839,680 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data.SQLite\1.0.60.0__db937bc2d44ff139\System.Data.SQLite.dll
MOD - [2010/12/25 23:28:22 | 000,429,080 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Memeo.ShellExtension\4.0.0.114__63b82a8957e80a37\Memeo.ShellExtension.dll
MOD - [2010/11/05 02:29:00 | 000,053,248 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\US\PWRMGRRO.DLL
MOD - [2010/11/05 02:29:00 | 000,053,248 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe
MOD - [2010/11/05 02:29:00 | 000,036,352 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\US\PWRMGRRT.DLL
MOD - [2010/06/24 03:02:41 | 005,279,744 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll
MOD - [2010/03/06 23:31:36 | 000,024,110 | ---- | M] () -- C:\Program Files\Vidalia Bundle\Vidalia\mingwm10.dll
MOD - [2010/02/10 12:36:20 | 009,565,184 | ---- | M] () -- C:\Program Files\Vidalia Bundle\Vidalia\QtGui4.dll
MOD - [2010/02/10 12:11:00 | 001,148,416 | ---- | M] () -- C:\Program Files\Vidalia Bundle\Vidalia\QtNetwork4.dll
MOD - [2010/02/10 12:08:16 | 000,398,336 | ---- | M] () -- C:\Program Files\Vidalia Bundle\Vidalia\QtXml4.dll
MOD - [2009/12/12 19:12:03 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2009/07/20 13:27:14 | 000,017,936 | ---- | M] () -- C:\Program Files\Logitech\SetPoint\khalwrapper.dll
MOD - [2009/06/22 14:42:42 | 000,043,008 | ---- | M] () -- C:\Program Files\Vidalia Bundle\Vidalia\libgcc_s_dw2-1.dll
MOD - [2008/10/14 14:15:08 | 000,032,768 | ---- | M] () -- C:\WINDOWS\BisonC07\BisonM07.exe
MOD - [2008/05/21 20:33:22 | 000,045,056 | ---- | M] () -- C:\Program Files\Lenovo\Energy Management\KbdHook.dll
MOD - [2005/06/24 06:05:02 | 000,045,056 | ---- | M] () -- C:\Program Files\Lenovo\Energy Management\HookLib.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (WD_FireWire_HID)
SRV - [2012/04/07 08:59:19 | 000,253,600 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2011/12/11 01:40:51 | 002,152,152 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011/10/21 16:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/10/13 18:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2011/10/08 22:40:59 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/11/16 02:10:14 | 000,267,568 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe -- (MatSvc)
SRV - [2010/11/05 02:29:00 | 000,132,456 | ---- | M] (Lenovo.) [Auto | Running] -- C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE -- (DozeSvc)
SRV - [2010/11/05 02:29:00 | 000,053,248 | ---- | M] () [Auto | Running] -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe -- (Power Manager DBC Service)
SRV - [2010/05/04 12:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2010/04/30 10:47:00 | 000,014,088 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe -- (SeagateDashboardService)
SRV - [2010/04/22 20:49:38 | 000,025,824 | ---- | M] (Memeo) [Disabled | Stopped] -- C:\Program Files\Memeo\AutoBackupPro\MemeoBackgroundService.exe -- (MemeoBackgroundService)
SRV - [2010/02/17 06:49:35 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/04/02 16:47:04 | 000,234,888 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe -- (ASKUpgrade)
SRV - [2009/04/02 16:47:02 | 000,464,264 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\AskBarDis\bar\bin\AskService.exe -- (ASKService)
SRV - [2008/01/11 20:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2007/05/28 12:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto | Running] -- C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2007/01/04 22:48:50 | 000,112,152 | ---- | M] (InterVideo) [Disabled | Stopped] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2004/09/29 12:14:36 | 000,069,632 | ---- | M] (HP) [Auto | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - [2011/12/02 08:49:14 | 000,064,512 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2011/12/02 08:49:14 | 000,015,232 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2011/10/08 22:40:27 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/10/08 22:40:26 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2011/06/27 11:54:30 | 000,022,640 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- c:\Program Files\PC-Doctor\pcdsrvc.pkms -- (PCDSRVC{3037D694-FD904ACA-06020200}_0)
DRV - [2011/05/17 00:30:35 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ggsemc.sys -- (ggsemc)
DRV - [2011/05/17 00:30:35 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ggflt.sys -- (ggflt)
DRV - [2010/12/13 16:38:07 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\seehcri.sys -- (seehcri)
DRV - [2010/11/05 02:29:00 | 000,024,304 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\DozeHDD.sys -- (DozeHDD)
DRV - [2010/11/05 02:29:00 | 000,004,442 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\TPPWRIF.SYS -- (TPPWRIF)
DRV - [2010/03/22 16:52:59 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)
DRV - [2010/03/22 16:52:57 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2009/12/30 04:25:26 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/12/18 11:58:52 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)
DRV - [2009/11/11 11:14:44 | 000,214,664 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2009/11/11 11:14:44 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2009/11/11 11:14:44 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/11/11 11:14:44 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009/11/11 11:14:12 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2009/11/08 23:21:18 | 000,059,388 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2009/06/17 12:56:32 | 000,028,560 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2009/06/17 12:56:16 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2009/06/17 12:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2009/06/17 12:55:34 | 000,010,384 | ---- | M] (Logitech, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE)
DRV - [2009/05/22 13:33:10 | 001,273,640 | ---- | M] (Bison Electronics. Inc. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BisonC07.sys -- (Cam5607)
DRV - [2009/04/23 13:54:36 | 000,814,592 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CHDAU32.sys -- (CnxtHdAudService)
DRV - [2009/03/25 16:48:00 | 000,114,728 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018mdm.sys -- (s1018mdm)
DRV - [2009/03/25 16:48:00 | 000,109,864 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018unic.sys -- (s1018unic) Sony Ericsson Device 1018 USB Ethernet Emulation (WDM)
DRV - [2009/03/25 16:48:00 | 000,106,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018mgmt.sys -- (s1018mgmt) Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM)
DRV - [2009/03/25 16:48:00 | 000,104,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018obex.sys -- (s1018obex)
DRV - [2009/03/25 16:48:00 | 000,086,824 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018bus.sys -- (s1018bus) Sony Ericsson Device 1018 driver (WDM)
DRV - [2009/03/25 16:48:00 | 000,026,024 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018nd5.sys -- (s1018nd5) Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS)
DRV - [2009/03/25 16:48:00 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018mdfl.sys -- (s1018mdfl)
DRV - [2008/10/23 16:49:18 | 000,187,392 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2008/09/10 22:14:48 | 001,386,624 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2008/03/14 09:23:12 | 000,169,008 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2008/01/11 17:58:42 | 000,009,472 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AcpiVpc.sys -- (ACPIVPC)
DRV - [2008/01/10 13:59:08 | 000,081,192 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WSVD.sys -- (WSVD)
DRV - [2007/07/23 15:04:24 | 000,022,528 | ---- | M] (SoundGenetics) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\aubridge.sys -- (audiobridge)
DRV - [2007/05/23 04:33:58 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2007/04/17 23:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\regi.sys -- (regi)
DRV - [2004/08/04 02:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ [binary data]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F8 1B F2 94 47 28 CB 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Yahoo-FLVTube"
FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.defaultthis.engineName: " "
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.order.1: "Yahoo-FLVTube"
FF - prefs.js..browser.search.selectedEngine: " "
FF - prefs.js..browser.search.selectedEngineURL: "http://flvtubesearch...={searchTerms}"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.7
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.%(version)s
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:3.3.5.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}:6.0.25
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {e0204bd5-9d31-402b-a99d-a6aa8ffebdca}:1.4.4.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}:6.0.30
FF - prefs.js..keyword.URL: "http://bing.zugotool...s&site=Bing&q="
FF - prefs.js..network.proxy.type: 4


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_228.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Michele\Application Data\Move Networks\plugins\npqmp071505000011.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Michele\Application Data\Move Networks\plugins\npqmp071505000011.dll (Move Networks)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\Michele\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\Michele\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Michele\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Michele\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/04 20:47:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/01/14 20:45:32 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Documents and Settings\Michele\Application Data\Move Networks [2010/01/05 02:29:35 | 000,000,000 | ---D | M]

[2010/01/05 02:29:35 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Michele\Application Data\Mozilla\Extensions
[2009/12/26 11:49:12 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Michele\Application Data\Mozilla\Firefox\extensions
[2009/12/26 11:49:13 | 000,000,000 | ---D | M] ("Ask Toolbar for Firefox") -- C:\Documents and Settings\Michele\Application Data\Mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2012/03/01 00:51:49 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Michele\Application Data\Mozilla\Firefox\Profiles\zx1479pg.default\extensions
[2010/05/25 20:45:13 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Michele\Application Data\Mozilla\Firefox\Profiles\zx1479pg.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/07/23 03:01:30 | 000,000,000 | ---D | M] (Zynga Community Toolbar) -- C:\Documents and Settings\Michele\Application Data\Mozilla\Firefox\Profiles\zx1479pg.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
[2011/12/01 23:15:11 | 000,000,000 | ---D | M] (Torbutton) -- C:\Documents and Settings\Michele\Application Data\Mozilla\Firefox\Profiles\zx1479pg.default\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}
[2011/07/23 03:01:29 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\Michele\Application Data\Mozilla\Firefox\Profiles\zx1479pg.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010/10/10 21:14:41 | 000,001,832 | ---- | M] () -- C:\Documents and Settings\Michele\Application Data\Mozilla\Firefox\Profiles\zx1479pg.default\searchplugins\bing.xml
[2010/12/11 20:22:47 | 000,000,863 | ---- | M] () -- C:\Documents and Settings\Michele\Application Data\Mozilla\Firefox\Profiles\zx1479pg.default\searchplugins\conduit.xml
[2012/03/01 00:51:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/14 13:55:06 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/03 05:31:28 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/12/06 09:43:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/05/17 00:29:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
[2011/06/12 02:57:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2012/01/19 22:21:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
[2010/01/05 02:29:35 | 000,000,000 | ---D | M] (Move Media Player) -- C:\DOCUMENTS AND SETTINGS\MICHELE\APPLICATION DATA\MOVE NETWORKS
[2011/05/17 00:29:45 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/11/10 06:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/10/05 04:16:05 | 000,001,175 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\FLVTube.xml.bak

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Michele\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.151\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Michele\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.151\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Michele\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.151\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\Michele\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_228.dll
CHR - plugin: Logitech Device Detection (Enabled) = C:\Documents and Settings\Michele\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\elncikmfipkphghakkmemnlnahadedno\1.24.0.9_0\npLogitechDeviceDetection.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Documents and Settings\Michele\Application Data\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Documents and Settings\Michele\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U30 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll
CHR - plugin: downloadUpdater (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdnu.dll
CHR - plugin: downloadUpdater2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Move Streaming Media Player (Enabled) = C:\Documents and Settings\Michele\Application Data\Move Networks\plugins\npqmp071505000011.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Michele\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - Extension: YouTube = C:\Documents and Settings\Michele\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Documents and Settings\Michele\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Logitech Device Detection = C:\Documents and Settings\Michele\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\elncikmfipkphghakkmemnlnahadedno\1.24.0.9_0\
CHR - Extension: AdBlock = C:\Documents and Settings\Michele\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.15_0\
CHR - Extension: Gmail = C:\Documents and Settings\Michele\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/04/08 19:12:45 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (TBSB05974 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Search Toolbar\tbcore3.dll File not found
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O4 - HKLM..\Run: [BisonMnt] C:\WINDOWS\BisonC07\BisonM07.exe ()
O4 - HKLM..\Run: [Energy Management] C:\Program Files\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
O4 - HKLM..\Run: [EnergyUtility] C:\Program Files\Lenovo\Energy Management\utility.exe (Lenovo(Beijing)Limited)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PWRMGRTR] C:\Program Files\ThinkPad\Utilities\PWRMGRTR.DLL (Lenovo Group Limited)
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [Vidalia] C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O4 - Startup: C:\Documents and Settings\Michele\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {2DAD3559-2923-4935-AD49-B673D2539944} http://www-307.ibm.c...pport/acpir.cab (IASRunner Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1261819129968 (WUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} http://www.superadbl...ivex/sabspx.cab (SABScanProcesses Class)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.syste...el_4.4.24.0.cab (SysInfo Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E352C986-9B29-4289-BE9A-FCB761F2C5F3}: DhcpNameServer = 10.0.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/08/10 13:41:02 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2011/11/21 13:40:41 | 000,000,122 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/04/08 21:50:30 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/04/08 18:48:15 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/04/07 12:07:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michele\My Documents\8floor
[2012/04/07 06:36:22 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/04/07 06:36:22 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/04/07 06:36:22 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/04/07 06:36:22 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/04/07 03:21:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michele\My Documents\DOTC
[2012/04/07 02:37:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2012/04/07 02:37:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2012/04/06 01:53:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michele\Application Data\IronCode
[2012/04/06 00:47:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ffdshow
[2012/04/06 00:47:30 | 000,000,000 | ---D | C] -- C:\Program Files\ffdshow
[2012/04/06 00:46:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michele\Start Menu\Programs\ef - a fairy tale of the two
[2012/03/29 22:51:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AIM
[2012/03/29 22:51:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Software Update Utility
[2012/03/25 04:59:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michele\Application Data\Anarchy
[2012/03/21 18:52:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michele\Application Data\Adore Games
[2012/03/21 18:52:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michele\Start Menu\Programs\Adore Puzzle
[2012/03/19 10:39:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michele\My Documents\Sinking Island
[2012/03/18 23:51:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michele\Start Menu\Programs\Fantastic Creations - House of Brass CE
[2010/12/15 18:53:56 | 000,004,096 | ---- | C] ( ) -- C:\WINDOWS\System32\IGFXDEVLib.dll

