1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Solved redirect/ fake virus scanner problem..

Discussion in 'Malware and Virus Removal Archive' started by gideon01, 2010/03/26.

Page 2 of 4
  1. 2010/03/27
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    I can see, some Combofix files were not removed, so delete the manually (whichever is found:
    Delete Combofix, Qoobox folders,and Combofix.txt file from C:
    Delete Combofix from your desktop
    Empty Recycle Bin afterwards.

    ================================================================

    Please download OTC to your desktop. It'll remove most tools and logs we used so far. If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

    • Double-click OTC.exe to run it. (Vista and 7 users, please right click on OTC and select "Run as an Administrator ")
    • Click on the CleanUp! button and follow the prompts.
    • You will be asked to reboot the machine to finish the Cleanup process, choose Yes. If it doesn't ask you to reboot, restart computer manually.
    • After the reboot all the tools we used should be gone.
    • The tool will delete itself once it finishes.

    =================================================================

    Which browser is getting redirected?
    Do you have another browser installed to see, if same thing happens?
     
    broni,
    #21
  2. 2010/03/27
    gideon01

    gideon01 Inactive Thread Starter

    Joined:
    2010/03/21
    Messages:
    67
    Likes Received:
    0
    both firefox and internet explorer are getting redirected.
    ran otc looking in c: for the combofix files now
     
    gideon01,
    #22


  3. to hide this advert.

  4. 2010/03/27
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    OK. Let me know.
     
    broni,
    #23
  5. 2010/03/27
    gideon01

    gideon01 Inactive Thread Starter

    Joined:
    2010/03/21
    Messages:
    67
    Likes Received:
    0
    combofix looks to be deleted, the only refrence to it that i can find is in the logs that ive posted that are still saved to my desktop. deleting those logs
     
    Last edited: 2010/03/27
    gideon01,
    #24
  6. 2010/03/27
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Download Kenco.exe to your desktop
    • Close all windows and run the program.
    • It wont take long to run.
    • Kenco will reboot the system if it finds anything.
    • Post the log it gives you ( it will be saved in the same place as Kenco.exe).
     
    broni,
    #25
  7. 2010/03/27
    gideon01

    gideon01 Inactive Thread Starter

    Joined:
    2010/03/21
    Messages:
    67
    Likes Received:
    0
    kenco found nothing

    Kenco by jpshortstuff (31.12.09.1)
    Log created at 20:44 on 27/03/2010 (home)

    ========== Task Unlocker ==========

    ========== KencoScan ==========

    ========== C:\WINDOWS\Tasks ==========
    Ad-Aware Update (Weekly).job -> [11:51 26/03/2010] 472 bytes
    AppleSoftwareUpdate.job -> [05:18 21/03/2010] 284 bytes

    -=E.O.F=-
     
    gideon01,
    #26
  8. 2010/03/27
    gideon01

    gideon01 Inactive Thread Starter

    Joined:
    2010/03/21
    Messages:
    67
    Likes Received:
    0
    was looking in my user accounts, and i found a new user that i didnt put there, its named
    ASP.NET machine a. its a limited account password protected
    not sure if this is connected to my problem or what
     
    gideon01,
    #27
  9. 2010/03/27
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    No, it's a legit account.

    Download and save HelpAsst_mebroot_fix.exe to your desktop.
    • Close all open programs.
    • Double click HelpAsst_mebroot_fix.exe to run it.
    • Pay attention to the running tool.
    • If the tool detects mbr infection, please allow it to run mbr -f and shutdown your computer. To do so, type Y and press Enter.
    • After restart, wait 5 minutes, then go Start>Run, copy and paste the following command in the run box then hit Enter:

      • helpasst -mbrt
    • When it completes, a log will open.
    • Please post the contents of that log.

    IMPORTANT!
    If the tool does NOT detect any mbr infection and completes, proceed with the following...

    • Click Start>Run and copy and paste the following command, then hit Enter:

      • mbr -f
    • Repeat the above step one more time
    • Now shut down the computer (do not restart, but shut it down), wait 5 minutes then start it back up.
    • Wait another 5 minutes, then click Start>Run and copy and paste the following command, then hit Enter.

      • helpasst -mbrt
    • When it completes, a log will open.
    • Please post the contents of that log.

    **Important note to Dell users - fixing the mbr may prevent access the the Dell Restore Utility, which allows you to press a key on startup and revert your computer to a factory delivered state. There are a couple of known fixes for said condition, though the methods are somewhat advanced. If you are unwilling to take such a risk, you should not allow the tool to execute mbr -f nor execute the command manually, and you will either need to restore your computer to a factory state or allow your computer to remain having an infected mbr (the latter not recommended).
     
    broni,
    #28
  10. 2010/03/27
    gideon01

    gideon01 Inactive Thread Starter

    Joined:
    2010/03/21
    Messages:
    67
    Likes Received:
    0
    is helpasst -mbrt the correct command?
    it didnt find any infections, i get to the part whare i start up wait 5 min, and put that command in and windows says it cant find helpasst please make sure its spelled corectly etc etc
     
    gideon01,
    #29
  11. 2010/03/27
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Make sure, there is a space after "helpasst "
     
    broni,
    #30
  12. 2010/03/28
    gideon01

    gideon01 Inactive Thread Starter

    Joined:
    2010/03/21
    Messages:
    67
    Likes Received:
    0
    ~~ Checking for termsrv32.dll ~~

    termsrv32.dll not found

    ~~ Checking firewall ports ~~


    HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\globallyopenports\list


    HelpAssistant profile not found in registry

    ~~ Checking mbr ~~

    user & kernel MBR OK

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Status check on Sun 03/28/2010 at 2:39:53.00

    Full Name Remote Desktop Help Assistant Account
    Account active No
    Local Group Memberships

    ~~ Checking mbr ~~

    Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

    device: opened successfully
    user: MBR read successfully
    called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
    kernel: MBR read successfully
    user & kernel MBR OK

    ~~ Checking for termsrv32.dll ~~

    termsrv32.dll not found


    HKEY_LOCAL_MACHINE\system\currentcontrolset\services\termservice\parameters
    ServiceDll REG_EXPAND_SZ %SystemRoot%\System32\termsrv.dll

    ~~ Checking profile list ~~

    No HelpAssistant profile in List

    ~~ Checking for HelpAssistant directories ~~

    none found

    ~~ Checking firewall ports ~~

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\domainprofile\GloballyOpenPorts\List]

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]


    ~~ EOF ~~
     
    gideon01,
    #31
  13. 2010/03/28
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Download OTL to your Desktop.

    * Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    * Under the Custom Scan box paste this in:


    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    /md5stop
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    CREATERESTOREPOINT


    * Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
    broni,
    #32
  14. 2010/03/28
    gideon01

    gideon01 Inactive Thread Starter

    Joined:
    2010/03/21
    Messages:
    67
    Likes Received:
    0
    extras log
    OTL Extras logfile created on: 3/28/2010 2:38:47 PM - Run 1
    OTL by OldTimer - Version 3.1.37.3 Folder = C:\Documents and Settings\home\Desktop
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 60.00% Memory free
    4.00 Gb Paging File | 3.00 Gb Available in Paging File | 83.00% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 149.00 Gb Total Space | 125.37 Gb Free Space | 84.14% Space Free | Partition Type: NTFS
    Drive D: | 6.32 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: KLAHRE-61E8BF5D
    Current User Name: home
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Company Name Whitelist: On
    Skip Microsoft Files: On
    File Age = 14 Days
    Output = Standard
    Quick Scan

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    htmlfile [edit] -- Reg Error: Key error.
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1 "
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 0
    "DoNotAllowExceptions" = 0
    "DisableNotifications" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 0
    "DoNotAllowExceptions" = 0
    "DisableNotifications" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\AVG\AVG9\avgemc.exe" = C:\Program Files\AVG\AVG9\avgemc.exe:*:Enabled:avgemc.exe -- (AVG Technologies CZ, s.r.o.)
    "C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
    "C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
    "C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
    "C:\Program Files\Sony\Station\Launchpad\LaunchPad.exe" = C:\Program Files\Sony\Station\Launchpad\LaunchPad.exe:*:Enabled:LaunchPad -- ()
    "C:\Program Files\Ventrilo\Ventrilo.exe" = C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe -- (Flagship Industries, Inc.)
    "C:\Program Files\Sony\EverQuest II\EQ2VoiceService.exe" = C:\Program Files\Sony\EverQuest II\EQ2VoiceService.exe:*:Enabled:EQ2VoiceService -- ()
    "C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- File not found


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{00BA866C-F2A2-4BB9-A308-3DFA695B6F7C}" = Java DB 10.5.3.0
    "{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
    "{0DFB3DE8-65B9-44FF-AA0A-3BECC5A2BFD1}" = Adobe Flash Player 10 Plugin
    "{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
    "{1EE39B32-BA05-433C-BC0D-35797518A3A5}" = EverQuest II
    "{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 18
    "{2E086814-7392-4E0F-ADB8-54A81E47406C}" = Broadcom Advanced Control Suite 2
    "{32A3A4F4-B792-11D6-A78A-00B0D0160180}" = Java(TM) SE Development Kit 6 Update 18
    "{338F08AB-C262-42C7-B000-34DE1A475273}" = Ad-Aware Email Scanner for Outlook
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
    "{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
    "{81063354-9060-42B2-A000-1EBE96778AA9}" = iTunes
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel Application Accelerator
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
    "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
    "{BE6890C7-31EF-478C-812E-1E2899ABFCA9}" = Broadcom Gigabit Integrated Controller
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD
    "{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
    "{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
    "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
    "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
    "Ad-Aware" = Ad-Aware
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "AVG9Uninstall" = AVG Free 9.0
    "CCleaner" = CCleaner
    "EQ2MAP Updater" = EQ2MAP Updater 1.2.4
    "Free Studio_is1" = Free Studio version 4.3
    "HijackThis" = HijackThis 2.0.2
    "ie8" = Windows Internet Explorer 8
    "InstallShield_{2E086814-7392-4E0F-ADB8-54A81E47406C}" = Broadcom Advanced Control Suite 2
    "InstallShield_{BE6890C7-31EF-478C-812E-1E2899ABFCA9}" = Broadcom Gigabit Integrated Controller
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Mozilla Firefox (3.6.2)" = Mozilla Firefox (3.6.2)
    "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
    "NVIDIA Display Control Panel" = NVIDIA Display Control Panel
    "NVIDIA Drivers" = NVIDIA Drivers
    "NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
    "Oxelon Media Converter_is1" = Oxelon Media Converter 1.1
    "SpywareBlaster_is1" = SpywareBlaster 4.2
    "SpywareGuard_is1" = SpywareGuard v2.2
    "Tansee iPhone Copy_is1" = Tansee iPhone Copy
    "Uninstall_is1" = Uninstall 1.0.0.1
    "Windows Media Format Runtime" = Windows Media Format 11 runtime
    "Windows Media Player" = Windows Media Player 11
    "Windows XP Service Pack" = Windows XP Service Pack 3
    "WinPatrol" = WinPatrol 2009
    "WinRAR archiver" = WinRAR archiver
    "winscp3_is1" = WinSCP 4.2.7
    "WMFDist11" = Windows Media Format 11 runtime
    "wmp11" = Windows Media Player 11
    "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
    "ZoneAlarm" = ZoneAlarm
    "ZoneAlarm Toolbar" = ZoneAlarm Toolbar

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "ProfitUI Reborn Updater" = ProfitUI Reborn Updater

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 3/28/2010 3:40:43 AM | Computer Name = KLAHRE-61E8BF5D | Source = Windows Search Service | ID = 3013
    Description = The entry <C:\DOCUMENTS AND SETTINGS\HOME\RECENT\MUSIC.LNK> in the
    hash map cannot be updated. Context: Application, SystemIndex Catalog Details: A
    device attached to the system is not functioning. (0x8007001f)

    Error - 3/28/2010 3:40:43 AM | Computer Name = KLAHRE-61E8BF5D | Source = Windows Search Service | ID = 3013
    Description = The entry <C:\DOCUMENTS AND SETTINGS\HOME\RECENT\MUSIC.LNK> in the
    hash map cannot be updated. Context: Application, SystemIndex Catalog Details: A
    device attached to the system is not functioning. (0x8007001f)

    Error - 3/28/2010 3:55:20 AM | Computer Name = KLAHRE-61E8BF5D | Source = Windows Search Service | ID = 3013
    Description = The entry <C:\DOCUMENTS AND SETTINGS\HOME\MY DOCUMENTS\MY MUSIC\ITUNES\ITUNES
    LIBRARY.ITL> in the hash map cannot be updated. Context: Application, SystemIndex
    Catalog Details: A device attached to the system is not functioning. (0x8007001f)


    Error - 3/28/2010 5:53:32 AM | Computer Name = KLAHRE-61E8BF5D | Source = Windows Search Service | ID = 3013
    Description = The entry <C:\DOCUMENTS AND SETTINGS\HOME\RECENT\58_IPHONE_RINGTONES.LNK>
    in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details:
    A
    device attached to the system is not functioning. (0x8007001f)

    Error - 3/28/2010 5:53:32 AM | Computer Name = KLAHRE-61E8BF5D | Source = Windows Search Service | ID = 3013
    Description = The entry <C:\DOCUMENTS AND SETTINGS\HOME\RECENT\58_IPHONE_RINGTONES.LNK>
    in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details:
    A
    device attached to the system is not functioning. (0x8007001f)

    Error - 3/28/2010 5:55:31 AM | Computer Name = KLAHRE-61E8BF5D | Source = Windows Search Service | ID = 3013
    Description = The entry <C:\DOCUMENTS AND SETTINGS\HOME\MY DOCUMENTS\MY MUSIC\ITUNES\ITUNES
    LIBRARY.ITL> in the hash map cannot be updated. Context: Application, SystemIndex
    Catalog Details: A device attached to the system is not functioning. (0x8007001f)


    Error - 3/28/2010 5:55:48 AM | Computer Name = KLAHRE-61E8BF5D | Source = Windows Search Service | ID = 3013
    Description = The entry <C:\DOCUMENTS AND SETTINGS\HOME\MY DOCUMENTS\MY MUSIC\ITUNES\ITUNES
    LIBRARY.ITL> in the hash map cannot be updated. Context: Application, SystemIndex
    Catalog Details: A device attached to the system is not functioning. (0x8007001f)


    Error - 3/28/2010 5:56:28 AM | Computer Name = KLAHRE-61E8BF5D | Source = Windows Search Service | ID = 3013
    Description = The entry <C:\DOCUMENTS AND SETTINGS\HOME\MY DOCUMENTS\MY MUSIC\ITUNES\ITUNES
    LIBRARY.ITL> in the hash map cannot be updated. Context: Application, SystemIndex
    Catalog Details: A device attached to the system is not functioning. (0x8007001f)


    Error - 3/28/2010 5:56:52 AM | Computer Name = KLAHRE-61E8BF5D | Source = Windows Search Service | ID = 3013
    Description = The entry <C:\DOCUMENTS AND SETTINGS\HOME\MY DOCUMENTS\MY MUSIC\ITUNES\ITUNES
    LIBRARY.ITL> in the hash map cannot be updated. Context: Application, SystemIndex
    Catalog Details: A device attached to the system is not functioning. (0x8007001f)


    Error - 3/28/2010 12:44:52 PM | Computer Name = KLAHRE-61E8BF5D | Source = Application Hang | ID = 1002
    Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    [ System Events ]
    Error - 3/27/2010 6:32:01 AM | Computer Name = KLAHRE-61E8BF5D | Source = Service Control Manager | ID = 7034
    Description = The IAA Event Monitor service terminated unexpectedly. It has done
    this 1 time(s).