========== Files - Modified Within 30 Days ==========

[2012/04/09 23:59:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/04/09 23:59:00 | 000,000,466 | ---- | M] () -- C:\WINDOWS\tasks\SystemToolsDailyTest.job
[2012/04/09 23:19:00 | 000,000,888 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/04/09 23:15:00 | 000,000,986 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-4139560822-1196392724-1434190299-1007UA.job
[2012/04/09 20:35:50 | 000,000,304 | ---- | M] () -- C:\WINDOWS\tasks\PMTask.job
[2012/04/09 15:06:12 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2012/04/09 15:05:43 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat
[2012/04/09 15:05:43 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat
[2012/04/09 02:19:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/04/09 01:15:00 | 000,000,934 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-4139560822-1196392724-1434190299-1007Core.job
[2012/04/08 19:47:28 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/04/08 19:36:19 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/04/08 19:29:56 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2012/04/08 19:24:43 | 000,002,048 | ---- | M] () -- C:\WINDOWS\bootstat.dat
[2012/04/08 19:12:45 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/04/07 10:53:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/04/07 06:34:47 | 004,452,287 | R--- | M] (Swearware) -- C:\Documents and Settings\Michele\Desktop\ComboFix.exe
[2012/04/07 03:31:31 | 000,001,760 | ---- | M] () -- C:\Documents and Settings\Michele\Desktop\The Pini Society.lnk
[2012/04/07 03:20:18 | 000,000,877 | ---- | M] () -- C:\Documents and Settings\Michele\Desktop\Defender of the Crown - Heroes Live Forever.lnk
[2012/04/06 23:51:34 | 003,608,064 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/04/06 01:53:47 | 000,001,830 | ---- | M] () -- C:\Documents and Settings\Michele\Desktop\Pahelika Secret Legends.lnk
[2012/04/04 01:29:19 | 000,000,948 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Crazy Machines Complete Collection.lnk
[2012/03/30 04:24:21 | 000,001,864 | ---- | M] () -- C:\Documents and Settings\Michele\Desktop\Aldorlea Tales - Stars of Destiny.lnk
[2012/03/30 04:04:28 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\Michele\Application Data\Microsoft\Internet Explorer\Quick Launch\My Computer.lnk
[2012/03/29 22:51:46 | 000,001,403 | -H-- | M] () -- C:\IPH.PH
[2012/03/29 22:51:38 | 000,001,592 | ---- | M] () -- C:\Documents and Settings\Michele\Application Data\Microsoft\Internet Explorer\Quick Launch\AIM.lnk
[2012/03/29 22:51:38 | 000,001,574 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AIM.lnk
[2012/03/26 23:44:19 | 000,002,533 | ---- | M] () -- C:\Documents and Settings\Michele\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2007.lnk
[2012/03/24 22:15:48 | 000,000,866 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Angry Birds Space.lnk
[2012/03/21 18:52:05 | 000,001,903 | ---- | M] () -- C:\Documents and Settings\Michele\Desktop\Play Over 11.000 Online Games on The Playing Bay.lnk
[2012/03/21 18:52:05 | 000,001,708 | ---- | M] () -- C:\Documents and Settings\Michele\Desktop\Adore Puzzle.lnk
[2012/03/19 10:38:18 | 000,000,838 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Sinking Island.lnk
[2012/03/18 23:51:59 | 000,002,028 | ---- | M] () -- C:\Documents and Settings\Michele\Desktop\Fantastic Creations - House of Brass CE.lnk
[2012/03/17 20:41:06 | 000,000,648 | ---- | M] () -- C:\Documents and Settings\Michele\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2012/03/17 20:41:06 | 000,000,630 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\µTorrent.lnk
[2012/03/16 11:00:07 | 000,000,528 | ---- | M] () -- C:\WINDOWS\tasks\PCDoctorBackgroundMonitorTask.job
[2012/03/14 06:42:47 | 000,532,052 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/03/14 06:42:47 | 000,099,096 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/03/14 03:02:07 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/03/12 04:23:59 | 000,001,842 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Angry Birds Seasons.lnk
[2012/03/12 04:20:07 | 000,002,479 | ---- | M] () -- C:\Documents and Settings\Michele\Desktop\Angry Birds - Christmas Edition - Seasons HD .lnk
[2012/03/12 04:20:07 | 000,002,269 | ---- | M] () -- C:\Documents and Settings\Michele\Desktop\Read Before Install - Use This Key - Foxy Games.lnk
[2012/03/12 04:20:07 | 000,002,205 | ---- | M] () -- C:\Documents and Settings\Michele\Desktop\Download More Free Full Games from FoxyGames.Info.lnk
[2012/03/12 04:20:07 | 000,002,031 | ---- | M] () -- C:\Documents and Settings\Michele\Desktop\Crack Angry Birds.lnk

========== Files Created - No Company Name ==========

[2012/04/07 07:36:00 | 000,000,830 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/04/07 06:36:22 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/04/07 06:36:22 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/04/07 06:36:22 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/04/07 06:36:22 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/04/07 06:36:22 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/04/07 03:31:31 | 000,001,760 | ---- | C] () -- C:\Documents and Settings\Michele\Desktop\The Pini Society.lnk
[2012/04/07 03:20:18 | 000,000,877 | ---- | C] () -- C:\Documents and Settings\Michele\Desktop\Defender of the Crown - Heroes Live Forever.lnk
[2012/04/06 01:53:47 | 000,001,830 | ---- | C] () -- C:\Documents and Settings\Michele\Desktop\Pahelika Secret Legends.lnk
[2012/04/06 00:47:32 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2012/04/04 01:29:19 | 000,000,948 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Crazy Machines Complete Collection.lnk
[2012/03/30 04:24:21 | 000,001,864 | ---- | C] () -- C:\Documents and Settings\Michele\Desktop\Aldorlea Tales - Stars of Destiny.lnk
[2012/03/30 04:04:28 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\Michele\Application Data\Microsoft\Internet Explorer\Quick Launch\My Computer.lnk
[2012/03/24 22:15:48 | 000,000,866 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Angry Birds Space.lnk
[2012/03/21 18:52:05 | 000,001,708 | ---- | C] () -- C:\Documents and Settings\Michele\Desktop\Adore Puzzle.lnk
[2012/03/19 10:38:18 | 000,000,838 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Sinking Island.lnk
[2012/03/18 23:51:59 | 000,002,028 | ---- | C] () -- C:\Documents and Settings\Michele\Desktop\Fantastic Creations - House of Brass CE.lnk
[2012/03/12 04:23:59 | 000,001,842 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Angry Birds Seasons.lnk
[2012/03/12 04:20:07 | 000,002,479 | ---- | C] () -- C:\Documents and Settings\Michele\Desktop\Angry Birds - Christmas Edition - Seasons HD .lnk
[2012/03/12 04:20:07 | 000,002,269 | ---- | C] () -- C:\Documents and Settings\Michele\Desktop\Read Before Install - Use This Key - Foxy Games.lnk
[2012/03/12 04:20:07 | 000,002,205 | ---- | C] () -- C:\Documents and Settings\Michele\Desktop\Download More Free Full Games from FoxyGames.Info.lnk
[2012/03/12 04:20:07 | 000,002,031 | ---- | C] () -- C:\Documents and Settings\Michele\Desktop\Crack Angry Birds.lnk
[2012/02/20 00:31:47 | 000,016,432 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2012/02/17 01:02:21 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/01/11 04:21:16 | 001,492,920 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/09/13 01:20:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Captive.INI
[2011/08/14 20:20:09 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/07/11 18:02:27 | 000,113,040 | ---- | C] () -- C:\WINDOWS\hpoins07.dat
[2011/07/11 18:02:27 | 000,021,124 | ---- | C] () -- C:\WINDOWS\hpomdl07.dat
[2011/06/03 23:45:35 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/06/03 23:45:35 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2011/06/01 06:06:51 | 000,069,632 | R--- | C] () -- C:\WINDOWS\System32\xmltok.dll
[2011/06/01 06:06:51 | 000,036,864 | R--- | C] () -- C:\WINDOWS\System32\xmlparse.dll
[2011/05/18 18:42:02 | 000,027,136 | ---- | C] () -- C:\WINDOWS\System32\QTUninst.dll
[2011/02/23 07:41:52 | 000,000,346 | ---- | C] () -- C:\WINDOWS\QTW.ini
[2011/01/30 08:11:49 | 000,087,040 | ---- | C] () -- C:\WINDOWS\UnGins.exe
[2011/01/30 08:11:48 | 000,473,600 | ---- | C] () -- C:\WINDOWS\System32\Harmony.dll
[2011/01/30 08:11:48 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\Unlha32.dll
[2011/01/30 06:51:46 | 000,084,360 | ---- | C] () -- C:\WINDOWS\gamedelete.exe
[2010/12/15 18:53:55 | 000,000,151 | ---- | C] () -- C:\WINDOWS\System32\GfxUI.exe.config
[2010/12/10 23:52:47 | 000,196,608 | ---- | C] () -- C:\WINDOWS\PWMBTHLP.EXE
[2010/12/10 23:52:46 | 000,004,442 | ---- | C] () -- C:\WINDOWS\System32\drivers\TPPWRIF.SYS
[2010/12/07 17:58:00 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\pool.bin
[2010/12/05 12:22:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Shadow.INI
[2010/12/03 08:20:48 | 000,036,734 | ---- | C] () -- C:\WINDOWS\System32\OggDSuninst.exe
[2010/11/24 23:43:22 | 000,000,029 | ---- | C] () -- C:\WINDOWS\JMAN.INI
[2010/11/05 23:42:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2010/10/30 11:47:48 | 000,000,534 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2010/10/16 07:20:36 | 000,000,550 | ---- | C] () -- C:\Documents and Settings\Michele\Application Data\prefsdb.dat
[2010/10/05 04:21:39 | 000,000,037 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010/09/10 01:02:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Twister.INI
[2010/09/07 18:59:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Secrets.INI
[2010/08/23 16:45:44 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2010/07/24 14:16:09 | 000,003,054 | ---- | C] () -- C:\WINDOWS\CDPlayer.ini
[2010/07/20 14:21:37 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Adojusucamunu.dat
[2010/07/20 14:21:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Tcedifohahuroze.bin
[2010/04/22 21:06:16 | 000,000,190 | ---- | C] () -- C:\WINDOWS\settings.ini
[2010/03/24 21:47:11 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2010/03/23 00:44:34 | 000,046,080 | ---- | C] () -- C:\Documents and Settings\Michele\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/21 03:29:51 | 000,281,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2010/01/21 03:29:47 | 000,025,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2010/01/15 07:52:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\game.INI
[2010/01/14 00:01:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Curses.INI
[2010/01/13 18:44:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Waverly.INI
[2010/01/12 02:47:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Ransom.INI
[2010/01/10 09:04:07 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010/01/08 18:45:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\CastleMalloy.INI
[2010/01/05 02:28:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/12/30 04:37:55 | 000,000,032 | ---- | C] () -- C:\WINDOWS\CD_Start.INI
[2009/09/14 18:26:02 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009/09/14 18:15:26 | 000,015,190 | ---- | C] () -- C:\WINDOWS\M3000Twn.ini
[2009/09/14 18:14:12 | 000,982,240 | ---- | C] () -- C:\WINDOWS\System32\igkrng500.bin
[2009/09/14 18:14:11 | 000,439,308 | ---- | C] () -- C:\WINDOWS\System32\igcompkrng500.bin
[2009/09/14 18:14:11 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v5002.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/02/05 16:46:04 | 000,069,632 | ---- | C] () -- C:\WINDOWS\Memeo.ShellExtension.WicIO.dll
[2006/08/10 13:52:50 | 000,002,048 | ---- | C] () -- C:\WINDOWS\bootstat.dat
[2006/08/10 13:37:24 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/08/10 13:31:50 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/08/10 13:30:34 | 003,608,064 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/03/29 16:54:25 | 000,001,322 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/08/04 16:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 16:00:00 | 000,532,052 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 16:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 16:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 16:00:00 | 000,099,096 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 16:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 16:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 16:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 16:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 16:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2002/10/06 14:42:57 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2002/10/04 19:04:25 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll
[2002/10/04 19:04:24 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2002/10/04 19:04:17 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2001/10/09 21:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/10/09 20:59:00 | 000,004,492 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/07/06 15:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== LOP Check ==========