    Error - 3/27/2010 6:32:01 AM | Computer Name = KLAHRE-61E8BF5D | Source = Service Control Manager | ID = 7031
    Description = The Lavasoft Ad-Aware Service service terminated unexpectedly. It
    has done this 1 time(s). The following corrective action will be taken in 5000
    milliseconds: Restart the service.

    Error - 3/27/2010 6:32:01 AM | Computer Name = KLAHRE-61E8BF5D | Source = Service Control Manager | ID = 7031
    Description = The AVG Free WatchDog service terminated unexpectedly. It has done
    this 1 time(s). The following corrective action will be taken in 0 milliseconds:
    Restart the service.

    Error - 3/27/2010 6:32:01 AM | Computer Name = KLAHRE-61E8BF5D | Source = Service Control Manager | ID = 7034
    Description = The Java Quick Starter service terminated unexpectedly. It has done
    this 1 time(s).

    Error - 3/27/2010 6:32:01 AM | Computer Name = KLAHRE-61E8BF5D | Source = Service Control Manager | ID = 7034
    Description = The AVG Free E-mail Scanner service terminated unexpectedly. It has
    done this 1 time(s).

    Error - 3/27/2010 4:42:35 PM | Computer Name = KLAHRE-61E8BF5D | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    IntelIde

    Error - 3/27/2010 7:55:03 PM | Computer Name = KLAHRE-61E8BF5D | Source = Service Control Manager | ID = 7009
    Description = Timeout (30000 milliseconds) waiting for the TrueVector Internet Monitor
    service to connect.

    Error - 3/27/2010 7:55:03 PM | Computer Name = KLAHRE-61E8BF5D | Source = Service Control Manager | ID = 7000
    Description = The TrueVector Internet Monitor service failed to start due to the
    following error: %%1053

    Error - 3/28/2010 2:14:37 PM | Computer Name = KLAHRE-61E8BF5D | Source = Service Control Manager | ID = 7009
    Description = Timeout (30000 milliseconds) waiting for the TrueVector Internet Monitor
    service to connect.

    Error - 3/28/2010 2:14:37 PM | Computer Name = KLAHRE-61E8BF5D | Source = Service Control Manager | ID = 7000
    Description = The TrueVector Internet Monitor service failed to start due to the
    following error: %%1053


    < End of report >
     
    gideon01,
    #33
  15. 2010/03/28
    gideon01

    gideon01 Inactive Thread Starter

    Joined:
    2010/03/21
    Messages:
    67
    Likes Received:
    0
    OTL logfile created on: 3/28/2010 2:38:47 PM - Run 1
    OTL by OldTimer - Version 3.1.37.3 Folder = C:\Documents and Settings\home\Desktop
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 60.00% Memory free
    4.00 Gb Paging File | 3.00 Gb Available in Paging File | 83.00% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 149.00 Gb Total Space | 125.37 Gb Free Space | 84.14% Space Free | Partition Type: NTFS
    Drive D: | 6.32 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: KLAHRE-61E8BF5D
    Current User Name: home
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Company Name Whitelist: On
    Skip Microsoft Files: On
    File Age = 14 Days
    Output = Standard
    Quick Scan

    ========== Processes (SafeList) ==========

    PRC - [2010/03/28 14:19:55 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\home\Desktop\OTL.exe
    PRC - [2010/03/26 07:49:31 | 000,818,256 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    PRC - [2010/03/26 07:49:30 | 001,263,728 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    PRC - [2010/03/24 16:31:53 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
    PRC - [2010/03/21 08:37:43 | 000,508,184 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
    PRC - [2010/03/21 08:37:42 | 000,617,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
    PRC - [2010/03/21 08:37:40 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
    PRC - [2010/03/21 08:37:11 | 000,916,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe
    PRC - [2010/03/21 08:37:10 | 000,710,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
    PRC - [2010/03/21 08:37:09 | 001,086,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
    PRC - [2009/11/22 15:44:16 | 002,384,240 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    PRC - [2009/11/22 15:42:50 | 001,037,192 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    PRC - [2009/10/14 09:30:26 | 000,476,528 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe
    PRC - [2009/10/14 09:30:06 | 000,730,480 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
    PRC - [2009/10/10 17:07:08 | 000,320,832 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
    PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    PRC - [2008/05/26 23:19:14 | 000,123,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2004/06/30 14:33:04 | 001,388,544 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    PRC - [2004/06/29 12:23:32 | 000,135,168 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Application Accelerator\IAAnotif.exe
    PRC - [2004/06/29 12:22:56 | 000,073,852 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Application Accelerator\IAANTmon.exe
    PRC - [2003/08/29 19:05:35 | 000,360,448 | ---- | M] () -- C:\Program Files\SpywareGuard\sgmain.exe
    PRC - [2003/08/29 11:14:56 | 000,233,472 | ---- | M] () -- C:\Program Files\SpywareGuard\sgbhp.exe


    ========== Modules (SafeList) ==========

    MOD - [2010/03/28 14:19:55 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\home\Desktop\OTL.exe
    MOD - [2009/10/14 09:30:36 | 000,628,080 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
    MOD - [2009/07/12 01:12:06 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll
    MOD - [2009/07/12 01:09:20 | 000,554,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcp80.dll
    MOD - [2009/05/24 22:41:34 | 000,304,128 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll
    MOD - [2008/04/13 20:12:07 | 000,713,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\sxs.dll
    MOD - [2008/04/13 20:12:00 | 001,384,479 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvbvm60.dll
    MOD - [2007/03/26 14:03:20 | 000,057,344 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\patrolpro.dll
    MOD - [2003/08/02 23:20:57 | 000,126,976 | R--- | M] () -- C:\Program Files\SpywareGuard\spywareguard.dll


    ========== Win32 Services (SafeList) ==========

    SRV - [2010/03/26 07:49:30 | 001,263,728 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
    SRV - [2010/03/21 08:37:40 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
    SRV - [2010/03/21 08:37:11 | 000,916,760 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
    SRV - [2009/11/22 15:44:16 | 002,384,240 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon)
    SRV - [2009/10/14 09:30:26 | 000,476,528 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe -- (IswSvc)
    SRV - [2004/06/29 12:22:56 | 000,073,852 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Application Accelerator\IAANTmon.exe -- (IAANTMon)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========


    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.whtm.com/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = about:blank
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.search.selectedEngine: "Bing "
    FF - prefs.js..browser.startup.homepage: "www.msn.com "
    FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
    FF - prefs.js..extensions.enabledItems: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.13
    FF - prefs.js..extensions.enabledItems: {FFB96CC1-7EB3-449D-B827-DB661701C6BB}:1.5.53.4


    FF - HKLM\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2010/03/26 08:08:13 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/03/27 06:53:25 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/03/24 16:32:02 | 000,000,000 | ---D | M]

    [2010/03/21 03:06:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\home\Application Data\Mozilla\Extensions
    [2010/03/21 02:17:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\home\Application Data\Mozilla\Extensions\mozswing@mozswing.org
    [2010/03/27 18:14:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\lkk0n11m.default\extensions
    [2010/03/21 14:09:26 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\lkk0n11m.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2010/03/26 17:18:57 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\lkk0n11m.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
    [2010/03/21 14:09:38 | 000,001,836 | ---- | M] () -- C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\lkk0n11m.default\searchplugins\bing-ff.xml
    [2010/03/27 18:21:31 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

    O1 HOSTS File: ([2010/03/26 19:16:33 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (no name) - {25526b16-f633-481c-8891-b9f8903112a4} - No CLSID value found.
    O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
    O2 - BHO: (SpywareGuardDLBLOCK.CBrowserHelper) - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll ()
    O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O2 - BHO: (ZoneAlarm Toolbar Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
    O3 - HKLM\..\Toolbar: (ZoneAlarm Toolbar) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
    O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Toolbar) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
    O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\IAAnotif.exe (Intel Corporation)
    O4 - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
    O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
    O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe (Analog Devices, Inc.)
    O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
    O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
    O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
    O4 - Startup: C:\Documents and Settings\home\Start Menu\Programs\Startup\SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe ()
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
    O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
    O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
    O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
    O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
    O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
    O28 - HKLM ShellExecuteHooks: {81559C35-8464-49F7-BB0E-07A383BEF910} - C:\Program Files\SpywareGuard\spywareguard.dll ()
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2010/03/20 23:48:10 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O32 - AutoRun File - [2007/06/11 22:27:33 | 000,000,140 | R--- | M] () - D:\autorun.inf -- [ UDF ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
     
    gideon01,
    #34
  16. 2010/03/28
    gideon01

    gideon01 Inactive Thread Starter

    Joined:
    2010/03/21
    Messages:
    67
    Likes Received:
    0
    ========== Files/Folders - Created Within 14 Days ==========

    [2010/03/28 14:19:54 | 000,555,520 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\home\Desktop\OTL.exe
    [2010/03/28 04:30:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\home\My Documents\Tansee
    [2010/03/28 03:01:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\home\Desktop\New Folder
    [2010/03/28 02:59:37 | 000,000,000 | ---D | C] -- C:\Program Files\Tansee iPhone Copy
    [2010/03/27 21:05:38 | 000,278,016 | ---- | C] (SteelWerX) -- C:\WINDOWS\swreg.exe
    [2010/03/27 20:43:48 | 000,044,567 | ---- | C] (jpshortstuff) -- C:\Documents and Settings\home\Desktop\Kenco.exe
    [2010/03/27 20:40:59 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\home\Recent
    [2010/03/26 19:40:23 | 000,000,000 | -HSD | C] -- C:\RECYCLER
    [2010/03/26 07:50:00 | 000,064,288 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
    [2010/03/26 07:49:48 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
    [2010/03/26 07:47:57 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
    [2010/03/26 07:47:42 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
    [2010/03/26 07:47:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
    [2010/03/26 07:43:50 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareGuard
    [2010/03/26 07:33:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\home\My Documents\addware malware tools
    [2010/03/26 07:33:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\home\My Documents\ccleaner logs
    [2010/03/26 07:30:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\home\Application Data\WinPatrol
    [2010/03/26 07:30:13 | 000,000,000 | ---D | C] -- C:\Program Files\BillP Studios
    [2010/03/26 07:14:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\home\My Documents\ForceField Shared Files
    [2010/03/26 07:14:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\home\Application Data\CheckPoint
    [2010/03/26 07:14:29 | 000,000,000 | ---D | C] -- C:\Program Files\CheckPoint
    [2010/03/26 07:14:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ZoneLabs
    [2010/03/26 07:14:05 | 000,000,000 | ---D | C] -- C:\Program Files\Zone Labs
    [2010/03/26 07:13:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\Internet Logs
    [2010/03/26 07:10:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
    [2010/03/26 07:10:46 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
    [2010/03/26 06:59:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\home\Application Data\QuickScan
    [2010/03/25 18:21:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
    [2010/03/25 16:01:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\home\Desktop\iPhone Ringtones
    [2010/03/24 18:54:52 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2010/03/24 18:54:49 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2010/03/24 18:03:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
    [2010/03/24 17:40:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
    [2010/03/24 16:06:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Sun
    [2010/03/24 16:05:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
    [2010/03/24 16:05:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
    [2010/03/24 15:58:28 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\home\.COMMgr
    [2010/03/24 15:58:06 | 000,001,834 | -HS- | C] () -- C:\Documents and Settings\home\Local Settings\Application Data\Mh3jm32txN
    [2010/03/24 15:58:06 | 000,001,834 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\Mh3jm32txN
    [2010/03/24 15:57:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\msapps
    [2010/03/24 15:57:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\home\Application Data\D8585968FC18271731C4ED43D7D5AD4E
    [2010/03/23 18:26:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\home\My Documents\DVDVideoSoft
    [2010/03/23 18:26:17 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoft
    [2010/03/23 18:26:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DVDVideoSoft
    [2010/03/23 18:19:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\home\Application Data\OxelonMC
    [2010/03/23 18:19:42 | 000,000,000 | ---D | C] -- C:\Program Files\OxelonMedia
    [2010/03/23 16:03:41 | 000,000,000 | ---D | C] -- C:\Program Files\Sun
    [2010/03/23 16:00:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\home\.SunDownloadManager
    [2010/03/22 06:35:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\home\Application Data\ProfitUI Reborn Updater
    [2010/03/22 06:08:10 | 000,000,000 | ---D | C] -- C:\Program Files\Ventrilo
    [2010/03/22 06:08:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
    [2010/03/21 21:26:40 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
    [2010/03/21 19:00:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
    [2010/03/21 18:09:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
    [2010/03/21 15:41:06 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2010/03/21 15:38:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
    [2010/03/21 14:41:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\home\Application Data\Malwarebytes
    [2010/03/21 14:41:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    [2010/03/21 14:41:20 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2010/03/21 14:29:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\home\My Documents\Downloads
    [2010/03/21 08:37:42 | 000,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
    [2010/03/21 03:19:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
    [2010/03/21 03:05:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\home\Local Settings\Application Data\Mozilla
    [2010/03/21 03:02:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Toolbar4
    [2010/03/21 02:27:24 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
    [2010/03/21 02:25:27 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\home\Application Data\winscp.rnd
    [2010/03/21 02:25:24 | 000,000,000 | ---D | C] -- C:\Program Files\WinSCP
    [2010/03/21 02:21:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\home\Application Data\Windows Search
    [2010/03/21 02:18:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\home\My Documents\LimeWire
    [2010/03/21 02:17:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\home\Application Data\Mozilla
    [2010/03/21 02:15:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\home\Application Data\WinRAR
    [2010/03/21 02:13:26 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
    [2010/03/21 01:22:58 | 000,000,000 | ---D | C] -- C:\Program Files\Sony
    [2010/03/21 01:22:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SWF Studio
    [2010/03/21 01:20:44 | 000,013,104 | ---- | C] () -- C:\Documents and Settings\home\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    [2010/03/21 01:19:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\home\Application Data\Apple Computer
    [2010/03/21 01:19:03 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
    [2010/03/21 01:19:00 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
    [2010/03/21 01:19:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
    [2010/03/21 01:18:49 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
    [2010/03/21 01:18:26 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
    [2010/03/21 01:18:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
    [2010/03/21 01:18:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\home\Local Settings\Application Data\Apple
    [2010/03/21 01:18:17 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
    [2010/03/21 01:18:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
    [2010/03/21 01:17:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
    [2010/03/21 01:17:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple
    [2010/03/21 01:17:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\home\Local Settings\Application Data\Apple Computer
    [2010/03/21 00:09:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\home\Local Settings\Application Data\ApplicationHistory
    [2010/03/21 00:04:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\home\Application Data\Yahoo!
    [2010/03/21 00:04:11 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
    [2010/03/20 23:58:52 | 000,242,696 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
    [2010/03/20 23:58:47 | 000,216,200 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
    [2010/03/20 23:58:47 | 000,029,512 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
    [2010/03/20 23:58:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
    [2010/03/20 23:58:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg9
    [2010/03/20 23:58:41 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
    [2010/03/20 23:58:21 | 000,000,000 | ---D | C] -- C:\Program Files\Broadcom
    [2010/03/20 23:57:23 | 000,000,000 | ---D | C] -- C:\Program Files\Intel
    [2010/03/20 23:56:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ReinstallBackups
    [2010/03/20 23:56:27 | 000,381,056 | ---- | C] (Sensaura) -- C:\WINDOWS\System32\drivers\senfilt.sys
    [2010/03/20 23:56:26 | 000,991,232 | ---- | C] (Sensaura) -- C:\WINDOWS\System32\virtear.dll
    [2010/03/20 23:56:26 | 000,049,152 | ---- | C] (Analog Devices Inc.) -- C:\WINDOWS\System32\DSndUp.exe
    [2010/03/20 23:56:26 | 000,045,056 | ---- | C] (adi) -- C:\WINDOWS\System32\CleanUp.exe
    [2010/03/20 23:56:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\VirtualEar
    [2010/03/20 23:56:26 | 000,000,000 | ---D | C] -- C:\Program Files\Analog Devices
    [2010/03/20 23:55:50 | 000,446,464 | R--- | C] (Blue Sky Software Corporation.) -- C:\WINDOWS\System32\hhactivex.dll
    [2010/03/20 23:55:49 | 000,328,480 | ---- | C] (Sheridan Software Systems, Inc.) -- C:\WINDOWS\System32\ssa3d30.ocx
    [2010/03/20 23:55:47 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
    [2010/03/20 23:55:41 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
    [2010/03/20 23:55:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    [2010/03/20 23:55:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
    [2010/03/20 23:55:35 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
    [2010/03/20 23:55:35 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
    [2010/03/20 23:52:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\home\Application Data\Macromedia
    [2010/03/20 23:52:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\home\Application Data\Adobe
    [2010/03/20 23:52:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\home\Application Data\Identities
    [2010/03/20 23:52:31 | 000,000,000 | -H-D | C] -- C:\Program Files\Uninstall Information
    [2010/03/20 23:52:29 | 000,000,000 | R--D | C] -- C:\Documents and Settings\home\My Documents\My Music
    [2010/03/20 23:52:28 | 000,000,000 | R--D | C] -- C:\Documents and Settings\home\My Documents\My Pictures
    [2010/03/20 23:52:20 | 000,000,062 | -HS- | C] () -- C:\Documents and Settings\home\Application Data\desktop.ini
    [2010/03/20 23:52:20 | 000,000,000 | --SD | C] -- C:\Documents and Settings\home\Application Data\Microsoft
    [2010/03/20 23:52:20 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\home\SendTo
    [2010/03/20 23:52:20 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\home\Application Data
    [2010/03/20 23:52:20 | 000,000,000 | R--D | C] -- C:\Documents and Settings\home\Start Menu
    [2010/03/20 23:52:20 | 000,000,000 | R--D | C] -- C:\Documents and Settings\home\My Documents
    [2010/03/20 23:52:20 | 000,000,000 | R--D | C] -- C:\Documents and Settings\home\Favorites
    [2010/03/20 23:52:20 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\home\Cookies
    [2010/03/20 23:52:20 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\home\Templates
    [2010/03/20 23:52:20 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\home\PrintHood
    [2010/03/20 23:52:20 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\home\NetHood
    [2010/03/20 23:52:20 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\home\Local Settings
    [2010/03/20 23:52:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\home\Local Settings\Application Data\Microsoft
    [2010/03/20 23:52:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\home\Desktop
    [2010/03/20 23:51:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution
    [2010/03/20 23:51:39 | 000,000,000 | --SD | C] -- C:\WINDOWS\System32\Microsoft
    [2010/03/20 23:51:11 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\home\IECompatCache
    [2010/03/20 23:50:41 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\home\PrivacIE
    [2010/03/20 23:49:56 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\home\IETldCache
    [2010/03/20 23:49:32 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
    [2010/03/20 23:49:32 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
    [2010/03/20 23:48:49 | 000,057,856 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esuimgd.dll
    [2010/03/20 23:48:49 | 000,045,056 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esunid.dll
    [2010/03/20 23:48:49 | 000,031,744 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esucmd.dll
    [2010/03/20 23:48:36 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
    [2010/03/20 23:48:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\xircom
    [2010/03/20 23:48:20 | 000,000,000 | ---D | C] -- C:\Program Files\xerox
    [2010/03/20 23:48:19 | 000,000,000 | ---D | C] -- C:\Program Files\microsoft frontpage
    [2010/03/20 23:48:18 | 000,000,000 | ---D | C] -- C:\DELL
    [2010/03/20 23:47:32 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\DRM
    [2010/03/20 23:47:26 | 000,000,000 | --SD | C] -- C:\WINDOWS\Downloaded Program Files
    [2010/03/20 23:47:26 | 000,000,000 | R--D | C] -- C:\WINDOWS\Offline Web Pages
    [2010/03/20 23:47:19 | 000,000,000 | -H-D | C] -- C:\Program Files\WindowsUpdate
    [2010/03/20 23:47:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DirectX
    [2010/03/20 23:46:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Services
    [2010/03/20 23:46:32 | 000,000,000 | --SD | C] -- C:\WINDOWS\Tasks
    [2010/03/20 23:46:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MSSoap
    [2010/03/20 23:46:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\srchasst
    [2010/03/20 23:46:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Macromed
    [2010/03/20 23:46:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NVIDIA Corporation
    [2010/03/20 23:46:19 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
    [2010/03/20 23:46:18 | 000,000,000 | ---D | C] -- C:\Program Files\Movie Maker
    [2010/03/20 23:46:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Restore
    [2010/03/20 23:46:06 | 000,000,000 | ---D | C] -- C:\Program Files\NetMeeting
    [2010/03/20 23:46:04 | 000,000,000 | ---D | C] -- C:\Program Files\Outlook Express
    [2010/03/20 23:45:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\System
    [2010/03/20 23:45:57 | 000,000,000 | ---D | C] -- C:\Program Files\Internet Explorer
    [2010/03/20 23:45:56 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Pictures
    [2010/03/20 23:45:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\Registration
    [2010/03/20 23:45:39 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Music
    [2010/03/20 23:45:39 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Player
    [2010/03/20 23:45:39 | 000,000,000 | ---D | C] -- C:\Program Files\Online Services
    [2010/03/20 23:45:37 | 000,000,000 | ---D | C] -- C:\Program Files\Messenger
    [2010/03/20 23:45:30 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Gaming Zone
    [2010/03/20 23:44:55 | 000,000,000 | ---D | C] -- C:\Program Files\MSN
    [2010/03/20 23:44:53 | 000,000,000 | ---D | C] -- C:\Program Files\Windows NT
    [2010/03/20 23:44:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MsDtc
    [2010/03/20 23:44:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Com
    [2010/03/20 23:44:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
    [2010/03/20 23:43:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
    [2010/03/20 23:43:39 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
    [2010/03/20 23:39:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
    [2010/03/20 23:39:09 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
    [2010/03/20 23:39:06 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
    [2010/03/20 23:38:54 | 000,000,000 | ---D | C] -- C:\950cce00c90ed71ec89d5b7c4e7f
    [2010/03/20 23:36:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\home\Local Settings\Application Data\Identities
    [2010/03/20 23:36:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\home\Application Data\Windows Desktop Search
    [2010/03/20 23:35:56 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Desktop Search
    [2010/03/20 23:35:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\GroupPolicy
    [2010/03/20 23:35:19 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Connect 2
    [2010/03/20 23:34:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF
    [2010/03/20 23:34:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
    [2010/03/20 23:33:46 | 000,000,000 | R-SD | C] -- C:\WINDOWS\assembly
    [2010/03/20 23:33:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\URTTemp
    [2010/03/20 23:33:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET
    [2010/03/20 23:27:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
    [2010/03/20 23:27:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
    [2010/03/20 23:22:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
    [2010/03/20 23:22:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
    [2010/03/20 23:22:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-us
    [2010/03/20 23:22:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
    [2010/03/20 23:22:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
    [2010/03/20 23:21:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
    [2010/03/20 23:20:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
    [2010/03/20 23:19:18 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
    [2010/03/20 23:19:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\EHome
    [2010/03/20 23:07:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
    [2010/03/20 23:04:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
    [2010/03/20 23:04:53 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$
    [2010/03/20 23:04:40 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
    [2010/03/20 23:03:49 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\home\UserData
    [2010/03/20 23:01:09 | 004,795,504 | -H-- | C] () -- C:\Documents and Settings\home\Local Settings\Application Data\IconCache.db
    [2010/03/20 23:00:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\Downloaded Installations
    [2010/03/20 22:59:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\home\Application Data\Sun
    [2010/03/20 22:59:35 | 000,000,000 | ---D | C] -- C:\Program Files\Java
    [2010/03/20 22:59:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
    [2010/03/20 22:59:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\home\Local Settings\Application Data\{7148F0A6-6813-11D6-A77B-00B0D0142030}
    [2010/03/20 22:58:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
    [2010/03/20 18:42:22 | 000,000,000 | -HSD | C] -- C:\WINDOWS\Installer
    [2010/03/20 18:42:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ODBC
    [2010/03/20 18:42:19 | 000,000,000 | R--D | C] -- C:\Program Files
    [2010/03/20 18:42:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SpeechEngines
    [2010/03/20 18:42:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Microsoft Shared
    [2010/03/20 18:42:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files
    [2010/03/20 18:41:57 | 000,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
    [2010/03/20 18:41:57 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu
    [2010/03/20 18:41:57 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents
    [2010/03/20 18:41:57 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Templates
    [2010/03/20 18:41:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Favorites
    [2010/03/20 18:41:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Desktop
    [2010/03/20 18:39:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot2
    [2010/03/20 18:39:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot
    [2010/03/20 18:39:37 | 000,000,000 | --SD | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft
    [2010/03/20 18:39:37 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\All Users\Application Data
    [2010/03/20 18:39:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings
    [2010/03/20 18:39:19 | 000,000,000 | -HSD | C] -- C:\System Volume Information
    [2010/03/20 18:33:12 | 000,000,000 | R-SD | C] -- C:\WINDOWS\Fonts
    [2010/03/20 18:33:12 | 000,000,000 | RHSD | C] -- C:\WINDOWS\System32\dllcache
    [2010/03/20 18:33:12 | 000,000,000 | R--D | C] -- C:\WINDOWS\Web
    [2010/03/20 18:33:12 | 000,000,000 | -H-D | C] -- C:\WINDOWS\inf
    [2010/03/20 18:33:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\WinSxS
    [2010/03/20 18:33:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wins
    [2010/03/20 18:33:12 | 000,000,000 | ---D | C] -- C:\WINDOWS
    [2010/03/20 18:33:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wbem
    [2010/03/20 18:33:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\usmt
    [2010/03/20 18:33:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\twain_32
    [2010/03/20 18:33:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\Temp
    [2010/03/20 18:33:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\system32
    [2010/03/20 18:33:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\system
    [2010/03/20 18:33:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\spool
    [2010/03/20 18:33:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ShellExt
    [2010/03/20 18:33:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Setup
    [2010/03/20 18:33:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\security
    [2010/03/20 18:33:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\Resources
    [2010/03/20 18:33:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\repair
    [2010/03/20 18:33:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ras
    [2010/03/20 18:33:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\Provisioning
    [2010/03/20 18:33:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\PeerNet
    [2010/03/20 18:33:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\pchealth
    [2010/03/20 18:33:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\oobe
    [2010/03/20 18:33:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\npp
    [2010/03/20 18:33:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\mui
    [2010/03/20 18:33:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\mui
    [2010/03/20 18:33:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\msapps
    [2010/03/20 18:33:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\msagent
    [2010/03/20 18:33:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\Media
    [2010/03/20 18:33:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\java
    [2010/03/20 18:33:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\inetsrv
    [2010/03/20 18:33:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\IME
    [2010/03/20 18:33:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\ime
    [2010/03/20 18:33:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\icsxml
    [2010/03/20 18:33:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ias
    [2010/03/20 18:33:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\Help
    [2010/03/20 18:33:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\export
    [2010/03/20 18:33:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\etc
    [2010/03/20 18:33:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers
    [2010/03/20 18:33:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\Driver Cache
    [2010/03/20 18:33:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\disdn
     
    gideon01,
    #35
  17. 2010/03/28
    gideon01

    gideon01 Inactive Thread Starter

    Joined:
    2010/03/21
    Messages:
    67
    Likes Received:
    0
    [2010/03/20 18:33:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\dhcp
    [2010/03/20 18:33:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\dell
    [2010/03/20 18:33:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\Debug
    [2010/03/20 18:33:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\Cursors
    [2010/03/20 18:33:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\Connection Wizard
    [2010/03/20 18:33:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\config
    [2010/03/20 18:33:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\Config
    [2010/03/20 18:33:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\AppPatch
    [2010/03/20 18:33:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\addins
    [2010/03/20 18:33:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3com_dmi
    [2010/03/20 18:33:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3076
    [2010/03/20 18:33:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\2052
    [2010/03/20 18:33:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1054
    [2010/03/20 18:33:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1042
    [2010/03/20 18:33:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1041
    [2010/03/20 18:33:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1037
    [2010/03/20 18:33:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1033
    [2010/03/20 18:33:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1031
    [2010/03/20 18:33:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1028
    [2010/03/20 18:33:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1025
    [2006/06/29 15:58:52 | 000,030,808 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
    [2006/06/29 15:53:56 | 000,026,489 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
    [2006/04/18 16:39:28 | 000,029,779 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
    [2006/04/18 16:39:28 | 000,026,040 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont

    ========== Files - Modified Within 14 Days ==========

    [2010/03/28 14:19:55 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\home\Desktop\OTL.exe
    [2010/03/28 14:18:16 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
    [2010/03/28 14:15:09 | 000,271,490 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
    [2010/03/28 14:14:16 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
    [2010/03/28 14:13:43 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2010/03/28 14:12:59 | 010,747,904 | -H-- | M] () -- C:\Documents and Settings\home\NTUSER.DAT
    [2010/03/28 09:55:28 | 058,110,411 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
    [2010/03/28 04:56:15 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
    [2010/03/28 04:45:16 | 000,013,132 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
    [2010/03/28 03:21:43 | 000,013,104 | ---- | M] () -- C:\Documents and Settings\home\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    [2010/03/28 03:18:48 | 002,139,654 | R--- | M] () -- C:\Documents and Settings\home\Desktop\Ultimate (v1.4 os31)-samgo9861.ipa.zip
    [2010/03/28 02:59:38 | 000,000,762 | ---- | M] () -- C:\Documents and Settings\home\Desktop\iPhone Copy.lnk
    [2010/03/27 21:09:30 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\home\ntuser.ini
    [2010/03/27 21:05:17 | 000,488,240 | ---- | M] () -- C:\Documents and Settings\home\Desktop\HelpAsst_mebroot_fix.exe
    [2010/03/27 20:43:49 | 000,044,567 | ---- | M] (jpshortstuff) -- C:\Documents and Settings\home\Desktop\Kenco.exe
    [2010/03/27 20:32:21 | 000,095,072 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2010/03/26 19:17:03 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
    [2010/03/26 19:16:33 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2010/03/26 17:26:40 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2010/03/26 07:49:47 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
    [2010/03/26 07:49:45 | 000,015,880 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe
    [2010/03/26 07:47:54 | 000,000,867 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
    [2010/03/26 07:43:50 | 000,000,650 | ---- | M] () -- C:\Documents and Settings\home\Start Menu\Programs\Startup\SpywareGuard.lnk
    [2010/03/26 07:15:15 | 000,422,437 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
    [2010/03/26 07:14:22 | 000,004,212 | -H-- | M] () -- C:\WINDOWS\System32\zllictbl.dat
    [2010/03/25 18:21:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [2010/03/25 07:51:25 | 000,000,600 | ---- | M] () -- C:\Documents and Settings\home\Application Data\winscp.rnd
    [2010/03/25 06:19:43 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/03/24 16:22:16 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\home\Desktop\Spybot - Search & Destroy.lnk
    [2010/03/24 15:58:44 | 000,001,834 | -HS- | M] () -- C:\Documents and Settings\home\Local Settings\Application Data\Mh3jm32txN
    [2010/03/24 15:58:44 | 000,001,834 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\Mh3jm32txN
    [2010/03/23 20:32:18 | 004,795,504 | -H-- | M] () -- C:\Documents and Settings\home\Local Settings\Application Data\IconCache.db
    [2010/03/23 18:26:37 | 000,000,892 | ---- | M] () -- C:\Documents and Settings\home\Desktop\DVDVideoSoft Free Studio.lnk
    [2010/03/23 18:19:43 | 000,000,467 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Oxelon Media Converter.lnk
    [2010/03/23 18:19:43 | 000,000,047 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Oxelon.com.url
    [2010/03/22 06:53:36 | 000,001,029 | ---- | M] () -- C:\Documents and Settings\home\Desktop\EQ2MAP Updater.lnk
    [2010/03/22 06:35:28 | 000,001,850 | ---- | M] () -- C:\Documents and Settings\home\My Documents\ProfitUI Reborn Updater.lnk
    [2010/03/22 06:08:12 | 000,000,262 | ---- | M] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
    [2010/03/22 06:08:11 | 000,000,630 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ventrilo.lnk
    [2010/03/21 19:12:16 | 000,876,742 | ---- | M] () -- C:\Documents and Settings\home\Desktop\ACT-Setup.exe
    [2010/03/21 15:41:14 | 000,000,281 | RHS- | M] () -- C:\boot.ini
    [2010/03/21 08:37:44 | 000,242,696 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
    [2010/03/21 08:37:42 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
    [2010/03/21 08:37:42 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
    [2010/03/21 08:37:10 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
    [2010/03/21 03:06:10 | 000,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
    [2010/03/21 02:41:55 | 000,000,803 | ---- | M] () -- C:\Documents and Settings\home\Desktop\Internet Explorer.lnk
    [2010/03/21 02:27:32 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
    [2010/03/21 02:25:25 | 000,001,464 | ---- | M] () -- C:\Documents and Settings\home\Desktop\WinSCP.lnk
    [2010/03/21 01:23:00 | 000,001,453 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\EverQuest II.lnk
    [2010/03/21 01:18:34 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
    [2010/03/21 00:22:08 | 000,551,164 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
    [2010/03/21 00:22:08 | 000,462,168 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2010/03/21 00:22:08 | 000,078,114 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2010/03/21 00:04:12 | 000,001,548 | ---- | M] () -- C:\Documents and Settings\home\Desktop\CCleaner.lnk
    [2010/03/20 23:58:54 | 000,001,507 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 9.0.lnk
    [2010/03/20 23:58:47 | 000,113,461 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
    [2010/03/20 23:58:46 | 006,061,540 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
    [2010/03/20 23:58:46 | 000,492,629 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
    [2010/03/20 23:58:46 | 000,142,495 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
    [2010/03/20 23:50:38 | 000,008,192 | ---- | M] () -- C:\WINDOWS\REGLOCS.OLD
    [2010/03/20 23:49:56 | 000,000,261 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
    [2010/03/20 23:48:10 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
    [2010/03/20 23:48:10 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2010/03/20 23:48:10 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
    [2010/03/20 23:48:10 | 000,000,000 | ---- | M] () -- C:\WINDOWS\control.ini
    [2010/03/20 23:48:10 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
    [2010/03/20 23:48:10 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
    [2010/03/20 23:47:58 | 000,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
    [2010/03/20 23:47:26 | 000,000,488 | RH-- | M] () -- C:\WINDOWS\System32\WindowsLogon.manifest
    [2010/03/20 23:47:26 | 000,000,488 | RH-- | M] () -- C:\WINDOWS\System32\logonui.exe.manifest
    [2010/03/20 23:47:22 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
    [2010/03/20 23:47:22 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\WindowsShell.Manifest
    [2010/03/20 23:47:22 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\sapi.cpl.manifest
    [2010/03/20 23:47:22 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\nwc.cpl.manifest
    [2010/03/20 23:47:22 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
    [2010/03/20 23:47:22 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\cdplayer.exe.manifest
    [2010/03/20 23:47:19 | 000,000,786 | ---- | M] () -- C:\Documents and Settings\home\Desktop\Windows Movie Maker.lnk
    [2010/03/20 23:45:55 | 000,021,640 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
    [2010/03/20 23:45:54 | 000,000,037 | ---- | M] () -- C:\WINDOWS\vbaddin.ini
    [2010/03/20 23:45:54 | 000,000,036 | ---- | M] () -- C:\WINDOWS\vb.ini
    [2010/03/20 23:44:27 | 000,000,211 | ---- | M] () -- C:\Boot.bak
    [2010/03/20 23:36:01 | 000,001,787 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
    [2010/03/20 23:35:23 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
    [2010/03/20 23:35:23 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
    [2010/03/20 23:35:22 | 000,000,507 | ---- | M] () -- C:\WINDOWS\win.ini
    [2010/03/20 23:34:40 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
    [2010/03/20 23:28:18 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2010/03/20 23:27:56 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
    [2010/03/20 23:20:26 | 000,250,048 | RHS- | M] () -- C:\ntldr