[2010/04/08 02:40:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Absolutist
[2010/01/19 14:00:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM
[2012/01/23 23:14:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alawar
[2010/09/24 00:37:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alawar Stargaze
[2010/10/16 13:01:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AlawarSouthpoint
[2010/09/27 21:46:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AlawarWrapper
[2011/01/09 06:54:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ALLConverter
[2011/02/06 19:34:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Arkadium
[2010/11/01 15:20:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Artist Colony
[2011/01/20 03:06:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Aveyond I
[2009/12/26 11:50:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2010/10/13 23:40:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Becky Brogan 2
[2012/03/03 02:25:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Big Finish
[2010/09/05 13:34:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Brainiversity2
[2010/10/28 22:35:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Brawsome
[2010/06/05 15:12:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Buried In Time
[2011/05/08 22:50:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2010/11/08 21:24:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cateia Games
[2010/10/18 01:38:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CrioGames
[2010/05/18 19:27:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Deadtime Stories
[2011/06/10 03:46:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\dingogames
[2010/11/12 12:50:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EA
[2010/11/25 01:39:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EA Core
[2010/03/14 01:59:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EdensQuest
[2010/11/25 01:39:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
[2010/10/15 12:57:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Elephant Games
[2009/12/28 06:08:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EscapeTheMuseum2
[2011/08/14 04:01:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Exorcist DS 7
[2011/04/15 00:04:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Far Mills
[2012/02/10 01:17:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fenomen Games
[2010/10/15 07:55:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Flood Light Games
[2010/10/03 03:57:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Floodlight Games
[2011/06/01 04:16:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fugazo
[2010/08/26 21:45:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Funny Bear Studio
[2010/10/22 22:13:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GameHouse
[2010/09/22 20:36:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gamers Digital
[2010/03/31 21:46:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GOA
[2010/08/26 09:16:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gogii
[2010/11/10 09:37:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Happyville__
[2010/10/29 16:12:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IntDreams
[2010/09/05 17:32:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Intenium
[2010/09/06 15:46:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Interama
[2012/02/09 07:24:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\KatGames
[2010/10/16 12:34:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Konami
[2009/12/27 01:08:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Little Games Company
[2010/11/04 05:59:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ludia
[2010/02/09 09:25:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Mandragora
[2010/12/25 23:29:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MemeoCommon
[2010/02/16 02:27:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Merscom
[2010/02/12 19:51:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Million
[2010/11/02 16:03:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo
[2010/09/21 03:13:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MythPeople
[2010/02/26 00:09:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nevosoft
[2011/11/23 01:16:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Oberon Media
[2011/04/15 00:04:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Particles
[2012/03/05 03:48:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCDr
[2012/02/11 02:28:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2012/01/08 22:19:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Playrix Entertainment
[2010/02/08 23:59:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PoBros
[2010/04/30 17:08:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Redrum
[2011/02/06 19:09:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2011/06/01 22:37:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\rionix
[2010/07/28 22:13:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Rosetta Stone
[2010/11/08 20:17:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RVLGames
[2012/02/11 02:51:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games
[2011/05/22 18:08:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Solidshield
[2010/10/05 17:39:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpinTop Games
[2011/06/12 03:31:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SulusGames
[2010/10/30 13:09:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\The Game Equation
[2010/01/31 10:42:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\The Mirror Mysteries
[2009/08/19 06:06:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
[2009/12/27 10:10:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\.BitTornado
[2012/03/31 00:48:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\3Stars
[2010/04/08 02:40:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Absolutist
[2010/01/19 14:01:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\acccore
[2012/03/21 18:52:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Adore Games
[2010/10/25 16:58:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Aerohills
[2012/01/23 23:14:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Alawar
[2012/02/06 23:24:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Alawar Entertainment
[2010/10/16 13:01:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\AlawarSouthpoint
[2011/06/12 03:17:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\AlderGames
[2012/03/25 04:59:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Anarchy
[2010/10/04 09:47:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Artifex Mundi
[2010/03/21 17:35:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Artogon
[2010/03/15 21:06:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Aveyond 3
[2011/01/24 20:15:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Aveyond II
[2010/10/26 00:29:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Awem
[2011/12/01 23:33:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Azureus
[2012/03/03 02:25:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Big Finish
[2010/10/03 18:26:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Big Fish Games
[2012/01/09 01:55:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Blue Tea Games
[2010/06/24 22:25:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Boolat Games
[2010/10/28 22:35:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Brawsome
[2010/09/28 03:57:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Casual Mechanics
[2010/04/24 15:17:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\ChaYoWo Games
[2010/09/06 15:51:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\CobiMobi
[2011/04/22 01:09:00 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\Michele\Application Data\CrystalSpace
[2011/10/16 23:13:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Daedalic Entertainment
[2010/03/12 01:56:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\DarkParablesBriarRose_BFG
[2010/12/22 21:55:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Dawn's Light
[2011/06/10 03:46:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\dingogames
[2010/04/27 18:26:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\DivoGames
[2010/05/12 15:12:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Dragon Altar Games
[2009/12/27 11:24:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\EcoRescue
[2010/03/21 22:07:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\ElementalsTheMagicKey
[2011/10/19 00:59:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Elephant Games
[2010/09/20 09:30:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Enki Games
[2010/08/26 17:20:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Enlightenus2_BFG
[2010/06/08 20:11:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\ERS G-Studio
[2010/10/29 01:26:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\ERS Game Studios
[2011/05/07 01:30:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\EternalEden
[2011/02/07 21:15:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Ethereal Darkness Interactive
[2011/12/07 01:21:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\FALCOM
[2012/02/19 03:30:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Farm Girl at the Nile
[2010/10/15 07:55:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Flood Light Games
[2010/10/03 03:57:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Floodlight Games
[2010/10/03 06:01:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\FlyWheelGames
[2010/09/20 06:50:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Freeze Tag
[2012/02/28 08:10:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Friday's games
[2010/04/28 21:59:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Fugazo
[2010/09/05 17:24:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\FussyLogic
[2010/04/29 21:50:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Game Mill Entertainment
[2010/10/22 22:13:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\GameHouse
[2012/03/18 23:52:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\GameInvest
[2010/04/04 19:29:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\GameMill Entertainment
[2010/09/22 20:36:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Gamers Digital
[2010/02/11 13:36:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Games
[2010/09/05 14:15:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\GamesCafe
[2010/06/05 07:00:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Gestalt Games
[2010/09/07 03:49:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Ghost Ship Studios
[2010/03/31 21:46:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\GOA
[2012/02/29 03:47:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Gogii
[2010/10/14 02:12:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\gtk-2.0
[2010/03/02 02:03:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\GTM_Bodie
[2011/10/18 02:02:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Harmonic Flow
[2011/06/07 16:29:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\HdO Adventure
[2010/09/06 06:17:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Hidato
[2010/12/03 03:58:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\HillStoneAnimationStudios
[2010/06/05 06:59:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\HiT-MM
[2012/03/05 10:42:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Hoyle
[2012/03/05 10:21:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Hoyle FaceCreator
[2011/07/19 13:11:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Image Zone Express
[2010/06/17 05:14:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\InterVideo
[2012/04/06 01:53:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\IronCode
[2010/11/10 20:03:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\iWin
[2010/10/19 14:51:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Jetdogs Studios
[2010/04/22 21:06:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\JoyBits
[2012/02/09 07:24:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\KatGames
[2010/09/28 02:46:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\KingArthur
[2011/01/15 21:06:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\LaxiusForceII_Saves
[2010/06/16 02:10:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Lazy Turtle Games
[2010/12/25 19:29:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Leadertech
[2012/02/06 05:58:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Leahs_Tale
[2012/01/08 17:47:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\LegacyInteractive
[2011/08/16 18:04:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Lilly and Sasha
[2009/12/27 01:08:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Little Games Company
[2010/04/26 20:15:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Little Noir Stories
[2010/11/04 05:59:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Ludia
[2010/11/05 04:29:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\MA2
[2010/11/02 13:22:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\MAI
[2010/12/26 00:07:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Memeo
[2011/01/20 05:36:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Meridian93
[2010/02/16 02:27:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Merscom
[2011/01/18 02:38:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Millennium_Saves
[2010/11/05 23:53:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\MM3_Saves
[2011/05/27 04:34:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\MumboJumbo
[2010/09/30 18:37:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Mutant Arcade
[2012/02/19 22:48:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\My Games
[2010/11/05 22:03:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Mystery of Mortlake Mansion
[2010/03/20 17:20:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\MysteryStudio
[2010/05/22 00:34:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Namco
[2010/04/16 02:14:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Nevosoft
[2010/12/15 00:35:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\OpenOffice.org
[2012/02/09 16:09:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Orneon
[2010/09/23 04:34:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\OtherSide Realm of Eons
[2012/03/05 03:49:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\PCDr
[2010/03/28 00:55:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Peace Craft
[2010/10/16 07:20:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\perfect future studio
[2010/06/22 02:25:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Ph03nixNewMedia
[2012/02/11 02:28:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\PlayFirst
[2010/10/19 19:27:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\PlayPond
[2010/02/08 23:59:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\PoBros
[2010/06/06 12:00:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Private Moon Studios
[2010/11/09 02:59:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\QB9
[2010/09/06 16:22:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\quickclick
[2010/04/19 04:12:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Reflexivev1002
[2011/02/15 23:18:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\RenPy
[2012/03/24 22:16:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Rovio
[2010/10/04 20:45:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Sahmon Games
[2010/12/25 19:34:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Seagate
[2010/03/19 23:07:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\SerpentOfIsis
[2010/04/05 00:52:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Settlement. Colossus
[2010/06/05 11:55:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\SevenSails
[2010/03/24 21:47:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Silverback Productions
[2010/05/06 19:14:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Skunk Studios
[2011/11/28 22:01:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Snip-It Pro
[2010/10/21 21:19:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Specialbit
[2010/12/10 22:52:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\SpinTop Games
[2010/03/09 22:07:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\SprillRichiEng
[2011/06/12 03:31:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\SulusGames
[2011/06/07 22:34:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Sylia_Saves
[2010/09/28 09:57:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Ten Heavens
[2011/06/07 16:51:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Teyon
[2010/11/17 10:05:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\The Path
[2012/02/28 07:08:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\TheBookofLegends_Saves
[2010/11/06 02:31:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\ThreeDays2
[2012/02/19 04:23:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\TikisLab
[2011/11/14 23:06:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\To the Moon - Freebird Games
[2010/09/28 02:12:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\TOMI2.THE GATES OF FATE
[2011/06/01 18:54:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\TrickySoftware
[2010/04/05 17:48:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Trillian
[2010/10/27 14:04:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Ubisoft
[2011/11/24 17:11:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Update
[2012/04/10 18:02:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\uTorrent
[2010/06/05 00:15:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\VampireSaga
[2011/03/07 04:44:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Vastar
[2011/03/07 04:07:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Vastar - Strategy Guide
[2011/03/22 15:37:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\VBA-M
[2012/02/20 04:00:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\VC 2 Paradise Resort
[2010/04/26 14:13:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\VendelGAMES
[2010/01/18 19:35:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Virtual City
[2010/03/30 03:20:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Virtual Prophecy
[2010/09/29 22:21:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Vogat Interactive
[2010/09/21 02:27:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Whisper of a Rose Saves
[2011/06/10 07:46:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\WhiteBirdsProductions
[2011/06/04 02:55:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Windows Search
[2010/12/03 08:36:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\World-LooM
[2010/09/14 15:20:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\YoudaGames
[2012/04/09 15:06:12 | 000,000,486 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2012/04/08 19:29:56 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2012/03/16 11:00:07 | 000,000,528 | ---- | M] () -- C:\WINDOWS\Tasks\PCDoctorBackgroundMonitorTask.job
[2012/04/09 20:35:50 | 000,000,304 | ---- | M] () -- C:\WINDOWS\Tasks\PMTask.job
[2012/04/09 23:59:00 | 000,000,466 | ---- | M] () -- C:\WINDOWS\Tasks\SystemToolsDailyTest.job

========== Purity Check ==========



< End of report >
  • 0

#33
Crag_Hack
Posted 10 April 2012 - 11:40 PM

Crag_Hack

    Trusted Helper

  • Malware Removal
  • 1,839 posts
Are you sure you did it correctly? The dates are still 1 hour later than those in the original scan. To change the time zone simply double-click the time in the bottom right of the screen, go to the time zone tab, select a time zone that says (GMT-0X:00) where the X number is 1 greater than the one you currently have select, then press apply. Make sure the time in the bottom right is 1 hour earlier than what you had previously and you know you will have done it right. Then just run a quick scan.

The original log shows:
PRC - [2012/02/10 16:40:26 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Michele\Desktop\Comp Cleanup\OTL.exe
The new ones show:
PRC - [2012/02/10 17:40:26 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Michele\Desktop\Comp Cleanup\OTL.exe
  • 0

#34
Gostchyld
Posted 11 April 2012 - 04:28 AM

Gostchyld

    Member

  • Topic Starter
  • Member
  • PipPip
  • 74 posts
The initial time change is due to daylight savings time having ended. You requested I set the comp to an hour earlier which I did do. I am currently at GMT -04:00 as opposed to -05:00 which is the normal time for the eastern time zone. The comp currently reads 5:28 when it is actually 6:28 here. If you give me the name of the time zone you would like the comp to be set to, I will change it to that.
  • 0

#35
Gostchyld
Posted 11 April 2012 - 06:49 AM

Gostchyld

    Member

  • Topic Starter
  • Member
  • PipPip
  • 74 posts
MSE just removed Trojan:JS/FakePAV
  • 0

#36
Crag_Hack
Posted 11 April 2012 - 12:55 PM

Crag_Hack

    Trusted Helper

  • Malware Removal
  • 1,839 posts
If you are Eastern Time please switch to Central Time. Then run an OTL quick scan.
  • 0

#37
Gostchyld
Posted 11 April 2012 - 07:06 PM

Gostchyld

    Member

  • Topic Starter
  • Member
  • PipPip
  • 74 posts
OTL logfile created on: 4/11/2012 6:58:17 PM - Run 10
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Michele\Desktop\Comp Cleanup
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.96 Gb Total Physical Memory | 0.48 Gb Available Physical Memory | 16.13% Memory free
5.77 Gb Paging File | 3.61 Gb Available in Paging File | 62.56% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 188.93 Gb Total Space | 28.84 Gb Free Space | 15.26% Space Free | Partition Type: NTFS
Drive D: | 29.19 Gb Total Space | 24.80 Gb Free Space | 84.96% Space Free | Partition Type: NTFS
Drive E: | 400.44 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: MGLAPTOP | User Name: Michele | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/17 19:41:04 | 000,742,264 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe
PRC - [2012/02/10 16:40:26 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Michele\Desktop\Comp Cleanup\OTL.exe
PRC - [2012/01/03 08:10:44 | 001,494,424 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe
PRC - [2011/12/11 00:41:00 | 001,187,072 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2011/12/11 00:40:51 | 002,152,152 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2011/10/27 15:23:10 | 002,743,310 | ---- | M] () -- C:\Program Files\Vidalia Bundle\Tor\tor.exe
PRC - [2011/10/13 17:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/10/12 10:06:14 | 005,407,850 | ---- | M] () -- C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe
PRC - [2011/10/08 21:40:59 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
PRC - [2011/10/04 19:47:48 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/06/15 14:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/05/10 11:02:20 | 000,181,248 | ---- | M] () -- C:\Program Files\Vidalia Bundle\Polipo\polipo.exe
PRC - [2011/04/27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2010/11/05 01:29:00 | 000,132,456 | ---- | M] (Lenovo.) -- C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE
PRC - [2010/11/05 01:29:00 | 000,053,248 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe
PRC - [2010/05/04 11:07:22 | 000,503,080 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Update\NASvc.exe
PRC - [2010/04/30 09:47:00 | 000,014,088 | ---- | M] (Memeo) -- C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe
PRC - [2009/07/20 12:30:50 | 000,813,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2009/07/10 12:42:32 | 000,055,824 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
PRC - [2009/06/12 14:59:14 | 004,464,640 | ---- | M] (Lenovo(Beijing)Limited) -- C:\Program Files\Lenovo\Energy Management\utility.exe
PRC - [2009/06/10 17:32:56 | 001,282,048 | ---- | M] (Lenovo (Beijing) Limited) -- C:\Program Files\Lenovo\Energy Management\Energy Management.exe
PRC - [2008/10/14 13:15:08 | 000,032,768 | ---- | M] () -- C:\WINDOWS\BisonC07\BisonM07.exe
PRC - [2008/04/13 16:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/05/28 11:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe


========== Modules (No Company Name) ==========

MOD - [2012/02/17 03:14:21 | 000,539,648 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\1552f18ca434c1dca6d082df476d089a\PresentationFramework.Luna.ni.dll
MOD - [2012/02/17 03:14:18 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\11dcb806c92f55111f5fa9f1a90e3bdd\System.ServiceProcess.ni.dll
MOD - [2012/02/17 03:13:56 | 000,771,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\c14e58265386feb509cc61bb5e8dd296\System.Runtime.Remoting.ni.dll
MOD - [2012/02/17 03:13:19 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ad99ac6b5666edb8ee742dd64f9578af\System.Windows.Forms.ni.dll
MOD - [2012/02/17 03:13:10 | 001,587,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\9351cf29bb1ba951e45a9b3b0edab937\System.Drawing.ni.dll
MOD - [2012/02/17 03:13:05 | 012,215,808 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationCore\0665bba8c9962deadc418881eb3a2a2a\PresentationCore.ni.dll
MOD - [2012/02/17 03:12:50 | 003,325,440 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsBase\174c2f776741812aed02c337bbcd1dae\WindowsBase.ni.dll
MOD - [2012/02/17 03:12:40 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\77e1279cbf4eecfb0284b63316fe43fe\System.Xml.ni.dll
MOD - [2012/02/17 03:12:29 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\94a40f415bfa947e251888bbe88bb973\System.Configuration.ni.dll
MOD - [2012/02/17 03:12:19 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\9e3803cd2a11f056291862e306a8e2b2\System.ni.dll
MOD - [2012/02/05 12:41:50 | 000,181,616 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libMachoUniv.dll
MOD - [2012/02/05 12:41:48 | 000,210,288 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libBase64.dll
MOD - [2012/01/03 08:10:44 | 000,249,232 | ---- | M] () -- C:\Program Files\Adobe\Reader 10.0\Reader\sqlite.dll
MOD - [2011/12/11 00:42:13 | 000,430,568 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware\VipreBridge.dll
MOD - [2011/12/11 00:41:52 | 000,591,232 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware\RPAPI.dll
MOD - [2011/12/11 00:06:02 | 000,508,776 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\thorax.aaw
MOD - [2011/12/02 07:49:14 | 000,308,560 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware\Vipre.dll
MOD - [2011/10/27 15:23:10 | 002,743,310 | ---- | M] () -- C:\Program Files\Vidalia Bundle\Tor\tor.exe
MOD - [2011/10/14 02:16:38 | 000,060,928 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\888b745ca99d39692c2e9af222e5eae8\UIAutomationProvider.ni.dll
MOD - [2011/10/14 02:15:35 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
MOD - [2011/10/12 10:06:14 | 005,407,850 | ---- | M] () -- C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe
MOD - [2011/10/04 19:47:48 | 001,015,256 | ---- | M] () -- C:\Program Files\Mozilla Firefox\js3250.dll
MOD - [2011/05/10 11:02:20 | 000,181,248 | ---- | M] () -- C:\Program Files\Vidalia Bundle\Polipo\polipo.exe
MOD - [2011/05/10 11:02:20 | 000,076,800 | ---- | M] () -- C:\Program Files\Vidalia Bundle\Polipo\libgnurx-0.dll
MOD - [2011/02/14 16:02:58 | 002,417,664 | ---- | M] () -- C:\Program Files\Vidalia Bundle\Vidalia\QtCore4.dll
MOD - [2010/11/05 01:29:00 | 000,053,248 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\US\PWRMGRRO.DLL
MOD - [2010/11/05 01:29:00 | 000,053,248 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe
MOD - [2010/11/05 01:29:00 | 000,036,352 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\US\PWRMGRRT.DLL
MOD - [2010/06/24 02:02:41 | 005,279,744 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll
MOD - [2010/03/06 22:31:36 | 000,024,110 | ---- | M] () -- C:\Program Files\Vidalia Bundle\Vidalia\mingwm10.dll
MOD - [2010/02/10 11:36:20 | 009,565,184 | ---- | M] () -- C:\Program Files\Vidalia Bundle\Vidalia\QtGui4.dll
MOD - [2010/02/10 11:11:00 | 001,148,416 | ---- | M] () -- C:\Program Files\Vidalia Bundle\Vidalia\QtNetwork4.dll
MOD - [2010/02/10 11:08:16 | 000,398,336 | ---- | M] () -- C:\Program Files\Vidalia Bundle\Vidalia\QtXml4.dll
MOD - [2009/07/20 12:27:14 | 000,017,936 | ---- | M] () -- C:\Program Files\Logitech\SetPoint\khalwrapper.dll
MOD - [2009/06/22 13:42:42 | 000,043,008 | ---- | M] () -- C:\Program Files\Vidalia Bundle\Vidalia\libgcc_s_dw2-1.dll
MOD - [2008/10/14 13:15:08 | 000,032,768 | ---- | M] () -- C:\WINDOWS\BisonC07\BisonM07.exe
MOD - [2008/05/21 19:33:22 | 000,045,056 | ---- | M] () -- C:\Program Files\Lenovo\Energy Management\KbdHook.dll
MOD - [2005/06/24 05:05:02 | 000,045,056 | ---- | M] () -- C:\Program Files\Lenovo\Energy Management\HookLib.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (WD_FireWire_HID)
SRV - [2012/04/07 07:59:19 | 000,253,600 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2011/12/11 00:40:51 | 002,152,152 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011/10/21 15:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/10/13 17:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2011/10/08 21:40:59 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011/04/27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/11/16 01:10:14 | 000,267,568 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe -- (MatSvc)
SRV - [2010/11/05 01:29:00 | 000,132,456 | ---- | M] (Lenovo.) [Auto | Running] -- C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE -- (DozeSvc)
SRV - [2010/11/05 01:29:00 | 000,053,248 | ---- | M] () [Auto | Running] -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe -- (Power Manager DBC Service)
SRV - [2010/05/04 11:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2010/04/30 09:47:00 | 000,014,088 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe -- (SeagateDashboardService)
SRV - [2010/04/22 19:49:38 | 000,025,824 | ---- | M] (Memeo) [Disabled | Stopped] -- C:\Program Files\Memeo\AutoBackupPro\MemeoBackgroundService.exe -- (MemeoBackgroundService)
SRV - [2010/02/17 05:49:35 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/04/02 15:47:04 | 000,234,888 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe -- (ASKUpgrade)
SRV - [2009/04/02 15:47:02 | 000,464,264 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\AskBarDis\bar\bin\AskService.exe -- (ASKService)
SRV - [2008/01/11 19:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2007/05/28 11:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto | Running] -- C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2007/01/04 21:48:50 | 000,112,152 | ---- | M] (InterVideo) [Disabled | Stopped] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2004/09/29 11:14:36 | 000,069,632 | ---- | M] (HP) [Auto | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - [2012/04/11 05:34:18 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4F8D3429-4DC4-4144-A544-CD1A1B71EE35}\MpKsl6b09d567.sys -- (MpKsl6b09d567)
DRV - [2011/12/02 07:49:14 | 000,064,512 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2011/12/02 07:49:14 | 000,015,232 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2011/10/08 21:40:27 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/10/08 21:40:26 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2011/06/27 10:54:30 | 000,022,640 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- c:\Program Files\PC-Doctor\pcdsrvc.pkms -- (PCDSRVC{3037D694-FD904ACA-06020200}_0)
DRV - [2011/05/16 23:30:35 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ggsemc.sys -- (ggsemc)
DRV - [2011/05/16 23:30:35 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ggflt.sys -- (ggflt)
DRV - [2010/12/13 15:38:07 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\seehcri.sys -- (seehcri)
DRV - [2010/11/05 01:29:00 | 000,024,304 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\DozeHDD.sys -- (DozeHDD)
DRV - [2010/11/05 01:29:00 | 000,004,442 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\TPPWRIF.SYS -- (TPPWRIF)
DRV - [2010/03/22 15:52:59 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)
DRV - [2010/03/22 15:52:57 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2009/12/30 03:25:26 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/12/18 10:58:52 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)
DRV - [2009/11/11 10:14:44 | 000,214,664 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2009/11/11 10:14:44 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2009/11/11 10:14:44 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/11/11 10:14:44 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009/11/11 10:14:12 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2009/11/08 22:21:18 | 000,059,388 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2009/06/17 11:56:32 | 000,028,560 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2009/06/17 11:56:16 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2009/06/17 11:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2009/06/17 11:55:34 | 000,010,384 | ---- | M] (Logitech, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE)
DRV - [2009/05/22 12:33:10 | 001,273,640 | ---- | M] (Bison Electronics. Inc. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BisonC07.sys -- (Cam5607)
DRV - [2009/04/23 12:54:36 | 000,814,592 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CHDAU32.sys -- (CnxtHdAudService)
DRV - [2009/03/25 15:48:00 | 000,114,728 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018mdm.sys -- (s1018mdm)
DRV - [2009/03/25 15:48:00 | 000,109,864 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018unic.sys -- (s1018unic) Sony Ericsson Device 1018 USB Ethernet Emulation (WDM)
DRV - [2009/03/25 15:48:00 | 000,106,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018mgmt.sys -- (s1018mgmt) Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM)
DRV - [2009/03/25 15:48:00 | 000,104,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018obex.sys -- (s1018obex)
DRV - [2009/03/25 15:48:00 | 000,086,824 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018bus.sys -- (s1018bus) Sony Ericsson Device 1018 driver (WDM)
DRV - [2009/03/25 15:48:00 | 000,026,024 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018nd5.sys -- (s1018nd5) Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS)
DRV - [2009/03/25 15:48:00 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018mdfl.sys -- (s1018mdfl)
DRV - [2008/10/23 15:49:18 | 000,187,392 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2008/09/10 21:14:48 | 001,386,624 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2008/03/14 08:23:12 | 000,169,008 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2008/01/11 16:58:42 | 000,009,472 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AcpiVpc.sys -- (ACPIVPC)
DRV - [2008/01/10 12:59:08 | 000,081,192 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WSVD.sys -- (WSVD)
DRV - [2007/07/23 14:04:24 | 000,022,528 | ---- | M] (SoundGenetics) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\aubridge.sys -- (audiobridge)
DRV - [2007/05/23 03:33:58 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2007/04/17 22:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\regi.sys -- (regi)
DRV - [2004/08/04 01:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ [binary data]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F8 1B F2 94 47 28 CB 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Yahoo-FLVTube"
FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.defaultthis.engineName: " "
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.order.1: "Yahoo-FLVTube"
FF - prefs.js..browser.search.selectedEngine: " "
FF - prefs.js..browser.search.selectedEngineURL: "http://flvtubesearch...={searchTerms}"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.7
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.%(version)s
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:3.3.5.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}:6.0.25
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {e0204bd5-9d31-402b-a99d-a6aa8ffebdca}:1.4.4.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}:6.0.30
FF - prefs.js..keyword.URL: "http://bing.zugotool...s&site=Bing&q="
FF - prefs.js..network.proxy.type: 4


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_228.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Michele\Application Data\Move Networks\plugins\npqmp071505000011.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Michele\Application Data\Move Networks\plugins\npqmp071505000011.dll (Move Networks)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\Michele\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\Michele\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Michele\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Michele\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/04 19:47:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/01/14 19:45:32 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Documents and Settings\Michele\Application Data\Move Networks [2010/01/05 01:29:35 | 000,000,000 | ---D | M]

[2010/01/05 01:29:35 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Michele\Application Data\Mozilla\Extensions
[2009/12/26 10:49:12 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Michele\Application Data\Mozilla\Firefox\extensions
[2009/12/26 10:49:13 | 000,000,000 | ---D | M] ("Ask Toolbar for Firefox") -- C:\Documents and Settings\Michele\Application Data\Mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2012/02/29 23:51:49 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Michele\Application Data\Mozilla\Firefox\Profiles\zx1479pg.default\extensions
[2010/05/25 19:45:13 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Michele\Application Data\Mozilla\Firefox\Profiles\zx1479pg.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/07/23 02:01:30 | 000,000,000 | ---D | M] (Zynga Community Toolbar) -- C:\Documents and Settings\Michele\Application Data\Mozilla\Firefox\Profiles\zx1479pg.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
[2011/12/01 22:15:11 | 000,000,000 | ---D | M] (Torbutton) -- C:\Documents and Settings\Michele\Application Data\Mozilla\Firefox\Profiles\zx1479pg.default\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}
[2011/07/23 02:01:29 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\Michele\Application Data\Mozilla\Firefox\Profiles\zx1479pg.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010/10/10 20:14:41 | 000,001,832 | ---- | M] () -- C:\Documents and Settings\Michele\Application Data\Mozilla\Firefox\Profiles\zx1479pg.default\searchplugins\bing.xml
[2010/12/11 19:22:47 | 000,000,863 | ---- | M] () -- C:\Documents and Settings\Michele\Application Data\Mozilla\Firefox\Profiles\zx1479pg.default\searchplugins\conduit.xml
[2012/02/29 23:51:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/14 12:55:06 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/03 04:31:28 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/12/06 08:43:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/05/16 23:29:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
[2011/06/12 01:57:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2012/01/19 21:21:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
[2010/01/05 01:29:35 | 000,000,000 | ---D | M] (Move Media Player) -- C:\DOCUMENTS AND SETTINGS\MICHELE\APPLICATION DATA\MOVE NETWORKS
[2011/05/16 23:29:45 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/11/10 05:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/10/05 03:16:05 | 000,001,175 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\FLVTube.xml.bak

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Michele\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.151\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Michele\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.151\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Michele\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.151\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\Michele\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_228.dll
CHR - plugin: Logitech Device Detection (Enabled) = C:\Documents and Settings\Michele\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\elncikmfipkphghakkmemnlnahadedno\1.24.0.9_0\npLogitechDeviceDetection.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Documents and Settings\Michele\Application Data\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Documents and Settings\Michele\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U30 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll
CHR - plugin: downloadUpdater (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdnu.dll
CHR - plugin: downloadUpdater2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Move Streaming Media Player (Enabled) = C:\Documents and Settings\Michele\Application Data\Move Networks\plugins\npqmp071505000011.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Michele\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - Extension: YouTube = C:\Documents and Settings\Michele\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Documents and Settings\Michele\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Logitech Device Detection = C:\Documents and Settings\Michele\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\elncikmfipkphghakkmemnlnahadedno\1.24.0.9_0\
CHR - Extension: AdBlock = C:\Documents and Settings\Michele\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.15_0\
CHR - Extension: Gmail = C:\Documents and Settings\Michele\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/04/08 18:12:45 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (TBSB05974 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Search Toolbar\tbcore3.dll File not found
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O4 - HKLM..\Run: [BisonMnt] C:\WINDOWS\BisonC07\BisonM07.exe ()
O4 - HKLM..\Run: [Energy Management] C:\Program Files\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
O4 - HKLM..\Run: [EnergyUtility] C:\Program Files\Lenovo\Energy Management\utility.exe (Lenovo(Beijing)Limited)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PWRMGRTR] C:\Program Files\ThinkPad\Utilities\PWRMGRTR.DLL (Lenovo Group Limited)
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [Vidalia] C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O4 - Startup: C:\Documents and Settings\Michele\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {2DAD3559-2923-4935-AD49-B673D2539944} http://www-307.ibm.c...pport/acpir.cab (IASRunner Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1261819129968 (WUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} http://www.superadbl...ivex/sabspx.cab (SABScanProcesses Class)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.syste...el_4.4.24.0.cab (SysInfo Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E352C986-9B29-4289-BE9A-FCB761F2C5F3}: DhcpNameServer = 10.0.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/08/10 12:41:02 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2011/11/21 12:40:41 | 000,000,122 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/04/08 20:50:30 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/04/08 17:48:15 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/04/07 11:07:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michele\My Documents\8floor
[2012/04/07 05:36:22 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/04/07 05:36:22 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/04/07 05:36:22 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/04/07 05:36:22 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/04/07 02:21:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michele\My Documents\DOTC
[2012/04/07 01:37:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2012/04/07 01:37:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2012/04/06 00:53:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michele\Application Data\IronCode
[2012/04/05 23:47:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ffdshow
[2012/04/05 23:47:30 | 000,000,000 | ---D | C] -- C:\Program Files\ffdshow
[2012/04/05 23:46:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michele\Start Menu\Programs\ef - a fairy tale of the two
[2012/03/29 21:51:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AIM
[2012/03/29 21:51:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Software Update Utility
[2012/03/25 03:59:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michele\Application Data\Anarchy
[2012/03/21 17:52:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michele\Application Data\Adore Games
[2012/03/21 17:52:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michele\Start Menu\Programs\Adore Puzzle
[2012/03/19 09:39:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michele\My Documents\Sinking Island
[2012/03/18 22:51:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michele\Start Menu\Programs\Fantastic Creations - House of Brass CE
[2010/12/15 17:53:56 | 000,004,096 | ---- | C] ( ) -- C:\WINDOWS\System32\IGFXDEVLib.dll

========== Files - Modified Within 30 Days ==========

[2012/04/11 18:59:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/04/11 18:53:00 | 000,000,466 | ---- | M] () -- C:\WINDOWS\tasks\SystemToolsDailyTest.job
[2012/04/11 18:34:42 | 000,000,304 | ---- | M] () -- C:\WINDOWS\tasks\PMTask.job
[2012/04/11 18:19:00 | 000,000,888 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/04/11 18:15:00 | 000,000,986 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-4139560822-1196392724-1434190299-1007UA.job
[2012/04/11 06:30:41 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/04/11 06:10:34 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2012/04/11 06:08:19 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2012/04/11 06:08:15 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/04/11 06:05:30 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/04/11 06:05:18 | 000,002,048 | ---- | M] () -- C:\WINDOWS\bootstat.dat
[2012/04/09 14:05:43 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat
[2012/04/09 14:05:43 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat
[2012/04/09 00:15:00 | 000,000,934 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-4139560822-1196392724-1434190299-1007Core.job
[2012/04/08 18:12:45 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/04/07 09:53:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/04/07 05:34:47 | 004,452,287 | R--- | M] (Swearware) -- C:\Documents and Settings\Michele\Desktop\ComboFix.exe
[2012/04/07 02:31:31 | 000,001,760 | ---- | M] () -- C:\Documents and Settings\Michele\Desktop\The Pini Society.lnk
[2012/04/07 02:20:18 | 000,000,877 | ---- | M] () -- C:\Documents and Settings\Michele\Desktop\Defender of the Crown - Heroes Live Forever.lnk
[2012/04/06 22:51:34 | 003,608,064 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/04/06 00:53:47 | 000,001,830 | ---- | M] () -- C:\Documents and Settings\Michele\Desktop\Pahelika Secret Legends.lnk
[2012/04/04 00:29:19 | 000,000,948 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Crazy Machines Complete Collection.lnk
[2012/03/30 03:24:21 | 000,001,864 | ---- | M] () -- C:\Documents and Settings\Michele\Desktop\Aldorlea Tales - Stars of Destiny.lnk
[2012/03/30 03:04:28 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\Michele\Application Data\Microsoft\Internet Explorer\Quick Launch\My Computer.lnk
[2012/03/29 21:51:46 | 000,001,403 | -H-- | M] () -- C:\IPH.PH
[2012/03/29 21:51:38 | 000,001,592 | ---- | M] () -- C:\Documents and Settings\Michele\Application Data\Microsoft\Internet Explorer\Quick Launch\AIM.lnk
[2012/03/29 21:51:38 | 000,001,574 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AIM.lnk
[2012/03/26 22:44:19 | 000,002,533 | ---- | M] () -- C:\Documents and Settings\Michele\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2007.lnk
[2012/03/24 21:15:48 | 000,000,866 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Angry Birds Space.lnk
[2012/03/21 17:52:05 | 000,001,903 | ---- | M] () -- C:\Documents and Settings\Michele\Desktop\Play Over 11.000 Online Games on The Playing Bay.lnk
[2012/03/21 17:52:05 | 000,001,708 | ---- | M] () -- C:\Documents and Settings\Michele\Desktop\Adore Puzzle.lnk
[2012/03/19 09:38:18 | 000,000,838 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Sinking Island.lnk
[2012/03/18 22:51:59 | 000,002,028 | ---- | M] () -- C:\Documents and Settings\Michele\Desktop\Fantastic Creations - House of Brass CE.lnk
[2012/03/17 19:41:06 | 000,000,648 | ---- | M] () -- C:\Documents and Settings\Michele\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2012/03/17 19:41:06 | 000,000,630 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\µTorrent.lnk
[2012/03/16 10:00:07 | 000,000,528 | ---- | M] () -- C:\WINDOWS\tasks\PCDoctorBackgroundMonitorTask.job
[2012/03/14 05:42:47 | 000,532,052 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/03/14 05:42:47 | 000,099,096 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/03/14 02:02:07 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

========== Files Created - No Company Name ==========

[2012/04/07 06:36:00 | 000,000,830 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/04/07 05:36:22 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/04/07 05:36:22 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/04/07 05:36:22 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/04/07 05:36:22 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/04/07 05:36:22 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/04/07 02:31:31 | 000,001,760 | ---- | C] () -- C:\Documents and Settings\Michele\Desktop\The Pini Society.lnk
[2012/04/07 02:20:18 | 000,000,877 | ---- | C] () -- C:\Documents and Settings\Michele\Desktop\Defender of the Crown - Heroes Live Forever.lnk
[2012/04/06 00:53:47 | 000,001,830 | ---- | C] () -- C:\Documents and Settings\Michele\Desktop\Pahelika Secret Legends.lnk
[2012/04/05 23:47:32 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2012/04/04 00:29:19 | 000,000,948 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Crazy Machines Complete Collection.lnk
[2012/03/30 03:24:21 | 000,001,864 | ---- | C] () -- C:\Documents and Settings\Michele\Desktop\Aldorlea Tales - Stars of Destiny.lnk
[2012/03/30 03:04:28 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\Michele\Application Data\Microsoft\Internet Explorer\Quick Launch\My Computer.lnk
[2012/03/24 21:15:48 | 000,000,866 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Angry Birds Space.lnk
[2012/03/21 17:52:05 | 000,001,708 | ---- | C] () -- C:\Documents and Settings\Michele\Desktop\Adore Puzzle.lnk
[2012/03/19 09:38:18 | 000,000,838 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Sinking Island.lnk
[2012/03/18 22:51:59 | 000,002,028 | ---- | C] () -- C:\Documents and Settings\Michele\Desktop\Fantastic Creations - House of Brass CE.lnk
[2012/02/19 23:31:47 | 000,016,432 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2012/02/17 00:02:21 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/01/11 03:21:16 | 001,492,920 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/09/13 00:20:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Captive.INI
[2011/08/14 19:20:09 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/07/11 17:02:27 | 000,113,040 | ---- | C] () -- C:\WINDOWS\hpoins07.dat
[2011/07/11 17:02:27 | 000,021,124 | ---- | C] () -- C:\WINDOWS\hpomdl07.dat
[2011/06/03 22:45:35 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/06/03 22:45:35 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2011/06/01 05:06:51 | 000,069,632 | R--- | C] () -- C:\WINDOWS\System32\xmltok.dll
[2011/06/01 05:06:51 | 000,036,864 | R--- | C] () -- C:\WINDOWS\System32\xmlparse.dll
[2011/05/18 17:42:02 | 000,027,136 | ---- | C] () -- C:\WINDOWS\System32\QTUninst.dll
[2011/02/23 06:41:52 | 000,000,346 | ---- | C] () -- C:\WINDOWS\QTW.ini
[2011/01/30 07:11:49 | 000,087,040 | ---- | C] () -- C:\WINDOWS\UnGins.exe
[2011/01/30 07:11:48 | 000,473,600 | ---- | C] () -- C:\WINDOWS\System32\Harmony.dll
[2011/01/30 07:11:48 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\Unlha32.dll
[2011/01/30 05:51:46 | 000,084,360 | ---- | C] () -- C:\WINDOWS\gamedelete.exe
[2010/12/15 17:53:55 | 000,000,151 | ---- | C] () -- C:\WINDOWS\System32\GfxUI.exe.config
[2010/12/10 22:52:47 | 000,196,608 | ---- | C] () -- C:\WINDOWS\PWMBTHLP.EXE
[2010/12/10 22:52:46 | 000,004,442 | ---- | C] () -- C:\WINDOWS\System32\drivers\TPPWRIF.SYS
[2010/12/07 16:58:00 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\pool.bin
[2010/12/05 11:22:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Shadow.INI
[2010/12/03 07:20:48 | 000,036,734 | ---- | C] () -- C:\WINDOWS\System32\OggDSuninst.exe
[2010/11/24 22:43:22 | 000,000,029 | ---- | C] () -- C:\WINDOWS\JMAN.INI
[2010/11/05 22:42:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2010/10/30 10:47:48 | 000,000,534 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2010/10/16 06:20:36 | 000,000,550 | ---- | C] () -- C:\Documents and Settings\Michele\Application Data\prefsdb.dat
[2010/10/05 03:21:39 | 000,000,037 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010/09/10 00:02:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Twister.INI
[2010/09/07 17:59:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Secrets.INI
[2010/08/23 15:45:44 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2010/07/24 13:16:09 | 000,003,054 | ---- | C] () -- C:\WINDOWS\CDPlayer.ini
[2010/07/20 13:21:37 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Adojusucamunu.dat
[2010/07/20 13:21:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Tcedifohahuroze.bin
[2010/04/22 20:06:16 | 000,000,190 | ---- | C] () -- C:\WINDOWS\settings.ini
[2010/03/24 20:47:11 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2010/03/22 23:44:34 | 000,046,080 | ---- | C] () -- C:\Documents and Settings\Michele\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/21 02:29:51 | 000,281,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2010/01/21 02:29:47 | 000,025,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2010/01/15 06:52:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\game.INI
[2010/01/13 23:01:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Curses.INI
[2010/01/13 17:44:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Waverly.INI
[2010/01/12 01:47:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Ransom.INI
[2010/01/10 08:04:07 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010/01/08 17:45:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\CastleMalloy.INI
[2010/01/05 01:28:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/12/30 03:37:55 | 000,000,032 | ---- | C] () -- C:\WINDOWS\CD_Start.INI
[2009/09/14 17:26:02 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009/09/14 17:15:26 | 000,015,190 | ---- | C] () -- C:\WINDOWS\M3000Twn.ini
[2009/09/14 17:14:12 | 000,982,240 | ---- | C] () -- C:\WINDOWS\System32\igkrng500.bin
[2009/09/14 17:14:11 | 000,439,308 | ---- | C] () -- C:\WINDOWS\System32\igcompkrng500.bin
[2009/09/14 17:14:11 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v5002.dll
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 14:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/02/05 15:46:04 | 000,069,632 | ---- | C] () -- C:\WINDOWS\Memeo.ShellExtension.WicIO.dll
[2006/08/10 12:52:50 | 000,002,048 | ---- | C] () -- C:\WINDOWS\bootstat.dat
[2006/08/10 12:37:24 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/08/10 12:31:50 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/08/10 12:30:34 | 003,608,064 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/03/29 15:54:25 | 000,001,322 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/08/04 15:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 15:00:00 | 000,532,052 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 15:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 15:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 15:00:00 | 000,099,096 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 15:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 15:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 15:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 15:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 15:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2002/10/06 13:42:57 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2002/10/04 18:04:25 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll
[2002/10/04 18:04:24 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2002/10/04 18:04:17 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2001/10/09 20:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/10/09 19:59:00 | 000,004,492 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/07/06 14:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== LOP Check ==========

[2010/04/08 01:40:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Absolutist
[2010/01/19 13:00:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM
[2012/01/23 22:14:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alawar
[2010/09/23 23:37:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alawar Stargaze
[2010/10/16 12:01:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AlawarSouthpoint
[2010/09/27 20:46:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AlawarWrapper
[2011/01/09 05:54:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ALLConverter
[2011/02/06 18:34:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Arkadium
[2010/11/01 14:20:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Artist Colony
[2011/01/20 02:06:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Aveyond I
[2009/12/26 10:50:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2010/10/13 22:40:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Becky Brogan 2
[2012/03/03 01:25:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Big Finish
[2010/09/05 12:34:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Brainiversity2
[2010/10/28 21:35:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Brawsome
[2010/06/05 14:12:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Buried In Time
[2011/05/08 21:50:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2010/11/08 20:24:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cateia Games
[2010/10/18 00:38:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CrioGames
[2010/05/18 18:27:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Deadtime Stories
[2011/06/10 02:46:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\dingogames
[2010/11/12 11:50:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EA
[2010/11/25 00:39:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EA Core
[2010/03/14 00:59:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EdensQuest
[2010/11/25 00:39:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
[2010/10/15 11:57:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Elephant Games
[2009/12/28 05:08:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EscapeTheMuseum2
[2011/08/14 03:01:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Exorcist DS 7
[2011/04/14 23:04:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Far Mills
[2012/02/10 00:17:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fenomen Games
[2010/10/15 06:55:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Flood Light Games
[2010/10/03 02:57:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Floodlight Games
[2011/06/01 03:16:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fugazo
[2010/08/26 20:45:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Funny Bear Studio
[2010/10/22 21:13:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GameHouse
[2010/09/22 19:36:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gamers Digital
[2010/03/31 20:46:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GOA
[2010/08/26 08:16:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gogii
[2010/11/10 08:37:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Happyville__
[2010/10/29 15:12:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IntDreams
[2010/09/05 16:32:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Intenium
[2010/09/06 14:46:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Interama
[2012/02/09 06:24:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\KatGames
[2010/10/16 11:34:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Konami
[2009/12/27 00:08:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Little Games Company
[2010/11/04 04:59:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ludia
[2010/02/09 08:25:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Mandragora
[2010/12/25 22:29:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MemeoCommon
[2010/02/16 01:27:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Merscom
[2010/02/12 18:51:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Million
[2010/11/02 15:03:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo
[2010/09/21 02:13:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MythPeople
[2010/02/25 23:09:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nevosoft
[2011/11/23 00:16:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Oberon Media
[2011/04/14 23:04:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Particles
[2012/03/05 02:48:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCDr
[2012/02/11 01:28:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2012/01/08 21:19:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Playrix Entertainment
[2010/02/08 22:59:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PoBros
[2010/04/30 16:08:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Redrum
[2011/02/06 18:09:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2011/06/01 21:37:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\rionix
[2010/07/28 21:13:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Rosetta Stone
[2010/11/08 19:17:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RVLGames
[2012/02/11 01:51:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games
[2011/05/22 17:08:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Solidshield
[2010/10/05 16:39:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpinTop Games
[2011/06/12 02:31:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SulusGames
[2010/10/30 12:09:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\The Game Equation
[2010/01/31 09:42:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\The Mirror Mysteries
[2009/08/19 05:06:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
[2009/12/27 09:10:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\.BitTornado
[2012/03/30 23:48:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\3Stars
[2010/04/08 01:40:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Absolutist
[2010/01/19 13:01:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\acccore
[2012/03/21 17:52:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Adore Games
[2010/10/25 15:58:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Aerohills
[2012/01/23 22:14:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Alawar
[2012/02/06 22:24:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Alawar Entertainment
[2010/10/16 12:01:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\AlawarSouthpoint
[2011/06/12 02:17:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\AlderGames
[2012/03/25 03:59:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Anarchy
[2010/10/04 08:47:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Artifex Mundi
[2010/03/21 16:35:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Artogon
[2010/03/15 20:06:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Aveyond 3
[2011/01/24 19:15:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Aveyond II
[2010/10/25 23:29:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Awem
[2011/12/01 22:33:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Azureus
[2012/03/03 01:25:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Big Finish
[2010/10/03 17:26:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Big Fish Games
[2012/01/09 00:55:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Blue Tea Games
[2010/06/24 21:25:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Boolat Games
[2010/10/28 21:35:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Brawsome
[2010/09/28 02:57:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Casual Mechanics
[2010/04/24 14:17:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\ChaYoWo Games
[2010/09/06 14:51:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\CobiMobi
[2011/04/22 00:09:00 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\Michele\Application Data\CrystalSpace
[2011/10/16 22:13:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Daedalic Entertainment
[2010/03/12 00:56:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\DarkParablesBriarRose_BFG
[2010/12/22 20:55:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Dawn's Light
[2011/06/10 02:46:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\dingogames
[2010/04/27 17:26:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\DivoGames
[2010/05/12 14:12:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Dragon Altar Games
[2009/12/27 10:24:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\EcoRescue
[2010/03/21 21:07:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\ElementalsTheMagicKey
[2011/10/18 23:59:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Elephant Games
[2010/09/20 08:30:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Enki Games
[2010/08/26 16:20:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Enlightenus2_BFG
[2010/06/08 19:11:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\ERS G-Studio
[2010/10/29 00:26:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\ERS Game Studios
[2011/05/07 00:30:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\EternalEden
[2011/02/07 20:15:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Ethereal Darkness Interactive
[2011/12/07 00:21:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\FALCOM
[2012/02/19 02:30:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Farm Girl at the Nile
[2010/10/15 06:55:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Flood Light Games
[2010/10/03 02:57:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Floodlight Games
[2010/10/03 05:01:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\FlyWheelGames
[2010/09/20 05:50:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Freeze Tag
[2012/02/28 07:10:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Friday's games
[2010/04/28 20:59:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Fugazo
[2010/09/05 16:24:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\FussyLogic
[2010/04/29 20:50:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Game Mill Entertainment
[2010/10/22 21:13:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\GameHouse
[2012/03/18 22:52:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\GameInvest
[2010/04/04 18:29:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\GameMill Entertainment
[2010/09/22 19:36:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Gamers Digital
[2010/02/11 12:36:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Games
[2010/09/05 13:15:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\GamesCafe
[2010/06/05 06:00:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Gestalt Games
[2010/09/07 02:49:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Ghost Ship Studios
[2010/03/31 20:46:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\GOA
[2012/02/29 02:47:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Gogii
[2010/10/14 01:12:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\gtk-2.0
[2010/03/02 01:03:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\GTM_Bodie
[2011/10/18 01:02:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Harmonic Flow
[2011/06/07 15:29:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\HdO Adventure
[2010/09/06 05:17:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Hidato
[2010/12/03 02:58:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\HillStoneAnimationStudios
[2010/06/05 05:59:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\HiT-MM
[2012/03/05 09:42:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Hoyle
[2012/03/05 09:21:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Hoyle FaceCreator
[2011/07/19 12:11:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Image Zone Express
[2010/06/17 04:14:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\InterVideo
[2012/04/06 00:53:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\IronCode
[2010/11/10 19:03:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\iWin
[2010/10/19 13:51:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Jetdogs Studios
[2010/04/22 20:06:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\JoyBits
[2012/02/09 06:24:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\KatGames
[2010/09/28 01:46:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\KingArthur
[2011/01/15 20:06:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\LaxiusForceII_Saves
[2010/06/16 01:10:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Lazy Turtle Games
[2010/12/25 18:29:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Leadertech
[2012/02/06 04:58:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Leahs_Tale
[2012/01/08 16:47:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\LegacyInteractive
[2011/08/16 17:04:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Lilly and Sasha
[2009/12/27 00:08:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Little Games Company
[2010/04/26 19:15:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Little Noir Stories
[2010/11/04 04:59:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Ludia
[2010/11/05 03:29:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\MA2
[2010/11/02 12:22:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\MAI
[2010/12/25 23:07:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Memeo
[2011/01/20 04:36:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Meridian93
[2010/02/16 01:27:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Merscom
[2011/01/18 01:38:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Millennium_Saves
[2010/11/05 22:53:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\MM3_Saves
[2011/05/27 03:34:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\MumboJumbo
[2010/09/30 17:37:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Mutant Arcade
[2012/02/19 21:48:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\My Games
[2010/11/05 21:03:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Mystery of Mortlake Mansion
[2010/03/20 16:20:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\MysteryStudio
[2010/05/21 23:34:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Namco
[2010/04/16 01:14:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Nevosoft
[2010/12/14 23:35:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\OpenOffice.org
[2012/02/09 15:09:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Orneon
[2010/09/23 03:34:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\OtherSide Realm of Eons
[2012/03/05 02:49:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\PCDr
[2010/03/27 23:55:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Peace Craft
[2010/10/16 06:20:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\perfect future studio
[2010/06/22 01:25:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Ph03nixNewMedia
[2012/02/11 01:28:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\PlayFirst
[2010/10/19 18:27:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\PlayPond
[2010/02/08 22:59:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\PoBros
[2010/06/06 11:00:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Private Moon Studios
[2010/11/09 01:59:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\QB9
[2010/09/06 15:22:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\quickclick
[2010/04/19 03:12:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Reflexivev1002
[2011/02/15 22:18:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\RenPy
[2012/03/24 21:16:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Rovio
[2010/10/04 19:45:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Sahmon Games
[2010/12/25 18:34:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Seagate
[2010/03/19 22:07:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\SerpentOfIsis
[2010/04/04 23:52:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Settlement. Colossus
[2010/06/05 10:55:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\SevenSails
[2010/03/24 20:47:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Silverback Productions
[2010/05/06 18:14:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Skunk Studios
[2011/11/28 21:01:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Snip-It Pro
[2010/10/21 20:19:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Specialbit
[2010/12/10 21:52:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\SpinTop Games
[2010/03/09 21:07:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\SprillRichiEng
[2011/06/12 02:31:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\SulusGames
[2011/06/07 21:34:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Sylia_Saves
[2010/09/28 08:57:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Ten Heavens
[2011/06/07 15:51:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Teyon
[2010/11/17 09:05:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\The Path
[2012/02/28 06:08:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\TheBookofLegends_Saves
[2010/11/06 01:31:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\ThreeDays2
[2012/02/19 03:23:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\TikisLab
[2011/11/14 22:06:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\To the Moon - Freebird Games
[2010/09/28 01:12:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\TOMI2.THE GATES OF FATE
[2011/06/01 17:54:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\TrickySoftware
[2010/04/05 16:48:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Trillian
[2010/10/27 13:04:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Ubisoft
[2011/11/24 16:11:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Update
[2012/04/11 19:03:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\uTorrent
[2010/06/04 23:15:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\VampireSaga
[2011/03/07 03:44:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Vastar
[2011/03/07 03:07:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Vastar - Strategy Guide
[2011/03/22 14:37:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\VBA-M
[2012/02/20 03:00:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\VC 2 Paradise Resort
[2010/04/26 13:13:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\VendelGAMES
[2010/01/18 18:35:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Virtual City
[2010/03/30 02:20:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Virtual Prophecy
[2010/09/29 21:21:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Vogat Interactive
[2010/09/21 01:27:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Whisper of a Rose Saves
[2011/06/10 06:46:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\WhiteBirdsProductions
[2011/06/04 01:55:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Windows Search
[2010/12/03 07:36:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\World-LooM
[2010/09/14 14:20:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\YoudaGames
[2012/04/11 06:08:19 | 000,000,486 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2012/04/11 06:10:34 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2012/03/16 10:00:07 | 000,000,528 | ---- | M] () -- C:\WINDOWS\Tasks\PCDoctorBackgroundMonitorTask.job
[2012/04/11 18:34:42 | 000,000,304 | ---- | M] () -- C:\WINDOWS\Tasks\PMTask.job
[2012/04/11 18:53:00 | 000,000,466 | ---- | M] () -- C:\WINDOWS\Tasks\SystemToolsDailyTest.job