    ========== Files Created - No Company Name ==========

    [2010/03/28 04:45:16 | 000,013,132 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
    [2010/03/28 03:18:48 | 002,139,654 | R--- | C] () -- C:\Documents and Settings\home\Desktop\Ultimate (v1.4 os31)-samgo9861.ipa.zip
    [2010/03/28 02:59:38 | 000,000,762 | ---- | C] () -- C:\Documents and Settings\home\Desktop\iPhone Copy.lnk
    [2010/03/27 21:05:38 | 000,082,944 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2010/03/27 21:05:16 | 000,488,240 | ---- | C] () -- C:\Documents and Settings\home\Desktop\HelpAsst_mebroot_fix.exe
    [2010/03/26 17:56:35 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2010/03/26 17:56:35 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2010/03/26 08:22:09 | 000,015,880 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
    [2010/03/26 07:51:18 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
    [2010/03/26 07:47:54 | 000,000,867 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
    [2010/03/26 07:43:50 | 000,000,650 | ---- | C] () -- C:\Documents and Settings\home\Start Menu\Programs\Startup\SpywareGuard.lnk
    [2010/03/26 07:14:22 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
    [2010/03/26 07:14:06 | 000,422,437 | ---- | C] () -- C:\WINDOWS\System32\vsconfig.xml
    [2010/03/24 18:55:05 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/03/24 16:22:16 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\home\Desktop\Spybot - Search & Destroy.lnk
    [2010/03/24 16:06:02 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2010/03/23 18:26:37 | 000,000,892 | ---- | C] () -- C:\Documents and Settings\home\Desktop\DVDVideoSoft Free Studio.lnk
    [2010/03/23 18:19:43 | 000,000,467 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Oxelon Media Converter.lnk
    [2010/03/23 18:19:43 | 000,000,047 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Oxelon.com.url
    [2010/03/22 06:37:14 | 000,001,850 | ---- | C] () -- C:\Documents and Settings\home\My Documents\ProfitUI Reborn Updater.lnk
    [2010/03/22 06:37:05 | 000,000,158 | ---- | C] () -- C:\Documents and Settings\home\My Documents\Readme.url
    [2010/03/22 06:37:05 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\home\My Documents\Install ProfitUI Updater.url
    [2010/03/22 06:18:46 | 000,001,029 | ---- | C] () -- C:\Documents and Settings\home\Desktop\EQ2MAP Updater.lnk
    [2010/03/22 06:08:11 | 000,000,630 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ventrilo.lnk
    [2010/03/22 06:08:10 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
    [2010/03/21 19:12:10 | 000,876,742 | ---- | C] () -- C:\Documents and Settings\home\Desktop\ACT-Setup.exe
    [2010/03/21 15:41:14 | 000,000,211 | ---- | C] () -- C:\Boot.bak
    [2010/03/21 15:41:10 | 000,260,272 | ---- | C] () -- C:\cmldr
    [2010/03/21 03:06:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
    [2010/03/21 02:41:55 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\home\Desktop\Internet Explorer.lnk
    [2010/03/21 02:27:32 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
    [2010/03/21 02:25:25 | 000,001,464 | ---- | C] () -- C:\Documents and Settings\home\Desktop\WinSCP.lnk
    [2010/03/21 01:23:00 | 000,001,453 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\EverQuest II.lnk
    [2010/03/21 01:19:24 | 000,002,137 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
    [2010/03/21 01:18:34 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
    [2010/03/21 01:18:19 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [2010/03/21 00:23:28 | 000,000,734 | ---- | C] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100321-002328.backup
    [2010/03/21 00:04:12 | 000,001,548 | ---- | C] () -- C:\Documents and Settings\home\Desktop\CCleaner.lnk
    [2010/03/20 23:58:54 | 000,001,507 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 9.0.lnk
    [2010/03/20 23:58:47 | 000,113,461 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
    [2010/03/20 23:58:46 | 058,110,411 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
    [2010/03/20 23:58:46 | 006,061,540 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
    [2010/03/20 23:58:46 | 000,492,629 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
    [2010/03/20 23:58:46 | 000,142,495 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
    [2010/03/20 23:55:49 | 000,171,967 | ---- | C] () -- C:\WINDOWS\System32\Odbcjet.hlp
    [2010/03/20 23:55:49 | 000,007,348 | ---- | C] () -- C:\WINDOWS\System32\Odbcjet.cnt
    [2010/03/20 23:52:21 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\home\ntuser.ini
    [2010/03/20 23:52:20 | 010,747,904 | -H-- | C] () -- C:\Documents and Settings\home\NTUSER.DAT
    [2010/03/20 23:50:38 | 000,008,192 | ---- | C] () -- C:\WINDOWS\REGLOCS.OLD
    [2010/03/20 23:49:52 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
    [2010/03/20 23:49:48 | 000,028,288 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xjis.nls
    [2010/03/20 23:49:28 | 000,083,748 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prcp.nls
    [2010/03/20 23:49:28 | 000,083,748 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prc.nls
    [2010/03/20 23:49:27 | 000,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll
    [2010/03/20 23:49:17 | 000,047,066 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ksc.nls
    [2010/03/20 23:49:16 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
    [2010/03/20 23:49:12 | 000,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
    [2010/03/20 23:49:11 | 000,196,665 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe
    [2010/03/20 23:49:05 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
    [2010/03/20 23:48:58 | 013,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
    [2010/03/20 23:48:54 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
    [2010/03/20 23:48:41 | 000,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
    [2010/03/20 23:48:35 | 000,180,770 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20932.nls
    [2010/03/20 23:48:35 | 000,177,698 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20949.nls
    [2010/03/20 23:48:35 | 000,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20936.nls
    [2010/03/20 23:48:35 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_864.nls
    [2010/03/20 23:48:35 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_862.nls
    [2010/03/20 23:48:35 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_858.nls
    [2010/03/20 23:48:35 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_720.nls
    [2010/03/20 23:48:35 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_870.nls
    [2010/03/20 23:48:35 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_708.nls
    [2010/03/20 23:48:35 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28596.nls
    [2010/03/20 23:48:35 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_21027.nls
    [2010/03/20 23:48:35 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_21025.nls
    [2010/03/20 23:48:35 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20924.nls
    [2010/03/20 23:48:34 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20880.nls
    [2010/03/20 23:48:34 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20871.nls
    [2010/03/20 23:48:34 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20838.nls
    [2010/03/20 23:48:34 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20833.nls
    [2010/03/20 23:48:34 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20424.nls
    [2010/03/20 23:48:34 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20423.nls
    [2010/03/20 23:48:34 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20420.nls
    [2010/03/20 23:48:34 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20297.nls
    [2010/03/20 23:48:34 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20290.nls
    [2010/03/20 23:48:34 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20285.nls
    [2010/03/20 23:48:34 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20284.nls
    [2010/03/20 23:48:34 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20280.nls
    [2010/03/20 23:48:34 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20278.nls
    [2010/03/20 23:48:34 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20277.nls
    [2010/03/20 23:48:34 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20273.nls
    [2010/03/20 23:48:34 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20269.nls
    [2010/03/20 23:48:34 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20108.nls
    [2010/03/20 23:48:34 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20107.nls
    [2010/03/20 23:48:34 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20106.nls
    [2010/03/20 23:48:33 | 000,189,986 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1361.nls
    [2010/03/20 23:48:33 | 000,187,938 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20005.nls
    [2010/03/20 23:48:33 | 000,186,402 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20001.nls
    [2010/03/20 23:48:33 | 000,185,378 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20003.nls
    [2010/03/20 23:48:33 | 000,180,258 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20004.nls
    [2010/03/20 23:48:33 | 000,180,258 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20000.nls
    [2010/03/20 23:48:33 | 000,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20002.nls
    [2010/03/20 23:48:33 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20105.nls
    [2010/03/20 23:48:33 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1149.nls
    [2010/03/20 23:48:33 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1148.nls
    [2010/03/20 23:48:33 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1147.nls
    [2010/03/20 23:48:33 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1146.nls
    [2010/03/20 23:48:33 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1145.nls
    [2010/03/20 23:48:32 | 000,195,618 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10002.nls
    [2010/03/20 23:48:32 | 000,177,698 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10003.nls
    [2010/03/20 23:48:32 | 000,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10008.nls
    [2010/03/20 23:48:32 | 000,162,850 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10001.nls
    [2010/03/20 23:48:32 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1144.nls
    [2010/03/20 23:48:32 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1143.nls
    [2010/03/20 23:48:32 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1142.nls
    [2010/03/20 23:48:32 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1141.nls
    [2010/03/20 23:48:32 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1140.nls
    [2010/03/20 23:48:32 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1047.nls
    [2010/03/20 23:48:32 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10021.nls
    [2010/03/20 23:48:32 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10005.nls
    [2010/03/20 23:48:32 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10004.nls
    [2010/03/20 23:48:31 | 000,082,172 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bopomofo.nls
    [2010/03/20 23:48:31 | 000,066,728 | ---- | C] () -- C:\WINDOWS\System32\dllcache\big5.nls
    [2010/03/20 23:48:10 | 000,002,577 | ---- | C] () -- C:\WINDOWS\System32\CONFIG.NT
    [2010/03/20 23:48:10 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
    [2010/03/20 23:48:10 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
    [2010/03/20 23:48:10 | 000,000,000 | ---- | C] () -- C:\CONFIG.SYS
    [2010/03/20 23:48:10 | 000,000,000 | ---- | C] () -- C:\AUTOEXEC.BAT
    [2010/03/20 23:48:03 | 000,023,392 | ---- | C] () -- C:\WINDOWS\System32\nscompat.tlb
    [2010/03/20 23:48:03 | 000,016,832 | ---- | C] () -- C:\WINDOWS\System32\amcompat.tlb
    [2010/03/20 23:48:02 | 000,316,640 | ---- | C] () -- C:\WINDOWS\WMSysPr9.prx
    [2010/03/20 23:47:26 | 000,000,488 | RH-- | C] () -- C:\WINDOWS\System32\WindowsLogon.manifest
    [2010/03/20 23:47:26 | 000,000,488 | RH-- | C] () -- C:\WINDOWS\System32\logonui.exe.manifest
    [2010/03/20 23:47:22 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
    [2010/03/20 23:47:22 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\WindowsShell.Manifest
    [2010/03/20 23:47:22 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\sapi.cpl.manifest
    [2010/03/20 23:47:22 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\nwc.cpl.manifest
    [2010/03/20 23:47:22 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
    [2010/03/20 23:47:22 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\cdplayer.exe.manifest
    [2010/03/20 23:47:19 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\home\Desktop\Windows Movie Maker.lnk
    [2010/03/20 23:47:13 | 004,399,505 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nls302en.lex
    [2010/03/20 23:46:44 | 000,048,680 | -HS- | C] () -- C:\WINDOWS\winnt256.bmp
    [2010/03/20 23:46:44 | 000,048,680 | -HS- | C] () -- C:\WINDOWS\winnt.bmp
    [2010/03/20 23:46:36 | 000,000,984 | ---- | C] () -- C:\WINDOWS\System32\dllcache\srframe.mmf
    [2010/03/20 23:45:55 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
    [2010/03/20 23:45:18 | 000,065,954 | ---- | C] () -- C:\WINDOWS\Prairie Wind.bmp
    [2010/03/20 23:45:18 | 000,065,832 | ---- | C] () -- C:\WINDOWS\Santa Fe Stucco.bmp
    [2010/03/20 23:45:18 | 000,026,680 | ---- | C] () -- C:\WINDOWS\River Sumida.bmp
    [2010/03/20 23:45:18 | 000,026,582 | ---- | C] () -- C:\WINDOWS\Greenstone.bmp
    [2010/03/20 23:45:18 | 000,017,362 | ---- | C] () -- C:\WINDOWS\Rhododendron.bmp
    [2010/03/20 23:45:18 | 000,017,336 | ---- | C] () -- C:\WINDOWS\Gone Fishing.bmp
    [2010/03/20 23:45:18 | 000,016,730 | ---- | C] () -- C:\WINDOWS\FeatherTexture.bmp
    [2010/03/20 23:45:18 | 000,009,522 | ---- | C] () -- C:\WINDOWS\Zapotec.bmp
    [2010/03/20 23:45:17 | 000,093,702 | ---- | C] () -- C:\WINDOWS\System32\subrange.uce
    [2010/03/20 23:45:17 | 000,065,978 | ---- | C] () -- C:\WINDOWS\Soap Bubbles.bmp
    [2010/03/20 23:45:17 | 000,060,458 | ---- | C] () -- C:\WINDOWS\System32\ideograf.uce
    [2010/03/20 23:45:17 | 000,017,062 | ---- | C] () -- C:\WINDOWS\Coffee Bean.bmp
    [2010/03/20 23:45:17 | 000,016,740 | ---- | C] () -- C:\WINDOWS\System32\shiftjis.uce
    [2010/03/20 23:45:17 | 000,012,876 | ---- | C] () -- C:\WINDOWS\System32\korean.uce
    [2010/03/20 23:45:17 | 000,008,484 | ---- | C] () -- C:\WINDOWS\System32\kanji_2.uce
    [2010/03/20 23:45:17 | 000,006,948 | ---- | C] () -- C:\WINDOWS\System32\kanji_1.uce
    [2010/03/20 23:45:17 | 000,001,272 | ---- | C] () -- C:\WINDOWS\Blue Lace 16.bmp
    [2010/03/20 23:45:16 | 000,024,006 | ---- | C] () -- C:\WINDOWS\System32\gb2312.uce
    [2010/03/20 23:45:16 | 000,022,984 | ---- | C] () -- C:\WINDOWS\System32\bopomofo.uce
    [2010/03/20 23:45:12 | 000,003,286 | ---- | C] () -- C:\WINDOWS\System32\tslabels.h
    [2010/03/20 23:45:12 | 000,001,161 | ---- | C] () -- C:\WINDOWS\System32\usrlogon.cmd
    [2010/03/20 23:45:11 | 000,000,768 | ---- | C] () -- C:\WINDOWS\System32\msdtcprf.h
    [2010/03/20 23:45:06 | 000,063,488 | ---- | C] () -- C:\WINDOWS\System32\wmimgmt.msc
    [2010/03/20 23:36:01 | 000,001,787 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
    [2010/03/20 23:34:40 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
    [2010/03/20 23:12:28 | 000,613,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.chm
    [2010/03/20 23:12:28 | 000,354,468 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud1.wav
    [2010/03/20 23:12:28 | 000,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud7.wav
    [2010/03/20 23:12:28 | 000,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud6.wav
    [2010/03/20 23:12:28 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud9.wav
    [2010/03/20 23:12:28 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud8.wav
    [2010/03/20 23:12:28 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud3.wav
    [2010/03/20 23:12:28 | 000,086,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud5.wav
    [2010/03/20 23:12:28 | 000,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud4.wav
     
    gideon01,
    #36
  18. 2010/03/28
    gideon01

    gideon01 Inactive Thread Starter

    Joined:
    2010/03/21
    Messages:
    67
    Likes Received:
    0
    [2010/03/20 23:12:28 | 000,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud2.wav
    [2010/03/20 23:12:28 | 000,017,272 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmdm.inf
    [2010/03/20 23:12:28 | 000,010,457 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.hta
    [2010/03/20 23:12:28 | 000,006,769 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmfsdk.inf
    [2010/03/20 23:12:28 | 000,001,771 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.css
    [2010/03/20 23:12:28 | 000,000,855 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpocm.inf
    [2010/03/20 23:12:28 | 000,000,420 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmploc.js
    [2010/03/20 23:12:27 | 000,572,557 | ---- | C] () -- C:\WINDOWS\System32\dllcache\rtuner.wmv
    [2010/03/20 23:12:27 | 000,300,969 | ---- | C] () -- C:\WINDOWS\System32\dllcache\viz.wmv
    [2010/03/20 23:12:27 | 000,023,829 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tourbg.gif
    [2010/03/20 23:12:27 | 000,017,489 | ---- | C] () -- C:\WINDOWS\System32\dllcache\videobg.gif
    [2010/03/20 23:12:27 | 000,008,677 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm7.gif
    [2010/03/20 23:12:27 | 000,007,892 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm9.gif
    [2010/03/20 23:12:27 | 000,007,636 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm2.gif
    [2010/03/20 23:12:27 | 000,007,369 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm4.gif
    [2010/03/20 23:12:27 | 000,006,241 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm3.gif
    [2010/03/20 23:12:27 | 000,006,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm6.gif
    [2010/03/20 23:12:27 | 000,005,789 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm1.gif
    [2010/03/20 23:12:27 | 000,005,290 | ---- | C] () -- C:\WINDOWS\System32\dllcache\vidsamp.gif
    [2010/03/20 23:12:27 | 000,004,193 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm8.gif
    [2010/03/20 23:12:27 | 000,003,187 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tour.js
    [2010/03/20 23:12:27 | 000,002,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm5.gif
    [2010/03/20 23:12:27 | 000,002,469 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplay.gif
    [2010/03/20 23:12:27 | 000,002,450 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpause.gif
    [2010/03/20 23:12:27 | 000,002,375 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplayh.gif
    [2010/03/20 23:12:27 | 000,002,371 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpauseh.gif
    [2010/03/20 23:12:27 | 000,001,398 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taon.gif
    [2010/03/20 23:12:27 | 000,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taonh.gif
    [2010/03/20 23:12:27 | 000,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoff.gif
    [2010/03/20 23:12:27 | 000,001,367 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoffh.gif
    [2010/03/20 23:12:27 | 000,001,148 | ---- | C] () -- C:\WINDOWS\System32\dllcache\snd.htm
    [2010/03/20 23:12:27 | 000,000,908 | ---- | C] () -- C:\WINDOWS\System32\dllcache\skins.inf
    [2010/03/20 23:12:26 | 000,375,519 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nuskin.wmv
    [2010/03/20 23:12:26 | 000,077,307 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plyr_err.chm
    [2010/03/20 23:12:26 | 000,067,866 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwlan5.img
    [2010/03/20 23:12:26 | 000,022,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npds.zip
    [2010/03/20 23:12:26 | 000,000,403 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npdrmv2.zip
    [2010/03/20 23:12:25 | 000,457,607 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mdlib.wmv
    [2010/03/20 23:12:25 | 000,097,117 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.hlp
    [2010/03/20 23:12:25 | 000,018,286 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.inf
    [2010/03/20 23:12:25 | 000,005,971 | ---- | C] () -- C:\WINDOWS\System32\dllcache\events.js
    [2010/03/20 23:12:25 | 000,002,778 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogoh.gif
    [2010/03/20 23:12:25 | 000,002,545 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogo.gif
    [2010/03/20 23:12:25 | 000,001,885 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.cnt
    [2010/03/20 23:12:23 | 000,381,425 | ---- | C] () -- C:\WINDOWS\System32\dllcache\copycd.wmv
    [2010/03/20 23:12:23 | 000,129,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\cxthsfs2.cty
    [2010/03/20 23:12:23 | 000,009,585 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.css
    [2010/03/20 23:12:23 | 000,008,298 | ---- | C] () -- C:\WINDOWS\System32\dllcache\contents.htm
    [2010/03/20 23:12:23 | 000,006,878 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.js
    [2010/03/20 23:12:23 | 000,000,999 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bktrh.gif
    [2010/03/20 23:12:23 | 000,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnth.gif
    [2010/03/20 23:12:23 | 000,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnt.gif
    [2010/03/20 23:12:23 | 000,000,772 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cntd.gif
    [2010/03/20 23:12:23 | 000,000,760 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapph.gif
    [2010/03/20 23:12:23 | 000,000,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapp.gif
    [2010/03/20 23:12:11 | 000,064,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmc20.cod
    [2010/03/20 18:42:20 | 001,685,606 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sam.spd
    [2010/03/20 18:42:20 | 000,605,050 | ---- | C] () -- C:\WINDOWS\System32\dllcache\r1033tts.lxa
    [2010/03/20 18:42:20 | 000,000,888 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sam.sdf
    [2010/03/20 18:42:19 | 000,643,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ltts1033.lxa
    [2010/03/20 18:42:18 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28603.nls
    [2010/03/20 18:42:18 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_28603.nls
    [2010/03/20 18:42:16 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_857.nls
    [2010/03/20 18:42:16 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_857.nls
    [2010/03/20 18:42:16 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28599.nls
    [2010/03/20 18:42:16 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_28599.nls
    [2010/03/20 18:42:16 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10081.nls
    [2010/03/20 18:42:16 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10081.nls
    [2010/03/20 18:42:14 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28595.nls
    [2010/03/20 18:42:14 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\C_28595.NLS
    [2010/03/20 18:42:14 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10017.nls
    [2010/03/20 18:42:14 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10017.nls
    [2010/03/20 18:42:14 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10007.nls
    [2010/03/20 18:42:14 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10007.nls
    [2010/03/20 18:42:12 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_869.nls
    [2010/03/20 18:42:12 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_869.nls
    [2010/03/20 18:42:12 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_737.nls
    [2010/03/20 18:42:12 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_737.nls
    [2010/03/20 18:42:12 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_875.nls
    [2010/03/20 18:42:12 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_875.nls
    [2010/03/20 18:42:12 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28597.nls
    [2010/03/20 18:42:12 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\C_28597.NLS
    [2010/03/20 18:42:12 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10006.nls
    [2010/03/20 18:42:12 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10006.nls
    [2010/03/20 18:42:11 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_866.nls
    [2010/03/20 18:42:11 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_866.nls
    [2010/03/20 18:42:11 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_855.nls
    [2010/03/20 18:42:11 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_855.nls
    [2010/03/20 18:42:11 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28594.nls
    [2010/03/20 18:42:11 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\C_28594.NLS
    [2010/03/20 18:42:08 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_852.nls
    [2010/03/20 18:42:08 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_852.nls
    [2010/03/20 18:42:08 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10082.nls
    [2010/03/20 18:42:08 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10082.nls
    [2010/03/20 18:42:08 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10029.nls
    [2010/03/20 18:42:08 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10029.nls
    [2010/03/20 18:42:08 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10010.nls
    [2010/03/20 18:42:08 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10010.nls
    [2010/03/20 18:42:07 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20127.nls
    [2010/03/20 18:42:07 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_20127.nls
    [2010/03/20 18:42:03 | 000,001,688 | ---- | C] () -- C:\WINDOWS\System32\AUTOEXEC.NT
    [2010/03/20 18:39:55 | 001,042,903 | ---- | C] () -- C:\WINDOWS\System32\dllcache\SP2.CAT
    [2010/03/20 18:39:55 | 000,797,189 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
    [2010/03/20 18:39:55 | 000,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
    [2010/03/20 18:39:55 | 000,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
    [2010/03/20 18:39:55 | 000,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT
    [2010/03/20 18:39:55 | 000,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
    [2010/03/20 18:39:55 | 000,007,710 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
    [2010/03/20 18:39:55 | 000,007,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmerrenu.cat
    [2010/03/20 18:39:19 | 000,095,072 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2010/03/20 18:38:37 | 000,000,281 | RHS- | C] () -- C:\boot.ini
    [2010/03/20 18:38:37 | 000,000,261 | ---- | C] () -- C:\WINDOWS\System32\$winnt$.inf
    [2007/09/27 11:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
    [2007/09/27 11:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
    [2007/09/27 11:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini

    ========== LOP Check ==========

    [2010/03/20 23:58:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
    [2010/03/26 07:10:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
    [2010/03/21 03:02:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Toolbar4
    [2010/03/26 07:47:57 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
    [2010/03/21 01:19:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
    [2010/03/26 07:14:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\home\Application Data\CheckPoint
    [2010/03/24 16:26:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\home\Application Data\D8585968FC18271731C4ED43D7D5AD4E
    [2010/03/23 18:19:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\home\Application Data\OxelonMC
    [2010/03/22 06:36:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\home\Application Data\ProfitUI Reborn Updater
    [2010/03/26 08:00:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\home\Application Data\QuickScan
    [2010/03/20 23:36:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\home\Application Data\Windows Desktop Search
    [2010/03/21 02:21:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\home\Application Data\Windows Search
    [2010/03/26 07:30:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\home\Application Data\WinPatrol
    [2010/03/28 14:18:16 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.exe >


    < MD5 for: AGP440.SYS >
    [2004/08/12 10:06:15 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
    [2010/03/20 23:19:17 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
    [2010/03/20 23:19:17 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
    [2010/03/20 23:19:17 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\sp3.cab:AGP440.sys
    [2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
    [2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
    [2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\agp440.sys
    [2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

    < MD5 for: ATAPI.SYS >
    [2004/08/12 10:06:15 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
    [2010/03/20 23:19:17 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
    [2010/03/20 23:19:17 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
    [2010/03/20 23:19:17 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\sp3.cab:atapi.sys
    [2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
    [2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
    [2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\atapi.sys
    [2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
    [2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
    [2004/08/12 09:55:51 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0013\DriverFiles\i386\atapi.sys

    < MD5 for: EVENTLOG.DLL >
    [2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
    [2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
    [2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\eventlog.dll
    [2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
    [2004/08/12 09:57:17 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

    < MD5 for: IASTOR.SYS >
    [2004/06/29 12:17:16 | 000,477,952 | ---- | M] (Intel Corporation) MD5=D7731536E183B4397402CA6F9E1D52F7 -- C:\Program Files\Intel\Intel Application Accelerator\Driver\iaStor.sys
    [2010/03/24 21:08:38 | 000,477,952 | ---- | M] (Intel Corporation) MD5=D7731536E183B4397402CA6F9E1D52F7 -- C:\WINDOWS\system32\drivers\iaStor.sys
    [2004/08/12 10:11:50 | 000,467,200 | ---- | M] (Intel Corporation) MD5=F26BFD48B1C314E0F23BF77ACFA75940 -- C:\WINDOWS\dell\iastor\iastor.sys
    [2004/08/12 10:11:50 | 000,467,200 | ---- | M] (Intel Corporation) MD5=F26BFD48B1C314E0F23BF77ACFA75940 -- C:\WINDOWS\system32\ReinstallBackups\0014\DriverFiles\iaStor.sys

    < MD5 for: NETLOGON.DLL >
    [2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
    [2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
    [2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\netlogon.dll
    [2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
    [2009/02/06 14:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\SoftwareDistribution\Download\78cf8552430e25a8f24bc1e4dfb1970e\sp2qfe\netlogon.dll
    [2009/02/06 14:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\SoftwareDistribution\Download\de81b460c3abcfc5b8494c785a5f3944\sp2qfe\netlogon.dll
    [2004/08/12 10:02:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

    < MD5 for: SCECLI.DLL >
    [2004/08/12 10:04:44 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
    [2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
    [2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
    [2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\scecli.dll
    [2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

    < %systemroot%\*. /mp /s >

    < %systemroot%\system32\*.dll /lockedfiles >

    < %systemroot%\Tasks\*.job /lockedfiles >

    < %systemroot%\system32\drivers\*.sys /lockedfiles >

    < %systemroot%\System32\config\*.sav >
    [2010/03/20 18:38:37 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
    [2010/03/20 18:38:37 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
    [2010/03/20 18:38:37 | 000,888,832 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
    < End of report >
     
    Last edited by a moderator: 2010/03/28
    gideon01,
    #37
  19. 2010/03/28
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    I deleted few of your last posts, since they're double.

    Go to Add\Remove and uninstall SpywareGuard

    Re-run OTL and post fresh logs.
     
    broni,
    #38
  20. 2010/03/28
    gideon01

    gideon01 Inactive Thread Starter

    Joined:
    2010/03/21
    Messages:
    67
    Likes Received:
    0
    OTL logfile created on: 3/28/2010 3:32:51 PM - Run 2
    OTL by OldTimer - Version 3.1.37.3 Folder = C:\Documents and Settings\home\Desktop
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 57.00% Memory free
    4.00 Gb Paging File | 3.00 Gb Available in Paging File | 80.00% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 149.00 Gb Total Space | 125.26 Gb Free Space | 84.07% Space Free | Partition Type: NTFS
    Drive D: | 6.32 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: KLAHRE-61E8BF5D
    Current User Name: home
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Company Name Whitelist: On
    Skip Microsoft Files: On
    File Age = 14 Days
    Output = Standard
    Quick Scan

    ========== Processes (SafeList) ==========

    PRC - [2010/03/28 14:19:55 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\home\Desktop\OTL.exe
    PRC - [2010/03/26 07:49:31 | 000,818,256 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    PRC - [2010/03/26 07:49:30 | 001,263,728 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    PRC - [2010/03/24 16:31:53 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
    PRC - [2010/03/21 08:37:43 | 000,508,184 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
    PRC - [2010/03/21 08:37:42 | 000,617,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
    PRC - [2010/03/21 08:37:40 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
    PRC - [2010/03/21 08:37:11 | 000,916,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe
    PRC - [2010/03/21 08:37:10 | 000,710,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
    PRC - [2010/03/21 08:37:09 | 001,086,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
    PRC - [2009/11/22 15:44:16 | 002,384,240 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    PRC - [2009/11/22 15:42:50 | 001,037,192 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    PRC - [2009/10/14 09:30:26 | 000,476,528 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe
    PRC - [2009/10/14 09:30:06 | 000,730,480 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
    PRC - [2009/10/10 17:07:08 | 000,320,832 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
    PRC - [2009/08/28 19:48:20 | 000,518,120 | ---- | M] () -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\SyncServer.exe
    PRC - [2009/08/28 19:48:08 | 000,015,376 | ---- | M] () -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe
    PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    PRC - [2008/05/26 23:19:14 | 000,123,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2004/06/30 14:33:04 | 001,388,544 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    PRC - [2004/06/29 12:23:32 | 000,135,168 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Application Accelerator\IAAnotif.exe
    PRC - [2004/06/29 12:22:56 | 000,073,852 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Application Accelerator\IAANTmon.exe


    ========== Modules (SafeList) ==========

    MOD - [2010/03/28 14:19:55 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\home\Desktop\OTL.exe
    MOD - [2009/10/14 09:30:36 | 000,628,080 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
    MOD - [2009/07/12 01:12:06 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll
    MOD - [2009/07/12 01:09:20 | 000,554,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcp80.dll
    MOD - [2007/03/26 14:03:20 | 000,057,344 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\patrolpro.dll


    ========== Win32 Services (SafeList) ==========

    SRV - [2010/03/26 07:49:30 | 001,263,728 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
    SRV - [2010/03/21 08:37:40 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
    SRV - [2010/03/21 08:37:11 | 000,916,760 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
    SRV - [2009/11/22 15:44:16 | 002,384,240 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon)
    SRV - [2009/10/14 09:30:26 | 000,476,528 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe -- (IswSvc)
    SRV - [2004/06/29 12:22:56 | 000,073,852 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Application Accelerator\IAANTmon.exe -- (IAANTMon)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========


    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.whtm.com/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = about:blank
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.search.selectedEngine: "Bing "
    FF - prefs.js..browser.startup.homepage: "www.msn.com "
    FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
    FF - prefs.js..extensions.enabledItems: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.13
    FF - prefs.js..extensions.enabledItems: {FFB96CC1-7EB3-449D-B827-DB661701C6BB}:1.5.53.4


    FF - HKLM\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2010/03/26 08:08:13 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/03/27 06:53:25 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/03/24 16:32:02 | 000,000,000 | ---D | M]

    [2010/03/21 03:06:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\home\Application Data\Mozilla\Extensions
    [2010/03/21 02:17:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\home\Application Data\Mozilla\Extensions\mozswing@mozswing.org
    [2010/03/27 18:14:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\lkk0n11m.default\extensions
    [2010/03/21 14:09:26 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\lkk0n11m.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2010/03/26 17:18:57 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\lkk0n11m.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
    [2010/03/21 14:09:38 | 000,001,836 | ---- | M] () -- C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\lkk0n11m.default\searchplugins\bing-ff.xml
    [2010/03/27 18:21:31 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

    O1 HOSTS File: ([2010/03/26 19:16:33 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (no name) - {25526b16-f633-481c-8891-b9f8903112a4} - No CLSID value found.
    O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
    O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O2 - BHO: (ZoneAlarm Toolbar Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
    O3 - HKLM\..\Toolbar: (ZoneAlarm Toolbar) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
    O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Toolbar) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
    O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\IAAnotif.exe (Intel Corporation)
    O4 - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
    O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
    O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe (Analog Devices, Inc.)
    O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
    O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
    O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
    O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
    O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
    O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
    O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
    O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2010/03/20 23:48:10 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O32 - AutoRun File - [2007/06/11 22:27:33 | 000,000,140 | R--- | M] () - D:\autorun.inf -- [ UDF ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: 6to4 - File not found
    NetSvcs: Ias - C:\WINDOWS\system32\ias [2010/03/20 18:34:08 | 000,000,000 | ---D | M]
    NetSvcs: Iprip - File not found
    NetSvcs: Irmon - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
    NetSvcs: WmdmPmSp - File not found

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point (59957563063533568)

    ========== Files/Folders - Created Within 14 Days ==========

    [2010/03/28 14:19:54 | 000,555,520 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\home\Desktop\OTL.exe
    [2010/03/28 04:30:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\home\My Documents\Tansee
    [2010/03/28 03:01:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\home\Desktop\New Folder
    [2010/03/28 02:59:37 | 000,000,000 | ---D | C] -- C:\Program Files\Tansee iPhone Copy
    [2010/03/27 21:05:38 | 000,278,016 | ---- | C] (SteelWerX) -- C:\WINDOWS\swreg.exe
    [2010/03/27 20:40:59 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\home\Recent
    [2010/03/26 19:40:23 | 000,000,000 | -HSD | C] -- C:\RECYCLER
    [2010/03/26 07:50:00 | 000,064,288 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
    [2010/03/26 07:49:48 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
    [2010/03/26 07:47:57 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
    [2010/03/26 07:47:42 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
    [2010/03/26 07:47:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
    [2010/03/26 07:43:50 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareGuard
    [2010/03/26 07:33:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\home\My Documents\addware malware tools
    [2010/03/26 07:33:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\home\My Documents\ccleaner logs
    [2010/03/26 07:30:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\home\Application Data\WinPatrol
    [2010/03/26 07:30:13 | 000,000,000 | ---D | C] -- C:\Program Files\BillP Studios
    [2010/03/26 07:14:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\home\My Documents\ForceField Shared Files
    [2010/03/26 07:14:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\home\Application Data\CheckPoint
    [2010/03/26 07:14:29 | 000,000,000 | ---D | C] -- C:\Program Files\CheckPoint
    [2010/03/26 07:14:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ZoneLabs
    [2010/03/26 07:14:05 | 000,000,000 | ---D | C] -- C:\Program Files\Zone Labs
    [2010/03/26 07:13:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\Internet Logs
    [2010/03/26 07:10:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
    [2010/03/26 07:10:46 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
    [2010/03/26 06:59:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\home\Application Data\QuickScan
    [2010/03/25 18:21:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
    [2010/03/25 16:01:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\home\Desktop\iPhone Ringtones
    [2010/03/24 18:54:52 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2010/03/24 18:54:49 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2010/03/24 18:03:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
    [2010/03/24 17:40:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
    [2010/03/24 16:06:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Sun
    [2010/03/24 16:05:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
    [2010/03/24 16:05:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
    [2010/03/24 15:58:28 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\home\.COMMgr
    [2010/03/24 15:57:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\msapps
    [2010/03/24 15:57:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\home\Application Data\D8585968FC18271731C4ED43D7D5AD4E
    [2010/03/23 18:26:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\home\My Documents\DVDVideoSoft
    [2010/03/23 18:26:17 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoft
    [2010/03/23 18:26:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DVDVideoSoft
    [2010/03/23 18:19:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\home\Application Data\OxelonMC
    [2010/03/23 18:19:42 | 000,000,000 | ---D | C] -- C:\Program Files\OxelonMedia
    [2010/03/23 16:03:41 | 000,000,000 | ---D | C] -- C:\Program Files\Sun
    [2010/03/23 16:00:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\home\.SunDownloadManager
    [2010/03/22 06:35:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\home\Application Data\ProfitUI Reborn Updater
    [2010/03/22 06:08:10 | 000,000,000 | ---D | C] -- C:\Program Files\Ventrilo
    [2010/03/22 06:08:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
    [2010/03/21 21:26:40 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
    [2010/03/21 19:00:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
    [2010/03/21 18:09:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
    [2010/03/21 15:41:06 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2010/03/21 15:38:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
    [2010/03/21 14:41:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\home\Application Data\Malwarebytes
    [2010/03/21 14:41:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    [2010/03/21 14:41:20 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2010/03/21 14:29:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\home\My Documents\Downloads
    [2010/03/21 08:37:42 | 000,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
    [2010/03/21 03:19:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
    [2010/03/21 03:05:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\home\Local Settings\Application Data\Mozilla
    [2010/03/21 03:02:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Toolbar4
    [2010/03/21 02:27:24 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
    [2010/03/21 02:25:24 | 000,000,000 | ---D | C] -- C:\Program Files\WinSCP
    [2010/03/21 02:21:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\home\Application Data\Windows Search
    [2010/03/21 02:18:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\home\My Documents\LimeWire
    [2010/03/21 02:17:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\home\Application Data\Mozilla
    [2010/03/21 02:15:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\home\Application Data\WinRAR
    [2010/03/21 02:13:26 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
    [2010/03/21 01:22:58 | 000,000,000 | ---D | C] -- C:\Program Files\Sony
    [2010/03/21 01:22:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SWF Studio
    [2010/03/21 01:19:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\home\Application Data\Apple Computer
    [2010/03/21 01:19:03 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
    [2010/03/21 01:19:00 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
    [2010/03/21 01:19:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
    [2010/03/21 01:18:49 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
    [2010/03/21 01:18:26 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
    [2010/03/21 01:18:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
    [2010/03/21 01:18:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\home\Local Settings\Application Data\Apple
    [2010/03/21 01:18:17 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
    [2010/03/21 01:18:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
    [2010/03/21 01:17:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
    [2010/03/21 01:17:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple
    [2010/03/21 01:17:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\home\Local Settings\Application Data\Apple Computer
    [2010/03/21 00:09:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\home\Local Settings\Application Data\ApplicationHistory
    [2010/03/21 00:04:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\home\Application Data\Yahoo!
    [2010/03/21 00:04:11 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
    [2010/03/20 23:58:52 | 000,242,696 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
    [2010/03/20 23:58:47 | 000,216,200 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
    [2010/03/20 23:58:47 | 000,029,512 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
    [2010/03/20 23:58:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
    [2010/03/20 23:58:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg9
    [2010/03/20 23:58:41 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
    [2010/03/20 23:58:21 | 000,000,000 | ---D | C] -- C:\Program Files\Broadcom
    [2010/03/20 23:57:23 | 000,000,000 | ---D | C] -- C:\Program Files\Intel
    [2010/03/20 23:56:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ReinstallBackups
    [2010/03/20 23:56:27 | 000,381,056 | ---- | C] (Sensaura) -- C:\WINDOWS\System32\drivers\senfilt.sys
    [2010/03/20 23:56:26 | 000,991,232 | ---- | C] (Sensaura) -- C:\WINDOWS\System32\virtear.dll
    [2010/03/20 23:56:26 | 000,049,152 | ---- | C] (Analog Devices Inc.) -- C:\WINDOWS\System32\DSndUp.exe
    [2010/03/20 23:56:26 | 000,045,056 | ---- | C] (adi) -- C:\WINDOWS\System32\CleanUp.exe
    [2010/03/20 23:56:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\VirtualEar
    [2010/03/20 23:56:26 | 000,000,000 | ---D | C] -- C:\Program Files\Analog Devices
    [2010/03/20 23:55:50 | 000,446,464 | R--- | C] (Blue Sky Software Corporation.) -- C:\WINDOWS\System32\hhactivex.dll
    [2010/03/20 23:55:49 | 000,328,480 | ---- | C] (Sheridan Software Systems, Inc.) -- C:\WINDOWS\System32\ssa3d30.ocx
    [2010/03/20 23:55:47 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
    [2010/03/20 23:55:41 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
    [2010/03/20 23:55:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    [2010/03/20 23:55:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
    [2010/03/20 23:55:35 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
    [2010/03/20 23:55:35 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
    [2010/03/20 23:52:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\home\Application Data\Macromedia
    [2010/03/20 23:52:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\home\Application Data\Adobe
    [2010/03/20 23:52:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\home\Application Data\Identities
    [2010/03/20 23:52:31 | 000,000,000 | -H-D | C] -- C:\Program Files\Uninstall Information
    [2010/03/20 23:52:29 | 000,000,000 | R--D | C] -- C:\Documents and Settings\home\My Documents\My Music
    [2010/03/20 23:52:28 | 000,000,000 | R--D | C] -- C:\Documents and Settings\home\My Documents\My Pictures
    [2010/03/20 23:52:20 | 000,000,000 | --SD | C] -- C:\Documents and Settings\home\Application Data\Microsoft
    [2010/03/20 23:52:20 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\home\SendTo
    [2010/03/20 23:52:20 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\home\Application Data
    [2010/03/20 23:52:20 | 000,000,000 | R--D | C] -- C:\Documents and Settings\home\Start Menu
    [2010/03/20 23:52:20 | 000,000,000 | R--D | C] -- C:\Documents and Settings\home\My Documents
    [2010/03/20 23:52:20 | 000,000,000 | R--D | C] -- C:\Documents and Settings\home\Favorites
    [2010/03/20 23:52:20 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\home\Cookies
    [2010/03/20 23:52:20 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\home\Templates
    [2010/03/20 23:52:20 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\home\PrintHood
    [2010/03/20 23:52:20 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\home\NetHood
    [2010/03/20 23:52:20 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\home\Local Settings
    [2010/03/20 23:52:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\home\Local Settings\Application Data\Microsoft
    [2010/03/20 23:52:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\home\Desktop
    [2010/03/20 23:51:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution
    [2010/03/20 23:51:39 | 000,000,000 | --SD | C] -- C:\WINDOWS\System32\Microsoft
    [2010/03/20 23:51:11 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\home\IECompatCache
    [2010/03/20 23:50:41 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\home\PrivacIE
    [2010/03/20 23:49:56 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\home\IETldCache
    [2010/03/20 23:49:32 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
    [2010/03/20 23:49:32 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
    [2010/03/20 23:48:49 | 000,057,856 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esuimgd.dll
    [2010/03/20 23:48:49 | 000,045,056 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esunid.dll
    [2010/03/20 23:48:49 | 000,031,744 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esucmd.dll
    [2010/03/20 23:48:36 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
    [2010/03/20 23:48:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\xircom
    [2010/03/20 23:48:20 | 000,000,000 | ---D | C] -- C:\Program Files\xerox
    [2010/03/20 23:48:19 | 000,000,000 | ---D | C] -- C:\Program Files\microsoft frontpage
    [2010/03/20 23:48:18 | 000,000,000 | ---D | C] -- C:\DELL
    [2010/03/20 23:47:32 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\DRM
    [2010/03/20 23:47:26 | 000,000,000 | --SD | C] -- C:\WINDOWS\Downloaded Program Files
    [2010/03/20 23:47:26 | 000,000,000 | R--D | C] -- C:\WINDOWS\Offline Web Pages
    [2010/03/20 23:47:19 | 000,000,000 | -H-D | C] -- C:\Program Files\WindowsUpdate
    [2010/03/20 23:47:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DirectX
    [2010/03/20 23:46:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Services
    [2010/03/20 23:46:32 | 000,000,000 | --SD | C] -- C:\WINDOWS\Tasks
    [2010/03/20 23:46:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MSSoap
    [2010/03/20 23:46:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\srchasst
    [2010/03/20 23:46:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Macromed
    [2010/03/20 23:46:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NVIDIA Corporation
    [2010/03/20 23:46:19 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
    [2010/03/20 23:46:18 | 000,000,000 | ---D | C] -- C:\Program Files\Movie Maker
    [2010/03/20 23:46:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Restore
    [2010/03/20 23:46:06 | 000,000,000 | ---D | C] -- C:\Program Files\NetMeeting
    [2010/03/20 23:46:04 | 000,000,000 | ---D | C] -- C:\Program Files\Outlook Express
    [2010/03/20 23:45:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\System
    [2010/03/20 23:45:57 | 000,000,000 | ---D | C] -- C:\Program Files\Internet Explorer
    [2010/03/20 23:45:56 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Pictures
    [2010/03/20 23:45:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\Registration
    [2010/03/20 23:45:39 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Music
    [2010/03/20 23:45:39 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Player
    [2010/03/20 23:45:39 | 000,000,000 | ---D | C] -- C:\Program Files\Online Services
    [2010/03/20 23:45:37 | 000,000,000 | ---D | C] -- C:\Program Files\Messenger
    [2010/03/20 23:45:30 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Gaming Zone
    [2010/03/20 23:44:55 | 000,000,000 | ---D | C] -- C:\Program Files\MSN
    [2010/03/20 23:44:53 | 000,000,000 | ---D | C] -- C:\Program Files\Windows NT
    [2010/03/20 23:44:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MsDtc
    [2010/03/20 23:44:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Com
    [2010/03/20 23:44:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
    [2010/03/20 23:43:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
    [2010/03/20 23:43:39 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
    [2010/03/20 23:39:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
    [2010/03/20 23:39:09 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
    [2010/03/20 23:39:06 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
    [2010/03/20 23:38:54 | 000,000,000 | ---D | C] -- C:\950cce00c90ed71ec89d5b7c4e7f
    [2010/03/20 23:36:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\home\Local Settings\Application Data\Identities
    [2010/03/20 23:36:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\home\Application Data\Windows Desktop Search
    [2010/03/20 23:35:56 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Desktop Search
    [2010/03/20 23:35:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\GroupPolicy
    [2010/03/20 23:35:19 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Connect 2
    [2010/03/20 23:34:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF
    [2010/03/20 23:34:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
    [2010/03/20 23:33:46 | 000,000,000 | R-SD | C] -- C:\WINDOWS\assembly
    [2010/03/20 23:33:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\URTTemp
    [2010/03/20 23:33:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET
    [2010/03/20 23:27:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
    [2010/03/20 23:27:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
    [2010/03/20 23:22:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
    [2010/03/20 23:22:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
    [2010/03/20 23:22:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-us
    [2010/03/20 23:22:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
    [2010/03/20 23:22:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
    [2010/03/20 23:21:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
    [2010/03/20 23:20:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
    [2010/03/20 23:19:18 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
    [2010/03/20 23:19:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\EHome
    [2010/03/20 23:07:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
    [2010/03/20 23:04:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
    [2010/03/20 23:04:53 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$
    [2010/03/20 23:04:40 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
    [2010/03/20 23:03:49 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\home\UserData
    [2010/03/20 23:00:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\Downloaded Installations
    [2010/03/20 22:59:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\home\Application Data\Sun
    [2010/03/20 22:59:35 | 000,000,000 | ---D | C] -- C:\Program Files\Java
    [2010/03/20 22:59:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
    [2010/03/20 22:59:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\home\Local Settings\Application Data\{7148F0A6-6813-11D6-A77B-00B0D0142030}
    [2010/03/20 22:58:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
    [2010/03/20 18:42:22 | 000,000,000 | -HSD | C] -- C:\WINDOWS\Installer
    [2010/03/20 18:42:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ODBC
    [2010/03/20 18:42:19 | 000,000,000 | R--D | C] -- C:\Program Files
    [2010/03/20 18:42:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SpeechEngines
    [2010/03/20 18:42:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Microsoft Shared
    [2010/03/20 18:42:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files
    [2010/03/20 18:41:57 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu
    [2010/03/20 18:41:57 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents
    [2010/03/20 18:41:57 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Templates
    [2010/03/20 18:41:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Favorites
    [2010/03/20 18:41:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Desktop
    [2010/03/20 18:39:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot2
    [2010/03/20 18:39:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot
    [2010/03/20 18:39:37 | 000,000,000 | --SD | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft
    [2010/03/20 18:39:37 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\All Users\Application Data
    [2010/03/20 18:39:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings
    [2010/03/20 18:39:19 | 000,000,000 | -HSD | C] -- C:\System Volume Information
    [2010/03/20 18:33:12 | 000,000,000 | R-SD | C] -- C:\WINDOWS\Fonts
    [2010/03/20 18:33:12 | 000,000,000 | RHSD | C] -- C:\WINDOWS\System32\dllcache
    [2010/03/20 18:33:12 | 000,000,000 | R--D | C] -- C:\WINDOWS\Web
    [2010/03/20 18:33:12 | 000,000,000 | -H-D | C] -- C:\WINDOWS\inf
    [2010/03/20 18:33:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\WinSxS
    [2010/03/20 18:33:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wins
    [2010/03/20 18:33:12 | 000,000,000 | ---D | C] -- C:\WINDOWS
    [2010/03/20 18:33:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wbem
    [2010/03/20 18:33:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\usmt
    [2010/03/20 18:33:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\twain_32
    [2010/03/20 18:33:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\Temp
    [2010/03/20 18:33:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\system32
    [2010/03/20 18:33:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\system
    [2010/03/20 18:33:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\spool
    [2010/03/20 18:33:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ShellExt
    [2010/03/20 18:33:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Setup
    [2010/03/20 18:33:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\security
    [2010/03/20 18:33:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\Resources
    [2010/03/20 18:33:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\repair
    [2010/03/20 18:33:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ras
    [2010/03/20 18:33:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\Provisioning
    [2010/03/20 18:33:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\PeerNet
    [2010/03/20 18:33:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\pchealth
    [2010/03/20 18:33:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\oobe
    [2010/03/20 18:33:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\npp
    [2010/03/20 18:33:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\mui
    [2010/03/20 18:33:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\mui
    [2010/03/20 18:33:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\msapps
    [2010/03/20 18:33:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\msagent
    [2010/03/20 18:33:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\Media
    [2010/03/20 18:33:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\java
    [2010/03/20 18:33:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\inetsrv
    [2010/03/20 18:33:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\IME
    [2010/03/20 18:33:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\ime
    [2010/03/20 18:33:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\icsxml
    [2010/03/20 18:33:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ias
    [2010/03/20 18:33:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\Help
    [2010/03/20 18:33:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\export
    [2010/03/20 18:33:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\etc
    [2010/03/20 18:33:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers
    [2010/03/20 18:33:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\Driver Cache
    [2010/03/20 18:33:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\disdn
    [2010/03/20 18:33:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\dhcp
    [2010/03/20 18:33:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\dell
    [2010/03/20 18:33:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\Debug
    [2010/03/20 18:33:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\Cursors
    [2010/03/20 18:33:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\Connection Wizard
    [2010/03/20 18:33:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\config
    [2010/03/20 18:33:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\Config
    [2010/03/20 18:33:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\AppPatch
    [2010/03/20 18:33:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\addins
    [2010/03/20 18:33:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3com_dmi
    [2010/03/20 18:33:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3076
    [2010/03/20 18:33:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\2052
    [2010/03/20 18:33:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1054
    [2010/03/20 18:33:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1042
    [2010/03/20 18:33:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1041
    [2010/03/20 18:33:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1037
    [2010/03/20 18:33:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1033
    [2010/03/20 18:33:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1031
    [2010/03/20 18:33:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1028
    [2010/03/20 18:33:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1025

    ========== Files - Modified Within 14 Days ==========

    [2010/03/28 15:08:33 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
    [2010/03/28 15:08:10 | 010,747,904 | -H-- | M] () -- C:\Documents and Settings\home\NTUSER.DAT
    [2010/03/28 15:08:10 | 002,139,654 | ---- | M] () -- C:\Documents and Settings\home\Desktop\Ultimate (v1.4 os31)-samgo9861.ipa
    [2010/03/28 14:19:55 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\home\Desktop\OTL.exe
    [2010/03/28 14:18:16 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
    [2010/03/28 14:15:09 | 000,271,490 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
    [2010/03/28 14:14:16 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
    [2010/03/28 14:13:43 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2010/03/28 09:55:28 | 058,110,411 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
    [2010/03/28 04:45:16 | 000,013,132 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
    [2010/03/28 03:21:43 | 000,013,104 | ---- | M] () -- C:\Documents and Settings\home\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    [2010/03/28 03:18:48 | 002,139,654 | R--- | M] () -- C:\Documents and Settings\home\Desktop\Ultimate (v1.4 os31)-samgo9861.ipa.zip
    [2010/03/28 02:59:38 | 000,000,762 | ---- | M] () -- C:\Documents and Settings\home\Desktop\iPhone Copy.lnk
    [2010/03/27 21:09:30 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\home\ntuser.ini
    [2010/03/27 21:05:17 | 000,488,240 | ---- | M] () -- C:\Documents and Settings\home\Desktop\HelpAsst_mebroot_fix.exe
    [2010/03/27 20:32:21 | 000,095,072 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2010/03/26 19:17:03 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
    [2010/03/26 19:16:33 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2010/03/26 17:26:40 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2010/03/26 07:49:47 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
    [2010/03/26 07:49:45 | 000,015,880 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe
    [2010/03/26 07:47:54 | 000,000,867 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
    [2010/03/26 07:15:15 | 000,422,437 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
    [2010/03/26 07:14:22 | 000,004,212 | -H-- | M] () -- C:\WINDOWS\System32\zllictbl.dat
    [2010/03/25 18:21:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [2010/03/25 07:51:25 | 000,000,600 | ---- | M] () -- C:\Documents and Settings\home\Application Data\winscp.rnd
    [2010/03/25 06:19:43 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/03/24 16:22:16 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\home\Desktop\Spybot - Search & Destroy.lnk
    [2010/03/24 15:58:44 | 000,001,834 | -HS- | M] () -- C:\Documents and Settings\home\Local Settings\Application Data\Mh3jm32txN
    [2010/03/24 15:58:44 | 000,001,834 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\Mh3jm32txN
    [2010/03/23 20:32:18 | 004,795,504 | -H-- | M] () -- C:\Documents and Settings\home\Local Settings\Application Data\IconCache.db
    [2010/03/23 18:26:37 | 000,000,892 | ---- | M] () -- C:\Documents and Settings\home\Desktop\DVDVideoSoft Free Studio.lnk
    [2010/03/23 18:19:43 | 000,000,467 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Oxelon Media Converter.lnk
    [2010/03/23 18:19:43 | 000,000,047 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Oxelon.com.url
    [2010/03/22 06:53:36 | 000,001,029 | ---- | M] () -- C:\Documents and Settings\home\Desktop\EQ2MAP Updater.lnk
    [2010/03/22 06:35:28 | 000,001,850 | ---- | M] () -- C:\Documents and Settings\home\My Documents\ProfitUI Reborn Updater.lnk
    [2010/03/22 06:08:12 | 000,000,262 | ---- | M] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
    [2010/03/22 06:08:11 | 000,000,630 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ventrilo.lnk
    [2010/03/21 19:12:16 | 000,876,742 | ---- | M] () -- C:\Documents and Settings\home\Desktop\ACT-Setup.exe
    [2010/03/21 15:41:14 | 000,000,281 | RHS- | M] () -- C:\boot.ini
    [2010/03/21 08:37:44 | 000,242,696 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
    [2010/03/21 08:37:42 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
    [2010/03/21 08:37:42 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
    [2010/03/21 08:37:10 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
    [2010/03/21 03:06:10 | 000,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
    [2010/03/21 02:41:55 | 000,000,803 | ---- | M] () -- C:\Documents and Settings\home\Desktop\Internet Explorer.lnk
    [2010/03/21 02:27:32 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
    [2010/03/21 02:25:25 | 000,001,464 | ---- | M] () -- C:\Documents and Settings\home\Desktop\WinSCP.lnk
    [2010/03/21 01:23:00 | 000,001,453 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\EverQuest II.lnk
    [2010/03/21 01:18:34 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
    [2010/03/21 00:22:08 | 000,551,164 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
    [2010/03/21 00:22:08 | 000,462,168 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2010/03/21 00:22:08 | 000,078,114 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2010/03/21 00:04:12 | 000,001,548 | ---- | M] () -- C:\Documents and Settings\home\Desktop\CCleaner.lnk
    [2010/03/20 23:58:54 | 000,001,507 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 9.0.lnk
    [2010/03/20 23:58:47 | 000,113,461 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
    [2010/03/20 23:58:46 | 006,061,540 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
    [2010/03/20 23:58:46 | 000,492,629 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
    [2010/03/20 23:58:46 | 000,142,495 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
    [2010/03/20 23:50:38 | 000,008,192 | ---- | M] () -- C:\WINDOWS\REGLOCS.OLD
    [2010/03/20 23:49:56 | 000,000,261 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
    [2010/03/20 23:48:10 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
    [2010/03/20 23:48:10 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2010/03/20 23:48:10 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
     
    gideon01,
    #39
  21. 2010/03/28
    gideon01

    gideon01 Inactive Thread Starter

    Joined:
    2010/03/21
    Messages:
    67
    Likes Received:
    0
    ran OTL with the custom script and this time it only gave me 1 log. log inc
    OTL logfile created on: 3/28/2010 3:38:54 PM - Run 3
    OTL by OldTimer - Version 3.1.37.3 Folder = C:\Documents and Settings\home\Desktop
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 58.00% Memory free
    4.00 Gb Paging File | 3.00 Gb Available in Paging File | 81.00% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 149.00 Gb Total Space | 125.22 Gb Free Space | 84.04% Space Free | Partition Type: NTFS
    Drive D: | 6.32 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: KLAHRE-61E8BF5D
    Current User Name: home
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Company Name Whitelist: On
    Skip Microsoft Files: On
    File Age = 14 Days
    Output = Standard
    Quick Scan

    ========== Processes (SafeList) ==========

    PRC - [2010/03/28 14:19:55 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\home\Desktop\OTL.exe
    PRC - [2010/03/26 07:49:31 | 000,818,256 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    PRC - [2010/03/26 07:49:30 | 001,263,728 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    PRC - [2010/03/24 16:31:53 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
    PRC - [2010/03/21 08:37:43 | 000,508,184 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
    PRC - [2010/03/21 08:37:42 | 000,617,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
    PRC - [2010/03/21 08:37:40 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
    PRC - [2010/03/21 08:37:11 | 000,916,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe
    PRC - [2010/03/21 08:37:10 | 000,710,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
    PRC - [2010/03/21 08:37:09 | 001,086,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
    PRC - [2009/11/22 15:44:16 | 002,384,240 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    PRC - [2009/11/22 15:42:50 | 001,037,192 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    PRC - [2009/10/14 09:30:26 | 000,476,528 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe
    PRC - [2009/10/14 09:30:06 | 000,730,480 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
    PRC - [2009/10/10 17:07:08 | 000,320,832 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
    PRC - [2009/08/28 19:48:08 | 000,015,376 | ---- | M] () -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe
    PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    PRC - [2008/05/26 23:19:14 | 000,123,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2004/06/30 14:33:04 | 001,388,544 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    PRC - [2004/06/29 12:23:32 | 000,135,168 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Application Accelerator\IAAnotif.exe
    PRC - [2004/06/29 12:22:56 | 000,073,852 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Application Accelerator\IAANTmon.exe


    ========== Modules (SafeList) ==========

    MOD - [2010/03/28 14:19:55 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\home\Desktop\OTL.exe
    MOD - [2009/10/14 09:30:36 | 000,628,080 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
    MOD - [2009/07/12 01:12:06 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll
    MOD - [2009/07/12 01:09:20 | 000,554,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcp80.dll
    MOD - [2007/03/26 14:03:20 | 000,057,344 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\patrolpro.dll


    ========== Win32 Services (SafeList) ==========

    SRV - [2010/03/26 07:49:30 | 001,263,728 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
    SRV - [2010/03/21 08:37:40 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
    SRV - [2010/03/21 08:37:11 | 000,916,760 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
    SRV - [2009/11/22 15:44:16 | 002,384,240 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon)
    SRV - [2009/10/14 09:30:26 | 000,476,528 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe -- (IswSvc)
    SRV - [2004/06/29 12:22:56 | 000,073,852 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Application Accelerator\IAANTmon.exe -- (IAANTMon)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========


    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.whtm.com/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = about:blank
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.search.selectedEngine: "Bing "
    FF - prefs.js..browser.startup.homepage: "www.msn.com "
    FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
    FF - prefs.js..extensions.enabledItems: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.13
    FF - prefs.js..extensions.enabledItems: {FFB96CC1-7EB3-449D-B827-DB661701C6BB}:1.5.53.4


    FF - HKLM\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2010/03/26 08:08:13 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/03/27 06:53:25 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/03/24 16:32:02 | 000,000,000 | ---D | M]

    [2010/03/21 03:06:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\home\Application Data\Mozilla\Extensions
    [2010/03/21 02:17:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\home\Application Data\Mozilla\Extensions\mozswing@mozswing.org
    [2010/03/27 18:14:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\lkk0n11m.default\extensions
    [2010/03/21 14:09:26 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\lkk0n11m.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2010/03/26 17:18:57 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\lkk0n11m.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
    [2010/03/21 14:09:38 | 000,001,836 | ---- | M] () -- C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\lkk0n11m.default\searchplugins\bing-ff.xml
    [2010/03/27 18:21:31 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

    O1 HOSTS File: ([2010/03/26 19:16:33 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (no name) - {25526b16-f633-481c-8891-b9f8903112a4} - No CLSID value found.
    O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
    O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O2 - BHO: (ZoneAlarm Toolbar Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
    O3 - HKLM\..\Toolbar: (ZoneAlarm Toolbar) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
    O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Toolbar) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
    O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\IAAnotif.exe (Intel Corporation)
    O4 - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
    O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
    O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe (Analog Devices, Inc.)
    O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
    O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
    O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
    O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
    O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
    O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
    O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
    O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2010/03/20 23:48:10 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O32 - AutoRun File - [2007/06/11 22:27:33 | 000,000,140 | R--- | M] () - D:\autorun.inf -- [ UDF ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: 6to4 - File not found
    NetSvcs: Ias - C:\WINDOWS\system32\ias [2010/03/20 18:34:08 | 000,000,000 | ---D | M]
    NetSvcs: Iprip - File not found
    NetSvcs: Irmon - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
    NetSvcs: WmdmPmSp - File not found

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point (59957563063533568)
     
    gideon01,
    #40
Page 2 of 4

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...