========== Purity Check ==========



< End of report >
  • 0

#38
Crag_Hack
Posted 12 April 2012 - 02:27 PM

Crag_Hack

    Trusted Helper

  • Malware Removal
  • 1,839 posts
Hello Gostchyld. We got the time issue the last try! I finished analyzing your Combofix and OTL logs. They are very clean. We will now run a fix using Combofix. We will run aswMBR again. Finally we will run an extras scan using OTL. Please do the following:

Step 1

  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Open notepad and copy/paste the text in the quotebox below into it:

    RenV::
    c:\program files\Games\Westward III Gold Rush\Westward_III .exe

  • Save this as CFScript.txt, in the same location as ComboFix.exe

    Posted Image
  • Refering to the picture above, drag CFScript into ComboFix.exe
  • When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Step 2

  • Download aswMBR.exe ( 1870KB ) to your desktop.
  • Double click the aswMBR.exe to run it
  • It will ask you if you want to download the latest Avast! virus definitions, answer no

    Posted Image
  • Click the Scan button to start scan

    Posted Image
  • On completion of the scan click Save log, save it to your desktop and post in your next reply

Step 3

  • Run OTL
  • Click the None button
  • Select the Use SafeList option in the Extra Registry section
  • Then click the Run Scan button at the top
  • Let the program run unhindered
  • Then post the produced log (Extras.txt in the same directory as OTL)

Things to see in your next post:
C:\Combofix.txt
aswMBR log
Extras.txt
  • 0

#39
Gostchyld
Posted 12 April 2012 - 03:40 PM

Gostchyld

    Member

  • Topic Starter
  • Member
  • PipPip
  • 74 posts
Combofix log:


ComboFix 12-04-12.03 - Michele 04/12/2012 17:09:17.5.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3033.1629 [GMT -4:00]
Running from: c:\documents and settings\Michele\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Michele\Desktop\CFScript.txt
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((( Files Created from 2012-03-12 to 2012-04-12 )))))))))))))))))))))))))))))))
.
.
2012-04-12 21:04 . 2012-03-20 07:53 6582328 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{851EE81A-549A-48DC-B369-6EF9FB0232C3}\mpengine.dll
2012-04-12 20:50 . 2012-04-12 20:50 63115 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\USERTILE.JS
2012-04-12 20:50 . 2012-04-12 20:50 9310 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXTBOX.JS
2012-04-12 20:50 . 2012-04-12 20:50 8646 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TILEBOX.JS
2012-04-12 20:50 . 2012-04-12 20:50 8613 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\SAVEDUSER.JS
2012-04-12 20:50 . 2012-04-12 20:50 6429 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UICORE.JS
2012-04-12 20:50 . 2012-04-12 20:50 5927 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXT.JS
2012-04-12 20:50 . 2012-04-12 20:50 4599 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UIRESOURCE.JS
2012-04-12 20:50 . 2012-04-12 20:50 1651 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\QUERYSTRING.JS
2012-04-12 20:49 . 2012-04-12 20:49 6910 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\NEWUSERCOMM.JS
2012-04-12 20:49 . 2012-04-12 20:49 8288 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\IMAGE.JS
2012-04-12 20:49 . 2012-04-12 20:49 6208 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LINK.JS
2012-04-12 20:49 . 2012-04-12 20:49 18541 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LOCALIZATION.JS
2012-04-12 20:49 . 2012-04-12 20:49 51852 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\EXTERNALWRAPPER.JS
2012-04-12 20:49 . 2012-04-12 20:49 8782 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\BUTTON.JS
2012-04-12 20:49 . 2012-04-12 20:49 7271 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\CHECKBOX.JS
2012-04-12 20:49 . 2012-04-12 20:49 23327 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\COMBOBOX.JS
2012-04-12 20:49 . 2012-04-12 20:49 20719 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\DIVWRAPPER.JS
2012-04-07 11:35 . 2012-04-07 12:59 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-07 11:29 . 2012-04-07 11:29 -------- d-----w- c:\windows\system32\wbem\Repository
2012-04-06 05:53 . 2012-04-06 05:53 -------- d-----w- c:\documents and settings\Michele\Application Data\IronCode
2012-04-06 04:47 . 2009-12-05 23:42 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2012-04-06 04:47 . 2012-04-06 04:47 -------- d-----w- c:\program files\ffdshow
2012-03-30 02:51 . 2012-03-30 02:51 -------- d-----w- c:\program files\Common Files\Software Update Utility
2012-03-25 08:59 . 2012-03-25 08:59 -------- d-----w- c:\documents and settings\Michele\Application Data\Anarchy
2012-03-21 22:52 . 2012-03-21 22:52 -------- d-----w- c:\documents and settings\Michele\Application Data\Adore Games
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-07 12:59 . 2011-06-11 23:59 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-20 07:53 . 2010-11-26 08:57 6582328 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-02-23 14:18 . 2010-11-25 08:17 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-02-17 05:47 . 2004-08-04 20:00 26112 ----a-w- c:\windows\system32\userinit.exe
2012-02-03 09:22 . 2004-08-05 04:00 1860096 ----a-w- c:\windows\system32\win32k.sys
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2008-04-13 21:42 . 5652F6CE1D9E9D8068B9D29BC21B5409 . 84992 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\olepro32.dll
[7] 2004-08-04 20:00 . B48D3193DD1474DCBCC32BF4779AC698 . 83456 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\olepro32.dll
[-] 1999-03-08 06:00 . CE0155405EA902797E88B92A78443AEB . 164112 . . [5.0.4275] . . c:\windows\system32\olepro32.dll
.
((((((((((((((((((((((((((((( SnapShot_2012-04-08_23.13.18 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-04-12 20:49 . 2012-04-12 20:49 16384 c:\windows\TEMP\Perflib_Perfdata_3b8.dat
+ 2012-04-08 23:36 . 2012-04-08 23:36 479232 c:\windows\ERDNT\AutoBackup\4-8-2012\Users\00000002\UsrClass.dat
+ 2012-04-08 23:36 . 2005-10-20 16:02 163328 c:\windows\ERDNT\AutoBackup\4-8-2012\ERDNT.EXE
+ 2012-04-12 20:52 . 2012-04-12 20:52 479232 c:\windows\ERDNT\AutoBackup\4-12-2012\Users\00000002\UsrClass.dat
+ 2012-04-12 20:52 . 2005-10-20 16:02 163328 c:\windows\ERDNT\AutoBackup\4-12-2012\ERDNT.EXE
+ 2012-04-11 09:16 . 2012-04-11 09:16 479232 c:\windows\ERDNT\AutoBackup\4-11-2012\Users\00000002\UsrClass.dat
+ 2012-04-11 09:16 . 2005-10-20 16:02 163328 c:\windows\ERDNT\AutoBackup\4-11-2012\ERDNT.EXE
+ 2012-04-08 23:36 . 2012-04-08 23:36 8212480 c:\windows\ERDNT\AutoBackup\4-8-2012\Users\00000001\ntuser.dat
+ 2012-04-12 20:52 . 2012-04-12 20:52 8212480 c:\windows\ERDNT\AutoBackup\4-12-2012\Users\00000001\ntuser.dat
+ 2012-04-11 09:16 . 2012-04-11 09:16 8212480 c:\windows\ERDNT\AutoBackup\4-11-2012\Users\00000001\ntuser.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2009-04-02 20:47 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192]
.
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192]
.
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Vidalia"="c:\program files\Vidalia Bundle\Vidalia\vidalia.exe" [2011-10-12 5407850]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2012-03-18 742264]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2008-03-26 163840]
"BisonMnt"="c:\windows\BisonC07\BisonM07.exe" [2008-10-14 32768]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2010-11-05 517480]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2012-01-13 981680]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-12 49152]
"EnergyUtility"="c:\program files\Lenovo\Energy Management\utility.exe" [2009-06-12 4464640]
"Energy Management"="c:\program files\Lenovo\Energy Management\Energy Management.exe" [2009-06-10 1282048]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-22 129536]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-22 163328]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-22 138752]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2011-07-27 434080]
.
c:\documents and settings\Michele\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-11 282624]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2010-12-9 813584]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-10-09 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^Michele^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\documents and settings\Michele\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Michele^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk]
path=c:\documents and settings\Michele\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
backup=c:\windows\pss\OpenOffice.org 3.2.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2010-03-06 08:44 500208 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
2009-04-24 03:05 203416 ----a-w- c:\program files\Alcohol Soft\Alcohol 52\AxCmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Energy Management]
2009-06-10 22:32 1282048 ----a-w- c:\program files\Lenovo\Energy Management\Energy Management.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EnergyUtility]
2009-06-12 19:59 4464640 ----a-w- c:\program files\Lenovo\Energy Management\utility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-06-01 23:25 136176 ----atw- c:\documents and settings\Michele\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Memeo AutoSync]
2010-04-16 21:43 144608 ----a-w- c:\program files\Memeo\AutoSync\MemeoLauncher2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Memeo Backup Premium]
2010-04-23 00:49 136416 ----a-w- c:\program files\Memeo\AutoBackupPro\MemeoLauncher2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Memeo Send]
2009-11-05 00:29 236816 ----a-w- c:\program files\Memeo\Memeo Send\MemeoLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 21:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Seagate Dashboard]
2010-04-30 14:47 79112 ----a-w- c:\program files\Seagate\Seagate Dashboard\MemeoLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmartAudio]
2009-04-23 09:11 2742840 ----a-w- c:\program files\CONEXANT\SmartAudio\SmAudio.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmAudio]
2009-04-23 09:11 2742840 ----a-w- c:\program files\CONEXANT\SmartAudio\SmAudio.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-06-09 18:06 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SeaPort"=2 (0x2)
"IviRegMgr"=2 (0x2)
"gupdate"=2 (0x2)
"BcmSqlStartupSvc"=2 (0x2)
"ASKUpgrade"=2 (0x2)
"ASKService"=2 (0x2)
"MemeoBackgroundService"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Rosetta Stone\\Rosetta Stone Version 3\\support\\bin\\win\\RosettaStoneLtdServices.exe"=
"c:\\Program Files\\Rosetta Stone\\Rosetta Stone Version 3\\RosettaStoneVersion3.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Documents and Settings\\Michele\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R0 DozeHDD;DozeHDD;c:\windows\system32\drivers\DOZEHDD.SYS [12/10/2010 11:52 PM 24304]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [7/29/2010 11:40 PM 64512]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [12/30/2009 4:25 AM 691696]
R1 MpKsl6b09d567;MpKsl6b09d567;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4F8D3429-4DC4-4144-A544-CD1A1B71EE35}\MpKsl6b09d567.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4F8D3429-4DC4-4144-A544-CD1A1B71EE35}\MpKsl6b09d567.sys [?]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2/17/2010 2:25 PM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 2:41 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [6/29/2010 1:48 PM 116608]
R2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [10/13/2011 6:21 PM 249648]
R2 DozeSvc;Lenovo Doze Mode Service;c:\program files\ThinkPad\Utilities\DOZESVC.EXE [12/10/2010 11:52 PM 132456]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [12/9/2010 2:25 PM 10384]
R2 NAUpdate;@c:\program files\Nero\Update\NASvc.exe,-200;c:\program files\Nero\Update\NASvc.exe [5/4/2010 12:07 PM 503080]
R2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.exe [12/10/2010 11:52 PM 53248]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [4/17/2007 11:09 PM 11032]
R2 SeagateDashboardService;Seagate Dashboard Service;c:\program files\Seagate\Seagate Dashboard\SeagateDashboardService.exe [4/30/2010 10:47 AM 14088]
R3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\drivers\AcpiVpc.sys [9/14/2009 6:21 PM 9472]
S2 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [10/21/2011 4:23 PM 196176]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [3/12/2010 4:10 PM 135664]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [12/2/2011 8:49 AM 2152152]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/7/2012 7:35 AM 253600]
S3 audiobridge;Virtual Audio Bridge;c:\windows\system32\drivers\aubridge.sys [7/23/2007 3:04 PM 22528]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [12/18/2009 11:58 AM 11336]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [5/17/2011 12:30 AM 13224]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [3/12/2010 4:10 PM 135664]
S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [11/16/2010 2:10 AM 267568]
S3 musbehco;musbehco;\??\c:\docume~1\Michele\LOCALS~1\Temp\musbehco.sys --> c:\docume~1\Michele\LOCALS~1\Temp\musbehco.sys [?]
S3 PCDSRVC{3037D694-FD904ACA-06020200}_0;PCDSRVC{3037D694-FD904ACA-06020200}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\PC-Doctor\pcdsrvc.pkms [6/27/2011 11:54 AM 22640]
S3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RTS5121.sys --> c:\windows\system32\Drivers\RTS5121.sys [?]
S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys --> c:\windows\system32\DRIVERS\Rts516xIR.sys [?]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [5/8/2011 10:50 PM 86824]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [5/8/2011 10:50 PM 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [5/8/2011 10:50 PM 114728]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [5/8/2011 10:50 PM 106208]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [5/8/2011 10:50 PM 26024]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [5/8/2011 10:50 PM 104744]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [5/8/2011 10:50 PM 109864]
S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [12/13/2010 4:38 PM 27632]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [8/4/2004 4:00 PM 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
S3 WSVD;WSVD;c:\windows\system32\drivers\WSVD.sys [8/19/2009 6:08 AM 81192]
S4 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe [12/26/2009 11:49 AM 464264]
S4 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [12/26/2009 11:49 AM 234888]
S4 MemeoBackgroundService;MemeoBackgroundService;c:\program files\Memeo\AutoBackupPro\MemeoBackgroundService.exe [4/22/2010 8:49 PM 25824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
WD_FireWire_HID
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-12 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-12-02 05:41]
.
2012-04-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-07 12:59]
.
2012-04-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]
.
2012-04-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-12 20:10]
.
2012-04-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-12 20:10]
.
2012-04-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4139560822-1196392724-1434190299-1007Core.job
- c:\documents and settings\Michele\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-03 23:25]
.
2012-04-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4139560822-1196392724-1434190299-1007UA.job
- c:\documents and settings\Michele\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-03 23:25]
.
2012-04-12 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 19:39]
.
2012-03-16 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PC-Doctor\uaclauncher.exe [2011-06-27 15:54]
.
2012-04-12 c:\windows\Tasks\PMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2010-12-11 06:29]
.
2012-04-12 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\PC-Doctor\uaclauncher.exe [2011-06-27 15:54]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
FF - ProfilePath - c:\documents and settings\Michele\Application Data\Mozilla\Firefox\Profiles\zx1479pg.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://bing.zugotoolbar.com/s/?iesrc=IE-Address&site=Bing&q=
FF - prefs.js: network.proxy.type - 4
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Ext: Zynga Community Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - %profile%\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
FF - Ext: Torbutton: {e0204bd5-9d31-402b-a99d-a6aa8ffebdca} - %profile%\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: [email protected] - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Move Media Player: [email protected] - c:\documents and settings\Michele\Application Data\Move Networks
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-12 17:29
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
BisonMnt = c:\windows\BisonC07\BisonM07.exe????????????????????????????????????????????????????????????????????????????????H???????????????????????????????????????????????????????`????v?|????????????????????????x????x?|?????`?????????????????|?????????????????X?w???
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCDSRVC{3037D694-FD904ACA-06020200}_0]
"ImagePath"="\??\c:\program files\pc-doctor\pcdsrvc.pkms"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1112)
c:\windows\system32\WININET.dll
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
- - - - - - - > 'lsass.exe'(1172)
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(4124)
c:\windows\system32\WININET.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2012-04-12 17:36:22
ComboFix-quarantined-files.txt 2012-04-12 21:36
ComboFix2.txt 2012-04-08 23:17
ComboFix3.txt 2012-04-07 11:13
ComboFix4.txt 2012-02-20 13:36
ComboFix5.txt 2012-04-12 21:06
.
Pre-Run: 30,083,481,600 bytes free
Post-Run: 30,747,078,656 bytes free
.
- - End Of File - - 9BCC4F81ED32C0DFD7C81297B31014E1
  • 0

#40
Gostchyld
Posted 12 April 2012 - 03:48 PM

Gostchyld

    Member

  • Topic Starter
  • Member
  • PipPip
  • 74 posts
Immediately after running aswMBR MSE detected Trojan:DOS/Alureon.I in the following directory: C:\Documents and Settings\Michele\Desktop\MBR.dat
I have not removed it as of yet as I'm not sure if it is a false positive, and will await direction to do so.

The following is the aswMBR log:


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-12 17:43:06
-----------------------------
17:43:06.890 OS Version: Windows 5.1.2600 Service Pack 3
17:43:06.890 Number of processors: 2 586 0x170A
17:43:06.890 ComputerName: MGLAPTOP UserName: Michele
17:43:10.750 Initialize success
17:43:37.671 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
17:43:37.671 Disk 0 Vendor: WDC_WD25 11.0 Size: 238475MB BusType: 3
17:43:37.671 Disk 0 MBR read successfully
17:43:37.671 Disk 0 MBR scan
17:43:37.671 Disk 0 TDL4@MBR code has been found
17:43:37.671 Disk 0 MBR hidden
17:43:37.703 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 193470 MB offset 2048
17:43:37.703 Disk 0 Partition - 00 0F Extended LBA 29894 MB offset 396230656
17:43:37.734 Disk 0 Partition 2 00 12 Compaq diag NTFS 15108 MB offset 457453568
17:43:37.765 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 29893 MB offset 396232704
17:43:37.765 Disk 0 MBR [TDL4] **ROOTKIT**
17:43:37.765 Disk 0 trace - called modules:
17:43:37.765 ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys >>UNKNOWN [0x8a00c49f]<<
17:43:37.765 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8acde770]
17:43:37.796 3 CLASSPNP.SYS[b9908fd7] -> nt!IofCallDriver -> [0x89de0030]
17:43:37.812 \Driver\iaStor[0x8a227b48] -> IRP_MJ_CREATE -> 0x8a00c49f
17:43:37.812 Scan finished successfully
17:43:53.312 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Michele\Desktop\MBR.dat"
17:43:53.328 The log file has been saved successfully to "C:\Documents and Settings\Michele\Desktop\aswMBR.txt"
  • 0

Advertisements

#41
Gostchyld
Posted 12 April 2012 - 03:53 PM

Gostchyld

    Member

  • Topic Starter
  • Member
  • PipPip
  • 74 posts
This is the OTL log:


OTL logfile created on: 4/12/2012 5:50:20 PM - Run 11
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Michele\Desktop\Comp Cleanup
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.96 Gb Total Physical Memory | 0.64 Gb Available Physical Memory | 21.68% Memory free
5.77 Gb Paging File | 3.70 Gb Available in Paging File | 64.11% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 188.93 Gb Total Space | 28.48 Gb Free Space | 15.08% Space Free | Partition Type: NTFS
Drive D: | 29.19 Gb Total Space | 24.80 Gb Free Space | 84.96% Space Free | Partition Type: NTFS
Drive E: | 400.44 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: MGLAPTOP | User Name: Michele | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

< End of report >


and here is Extras.txt:


OTL Extras logfile created on: 4/12/2012 5:50:20 PM - Run 11
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Michele\Desktop\Comp Cleanup
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.96 Gb Total Physical Memory | 0.64 Gb Available Physical Memory | 21.68% Memory free
5.77 Gb Paging File | 3.70 Gb Available in Paging File | 64.11% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 188.93 Gb Total Space | 28.48 Gb Free Space | 15.08% Space Free | Partition Type: NTFS
Drive D: | 29.19 Gb Total Space | 24.80 Gb Free Space | 84.96% Space Free | Partition Type: NTFS
Drive E: | 400.44 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: MGLAPTOP | User Name: Michele | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [MediaMonkey.1Play] -- "C:\Program Files\MediaMonkey\MediaMonkey.exe" "%1" (Ventis Media Inc.)
Directory [MediaMonkey.2PlayNext] -- "C:\Program Files\MediaMonkey\MediaMonkey.exe" /NEXT "%1" (Ventis Media Inc.)
Directory [MediaMonkey.3Enqueue] -- "C:\Program Files\MediaMonkey\MediaMonkey.exe" /ADD "%1" (Ventis Media Inc.)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"ANTIVIRUSDISABLENOTIFY" = 0
"FIREWALLDISABLENOTIFY" = 0
"UPDATESDISABLENOTIFY" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 1
"DoNotAllowExceptions" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"5985:TCP" = 5985:TCP:*:Disabled:Windows Remote Management

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\support\bin\win\RosettaStoneLtdServices.exe" = C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\support\bin\win\RosettaStoneLtdServices.exe:*:Enabled:Rosetta Stone Ltd Services -- (Rosetta Stone Ltd. )
"C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\RosettaStoneVersion3.exe" = C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\RosettaStoneVersion3.exe:*:Enabled:Rosetta Stone Version 3 Application -- (Rosetta Stone Ltd. )

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AIM -- (AOL Inc.)
"C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\support\bin\win\RosettaStoneLtdServices.exe" = C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\support\bin\win\RosettaStoneLtdServices.exe:*:Enabled:Rosetta Stone Ltd Services -- (Rosetta Stone Ltd. )
"C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\RosettaStoneVersion3.exe" = C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\RosettaStoneVersion3.exe:*:Enabled:Rosetta Stone Version 3 Application -- (Rosetta Stone Ltd. )
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Google\Google Earth\client\googleearth.exe" = C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)
"C:\Program Files\Vuze\Azureus.exe" = C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus / Vuze -- (Vuze Inc.)
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- ()
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Documents and Settings\Michele\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\Michele\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- (Google)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{0611BD4E-4FE4-4a62-B0C0-18A4CC463428}" = CP_Package_Variety1
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{09984AEC-6B9F-4ca7-B78D-CB44D4771DA3}" = Destinations
"{0B33B738-AD79-4E32-90C5-E67BFB10BBFF}" = AiO_Scan
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{148E08FF-D7C4-46ED-8D4D-601C67FE0AFD}" = Rosetta Stone Version 3
"{15EE79F4-4ED1-4267-9B0F-351009325D7D}" = HP Software Update
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{1BC77CEF-C52F-4092-BF87-0D4E6B86D860}" = Memeo Share
"{1C139D7D-9FEA-468d-A9C8-2A6E3BDE564A}" = CP_Package_Variety3
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{2466E904-7E48-4597-9321-722CF02930EB}" = 5600
"{26A24AE4-039D-4CA4-87B4-2F83216020F0}" = Java™ 6 Update 20
"{26A24AE4-039D-4CA4-87B4-2F83216025FF}" = Java™ 6 Update 30
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{2CADCEAB-D5DA-44D6-B5FC-7DEE87AB3C0C}" = Unload
"{2F9CA7CF-BEF5-3CD9-8EFF-EC70162E3C02}" = Google Talk Plugin
"{30C19FF2-7FBA-4d09-B9DE-1659977F64F6}" = TrayApp
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{347DA8D7-B858-421e-A154-5F438A36F1A4}" = Memeo Backup Premium
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F2A323E-60C4-41E8-8CCB-9715D1D750C3}" = Angry Birds Space
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BB1DCED-84D3-47F9-B718-5947E904593E}" = Lenovo EasyCamera
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client
"{54E3707F-808E-4fd4-95C9-15D1AB077E5D}" = NewCopy
"{56F8AFC3-FA98-4ff1-9673-8A026CBF85BE}" = WebReg
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5A13987D-55F4-4271-A40E-76AC9B1B38FD}" = OpenOffice.org 3.2
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}" = HP PSC & OfficeJet 5.3.B
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6BB6627C-694F-4FDC-A3E5-C7F4BED4C724}" = DocProc
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73AD5A08-FCFE-44EA-9436-3F7BEAF60049}" = Angry Birds
"{75B7F766-7998-44d8-A202-F1EC76A121BA}" = Memeo AutoSync
"{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77C84C38-E592-4A33-AB99-FA524120452F}" = Ad-Aware
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7850A6D2-CBEA-4728-9877-F1BEDEA9F619}" = AiOSoftware
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7A1F1E81-A017-43EE-8A24-E88878164C91}" = SeaWorld Adventure Parks Tycoon 3D
"{7C9B95B7-B598-4398-B30F-7F6827192E6C}" = ProductContext
"{81784157-3D4D-4bc1-B988-B24C32A26DA8}" = Memeo Send
"{842BEE12-CCCB-43F4-ABAF-CBA6DFE2583D}" = Nero BurnLite 10
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8991E763-21F5-4DEA-A938-5D9D77DCB488}" = Broadcom WLAN
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{923A7F5A-1E8C-4FBE-8DF6-85940A60A79F}" = Readme
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{9370105C-71BB-4FF9-A85B-36D79B95457A}_is1" = ALLConverter PRO 1.0
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = USB2.0 Card Reader Software
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E325417-AE9C-4EE1-A158-13DF451A5987}" = Broadcom Gigabit Integrated Controller
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A0E64EBA-8BF0-49FB-90C0-BB3D781A2016}" = ThinkPad Power Manager
"{A195B13E-A5E3-4BAF-A995-7F70F445CD06}" = ScannerCopy
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser
"{A5D73F1B-C475-4158-BD83-35A8B94F1018}" = Nancy Drew: The Captive Curse
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}" = Windows 7 Upgrade Advisor
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB627AF2-9C7E-4DBD-816B-3B2646B81E89}" = Nero BurnLite 10
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.2)
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AE1E24C2-E720-42D5-B8E1-48F71A97B4DB}" = Energy Management
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP2
"{B4089055-D468-45A4-A6BA-5A138DD715FC}" = Bing Bar
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B7588D45-AFDC-4C93-9E2E-A100F3554B64}" = Microsoft Fix it Center
"{B824B5C9-849F-4b9e-9EA7-6FD8CD8116DA}" = CP_Package_Variety2
"{B996AE66-10DB-4ac5-B151-E8B4BFBC42FC}" = BufferChm
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BFD5AC8A-5884-4da8-9873-3DF8E3DCCE18}" = 5600Trb
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C3A11907-930D-41AC-A135-CC3B12F92011}" = Seagate Dashboard
"{C506A18C-1469-4678-B094-F4EC9DAE6DB7}" = Scan
"{c9920352-04e6-469d-bab8-e2b9c7c75415}.sdb" = Microsoft Automated Troubleshooting Services Shim
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC3A121D-86A0-49CD-BBAF-3FB66204D355}_is1" = Sinking Island version 1.0
"{CC7984C5-020D-4944-85A0-58D09D4A8BFB}" = 5600_Help
"{CCD3F3D0-C85A-4BB7-ADDA-CA68019631D5}" = Angry Birds Seasons
"{CD41B576-4787-4D5C-95EE-24A4ABD89CD3}" = System Requirements Lab for Intel
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE24344F-DFD8-40C8-8FD8-C9740B5F25AC}" = Fax
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D7B3493D-766C-40AA-9AA9-053B896D76DE}" = Angry Birds Rio
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E34E9B33-46EC-4252-A52F-DDA3978CC0AF}" = Syberia
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E3F90083-80D4-4b5a-87C7-E97E12F5516D}" = HPProductAssistant
"{E7084B89-69E0-46B3-A118-8F99D06988CD}" = Microsoft SQL Server VSS Writer
"{EA103B64-C0E4-4C0E-A506-751590E1653D}" = SolutionCenter
"{EDBE322C-5CF0-46AC-A6DE-C6713F84B68A}" = Syberia 2
"{EE531675-A09C-51DD-F356-ECA9D6857039}" = Adobe Community Help
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0DB63F5-0936-41D2-B400-89707218FAAC}" = Memeo LifeAgent Explorer Extension
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Graphics Media Accelerator Driver
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F4C2E5F5-2970-45f4-ABD3-C180C4D961C4}" = Status
"{FE64AE29-0883-4C70-8388-DC026019C900}" = HP Image Zone Express
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"8461-7759-5462-8226" = Vuze
"AC3Filter" = AC3Filter (remove only)
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adore Puzzle1.0" = Adore Puzzle
"AIM_7" = AIM 7
"Aldorlea Tales - Stars of Destiny 1.00" = Aldorlea Tales - Stars of Destiny 1.00
"Angry Birds - Christmas Edition - Seasons HD1.0" = Angry Birds - Christmas Edition - Seasons HD
"Angry Birds 4 PC1.0" = Angry Birds 4 PC
"Ask Toolbar_is1" = Vuze Toolbar
"AvernumDemo" = Avernum Demo
"Aveyond - The Darkthrop Prophecy Just For Fun Games" = Aveyond - The Darkthrop Prophecy Just For Fun Games
"Aveyond 2 % CompanyName%" = Aveyond 2 % CompanyName%
"AveyondJust For Fun Games" = AveyondJust For Fun Games
"AVI To MP4 Converter_is1" = AVI To MP4 Converter 1.0
"BeTrapped! Just For Fun Games" = BeTrapped! Just For Fun Games
"BitTornado" = BitTornado 0.3.17
"Business Contact Manager" = Business Contact Manager for Outlook 2007 SP2
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"CLUE Classic1.0" = CLUE Classic
"CNXT_AUDIO_HDA" = Conexant HD Audio
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Dr. Wise Medical Mysteries 1.00" = Dr. Wise Medical Mysteries 1.00
"Dream Chronicles 2_is1" = Dream Chronicles 2
"Dream Chronicles The Chosen Child_is1" = Dream Chronicles The Chosen Child
"Dream Chronicles_is1" = Dream Chronicles
"Elven Mists 21.0" = Elven Mists 2
"Empires And Dungeons 21.0" = Empires And Dungeons 2
"Engineering Mystery of the Ancient Clock1.0" = Engineering Mystery of the Ancient Clock
"ERUNT_is1" = ERUNT 1.1j
"Escape From Thunder Island1.0" = Escape From Thunder Island
"Eternal Eden 1.00" = Eternal Eden 1.00
"Family Feud 2010" = Family Feud 2010 1.0.4
"Family Feud Battle of the Sexes BFG 1.00" = Family Feud Battle of the Sexes BFG 1.00
"Fantastic Creations - House of Brass CE1.0" = Fantastic Creations - House of Brass CE
"Free ISO Creator (by minidvdsoft)_is1" = Free ISO Creator version 2.8
"Gemini Lost1.0.0.125" = Gemini Lost
"Gold Miner JoeJust For Fun Games" = Gold Miner JoeJust For Fun Games
"Gold Miner Special EditionJust For Fun Games" = Gold Miner Special EditionJust For Fun Games
"Gold Miner Vegas_is1" = Gold Miner Vegas
"Gold Miner VegasJust For Fun Games" = Gold Miner VegasJust For Fun Games
"Heros Tale - Enhanced Edition1.0" = Heros Tale - Enhanced Edition
"HijackThis" = HijackThis 2.0.2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Hotel Dash 2 Lost Luxuries 1.00" = Hotel Dash 2 Lost Luxuries 1.00
"Hotel Mogul - Las Vegas1.0" = Hotel Mogul - Las Vegas
"HP Imaging Device Functions" = HP Imaging Device Functions 5.3
"HP Solution Center & Imaging Support Tools" = HP Solution Center & Imaging Support Tools 5.3
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Inspector Parker Just For Fun Games" = Inspector Parker Just For Fun Games
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8
"InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.6.1 (Basic)
"Kuros 1.00" = Kuros 1.00
"LADSPA_plugins-win_is1" = LADSPA_plugins-win-0.4.15
"Last Heroes 4Just For Fun Games" = Last Heroes 4Just For Fun Games
"Leahs Tale1.0" = Leahs Tale
"Lilly and Sasha Curse of the ImmortalsJust For Fun Games" = Lilly and Sasha Curse of the ImmortalsJust For Fun Games
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"Mandragora_is1" = Mandragora
"MediaMonkey_is1" = MediaMonkey 3.2
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Millennium - A New Hope1.0" = Millennium - A New Hope
"Mirror Mysteries_is1" = Mirror Mysteries
"Mozilla Firefox (3.6.23)" = Mozilla Firefox (3.6.23)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"OggDS" = Direct Show Ogg Vorbis Filter (remove only)
"OpenAL" = OpenAL
"PC-Doctor for Windows" = Lenovo ThinkVantage Toolbox
"Picasa 3" = Picasa 3
"Pioneer Lands 1.00" = Pioneer Lands 1.00
"Polipo" = Polipo 1.0.4.1
"PowerISO" = PowerISO
"PROHYBRIDR" = 2007 Microsoft Office system
"QuickTime 3.0" = QuickTime 3.0
"Rescue Team Updated 1.00" = Rescue Team Updated 1.00
"Return To Zork_is1" = Return To Zork
"Rita James and the Race to Shangri La1.0" = Rita James and the Race to Shangri La
"RPG Maker 2000 OldTypeDF" = RPG Maker 2000 - Dragon Fantasy REMAKE
"RPG Maker 2000 1.05" = RPG Maker 2000 1.05
"RPG Maker 2000 1.07b" = RPG Maker 2000 1.07b
"RPG Maker VX RTP_is1" = RPG Maker VX RTP
"RTP for RM2K (Png, Wav, Midi, Fonts)" = RTP for RM2K (Png, Wav, Midi, Fonts)
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"Super Jigsaw Puppies_is1" = Super Jigsaw Puppies
"Tamara the 13th Just For Fun Games" = Tamara the 13th Just For Fun Games
"Tasty Planet 2 - Back for Seconds1.0" = Tasty Planet 2 - Back for Seconds
"TextTwist 2_is1" = TextTwist 2
"The Book of Legends1.0" = The Book of Legends
"The Golden Years - Way Out West1.0" = The Golden Years - Way Out West
"The Great Tree1.3.4.8" = The Great Tree
"The X-Files" = The X-Files
"Tor" = Tor 0.2.2.34
"Trillian" = Trillian
"uTorrent" = µTorrent
"Vidalia" = Vidalia 0.2.15
"Virtual City 2 - Paradise Resort Updated1.0" = Virtual City 2 - Paradise Resort Updated
"Virtual Families1.0" = Virtual Families
"Virtual Villagers - New Believers Just For Fun Games" = Virtual Villagers - New Believers Just For Fun Games
"VLC media player" = VLC media player 1.1.5
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Westward III Gold Rush 1.00" = Westward III Gold Rush 1.00
"White Haven Mysteries - Strategy Guide Included1.0" = White Haven Mysteries - Strategy Guide Included
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"World Of Zellians1.0" = World Of Zellians
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"ZoomBook The Temple Of The Sun_is1" = ZoomBook The Temple Of The Sun
"ZoomBrowserEXDeInstall" = Canon Utilities ZoomBrowser EX
"Zork Anthology_is1" = Zork Anthology

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Move Media Player" = Move Media Player
"oDVT" = oDesk Team
"WinDirStat" = WinDirStat 1.1.2

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/8/2012 12:09:09 PM | Computer Name = MGLAPTOP | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
P2 3.0.8402.0, P3 timeout, P4 1.1.8202.0, P5 fixed, P6 2 _ 2049+, P7 5 _ not boot,
P8 NIL, P9 NIL, P10 NIL.

Error - 4/8/2012 8:45:16 PM | Computer Name = MGLAPTOP | Source = Application Hang | ID = 1002
Description = Hanging application chrome.exe, version 18.0.1025.151, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 4/9/2012 7:29:59 PM | Computer Name = MGLAPTOP | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 800706bb, P2 beginsearch, P3 search, P4
3.0.8402.0, P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
P8 NIL, P9 NIL, P10 NIL.

Error - 4/9/2012 7:34:58 PM | Computer Name = MGLAPTOP | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 800706bb, P2 beginsearch, P3 search, P4
3.0.8402.0, P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
P8 NIL, P9 NIL, P10 NIL.

Error - 4/10/2012 6:54:54 PM | Computer Name = MGLAPTOP | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80070008, P2 endsearch, P3 search, P4 3.0.8402.0,
P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
P8 NIL, P9 NIL, P10 NIL.

Error - 4/10/2012 7:34:12 PM | Computer Name = MGLAPTOP | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 8007000e, P2 endsearch, P3 search, P4 3.0.8402.0,
P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
P8 NIL, P9 NIL, P10 NIL.

Error - 4/11/2012 6:32:40 AM | Computer Name = MGLAPTOP | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80240022, P2 processdownloadresults, P3
download, P4 3.0.8402.0, P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials
(edb4fa23-53b8-4afa-8c5d-99752cca7094), P8 NIL, P9 NIL, P10 NIL.

Error - 4/11/2012 7:02:28 AM | Computer Name = MGLAPTOP | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 4/11/2012 7:57:34 PM | Computer Name = MGLAPTOP | Source = Application Error | ID = 1000
Description = Faulting application officelivesignin.exe, version 2.0.2313.0, faulting
module officelivesignin.exe, version 2.0.2313.0, fault address 0x00003ce4.

Error - 4/12/2012 8:14:43 AM | Computer Name = MGLAPTOP | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80070008, P2 beginsearch, P3 search, P4
3.0.8402.0, P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
P8 NIL, P9 NIL, P10 NIL.

[ System Events ]
Error - 4/11/2012 5:25:46 PM | Computer Name = MGLAPTOP | Source = BROWSER | ID = 8007
Description = The browser was unable to update the service status bits. The data
is the error.

Error - 4/11/2012 5:26:46 PM | Computer Name = MGLAPTOP | Source = BROWSER | ID = 8007
Description = The browser was unable to update the service status bits. The data
is the error.

Error - 4/11/2012 8:10:45 PM | Computer Name = MGLAPTOP | Source = BROWSER | ID = 8007
Description = The browser was unable to update the service status bits. The data
is the error.

Error - 4/11/2012 8:11:45 PM | Computer Name = MGLAPTOP | Source = BROWSER | ID = 8007
Description = The browser was unable to update the service status bits. The data
is the error.

Error - 4/12/2012 3:39:51 AM | Computer Name = MGLAPTOP | Source = BROWSER | ID = 8007
Description = The browser was unable to update the service status bits. The data
is the error.

Error - 4/12/2012 3:40:51 AM | Computer Name = MGLAPTOP | Source = BROWSER | ID = 8007
Description = The browser was unable to update the service status bits. The data
is the error.

Error - 4/12/2012 8:14:42 AM | Computer Name = MGLAPTOP | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.123.1500.0 Update Source: %%859 Update Stage:
%%852 Source Path: Default URL Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEM

Current
Engine Version: Previous Engine Version: 1.1.8202.0 Error code: 0x80070008 Error
description: Not enough storage is available to process this command.

Error - 4/12/2012 2:12:54 PM | Computer Name = MGLAPTOP | Source = BROWSER | ID = 8007
Description = The browser was unable to update the service status bits. The data
is the error.

Error - 4/12/2012 2:13:54 PM | Computer Name = MGLAPTOP | Source = BROWSER | ID = 8007
Description = The browser was unable to update the service status bits. The data
is the error.

Error - 4/12/2012 4:49:57 PM | Computer Name = MGLAPTOP | Source = Service Control Manager | ID = 7023
Description = The Ftpqueue service terminated with the following error: %%126


< End of report >
  • 0

#42
Gostchyld
Posted 12 April 2012 - 03:54 PM

Gostchyld

    Member

  • Topic Starter
  • Member
  • PipPip
  • 74 posts
MSE removed the aforementioned trojan automatically.
  • 0

#43
Crag_Hack
Posted 13 April 2012 - 02:01 PM

Crag_Hack

    Trusted Helper

  • Malware Removal
  • 1,839 posts
Hi gostchyld. I finished looking at all your logs. Your extras is clean, CF is clean, there is one suspicous file to upload to see if it's malicious or not, and we will run a fix using aswMBR to clean your infected MBR. Please do the following:

Step 1

There are several suspicious files on your machine that might or might not be malware. We will scan them to verify. Let me know if you have any trouble following these instructions. Please do the following:

  • Go to this site
  • Click the browse button on the top of the page
  • Navigate to this file c:\docume~1\Michele\LOCALS~1\Temp\musbehco.sys and click the open button
    the full directory is c:\documents and settings\Michele\local settings\Temp\musbehco.sys
    also the file may not exist so if it doesn't just skip to step 2 and let me know in your next post
  • Click the Upload button
  • If a pop-up appears saying the file has been scanned already, please select the ReScan button
  • Once the Scan is completed, click on the Copy to Clipboard button at the bottom of the page. This will copy the report into the Clipboard.
  • Paste the contents of the Clipboard in your next reply.

Step 2

  • Re-Run aswMBR
  • It will ask you if you want to download the latest Avast! virus definitions, answer no
    Posted Image
  • Click the Scan button to start scan
    Posted Image
  • On completion of the scan Click the Fix
    Posted Image
  • Click Save log, save it to your desktop and post in your next reply

Things to see in your next post:
virscan upload results
aswMBR log
  • 0

#44
Gostchyld
Posted 14 April 2012 - 04:26 AM

Gostchyld

    Member

  • Topic Starter
  • Member
  • PipPip
  • 74 posts
The file outlined in step 1 did not exist... The following is the aswMBR log:


aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software
Run date: 2012-04-14 06:19:33
-----------------------------
06:19:33.390 OS Version: Windows 5.1.2600 Service Pack 3
06:19:33.390 Number of processors: 2 586 0x170A
06:19:33.390 ComputerName: MGLAPTOP UserName: Michele
06:19:35.046 Initialize success
06:20:22.593 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
06:20:22.609 Disk 0 Vendor: WDC_WD25 11.0 Size: 238475MB BusType: 3
06:20:22.609 Disk 0 MBR read successfully
06:20:22.609 Disk 0 MBR scan
06:20:22.609 Disk 0 TDL4@MBR code has been found
06:20:22.609 Disk 0 MBR hidden
06:20:22.625 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 193470 MB offset 2048
06:20:22.640 Disk 0 Partition - 00 0F Extended LBA 29894 MB offset 396230656
06:20:22.656 Disk 0 Partition 2 00 12 Compaq diag NTFS 15108 MB offset 457453568
06:20:22.687 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 29893 MB offset 396232704
06:20:22.687 Disk 0 MBR [TDL4] **ROOTKIT**
06:20:22.687 Disk 0 trace - called modules:
06:20:22.703 ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys >>UNKNOWN [0x8a00c49f]<<
06:20:22.703 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8acde770]
06:20:22.703 3 CLASSPNP.SYS[b9908fd7] -> nt!IofCallDriver -> [0x89de0030]
06:20:22.703 \Driver\iaStor[0x8a227b48] -> IRP_MJ_CREATE -> 0x8a00c49f
06:20:22.703 Scan finished successfully
06:20:37.296 Disk 0 MBR read successfully
06:20:37.296 Disk 0 TDL4@MBR code has been found
06:20:37.312 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 193470 MB offset 2048
06:20:37.312 Disk 0 Partition - 00 0F Extended LBA 29894 MB offset 396230656
06:20:37.343 Disk 0 Partition 2 00 12 Compaq diag NTFS 15108 MB offset 457453568
06:20:37.375 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 29893 MB offset 396232704
06:20:37.375 Disk 0 fixing MBR ...
06:20:37.375 Disk 0 MBR restored successfully
06:20:37.375 Verifying disinfection
06:20:49.437 Infection fixed successfully - please reboot ASAP
06:21:22.953 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Michele\Desktop\MBR.dat"
06:21:23.109 The log file has been saved successfully to "C:\Documents and Settings\Michele\Desktop\aswMBR041412.txt"
  • 0

#45
Gostchyld
Posted 14 April 2012 - 05:20 AM

Gostchyld

    Member

  • Topic Starter
  • Member
  • PipPip
  • 74 posts
It must have been magik, but the google redirects have been resolved!
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP