Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

hjt log


  • This topic is locked This topic is locked
18 replies to this topic

#1 mexycan

mexycan

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:43 AM

Posted 13 November 2009 - 10:31 PM

Hello im a first time poster but here is my log thanks!


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:00:46 PM, on 11/13/2009
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch...P&M=GT5648E
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.html?Ch...P&M=GT5648E
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch...P&M=GT5648E
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gateway.com/g/sidepanel.html?Ch...P&M=GT5648E
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [EPSON Stylus CX7400 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICDA.EXE /FU "C:\Windows\TEMP\E_SA125.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [EPSON Stylus CX7400 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICDA.EXE /FU "C:\Windows\TEMP\E_S7C21.tmp" /EF "HKCU" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [EPSON Stylus CX7400 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICDA.EXE /FU "C:\Windows\TEMP\E_S7C21.tmp" /EF "HKCU" (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: NETGEAR WG111v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
O8 - Extra context menu item: Download Link Using Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.12) - http://gameadvisor.futuremark.com/global/msc3121.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: AVG Firewall (avgfws9) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgfws9.exe
O23 - Service: AVG9IDSAgent (AVGIDSAgent) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 8413 bytes

BC AdBot (Login to Remove)

 


#2 mexycan

mexycan
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:43 AM

Posted 14 November 2009 - 04:43 PM

whoa just bumping is all<take your time guys!

===========

Hello

While we understand your frustration at having to wait, please note that Bleeping Computer deals with several hundred requests for assistance such as yours on a daily basis. As a result, our backlog is quite large as are other comparable sites that help others with malware issues. Although our HJT Team members work on hundreds of requests each day, they are all volunteers who work logs when they can and are able to do so. No one is paid by Bleeping Computer for their assistance to our members.

Further, our malware removal staff is comprised of team members with various levels of skill and expertise to deal with thousands of malware variants, some more complex than others. Although we try to take DDS/HJT logs in order (starting with the oldest), it is often the skill level of the particular helper and sometimes the operating system that dictates which logs get selected first. Some infections are more complicated than others and require a higher skill level to remove. Without that skill level attempted removal could result in disastrous results. In other instances, the helper may not be familiar with the operating system that you are using, since they use another. In either case, neither of us want someone to assist you who is not familiar with your issue and attempt to fix it.

We ask that once you have posted your log and are waiting, please DO NOT "bump" your thread or make further replies until it has been responded to by a member of the HJT Team. The reason we ask this or do not respond to your requests is because that would remove you from the active queue that Techs and Staff have access to. The malware staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response, there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.

That is why I have made an edit to your last post, instead of a reply. Please do not multiple post here, as that only pushes you further down the queue and causes confusion to the staff.

Please be patient. It may take several days, up to two weeks perhaps less, to get a response but your log will be reviewed and answered as soon as possible. I advise checking your topic once a day for responses as the e-mail notification system is unreliable.

Thank you for understanding.

Orange Blossom ~ forum moderator

Edited by Orange Blossom, 15 November 2009 - 02:12 AM.


#3 Net_Surfer

Net_Surfer

  • Banned
  • 2,154 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:43 PM

Posted 20 November 2009 - 09:21 AM

Hello and :( to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here
.

*If you have since resolved the original problem you were having, we would appreciate you letting us know.

*If not please perform the following steps below so we can have a look at the current condition of your machine.

*If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.


Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

**If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay
.


You may want to keep the link to this topic in your favorites. Alternatively, you can click the Posted Image button at the top bar of this topic and Track this Topic, where you can choose email notifications.
In order to be notified via email when your topic has a reply you need to enable topic notifications. To enable topic notifications you should do the following:

1. Click on the My Controls link at the top of the page to enter your control panel.

2. Scroll down to the Options category in the left hand side menu bar and click on the Email Settings link.

3. Put a checkmark in the checkbox labeled Enable 'Email Notification' by default?.

4. Set the If ticked, choose default type: menu option to Immediate Email Notification to have an email sent immediately when someone replied

The topics you are tracking are shown Here.
Because the e-mail notification system is not completely reliable, please check your topic once a day for responses.

----------------------------*-------------------------------

We need to see some information about what is happening in your machine.

Please perform the following scan:


Posted Image
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


Kind regards
Net_Surfer

:(

#4 mexycan

mexycan
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:43 AM

Posted 23 November 2009 - 12:43 PM

i am still having the issues! i turned off both avg and spybot search and destroy and dds ran but no log file popped up i did find it on desktop and it also left a bunch of temp files on desktop which i deleted also i hope that was ok but here is my dds log




DDS (Ver_09-11-23.01) - NTFSx86
Run by Mikel0329 at 12:39:32.96 on Mon 11/23/2009
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3070.1798 [GMT -5:00]

SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Dwm.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\AVG\AVG9\avgfws9.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgam.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
c:\Program Files\Zune\ZuneNss.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Mikel0329\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe

#5 Net_Surfer

Net_Surfer

  • Banned
  • 2,154 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:43 PM

Posted 24 November 2009 - 08:27 AM

Hello, and :( to Bleeping Computer Malware Removal Forum, My Nick is Net_Surfer I'll be glad to help you with your computer problems.

I will be working on your Malware issues, this may or may not solve other issues you may have with your machine.


Sorry about the delay, but the amount of people posting with infected computers is through the roof and sometimes we can't get to logs as fast as we would like to.

I would also like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please be courteous and appreciative for the assistance provided!

Please note that whatever repairs we make, are for fixing "your computer problems only" and by no means should be used on another computer.


You may want to keep the link to this topic in your favorites. Alternatively, you can click the Posted Image button at the top bar of this topic and Track this Topic, where you can choose email notifications. In order to be notified via email when your topic has a reply you need to enable topic notifications.

To enable topic notifications you should do the following:

1. Click on the My Controls link at the top of the page to enter your control panel.

2. Scroll down to the Options category in the left hand side menu bar and click on the Email Settings link.

3. Put a checkmark in the checkbox labeled Enable 'Email Notification' by default?.

4. Set the If ticked, choose default type: menu option to Immediate Email Notification to have an email sent immediately when someone replied

The topics you are tracking are shown Here.
Because the e-mail notification system is not completely reliable, please check your topic once a day for responses.

-----------------------------------------------------------

Please be patient and I'd be grateful if you would note the following:

The cleaning process is not instant. DDS, ComboFix, RSIT logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.

1. Please reply using the Posted Image button in the lower right hand corner of your screen. Do not start a new topic.
2. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
3. All of my posts need to be checked by my coach before they are posted here your benefit will be "four eyes and two brains" looking into your problem, but my responses may be somewhat delayed so please be patient while I attempt to remove your malware.
4. Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.

In the meantime Please refrain from making any changes to your system (updating Windows, installing applications, removing files, etc.) from now on as it might prolong handling your log and make the job for both of us more difficult..



Hi there,

What you posted was an incomplete log of DDS.

Please do the next step and let me know if you have problems scanning with RSIT.


:) * Run random's system information tool (RSIT)

We need to see more information about what is happening in your machine. Please perform the following scan:

Please note that it is important that RSIT be run and a log created while in normal mode. *If you run it and create your log while in safe mode, you will be asked to redo it again properly.
  • Download random's system information tool (RSIT) by random/random and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open.
Copy/Paste the contents of both log.txt and info.txt into your next post please.

( Default location for both files is C:\rsit\ )

Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERE

Summary of the logs I will need in your next reply:
  • The two logs of RSIT.
And a description of any problems in your next post.



Upon completing the above steps I will review your logs again and take the steps necessary with you to get your machine back in working order clean and free of malware.

Thanks.
Kind regards
Net_Surfer

:(

#6 mexycan

mexycan
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:43 AM

Posted 24 November 2009 - 08:51 AM

when attempting to run this scan i get an error that says "line -1: error variable used without being declared" i disabled everything like said in instructions this wont run either! im using windows & with avg 9 i dont know if that has anything to do with anything? also just as an update i just got back and avg had blocked a threat multiple times it keeps popping up every 5 mins or so its called
bevaccine.com/loaderadv799.exe it says its a generic trojan horse-this is first time this has happened. just an update! thanks for the help! hope we can get through this!

Edited by mexycan, 24 November 2009 - 11:56 AM.


#7 mexycan

mexycan
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:43 AM

Posted 24 November 2009 - 12:01 PM

sorry! one more update i tried to do a virus scan with avg and my entire computer just rebooted! soooo ima just wait and hope you can help me out here! when not on computer shld i turn internet conection off?

#8 Net_Surfer

Net_Surfer

  • Banned
  • 2,154 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:43 PM

Posted 25 November 2009 - 08:19 AM

Hello again mexycan, :(

Sorry for the delay, since you have windows 7 most of our scan tools still not compatible with it.

Let's see if OTL can give us some report logs.

We need to see some information about what is happening in your machine.

Please perform the following scan:


We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
Please DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean and free of malware!!!

Summary of the logs I will need in your next reply:
  • The report log of OTListit.text
  • The report log of Extra.txt
And a description of your current problems.


Upon completing the above steps I will review your logs again and take the steps necessary with you to get your machine back in working order clean and free of malware.

Kind regards
Net_Surfer

:(

#9 mexycan

mexycan
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:43 AM

Posted 25 November 2009 - 10:42 AM

this is log number one

OTL logfile created on: 11/25/2009 10:29:16 AM - Run 1
OTL by OldTimer - Version 3.1.10.1 Folder = C:\Users\Mikel0329\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.96 Gb Available Physical Memory | 98.20% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 287.83 Gb Total Space | 151.08 Gb Free Space | 52.49% Space Free | Partition Type: NTFS
Drive D: | 10.26 Gb Total Space | 4.52 Gb Free Space | 44.05% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MIKEL0329-PC
Current User Name: Mikel0329
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/11/25 10:22:00 | 00,531,456 | ---- | M] (OldTimer Tools) -- C:\Users\Mikel0329\Desktop\OTL.exe
PRC - [2009/11/13 09:24:05 | 02,020,120 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2009/11/13 09:24:04 | 00,600,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2009/11/12 19:06:12 | 01,055,000 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2009/11/12 19:06:12 | 00,702,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2009/11/12 19:06:12 | 00,702,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2009/11/12 19:06:12 | 00,702,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2009/11/12 19:06:12 | 00,502,040 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2009/11/12 19:06:10 | 02,304,192 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgfws9.exe
PRC - [2009/11/12 19:06:09 | 00,906,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe
PRC - [2009/11/12 19:06:06 | 00,827,160 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgam.exe
PRC - [2009/11/12 19:06:03 | 00,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2009/11/12 19:05:59 | 00,592,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2009/11/12 19:05:58 | 05,832,712 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2009/11/12 16:33:10 | 00,141,600 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/11/12 16:33:00 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/08/03 00:35:50 | 02,613,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/07/13 20:14:50 | 00,195,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WUDFHost.exe
PRC - [2009/07/13 20:14:47 | 01,121,280 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe
PRC - [2009/07/13 20:14:42 | 00,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/13 20:14:38 | 01,173,504 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Sidebar\sidebar.exe
PRC - [2009/07/13 20:14:15 | 00,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2009/07/09 11:22:18 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/03/05 16:07:20 | 02,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/26 15:31:10 | 01,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/11/10 12:23:50 | 05,117,568 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Zune\ZuneNss.exe
PRC - [2007/09/14 10:24:06 | 01,695,744 | ---- | M] () -- C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
PRC - [2007/09/04 19:25:44 | 00,131,072 | ---- | M] (NVIDIA) -- C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
PRC - [2007/08/30 09:50:42 | 00,205,480 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
PRC - [2007/04/23 17:51:42 | 04,435,968 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/04/23 04:00:00 | 00,692,224 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2007/04/11 15:32:22 | 00,056,080 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.exe
PRC - [2006/08/04 20:39:20 | 00,386,560 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\XAudio.exe


========== Modules (SafeList) ==========

MOD - [2009/11/25 10:22:00 | 00,531,456 | ---- | M] (OldTimer Tools) -- C:\Users\Mikel0329\Desktop\OTL.exe
MOD - [2009/11/12 19:06:27 | 00,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
MOD - [2009/07/13 20:16:15 | 00,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2009/07/13 20:16:13 | 00,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2009/07/13 20:16:13 | 00,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll
MOD - [2009/07/13 20:16:12 | 00,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009/07/13 20:16:03 | 00,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll
MOD - [2009/07/13 20:15:35 | 00,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2009/07/13 20:15:13 | 00,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
MOD - [2009/07/13 20:15:11 | 00,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009/07/13 20:15:07 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2009/07/13 20:15:02 | 00,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll
MOD - [2009/07/13 20:03:50 | 01,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/11/12 19:06:10 | 02,304,192 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgfws9.exe -- (avgfws9)
SRV - [2009/11/12 19:06:09 | 00,906,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2009/11/12 19:06:03 | 00,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2009/11/12 19:05:58 | 05,832,712 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2009/11/12 16:33:00 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/07/13 20:16:21 | 00,185,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2009/07/13 20:16:17 | 00,151,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009/07/13 20:16:17 | 00,119,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2009/07/13 20:16:16 | 00,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009/07/13 20:16:15 | 00,053,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2009/07/13 20:16:13 | 00,043,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009/07/13 20:16:13 | 00,025,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 20:16:12 | 01,004,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 20:16:12 | 00,269,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
SRV - [2009/07/13 20:16:12 | 00,269,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009/07/13 20:16:12 | 00,165,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2009/07/13 20:16:12 | 00,020,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009/07/13 20:15:41 | 00,680,960 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/13 20:15:36 | 00,194,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2009/07/13 20:15:21 | 00,797,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/07/13 20:15:11 | 00,253,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2009/07/13 20:15:10 | 00,218,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009/07/13 20:14:59 | 00,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009/07/13 20:14:58 | 00,088,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX Installer (AxInstSV)
SRV - [2009/07/13 20:14:53 | 00,027,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009/07/13 20:14:47 | 01,121,280 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2009/07/13 20:14:29 | 03,179,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sppsvc.exe -- (sppsvc)
SRV - [2009/07/13 20:14:19 | 00,557,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehrecvr.exe -- (ehRecvr)
SRV - [2009/07/13 20:14:19 | 00,094,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehsched.exe -- (ehSched)
SRV - [2009/07/09 11:22:18 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/06/10 16:23:09 | 00,066,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/10 16:14:51 | 00,042,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0)
SRV - [2009/06/10 16:14:05 | 00,128,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2009/06/10 16:14:02 | 00,878,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc)
SRV - [2009/01/26 15:31:10 | 01,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/11/10 12:23:50 | 05,117,568 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV - [2008/11/10 12:23:42 | 00,243,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV - [2008/11/04 00:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2007/09/04 19:25:44 | 00,131,072 | ---- | M] (NVIDIA) -- C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe -- (nTuneService)
SRV - [2007/05/17 16:45:33 | 00,271,720 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2006/10/26 17:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006/08/04 20:39:20 | 00,386,560 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\XAudio.exe -- (XAudioService)
SRV - [2004/10/22 02:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV - [2009/11/12 19:06:26 | 00,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/11/12 19:06:07 | 00,025,608 | ---- | M] (AVG Technologies ) -- C:\Windows\System32\Drivers\AVGIDSwx.sys -- (AVGIDSErHrw7x)
DRV - [2009/11/12 19:06:06 | 00,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2009/11/12 19:06:06 | 00,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/11/12 19:06:06 | 00,161,800 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\Drivers\avgrkx86.sys -- (AvgRkx86)
DRV - [2009/11/12 19:06:00 | 00,122,376 | ---- | M] (AVG Technologies ) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSDriver.sys -- (AVGIDSDriverw7x)
DRV - [2009/11/12 19:06:00 | 00,030,216 | ---- | M] (AVG Technologies ) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSFilter.sys -- (AVGIDSFilterw7x)
DRV - [2009/11/12 19:05:59 | 00,021,208 | ---- | M] (AVG Technologies ) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSShim.sys -- (AVGIDSShimw7x)
DRV - [2009/11/12 19:05:45 | 00,024,856 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgfwd6x.sys -- (Avgfwfd)
DRV - [2009/07/13 20:26:21 | 00,015,952 | ---- | M] (CMD Technology, Inc.) -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)
DRV - [2009/07/13 20:26:17 | 00,297,552 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)
DRV - [2009/07/13 20:26:15 | 00,422,976 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)
DRV - [2009/07/13 20:26:15 | 00,159,312 | ---- | M] (AMD Technologies Inc.) -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
DRV - [2009/07/13 20:26:15 | 00,146,512 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)
DRV - [2009/07/13 20:26:15 | 00,086,608 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)
DRV - [2009/07/13 20:26:15 | 00,079,952 | ---- | M] (Advanced Micro Devices) -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)
DRV - [2009/07/13 20:26:15 | 00,076,368 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)
DRV - [2009/07/13 20:26:15 | 00,023,616 | ---- | M] (Advanced Micro Devices) -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata)
DRV - [2009/07/13 20:26:15 | 00,014,400 | ---- | M] (Acer Laboratories Inc.) -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)
DRV - [2009/07/13 20:20:44 | 00,142,416 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)
DRV - [2009/07/13 20:20:44 | 00,117,312 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)
DRV - [2009/07/13 20:20:44 | 00,044,624 | ---- | M] (IBM Corporation) -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
DRV - [2009/07/13 20:20:37 | 00,089,168 | ---- | M] (LSI Corporation) -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
DRV - [2009/07/13 20:20:36 | 00,332,352 | ---- | M] (Intel Corporation) -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)
DRV - [2009/07/13 20:20:36 | 00,235,584 | ---- | M] (LSI Corporation, Inc.) -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
DRV - [2009/07/13 20:20:36 | 00,133,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)
DRV - [2009/07/13 20:20:36 | 00,096,848 | ---- | M] (LSI Corporation) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2009/07/13 20:20:36 | 00,095,824 | ---- | M] (LSI Corporation) -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
DRV - [2009/07/13 20:20:36 | 00,054,864 | ---- | M] (LSI Corporation) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
DRV - [2009/07/13 20:20:36 | 00,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)
DRV - [2009/07/13 20:20:36 | 00,030,800 | ---- | M] (LSI Corporation) -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)
DRV - [2009/07/13 20:20:36 | 00,013,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
DRV - [2009/07/13 20:20:28 | 00,453,712 | ---- | M] (Emulex) -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)
DRV - [2009/07/13 20:20:28 | 00,070,720 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)
DRV - [2009/07/13 20:20:28 | 00,067,152 | ---- | M] (Hewlett-Packard Company) -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)
DRV - [2009/07/13 20:20:28 | 00,046,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
DRV - [2009/07/13 20:19:11 | 00,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
DRV - [2009/07/13 20:19:10 | 00,175,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009/07/13 20:19:10 | 00,159,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)
DRV - [2009/07/13 20:19:10 | 00,040,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009/07/13 20:19:10 | 00,032,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)
DRV - [2009/07/13 20:19:10 | 00,028,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009/07/13 20:19:10 | 00,019,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/13 20:19:10 | 00,016,976 | ---- | M] (VIA Technologies, Inc.) -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)
DRV - [2009/07/13 20:19:04 | 01,383,488 | ---- | M] (QLogic Corporation) -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)
DRV - [2009/07/13 20:19:04 | 00,173,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)
DRV - [2009/07/13 20:19:04 | 00,106,064 | ---- | M] (QLogic Corporation) -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
DRV - [2009/07/13 20:19:04 | 00,077,888 | ---- | M] (Silicon Integrated Systems) -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
DRV - [2009/07/13 20:19:04 | 00,043,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\pcw.sys -- (pcw)
DRV - [2009/07/13 20:19:04 | 00,040,016 | ---- | M] (Silicon Integrated Systems Corp.) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
DRV - [2009/07/13 20:19:04 | 00,021,072 | ---- | M] (Promise Technology) -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)
DRV - [2009/07/13 20:17:54 | 00,369,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\Drivers\cng.sys -- (CNG)
DRV - [2009/07/13 19:57:25 | 00,272,128 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2009/07/13 19:02:41 | 00,018,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\rdpbus.sys -- (rdpbus)
DRV - [2009/07/13 19:01:41 | 00,007,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV - [2009/07/13 18:55:00 | 00,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV - [2009/07/13 18:53:51 | 00,009,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
DRV - [2009/07/13 18:52:44 | 00,027,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
DRV - [2009/07/13 18:52:02 | 00,019,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
DRV - [2009/07/13 18:52:00 | 00,163,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\1394ohci.sys -- (1394ohci)
DRV - [2009/07/13 18:51:35 | 00,008,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass)
DRV - [2009/07/13 18:51:08 | 00,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV - [2009/07/13 18:46:55 | 00,012,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
DRV - [2009/07/13 18:45:26 | 00,031,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)
DRV - [2009/07/13 18:36:52 | 00,050,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\appid.sys -- (AppID)
DRV - [2009/07/13 18:33:50 | 00,026,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
DRV - [2009/07/13 18:28:47 | 00,005,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009/07/13 18:28:45 | 00,017,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009/07/13 18:24:05 | 00,032,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\discache.sys -- (discache)
DRV - [2009/07/13 18:19:21 | 00,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\DRIVERS\HidBatt.sys -- (HidBatt)
DRV - [2009/07/13 18:16:36 | 00,009,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)
DRV - [2009/07/13 18:11:04 | 00,052,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM)
DRV - [2009/07/13 17:54:14 | 00,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 17:53:33 | 00,012,160 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2009/07/13 17:53:33 | 00,011,904 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2009/07/13 17:53:32 | 00,062,336 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2009/07/13 17:53:28 | 00,013,568 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
DRV - [2009/07/13 17:53:28 | 00,005,248 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
DRV - [2009/07/13 17:02:53 | 00,311,296 | ---- | M] (Marvell) -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2009/07/13 17:02:49 | 00,229,888 | ---- | M] (Broadcom Corporation) -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2009/07/13 17:02:48 | 03,100,160 | ---- | M] (Broadcom Corporation) -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)
DRV - [2009/07/13 17:02:48 | 00,430,080 | ---- | M] (Broadcom Corporation) -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)
DRV - [2009/07/13 15:50:20 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv)
DRV - [2009/07/09 11:16:16 | 00,039,424 | ---- | M] (Apple, Inc.) -- C:\Windows\System32\drivers\usbaapl.sys -- (USBAAPL)
DRV - [2009/06/10 16:19:48 | 09,853,248 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/05/18 14:17:00 | 00,026,600 | ---- | M] (GEAR Software Inc.) -- C:\Windows\System32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2008/12/10 22:28:17 | 00,047,360 | ---- | M] (VSO Software) -- C:\Windows\System32\drivers\pcouffin.sys -- (pcouffin)
DRV - [2008/05/20 17:33:50 | 00,022,784 | ---- | M] (Research In Motion Limited) -- C:\Windows\System32\drivers\RimUsb.sys -- (RimUsb)
DRV - [2007/12/28 06:58:30 | 00,289,280 | ---- | M] (NETGEAR Inc. ) -- C:\Windows\System32\drivers\wg111v3.sys -- (RTL8187B)
DRV - [2007/09/04 19:26:32 | 00,029,696 | ---- | M] (NVidia Corp.) -- C:\Windows\nvoclock.sys -- (NVR0Dev)
DRV - [2007/07/02 19:37:08 | 00,110,112 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\DRIVERS\nvstor32.sys -- (nvstor32)
DRV - [2007/05/01 02:00:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\Windows\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2007/04/23 20:13:22 | 01,769,952 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/04/11 15:33:06 | 00,079,376 | ---- | M] (Logitech Inc.) -- C:\Windows\System32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2007/04/11 15:32:38 | 00,063,248 | ---- | M] (Logitech Inc.) -- C:\Windows\System32\drivers\L8042mou.Sys -- (L8042mou)
DRV - [2007/04/11 15:32:30 | 00,020,496 | ---- | M] (Logitech Inc.) -- C:\Windows\System32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2006/11/08 18:55:10 | 00,986,624 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2006/11/08 18:54:02 | 00,258,048 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2006/11/08 18:53:48 | 00,659,968 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2006/08/04 20:39:10 | 00,008,192 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2006/06/19 17:26:58 | 00,012,672 | ---- | M] (Conexant) -- C:\Windows\System32\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2005/02/23 17:58:56 | 00,011,776 | ---- | M] (Arcsoft, Inc.) -- C:\Windows\System32\drivers\afc.sys -- (Afc)
DRV - [1996/04/03 14:33:26 | 00,005,248 | ---- | M] () -- C:\Windows\system32\giveio.sys -- (giveio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.html?Ch...P&M=GT5648E
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch...P&M=GT5648E
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gateway.com/g/sidepanel.html?Ch...P&M=GT5648E


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_page_URL = http://www.gateway.com/g/startpage.html?Ch...P&M=GT5648E
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch...P&M=GT5648E
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_page_URL = http://www.gateway.com/g/startpage.html?Ch...P&M=GT5648E
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch...P&M=GT5648E
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-336198503-2190284810-947229827-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\S-1-5-21-336198503-2190284810-947229827-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-21-336198503-2190284810-947229827-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-336198503-2190284810-947229827-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch...P&M=GT5648E
IE - HKU\S-1-5-21-336198503-2190284810-947229827-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2
IE - HKU\S-1-5-21-336198503-2190284810-947229827-1000\SOFTWARE\Microsoft\Internet Explorer\Search,AutoSearch = http://ie.search.msn.com/{SUB_RFC1766}/src...autosearch.aspx
IE - HKU\S-1-5-21-336198503-2190284810-947229827-1000\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKU\S-1-5-21-336198503-2190284810-947229827-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - HKU\S-1-5-21-336198503-2190284810-947229827-1000\S-1-5-21-336198503-2190284810-947229827-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-336198503-2190284810-947229827-1000\S-1-5-21-336198503-2190284810-947229827-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo.com/search?ei=UTF-8&fr=ytff-msgr&p="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/?.home=ytff"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.701
FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:0.9.10.1
FF - prefs.js..extensions.enabledItems: {35106bca-6c78-48c7-ac28-56df30b51d2a}:1.3.7
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000006
FF - prefs.js..extensions.enabledItems: {46868735-c3fa-47ce-8ce7-cce51a66aceb}:1.2
FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.2
FF - prefs.js..extensions.enabledItems: {f701c26a-479a-4724-b4f1-870db12f063c}:1.4.1
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.15
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?ei=UTF-8&fr=ytff-msgr&p="

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/11/01 20:09:20 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2009/11/12 19:05:45 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/11/20 13:31:14 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/11/20 13:31:13 | 00,000,000 | ---D | M]

[2009/11/01 20:17:49 | 00,000,000 | ---D | M] -- C:\Users\Mikel0329\AppData\Roaming\Mozilla\Extensions
[2008/06/17 14:28:51 | 00,000,000 | ---D | M] -- C:\Users\Mikel0329\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/11/24 15:46:00 | 00,000,000 | ---D | M] -- C:\Users\Mikel0329\AppData\Roaming\Mozilla\Firefox\Profiles\8o7rfpq9.default\extensions
[2009/11/01 20:17:51 | 00,000,000 | ---D | M] -- C:\Users\Mikel0329\AppData\Roaming\Mozilla\Firefox\Profiles\8o7rfpq9.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2009/11/01 20:17:51 | 00,000,000 | ---D | M] -- C:\Users\Mikel0329\AppData\Roaming\Mozilla\Firefox\Profiles\8o7rfpq9.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/11/21 09:59:08 | 00,000,000 | ---D | M] -- C:\Users\Mikel0329\AppData\Roaming\Mozilla\Firefox\Profiles\8o7rfpq9.default\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2a}
[2009/11/01 20:17:51 | 00,000,000 | ---D | M] -- C:\Users\Mikel0329\AppData\Roaming\Mozilla\Firefox\Profiles\8o7rfpq9.default\extensions\{46868735-c3fa-47ce-8ce7-cce51a66aceb}
[2009/11/01 20:17:51 | 00,000,000 | ---D | M] -- C:\Users\Mikel0329\AppData\Roaming\Mozilla\Firefox\Profiles\8o7rfpq9.default\extensions\{dc572301-7619-498c-a57d-39143191b318}
[2009/11/01 20:17:51 | 00,000,000 | ---D | M] -- C:\Users\Mikel0329\AppData\Roaming\Mozilla\Firefox\Profiles\8o7rfpq9.default\extensions\{f701c26a-479a-4724-b4f1-870db12f063c}
[2009/11/01 20:17:51 | 00,000,000 | ---D | M] -- C:\Users\Mikel0329\AppData\Roaming\Mozilla\Firefox\Profiles\8o7rfpq9.default\extensions\moveplayer@movenetworks.com
[2009/11/01 20:07:20 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/11/01 20:07:20 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/10/29 14:36:29 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2009/10/29 14:36:29 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2009/05/01 16:02:48 | 01,044,480 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\Mozilla Firefox\plugins\libdivx.dll
[2007/04/10 20:21:08 | 00,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
[2009/05/12 13:46:20 | 01,650,992 | ---- | M] (DivX,Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll
[2009/05/18 17:41:32 | 00,098,304 | ---- | M] (DivX, Inc) -- C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
[2008/06/27 15:03:12 | 01,446,440 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
[2009/10/29 14:36:30 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2009/11/20 13:31:13 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
[2009/11/20 13:31:13 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
[2009/11/20 13:31:13 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
[2009/11/20 13:31:13 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
[2009/11/20 13:31:13 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
[2009/11/20 13:31:13 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
[2009/11/20 13:31:13 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
[2009/05/01 16:02:48 | 00,200,704 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\Mozilla Firefox\plugins\ssldivx.dll
[2008/12/16 22:29:29 | 00,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2008/12/16 22:29:29 | 00,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2008/12/16 22:29:29 | 00,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2008/12/16 22:29:29 | 00,002,343 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2008/12/16 22:29:29 | 00,001,706 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2008/12/16 22:29:29 | 00,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2008/12/16 22:29:29 | 00,000,792 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: (352008 bytes) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 12067 more lines...
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (IeMonitorBho Class) - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll (Megaupload Limited)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Windows\System32\BAE.dll (Gateway Inc.)
O3 - HKU\S-1-5-21-336198503-2190284810-947229827-1000\..\Toolbar\WebBrowser: (no name) - {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - No CLSID value found.
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe ()
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKU\.DEFAULT..\Run: [EPSON Stylus CX7400 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATICDA.EXE (SEIKO EPSON CORPORATION)
O4 - HKU\S-1-5-18..\Run: [EPSON Stylus CX7400 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATICDA.EXE (SEIKO EPSON CORPORATION)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-336198503-2190284810-947229827-1000..\Run: [ehTray.exe] C:\Windows\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-336198503-2190284810-947229827-1000..\Run: [EPSON Stylus CX7400 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATICDA.EXE (SEIKO EPSON CORPORATION)
O4 - HKU\S-1-5-21-336198503-2190284810-947229827-1000..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKU\S-1-5-21-336198503-2190284810-947229827-1000..\Run: [NVIDIA nTune] C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe (NVIDIA)
O4 - HKU\S-1-5-21-336198503-2190284810-947229827-1000..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-336198503-2190284810-947229827-1000..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Mikel0329\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O8 - Extra context menu item: Download Link Using Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKLM\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-336198503-2190284810-947229827-1000\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} http://dl.tvunetworks.com/TVUAx.cab (CTVUAxCtrl Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} http://gameadvisor.futuremark.com/global/msc3121.cab (Measurement Services Client v.3.12)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 74.128.19.102 74.128.17.114
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2004/04/30 19:01:00 | 00,000,053 | -HS- | M] () - D:\Autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/11/25 10:21:59 | 00,531,456 | ---- | C] (OldTimer Tools) -- C:\Users\Mikel0329\Desktop\OTL.exe
[2009/11/24 08:47:03 | 00,000,000 | ---D | C] -- C:\rsit
[2009/11/20 13:32:17 | 00,107,368 | ---- | C] (GEAR Software Inc.) -- C:\Windows\System32\GEARAspi.dll
[2009/11/20 13:32:17 | 00,026,600 | ---- | C] (GEAR Software Inc.) -- C:\Windows\System32\drivers\GEARAspiWDM.sys
[2009/11/20 13:31:52 | 00,000,000 | ---D | C] -- C:\Program Files\iTunes
[2009/11/20 13:31:52 | 00,000,000 | ---D | C] -- C:\Program Files\iPod
[2009/11/20 13:31:52 | 00,000,000 | ---D | C] -- C:\ProgramData\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/11/20 13:31:01 | 00,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2009/11/13 22:00:14 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/11/13 21:19:30 | 00,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2009/11/13 21:19:30 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2009/11/12 19:06:32 | 00,000,000 | -H-D | C] -- C:\$AVG
[2009/11/12 19:06:27 | 00,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2009/11/12 19:06:26 | 00,028,424 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2009/11/12 19:06:25 | 00,000,000 | ---D | C] -- C:\Windows\System32\drivers\Avg
[2009/11/12 19:06:07 | 00,025,608 | ---- | C] (AVG Technologies ) -- C:\Windows\System32\drivers\AVGIDSwx.sys
[2009/11/12 19:06:06 | 00,360,584 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2009/11/12 19:06:06 | 00,333,192 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2009/11/12 19:06:06 | 00,161,800 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgrkx86.sys
[2009/11/12 19:05:45 | 00,024,856 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgfwd6x.sys
[2009/11/12 19:05:45 | 00,000,000 | ---D | C] -- C:\Program Files\AVG
[2009/11/12 19:05:42 | 00,000,000 | ---D | C] -- C:\ProgramData\avg9
[2009/11/12 07:26:11 | 26,768,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MRT.exe
[2009/11/10 23:08:24 | 00,094,208 | ---- | C] (Apple Inc.) -- C:\Windows\System32\QuickTimeVR.qtx
[2009/11/10 23:08:24 | 00,069,632 | ---- | C] (Apple Inc.) -- C:\Windows\System32\QuickTime.qts
[2009/11/10 16:20:11 | 00,000,000 | ---D | C] -- C:\Users\Mikel0329\AppData\Local\MigWiz
[2009/11/09 11:53:57 | 00,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2009/11/03 19:52:38 | 00,000,000 | R-SD | C] -- C:\Users\Mikel0329\Documents\My Stationery
[2009/11/03 19:49:13 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2009/11/03 19:48:42 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2009/11/03 19:48:24 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live SkyDrive
[2009/11/03 19:39:30 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2009/11/03 19:38:30 | 05,958,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.dll
[2009/11/03 19:38:29 | 00,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2009/11/01 22:56:24 | 00,000,000 | ---D | C] -- C:\Windows\Panther
[2009/11/01 22:45:36 | 00,000,000 | -H-D | C] -- C:\$WINDOWS.~Q
[2009/11/01 22:37:51 | 00,000,000 | -H-D | C] -- C:\$INPLACE.~TR
[2009/11/01 21:32:58 | 00,257,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msv1_0.dll
[2009/11/01 21:30:21 | 11,406,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmp.dll
[2009/11/01 21:30:20 | 01,320,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CertEnroll.dll
[2009/11/01 21:30:20 | 00,728,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgkrnl.sys
[2009/11/01 21:30:19 | 02,613,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2009/11/01 21:30:19 | 00,507,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winload.exe
[2009/11/01 21:30:19 | 00,108,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2009/11/01 21:30:19 | 00,071,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2009/11/01 21:30:18 | 12,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2009/11/01 21:30:18 | 00,442,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winresume.exe
[2009/11/01 21:30:18 | 00,293,888 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2009/11/01 21:30:16 | 00,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msasn1.dll
[2009/11/01 21:28:39 | 00,000,000 | ---D | C] -- C:\ProgramData\Logs
[2009/11/01 21:12:14 | 00,201,968 | ---- | C] (CA, Inc.) -- C:\Windows\System32\Isafprod.dll
[2009/11/01 21:12:14 | 00,128,240 | ---- | C] (Computer Associates International, Inc.) -- C:\Windows\System32\Isafeif.dll
[2009/11/01 21:12:14 | 00,095,472 | ---- | C] (Computer Associates International, Inc.) -- C:\Windows\System32\Vetredir.dll
[2009/11/01 21:09:47 | 00,000,000 | -H-D | C] -- C:\Config.msi
[2009/11/01 21:08:36 | 00,000,000 | ---D | C] -- C:\Windows\rnapxs
[2009/11/01 20:47:59 | 00,000,000 | ---D | C] -- C:\Users\Mikel0329\AppData\Local\Diagnostics
[2009/11/01 20:42:25 | 00,000,000 | -HSD | C] -- C:\Recovery
[2009/11/01 20:01:53 | 00,000,000 | --SD | C] -- C:\Users\Mikel0329\AppData\Roaming\Microsoft
[2009/11/01 20:01:53 | 00,000,000 | R--D | C] -- C:\Users\Mikel0329\Videos
[2009/11/01 20:01:53 | 00,000,000 | R--D | C] -- C:\Users\Mikel0329\Saved Games
[2009/11/01 20:01:53 | 00,000,000 | R--D | C] -- C:\Users\Mikel0329\Pictures
[2009/11/01 20:01:53 | 00,000,000 | R--D | C] -- C:\Users\Mikel0329\Music
[2009/11/01 20:01:53 | 00,000,000 | R--D | C] -- C:\Users\Mikel0329\Links
[2009/11/01 20:01:53 | 00,000,000 | R--D | C] -- C:\Users\Mikel0329\Favorites
[2009/11/01 20:01:53 | 00,000,000 | R--D | C] -- C:\Users\Mikel0329\Downloads
[2009/11/01 20:01:53 | 00,000,000 | R--D | C] -- C:\Users\Mikel0329\Documents
[2009/11/01 20:01:53 | 00,000,000 | R--D | C] -- C:\Users\Mikel0329\Desktop
[2009/11/01 20:01:53 | 00,000,000 | -HSD | C] -- C:\Users\Mikel0329\AppData\Local\Temporary Internet Files
[2009/11/01 20:01:53 | 00,000,000 | -HSD | C] -- C:\Users\Mikel0329\Templates
[2009/11/01 20:01:53 | 00,000,000 | -HSD | C] -- C:\Users\Mikel0329\Start Menu
[2009/11/01 20:01:53 | 00,000,000 | -HSD | C] -- C:\Users\Mikel0329\SendTo
[2009/11/01 20:01:53 | 00,000,000 | -HSD | C] -- C:\Users\Mikel0329\Recent
[2009/11/01 20:01:53 | 00,000,000 | -HSD | C] -- C:\Users\Mikel0329\PrintHood
[2009/11/01 20:01:53 | 00,000,000 | -HSD | C] -- C:\Users\Mikel0329\NetHood
[2009/11/01 20:01:53 | 00,000,000 | -HSD | C] -- C:\Users\Mikel0329\Documents\My Videos
[2009/11/01 20:01:53 | 00,000,000 | -HSD | C] -- C:\Users\Mikel0329\Documents\My Pictures
[2009/11/01 20:01:53 | 00,000,000 | -HSD | C] -- C:\Users\Mikel0329\Documents\My Music
[2009/11/01 20:01:53 | 00,000,000 | -HSD | C] -- C:\Users\Mikel0329\My Documents
[2009/11/01 20:01:53 | 00,000,000 | -HSD | C] -- C:\Users\Mikel0329\Local Settings
[2009/11/01 20:01:53 | 00,000,000 | -HSD | C] -- C:\Users\Mikel0329\AppData\Local\History
[2009/11/01 20:01:53 | 00,000,000 | -HSD | C] -- C:\Users\Mikel0329\Cookies
[2009/11/01 20:01:53 | 00,000,000 | -HSD | C] -- C:\Users\Mikel0329\Application Data
[2009/11/01 20:01:53 | 00,000,000 | -HSD | C] -- C:\Users\Mikel0329\AppData\Local\Application Data
[2009/11/01 20:01:53 | 00,000,000 | -H-D | C] -- C:\Users\Mikel0329\AppData
[2009/11/01 20:01:53 | 00,000,000 | ---D | C] -- C:\Users\Mikel0329\AppData\Local\Temp
[2009/11/01 20:01:53 | 00,000,000 | ---D | C] -- C:\Users\Mikel0329\AppData\Local\Microsoft
[2009/11/01 20:01:53 | 00,000,000 | ---D | C] -- C:\Users\Mikel0329\AppData\Roaming\Media Center Programs
[2009/11/01 20:01:05 | 00,000,000 | ---D | C] -- C:\ProgramData\EPSON
[2009/11/01 19:59:43 | 00,000,000 | ---D | C] -- C:\Windows\System32\RTCOM
[2009/11/01 19:59:40 | 00,000,000 | ---D | C] -- C:\Program Files\CONEXANT
[2009/11/01 19:58:10 | 00,000,000 | ---D | C] -- C:\Windows\Prefetch
[2008/12/10 22:28:17 | 00,047,360 | ---- | C] (VSO Software) -- C:\Users\Mikel0329\AppData\Roaming\pcouffin.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2009/11/25 10:30:38 | 06,029,312 | -HS- | M] () -- C:\Users\Mikel0329\NTUSER.DAT
[2009/11/25 10:22:00 | 00,531,456 | ---- | M] (OldTimer Tools) -- C:\Users\Mikel0329\Desktop\OTL.exe
[2009/11/25 06:07:16 | 45,710,353 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2009/11/25 06:07:05 | 00,105,663 | ---- | M] () -- C:\Windows\System32\drivers\Avg\microavi.avg
[2009/11/24 18:06:42 | 00,542,328 | ---- | M] () -- C:\Windows\System32\drivers\Avg\iavifw.avm
[2009/11/24 16:28:12 | 00,017,241 | ---- | M] () -- C:\Users\Mikel0329\Documents\one two three.docx
[2009/11/24 15:43:32 | 00,713,888 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/11/24 15:43:32 | 00,615,122 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/11/24 15:43:32 | 00,103,496 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/11/24 12:06:37 | 00,010,288 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2009/11/24 12:06:37 | 00,010,288 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2009/11/24 11:59:29 | 00,000,020 | ---- | M] () -- C:\Windows\System32\SYSTEM
[2009/11/24 11:59:09 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/11/24 11:59:01 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/11/24 11:58:59 | 24,147,31264 | -HS- | M] () -- C:\hiberfil.sys
[2009/11/22 21:06:37 | 00,687,126 | ---- | M] () -- C:\Users\Mikel0329\Desktop\IMG00029-20091122-2103.jpg
[2009/11/20 13:44:00 | 02,483,985 | -H-- | M] () -- C:\Users\Mikel0329\AppData\Local\IconCache.db
[2009/11/20 13:32:20 | 00,002,429 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2009/11/20 13:31:05 | 00,001,815 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2009/11/13 21:25:26 | 00,352,008 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2009/11/13 21:19:36 | 00,001,216 | ---- | M] () -- C:\Users\Mikel0329\Desktop\Spybot - Search & Destroy.lnk
[2009/11/12 19:06:27 | 00,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2009/11/12 19:06:27 | 00,001,812 | ---- | M] () -- C:\Users\Public\Desktop\AVG 9.0.lnk
[2009/11/12 19:06:26 | 00,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2009/11/12 19:06:25 | 06,061,540 | ---- | M] () -- C:\Windows\System32\drivers\Avg\avi7.avg
[2009/11/12 19:06:25 | 00,492,629 | ---- | M] () -- C:\Windows\System32\drivers\Avg\miniavi.avg
[2009/11/12 19:06:25 | 00,113,461 | ---- | M] () -- C:\Windows\System32\drivers\Avg\iavichjw.avm
[2009/11/12 19:06:07 | 00,025,608 | ---- | M] (AVG Technologies ) -- C:\Windows\System32\drivers\AVGIDSwx.sys
[2009/11/12 19:06:06 | 00,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2009/11/12 19:06:06 | 00,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2009/11/12 19:06:06 | 00,161,800 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgrkx86.sys
[2009/11/12 19:05:45 | 00,024,856 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgfwd6x.sys
[2009/11/10 23:08:24 | 00,094,208 | ---- | M] (Apple Inc.) -- C:\Windows\System32\QuickTimeVR.qtx
[2009/11/10 23:08:24 | 00,069,632 | ---- | M] (Apple Inc.) -- C:\Windows\System32\QuickTime.qts
[2009/11/10 17:05:04 | 00,007,605 | ---- | M] () -- C:\Users\Mikel0329\AppData\Local\Resmon.ResmonCfg
[2009/11/05 09:36:22 | 26,768,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MRT.exe
[2009/11/02 22:55:00 | 00,060,700 | ---- | M] () -- C:\Windows\System32\drivers\KmxAgent.asc
[2009/11/02 20:42:06 | 00,195,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2009/11/01 22:56:11 | 00,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2009/11/01 21:37:55 | 00,334,344 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/11/01 21:36:55 | 00,000,273 | ---- | M] () -- C:\Windows\System32\drivers\kmxzone.u2k1
[2009/11/01 21:36:55 | 00,000,273 | ---- | M] () -- C:\Windows\System32\drivers\kmxzone.u2k0
[2009/11/01 21:36:55 | 00,000,045 | ---- | M] () -- C:\Windows\System32\drivers\kmxzone.u2k7
[2009/11/01 21:36:55 | 00,000,045 | ---- | M] () -- C:\Windows\System32\drivers\kmxzone.u2k6
[2009/11/01 21:36:55 | 00,000,045 | ---- | M] () -- C:\Windows\System32\drivers\kmxzone.u2k5
[2009/11/01 21:36:55 | 00,000,045 | ---- | M] () -- C:\Windows\System32\drivers\kmxzone.u2k4
[2009/11/01 21:36:55 | 00,000,045 | ---- | M] () -- C:\Windows\System32\drivers\kmxzone.u2k3
[2009/11/01 21:36:55 | 00,000,045 | ---- | M] () -- C:\Windows\System32\drivers\kmxzone.u2k2
[2009/11/01 21:32:39 | 00,079,064 | ---- | M] () -- C:\Users\Mikel0329\AppData\Local\GDIPFONTCACHEV1.DAT
[2009/11/01 21:20:33 | 00,008,192 | ---- | M] () -- C:\bootsect.lxe.bak
[2009/11/01 21:20:32 | 00,383,592 | RHS- | M] () -- C:\gdrop
[2009/11/01 21:20:32 | 00,171,136 | RHS- | M] () -- C:\xeldr
[2009/11/01 21:11:39 | 00,000,219 | ---- | M] () -- C:\Windows\SYSTEM.INI
[2009/11/01 21:09:41 | 00,000,007 | ---- | M] () -- C:\Windows\System32\mkghj.dll
[2009/11/01 20:42:34 | 00,000,020 | -HS- | M] () -- C:\Users\Mikel0329\ntuser.ini
[2009/11/01 20:39:26 | 00,040,251 | ---- | M] () -- C:\Windows\System32\license.rtf
[2009/11/01 20:29:28 | 00,021,316 | ---- | M] () -- C:\Windows\System32\emptyregdb.dat
[2009/11/01 20:01:54 | 00,524,288 | -HS- | M] () -- C:\Users\Mikel0329\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
[2009/11/01 20:01:54 | 00,524,288 | -HS- | M] () -- C:\Users\Mikel0329\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
[2009/11/01 20:01:54 | 00,065,536 | -HS- | M] () -- C:\Users\Mikel0329\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf
[2009/11/01 20:01:25 | 00,000,057 | ---- | M] () -- C:\Windows\System32\mapisvc.inf
[2009/11/01 19:59:16 | 00,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2009/11/01 19:33:25 | 00,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/11/01 19:33:25 | 00,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/11/01 18:41:57 | 00,001,890 | ---- | M] () -- C:\Windows\diagwrn.xml
[2009/11/01 18:41:57 | 00,001,890 | ---- | M] () -- C:\Windows\diagerr.xml
[2009/11/01 18:34:46 | 00,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2009/11/01 17:51:33 | 00,000,000 | ---- | M] () -- C:\Windows\DbgOut.INI
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/11/24 11:59:29 | 00,000,020 | ---- | C] () -- C:\Windows\System32\SYSTEM
[2009/11/22 21:06:40 | 00,687,126 | ---- | C] () -- C:\Users\Mikel0329\Desktop\IMG00029-20091122-2103.jpg
[2009/11/20 13:32:20 | 00,002,429 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2009/11/20 13:31:05 | 00,001,815 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2009/11/13 21:19:36 | 00,001,216 | ---- | C] () -- C:\Users\Mikel0329\Desktop\Spybot - Search & Destroy.lnk
[2009/11/12 19:06:27 | 00,001,812 | ---- | C] () -- C:\Users\Public\Desktop\AVG 9.0.lnk
[2009/11/12 19:06:25 | 45,710,353 | ---- | C] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2009/11/12 19:06:25 | 06,061,540 | ---- | C] () -- C:\Windows\System32\drivers\Avg\avi7.avg
[2009/11/12 19:06:25 | 00,542,328 | ---- | C] () -- C:\Windows\System32\drivers\Avg\iavifw.avm
[2009/11/12 19:06:25 | 00,492,629 | ---- | C] () -- C:\Windows\System32\drivers\Avg\miniavi.avg
[2009/11/12 19:06:25 | 00,113,461 | ---- | C] () -- C:\Windows\System32\drivers\Avg\iavichjw.avm
[2009/11/12 19:06:25 | 00,105,663 | ---- | C] () -- C:\Windows\System32\drivers\Avg\microavi.avg
[2009/11/10 17:05:04 | 00,007,605 | ---- | C] () -- C:\Users\Mikel0329\AppData\Local\Resmon.ResmonCfg
[2009/11/01 21:36:55 | 00,060,700 | ---- | C] () -- C:\Windows\System32\drivers\KmxAgent.asc
[2009/11/01 21:36:31 | 02,483,985 | -H-- | C] () -- C:\Users\Mikel0329\AppData\Local\IconCache.db
[2009/11/01 21:34:36 | 00,000,273 | ---- | C] () -- C:\Windows\System32\drivers\kmxzone.u2k1
[2009/11/01 21:34:36 | 00,000,273 | ---- | C] () -- C:\Windows\System32\drivers\kmxzone.u2k0
[2009/11/01 21:34:36 | 00,000,045 | ---- | C] () -- C:\Windows\System32\drivers\kmxzone.u2k7
[2009/11/01 21:34:36 | 00,000,045 | ---- | C] () -- C:\Windows\System32\drivers\kmxzone.u2k6
[2009/11/01 21:34:36 | 00,000,045 | ---- | C] () -- C:\Windows\System32\drivers\kmxzone.u2k5
[2009/11/01 21:34:36 | 00,000,045 | ---- | C] () -- C:\Windows\System32\drivers\kmxzone.u2k4
[2009/11/01 21:34:36 | 00,000,045 | ---- | C] () -- C:\Windows\System32\drivers\kmxzone.u2k3
[2009/11/01 21:34:36 | 00,000,045 | ---- | C] () -- C:\Windows\System32\drivers\kmxzone.u2k2
[2009/11/01 21:32:39 | 00,079,064 | ---- | C] () -- C:\Users\Mikel0329\AppData\Local\GDIPFONTCACHEV1.DAT
[2009/11/01 21:20:33 | 00,008,192 | ---- | C] () -- C:\bootsect.lxe.bak
[2009/11/01 21:20:32 | 00,383,592 | RHS- | C] () -- C:\gdrop
[2009/11/01 21:20:32 | 00,171,136 | RHS- | C] () -- C:\xeldr
[2009/11/01 21:09:41 | 00,000,007 | ---- | C] () -- C:\Windows\System32\mkghj.dll
[2009/11/01 20:47:29 | 00,713,888 | ---- | C] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/11/01 20:42:34 | 00,000,020 | -HS- | C] () -- C:\Users\Mikel0329\ntuser.ini
[2009/11/01 20:40:53 | 24,147,31264 | -HS- | C] () -- C:\hiberfil.sys
[2009/11/01 20:29:28 | 00,021,316 | ---- | C] () -- C:\Windows\System32\emptyregdb.dat
[2009/11/01 20:01:53 | 06,029,312 | -HS- | C] () -- C:\Users\Mikel0329\NTUSER.DAT
[2009/11/01 20:01:53 | 00,524,288 | -HS- | C] () -- C:\Users\Mikel0329\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
[2009/11/01 20:01:53 | 00,524,288 | -HS- | C] () -- C:\Users\Mikel0329\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
[2009/11/01 20:01:53 | 00,065,536 | -HS- | C] () -- C:\Users\Mikel0329\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf
[2009/11/01 20:00:43 | 00,010,288 | -H-- | C] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2009/11/01 20:00:43 | 00,010,288 | -H-- | C] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2009/11/01 19:59:16 | 00,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2009/11/01 18:23:20 | 00,001,890 | ---- | C] () -- C:\Windows\diagwrn.xml
[2009/11/01 18:23:20 | 00,001,890 | ---- | C] () -- C:\Windows\diagerr.xml
[2009/11/01 17:51:33 | 00,000,000 | ---- | C] () -- C:\Windows\DbgOut.INI
[2009/09/23 22:01:04 | 00,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/07/28 12:12:47 | 00,000,006 | -HS- | C] () -- C:\Users\Mikel0329\AppData\Roaming\desktop.ini
[2009/07/13 23:52:31 | 00,043,318 | ---- | C] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
[2009/07/13 23:52:31 | 00,029,779 | ---- | C] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/13 23:52:31 | 00,026,489 | ---- | C] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/13 23:52:31 | 00,026,040 | ---- | C] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/13 23:41:57 | 00,000,174 | -HS- | C] () -- C:\Program Files\desktop.ini
[2009/07/13 21:04:57 | 00,001,405 | ---- | C] () -- C:\Windows\msdfmap.ini
[2009/07/13 21:04:23 | 00,000,219 | ---- | C] () -- C:\Windows\SYSTEM.INI
[2009/07/13 18:51:43 | 00,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 18:42:10 | 00,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/07/13 16:40:44 | 00,027,097 | ---- | C] () -- C:\Windows\System32\country.sys
[2009/07/13 16:40:43 | 00,042,809 | ---- | C] () -- C:\Windows\System32\KEY01.SYS
[2009/07/13 16:40:43 | 00,042,537 | ---- | C] () -- C:\Windows\System32\KEYBOARD.SYS
[2009/07/13 16:40:41 | 00,009,029 | ---- | C] () -- C:\Windows\System32\ANSI.SYS
[2009/07/13 16:40:40 | 00,004,768 | ---- | C] () -- C:\Windows\System32\HIMEM.SYS
[2009/07/13 16:40:39 | 00,029,274 | ---- | C] () -- C:\Windows\System32\NTDOS412.SYS
[2009/07/13 16:40:35 | 00,029,370 | ---- | C] () -- C:\Windows\System32\NTDOS411.SYS
[2009/07/13 16:40:31 | 00,029,146 | ---- | C] () -- C:\Windows\System32\NTDOS404.SYS
[2009/07/13 16:40:27 | 00,029,146 | ---- | C] () -- C:\Windows\System32\NTDOS804.SYS
[2009/07/13 16:40:23 | 00,027,866 | ---- | C] () -- C:\Windows\System32\NTDOS.SYS
[2009/07/13 16:40:19 | 00,035,536 | ---- | C] () -- C:\Windows\System32\NTIO412.SYS
[2009/07/13 16:40:17 | 00,035,776 | ---- | C] () -- C:\Windows\System32\NTIO411.SYS
[2009/07/13 16:40:15 | 00,034,672 | ---- | C] () -- C:\Windows\System32\NTIO404.SYS
[2009/07/13 16:40:13 | 00,034,672 | ---- | C] () -- C:\Windows\System32\NTIO804.SYS
[2009/07/13 16:40:11 | 00,033,952 | ---- | C] () -- C:\Windows\System32\NTIO.SYS
[2009/07/13 16:03:59 | 00,364,544 | ---- | C] () -- C:\Windows\System32\msjetoledb40.dll
[2009/07/13 15:29:46 | 00,013,312 | ---- | C] () -- C:\Windows\System32\win87em.dll
[2009/06/10 16:39:59 | 00,060,124 | ---- | C] () -- C:\Windows\System32\tcpmon.ini
[2008/12/10 22:29:25 | 00,000,033 | ---- | C] () -- C:\Users\Mikel0329\AppData\Roaming\pcouffin.log
[2008/12/10 22:28:17 | 00,087,608 | ---- | C] () -- C:\Users\Mikel0329\AppData\Roaming\inst.exe
[2008/12/10 22:28:17 | 00,007,887 | ---- | C] () -- C:\Users\Mikel0329\AppData\Roaming\pcouffin.cat
[2008/12/10 22:28:17 | 00,001,144 | ---- | C] () -- C:\Users\Mikel0329\AppData\Roaming\pcouffin.inf
[2008/08/26 22:15:21 | 00,000,094 | ---- | C] () -- C:\Windows\family.ini
[2008/08/15 16:08:08 | 00,000,089 | ---- | C] () -- C:\Windows\MyHeritage.INI
[2008/08/15 16:04:46 | 00,454,656 | ---- | C] () -- C:\Windows\System32\PaintX.dll
[2008/03/04 17:52:34 | 00,286,720 | ---- | C] () -- C:\Windows\System32\libcurl.dll
[2008/02/12 17:52:10 | 00,000,398 | ---- | C] () -- C:\Users\Mikel0329\AppData\Roaming\wklnhst.dat
[2008/01/02 22:07:33 | 00,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2008/01/02 22:05:56 | 00,000,079 | ---- | C] () -- C:\Windows\EPSCX7400.ini
[2007/10/31 08:39:54 | 00,059,904 | ---- | C] () -- C:\Windows\System32\zlib1.dll
[2007/05/17 12:58:10 | 00,143,360 | ---- | C] () -- C:\Windows\System32\libexpatw.dll
[2007/03/12 12:01:30 | 00,217,088 | ---- | C] () -- C:\Windows\NVGfxOgl.dll
[2006/11/22 17:16:18 | 00,003,612 | ---- | C] () -- C:\Windows\ReaderString.ini
[2006/11/21 13:50:06 | 00,000,037 | ---- | C] () -- C:\Windows\sunkist.ini
[2006/11/02 05:23:31 | 00,000,169 | ---- | C] () -- C:\Windows\win.ini
[2001/11/19 22:05:18 | 00,003,972 | ---- | C] () -- C:\Windows\System32\drivers\PciBus.sys
[1996/04/03 14:33:26 | 00,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 182 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:A8ADE5D8
< End of report >

#10 mexycan

mexycan
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:43 AM

Posted 25 November 2009 - 10:45 AM

here is log numer 2

OTL Extras logfile created on: 11/25/2009 10:29:16 AM - Run 1
OTL by OldTimer - Version 3.1.10.1 Folder = C:\Users\Mikel0329\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.96 Gb Available Physical Memory | 98.20% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 287.83 Gb Total Space | 151.08 Gb Free Space | 52.49% Space Free | Partition Type: NTFS
Drive D: | 10.26 Gb Total Space | 4.52 Gb Free Space | 44.05% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MIKEL0329-PC
Current User Name: Mikel0329
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- "%SystemRoot%\hh.exe" %1
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-336198503-2190284810-947229827-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "%SystemRoot%\hh.exe" %1 File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0076E1AC-9E7B-4B9F-A62A-4CC9511AD8E3}" = Zune Language Pack (FR)
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0D6D96F4-0CAF-4522-B05F-70A88EDECDFD}" = ArcSoft Print Creations
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{14574B7F-75D1-4718-B7F2-EBF6E2862A35}" = Company of Heroes - FAKEMSI
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{199E6632-EB28-4F73-AECB-3E192EB92D18}" = Company of Heroes - FAKEMSI
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{221BAABB-A092-4FA8-9795-EBFDC9BEA813}" = BlackBerry Device Software v4.5.0 for the BlackBerry 8100 smartphone
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{24ADC0E4-8D3E-40C4-9106-F2DE5E9112F1}" = EPSON Stylus CX7400 Series Scanner Driver Update
"{25724802-CC14-4B90-9F3B-3D6955EE27B1}" = Company of Heroes - FAKEMSI
"{2D2D8FE2-605C-4D3C-B706-36E981E7EEF0}" = BD Advisor 2.0
"{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}" = Logitech SetPoint
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{32C4A4EB-C97D-414E-99C5-38F8DFD31D5D}" = Company of Heroes - FAKEMSI
"{3B6E1E25-36B3-408B-A658-9AC4F6A721AD}" = BlackBerry Device Software v4.5.0 for the BlackBerry 8100 smartphone
"{3B6E3FC6-274C-4B6C-BC85-5C3B15DE18E2}" = Mega Manager
"{3BA044B0-A5E4-428E-8731-63BD5DD4FDB2}" = CSI
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = Browser Address Error Redirector
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go 5.0
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4FEC2880-0ED9-44F4-AD20-1F4F4619B8F9}" = Mega Manager
"{50193078-F553-4EBA-AA77-64C9FAA12F98}" = Company of Heroes - FAKEMSI
"{51D718D1-DA81-4FAD-919F-5C1CE3C33379}" = Company of Heroes - FAKEMSI
"{5396FBD8-8BD7-47F9-92AE-F62F13D5A11D}" = NETGEAR WG111v3 wireless USB 2.0 adapter
"{56918C0C-0D87-4CA6-92BF-4975A43AC719}" = KhalInstallWrapper
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{63AFACBC-4795-4A1B-8037-5085DC03FC54}" = Microsoft LifeCam
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{66F78C51-D108-4F0C-A93C-1CBE74CE338F}" = Company of Heroes - FAKEMSI
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA nTune
"{7F3BCF8A-8E02-4659-AF25-F9AB66BD6718}" = Gateway Recovery Center Installer
"{7F4B1592-222F-4E5F-A100-E5AFD61A0BB3}" = Company of Heroes - FAKEMSI
"{80D03817-7943-4839-8E96-B9F924C5E67D}" = Company of Heroes - FAKEMSI
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8CC990CD-87C8-475C-AC32-8A7984E2FCFA}" = CDDRV_Installer
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile Device Center
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97E5205F-EA4F-438F-B211-F1846419F1C1}" = Company of Heroes - FAKEMSI
"{99A7722D-9ACB-43F3-A222-ABC7133F159E}" = Company of Heroes - FAKEMSI
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}" = iTunes
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A80000000002}" = Adobe Reader 8
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BA801B94-C28D-46EE-B806-E1E021A3D519}" = Company of Heroes - FAKEMSI
"{BE2CC4A5-2128-4EA2-941D-14F7A6A1AB61}" = Digital Media Reader
"{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver
"{D03E7B00-CA85-4684-9321-1888873C34BD}" = ArcSoft PhotoImpression 6
"{D4D244D1-05E0-4D24-86A2-B2433C435671}" = Company of Heroes - FAKEMSI
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E7044E25-3038-4A76-9064-344AC038043E}" = Windows Mobile Device Center Driver Update
"{EAF636A9-F664-4703-A659-85A894DA264F}" = Company of Heroes - FAKEMSI
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{EE4ACABF-531E-419A-9225-B8E0FA4955AF}" = Zune Language Pack (ES)
"{EE59E3BD-6B7D-4BBB-B9CD-20EA7AEF1E10}" = BlackBerry Desktop Software 5.0
"{EE5EEDAF-F932-462B-A2CB-EEBDF819D5F5}" = Gateway Connect
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3CA9611-CD42-4562-ADAB-A554CF8E17F1}" = Microsoft WSE 2.0 SP3 Runtime
"{FC1C2427-5954-451C-9ED8-A92D48ED7E07}" = CSI-Hard Evidence
"{FF3D660E-E5CC-47FD-8050-1B4DE3BA81A9}" = Dual-Core Optimizer
"{FF70513F-E3A7-402F-84FB-B7810A064BE2}" = Zune
"3D6F095EF616C719D1E72E6EA2681F3CFA0AE7B8" = Windows Driver Package - NVIDIA Corporation (nvstor32) HDC (07/02/2007 5.10.2600.0995)
"7-Zip" = 7-Zip 4.65
"abgx360" = abgx360 v1.0.1
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AVG9Uninstall" = AVG 9.0
"BlackBerry_{EE59E3BD-6B7D-4BBB-B9CD-20EA7AEF1E10}" = BlackBerry Desktop Software 5.0
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F40&SUBSYS_200014F1" = Soft Data Fax Modem with SmartCP
"Company of Heroes" = Company of Heroes
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Shrink_is1" = DVD Shrink 3.2
"EphPod" = EphPod
"EPSON Printer and Utilities" = EPSON Printer Software
"EPSON Scanner" = EPSON Scan
"Family Tree Builder" = MyHeritage Family Tree Builder
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"ImgBurn" = ImgBurn
"InstallShield_{5396FBD8-8BD7-47F9-92AE-F62F13D5A11D}" = NETGEAR WG111v3 wireless USB 2.0 adapter
"InstallShield_{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA nTune
"InstallShield_{BE2CC4A5-2128-4EA2-941D-14F7A6A1AB61}" = Digital Media Reader
"LimeWire" = LimeWire 4.18.3
"Measurement Services Client" = Futuremark Measurement Services Client
"Mozilla Firefox (3.0.15)" = Mozilla Firefox (3.0.15)
"NVIDIA Drivers" = NVIDIA Drivers
"Silent Package Run-Time Sample" = EPSON CX7400 User's Guide
"Switch" = Switch Sound File Converter
"SystemRequirementsLab" = System Requirements Lab
"Windows Mobile Device Handbook" = PalmŪ Support Center
"WinLiveSuite_Wave3" = Windows Live Essentials
"Yahoo! Mail" = Yahoo! Internet Mail
"Yahoo! Messenger" = Yahoo! Messenger
"Zune" = Zune

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-336198503-2190284810-947229827-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"5f48e2ab41c5d005" = RapidShare Manager
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

#11 Net_Surfer

Net_Surfer

  • Banned
  • 2,154 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:43 PM

Posted 26 November 2009 - 11:02 PM



Hello again mexycan, :step1:

Sorry for the delay.

Please observe these rules while we work
:
  • Please Read All Instructions Carefully and perform the steps fully and in the order they are written.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Do not attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process.
  • In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.
  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.
  • Please continue to review my answers until I tell you that your machine is clean and free of malware. (Remember absence of symptoms does not mean that everything is clear).
Just because you can't see a problem doesn't mean it isn't there.

If you can do these things, everything should go smoothly. :(

---------------------------*------------------------


I need you to read and take some action on The following warnings:
.


P2P Warning :)

The log shows that you have been using so called peer-to-peer or file-sharing programmes (in your case: LimeWire 4.18.3). These programmes allow to share files between users as the name(s) suggest. In today's world the cyber crime has come a long way and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of their malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."

It is also important to note that sharing entertainment files and proprietary software infringes the copyright laws in many countries over the world and you are putting yourself at risk of being indicted through organisations watching over the rights of the authors of such files (i.e. the RIAA for music files, or the MPAA for movie files in the USA) or the authors of the files themselves.

P2P programs form a direct conduit onto your computer, their security measures are easily circumvented, and Malware writers are increasingly exploiting them to spread their wares onto your computer. Further to that, if your P2P programme is not configured correctly you may be sharing more files than you realise. There have been cases where people's Passwords, Address Books and other personal, private, and financial details have been exposed to the file sharing network by a badly configured programme.

This article from InfoWorld illustrates perfectly the dangers of a poorly configured P2P program.
http://www.infoworld.com/article/07/09/06/...ID-theft_1.html

Many of the programs come bundled with other unwanted programs, but even the ones free of any bundled software are not safe to use.

When you use them you are downloading software from an unknown source directly onto your computer, bypassing your Firewall and Anti-Virus software. Hardly surprising then that many of these Downloads are being targeted to carry infections.

Note: It is pretty much certain that if you continue to use P2P programs, then you will get infected again.

I would recommend that you uninstall LimeWire 4.18.3, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.

If you wish to keep it, please do not use it until your computer is cleaned.
Naturally there are also legal ways to use these services, such as downloading Linux distributions or office suites such as "Open Office."

-------------------------*-------------------------


Before we begin, you should save these instructions in Notepad to your Desktop, or print them, for easy reference and to make sure you don't get lost. Make sure to work through the fixes in the exact order in which they are mentioned below and do not miss any steps out. If at any point you have questions, or are unsure of the instructions, do not hesitate to post here and ask for clarification before proceeding with the fixes.

:) I see you are running Teatimer. I suggest you to disable it!

Firstly, we need to disable SpyBot's Teatimer which can interfere with the fixes.


TeaTimer works by preventing ANY changes to the system. It will attempt to undo any fixes we run, because it blocks these fixes from running.

In order to safeguard your system from problems that can be brought on by a half finished fix, we need to disable TeaTimer. We can reenable it when we're done if you like.
  • Open SpyBot Search and Destroy by going to Start -> All Programs -> Spybot Search and Destroy -> Spybot Search and Destroy.
  • If prompted with a legal dialog, accept the warning.
  • Click Posted Image and then on "Advanced Mode"
    Posted Image
  • You may be presented with a warning dialog. If so, press Posted Image
  • Click on Posted Image
  • Click on Posted Image
  • Uncheck this checkbox:
    Posted Image
  • Close/Exit Spybot Search and Destroy
If teatimer gives you a warning afterwards that some changes were made, allow this instead of blocking it.

Tutorial to How to disable SPYBOT TEATIMER if needed.


:) * Malwarebytes' Anti-Malware (MBAM)

Because some malware can be easily removed, we recommend Malwarebytes Anti-Malware be run. It's an advanced piece of software which should get a lot of what's on this machine. These guys are so on top of the latest infections it's amazing.

It's important to let me know however, if you experience any trouble getting to the site or updating it or opening it to run. Some rootkits target MBAM and those indicators are the 'tell', if you will. We have another method of double-checking for this rootkit, which if present, will require another special tool.


Please download Posted ImageMalwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself.
  • Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Full Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note:
-- If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

***NOTE: If MBAM will not install, try renaming it this way.
  • Right-click on the mbam-setup.exe file file and rename it to mysetup.exe.
  • Double-click on mysetup.exe to start the installation.
  • If that did not work, then try renaming and changing the file extension. <- click this link if you do not see the file extension
  • Right-click on the mbam-setup.exe file, rename it to mysetup and change the .exe extension to .scr, .com, .pif, or .bat.
  • Then double-click on mysetup.scr (or whatever extension you renamed it) to begin installation.
**If after installation, MBAM will not run, open the Malwarebytes' Anti-Malware folder in Program Files.
  • Right-click on mbam.exe, rename it to myscan.exe.
  • Double-click on myscan.exe to launch the program.
  • If that did not work, then try renaming and change the .exe extension in the same way as noted above.
  • Double-click on myscan.scr (or whatever extension you renamed it) to launch the program.
If using Windows Vista, refer to How to Change a File Extension in Windows Vista.

MBAM Tutorial if needed

Please DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean and free of malware!!!

:) Summary of the logs I will need in your next reply:
  • The report log of MBAM
And a description of your current problems.

How are things your end mexycan?


Upon completing the above steps I will review your logs again and take the steps necessary with you to get your machine back in working order clean and free of malware.

Kind regards
Net_Surfer

:(

#12 mexycan

mexycan
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:43 AM

Posted 27 November 2009 - 12:04 PM

that didnt work at all sorry! said nothing found! my comp still does same thing anytie i visit google and click a link i get redirected and every so often avg says its blocked same trojan! thanks again!




Malwarebytes' Anti-Malware 1.41
Database version: 3242
Windows 6.1.7600

11/27/2009 12:02:15 PM
mbam-log-2009-11-27 (12-02-15).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 281904
Time elapsed: 49 minute(s), 16 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#13 Net_Surfer

Net_Surfer

  • Banned
  • 2,154 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:43 PM

Posted 28 November 2009 - 11:19 AM

Hello mexycat, :)

We need to use OTL again to see if it can show us the culprit of your problem:
  • Double click on Posted Image OTL to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Under Custom scan's and fixes section paste in the below in bold


    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    /md5stop

  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open one notepad window. OTL.Txt. This is saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of this file and post it with your next reply.
Let's see if then we can see the culprit. :(

Regards
Net_Surfer

:(

#14 mexycan

mexycan
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:43 AM

Posted 28 November 2009 - 01:39 PM

here it is! thanks again!


OTL logfile created on: 11/28/2009 1:36:48 PM - Run 2
OTL by OldTimer - Version 3.1.10.1 Folder = C:\Users\Mikel0329\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.59 Gb Available Physical Memory | 79.62% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 287.83 Gb Total Space | 148.60 Gb Free Space | 51.63% Space Free | Partition Type: NTFS
Drive D: | 10.26 Gb Total Space | 4.52 Gb Free Space | 44.05% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MIKEL0329-PC
Current User Name: Mikel0329
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\Mikel0329\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgfws9.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgam.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSMonitor.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\WUDFHost.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - c:\Program Files\Zune\ZuneNss.exe (Microsoft Corporation)
PRC - C:\Program Files\NETGEAR\WG111v3\WG111v3.exe ()
PRC - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe (NVIDIA)
PRC - C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech Inc.)
PRC - C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.exe (Logitech Inc.)
PRC - C:\Windows\System32\drivers\XAudio.exe (Conexant Systems, Inc.)


========== Modules (SafeList) ==========

MOD - C:\Users\Mikel0329\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation)
MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation)
MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (avgfws9) -- C:\Program Files\AVG\AVG9\avgfws9.exe (AVG Technologies CZ, s.r.o.)
SRV - (avg9emc) -- C:\Program Files\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.)
SRV - (avg9wd) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
SRV - (iPod Service) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation)
SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation)
SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation)
SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation)
SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation)
SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation)
SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation)
SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation)
SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation)
SRV - (AxInstSV) ActiveX Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation)
SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation)
SRV - (WMPNetworkSvc) -- C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation)
SRV - (ehRecvr) -- C:\Windows\ehome\ehrecvr.exe (Microsoft Corporation)
SRV - (ehSched) -- C:\Windows\ehome\ehsched.exe (Microsoft Corporation)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (FontCache3.0.0.0) -- C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (NetTcpPortSharing) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (idsvc) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (SBSDWSCService) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (Bonjour Service) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (ZuneNetworkSvc) -- c:\Program Files\Zune\ZuneNss.exe (Microsoft Corporation)
SRV - (ZuneWlanCfgSvc) -- C:\Windows\System32\ZuneWlanCfgSvc.exe (Microsoft Corporation)
SRV - (odserv) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (nTuneService) -- C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe (NVIDIA)
SRV - (MSCamSvc) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation)
SRV - (ose) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (XAudioService) -- C:\Windows\System32\drivers\XAudio.exe (Conexant Systems, Inc.)
SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)


========== Driver Services (SafeList) ==========

DRV - (AvgMfx86) -- C:\Windows\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSErHrw7x) -- C:\Windows\System32\Drivers\AVGIDSwx.sys (AVG Technologies )
DRV - (AvgTdiX) -- C:\Windows\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgLdx86) -- C:\Windows\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgRkx86) -- C:\Windows\System32\Drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSDriverw7x) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSDriver.sys (AVG Technologies )
DRV - (AVGIDSFilterw7x) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSFilter.sys (AVG Technologies )
DRV - (AVGIDSShimw7x) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSShim.sys (AVG Technologies )
DRV - (Avgfwfd) -- C:\Windows\System32\drivers\avgfwd6x.sys (AVG Technologies CZ, s.r.o.)
DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.)
DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.)
DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.)
DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.)
DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices)
DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.)
DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices)
DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys ()
DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation)
DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation)
DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation)
DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.)
DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation)
DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation)
DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation)
DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation)
DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation)
DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation)
DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex)
DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.)
DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company)
DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation)
DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation)
DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation)
DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation)
DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation)
DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.)
DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation)
DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation)
DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation)
DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems)
DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation)
DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.)
DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology)
DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.)
DRV - (rdpbus) -- C:\Windows\System32\drivers\rdpbus.sys (Microsoft Corporation)
DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation)
DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation)
DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation)
DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)
DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation)
DRV - (1394ohci) -- C:\Windows\System32\drivers\1394ohci.sys (Microsoft Corporation)
DRV - (UmPass) -- C:\Windows\system32\DRIVERS\umpass.sys (Microsoft Corporation)
DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation)
DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation)
DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation)
DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation)
DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation)
DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation)
DRV - (HidBatt) -- C:\Windows\system32\DRIVERS\HidBatt.sys (Microsoft Corporation)
DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation)
DRV - (AmdPPM) -- C:\Windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation)
DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (BrUsbMdm) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.)
DRV - (BrSerWdm) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.)
DRV - (yukonw7) -- C:\Windows\System32\drivers\yk62x86.sys (Marvell)
DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)
DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation)
DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation)
DRV - (secdrv) -- C:\Windows\System32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (USBAAPL) -- C:\Windows\System32\drivers\usbaapl.sys (Apple, Inc.)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (GEARAspiWDM) -- C:\Windows\System32\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (pcouffin) -- C:\Windows\System32\drivers\pcouffin.sys (VSO Software)
DRV - (RimUsb) -- C:\Windows\System32\drivers\RimUsb.sys (Research In Motion Limited)
DRV - (RTL8187B) -- C:\Windows\System32\drivers\wg111v3.sys (NETGEAR Inc. )
DRV - (NVR0Dev) -- C:\Windows\nvoclock.sys (NVidia Corp.)
DRV - (nvstor32) -- C:\Windows\system32\DRIVERS\nvstor32.sys (NVIDIA Corporation)
DRV - (PxHelp20) -- C:\Windows\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (LMouKE) -- C:\Windows\System32\drivers\LMouKE.Sys (Logitech Inc.)
DRV - (L8042mou) -- C:\Windows\System32\drivers\L8042mou.Sys (Logitech Inc.)
DRV - (L8042Kbd) -- C:\Windows\System32\drivers\L8042Kbd.sys (Logitech Inc.)
DRV - (HSF_DPV) -- C:\Windows\System32\drivers\HSX_DPV.sys (Conexant Systems, Inc.)
DRV - (HSXHWBS2) -- C:\Windows\System32\drivers\HSXHWBS2.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\Windows\System32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (mdmxsdk) -- C:\Windows\System32\drivers\mdmxsdk.sys (Conexant)
DRV - (Afc) -- C:\Windows\System32\drivers\afc.sys (Arcsoft, Inc.)
DRV - (giveio) -- C:\Windows\system32\giveio.sys ()


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.html?Ch...P&M=GT5648E
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch...P&M=GT5648E
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gateway.com/g/sidepanel.html?Ch...P&M=GT5648E

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch...P&M=GT5648E
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,AutoSearch = http://ie.search.msn.com/{SUB_RFC1766}/src...autosearch.aspx
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo.com/search?ei=UTF-8&fr=ytff-msgr&p="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/?.home=ytff"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.701
FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:0.9.10.1
FF - prefs.js..extensions.enabledItems: {35106bca-6c78-48c7-ac28-56df30b51d2a}:1.3.7
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000006
FF - prefs.js..extensions.enabledItems: {46868735-c3fa-47ce-8ce7-cce51a66aceb}:1.2
FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.2
FF - prefs.js..extensions.enabledItems: {f701c26a-479a-4724-b4f1-870db12f063c}:1.4.1
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.15
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?ei=UTF-8&fr=ytff-msgr&p="

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/11/01 20:09:20 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2009/11/12 19:05:45 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/11/20 13:31:14 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/11/20 13:31:13 | 00,000,000 | ---D | M]

[2009/11/01 20:17:49 | 00,000,000 | ---D | M] -- C:\Users\Mikel0329\AppData\Roaming\Mozilla\Extensions
[2008/06/17 14:28:51 | 00,000,000 | ---D | M] -- C:\Users\Mikel0329\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/11/27 18:18:30 | 00,000,000 | ---D | M] -- C:\Users\Mikel0329\AppData\Roaming\Mozilla\Firefox\Profiles\8o7rfpq9.default\extensions
[2009/11/01 20:17:51 | 00,000,000 | ---D | M] -- C:\Users\Mikel0329\AppData\Roaming\Mozilla\Firefox\Profiles\8o7rfpq9.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2009/11/01 20:17:51 | 00,000,000 | ---D | M] -- C:\Users\Mikel0329\AppData\Roaming\Mozilla\Firefox\Profiles\8o7rfpq9.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/11/21 09:59:08 | 00,000,000 | ---D | M] -- C:\Users\Mikel0329\AppData\Roaming\Mozilla\Firefox\Profiles\8o7rfpq9.default\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2a}
[2009/11/01 20:17:51 | 00,000,000 | ---D | M] -- C:\Users\Mikel0329\AppData\Roaming\Mozilla\Firefox\Profiles\8o7rfpq9.default\extensions\{46868735-c3fa-47ce-8ce7-cce51a66aceb}
[2009/11/01 20:17:51 | 00,000,000 | ---D | M] -- C:\Users\Mikel0329\AppData\Roaming\Mozilla\Firefox\Profiles\8o7rfpq9.default\extensions\{dc572301-7619-498c-a57d-39143191b318}
[2009/11/01 20:17:51 | 00,000,000 | ---D | M] -- C:\Users\Mikel0329\AppData\Roaming\Mozilla\Firefox\Profiles\8o7rfpq9.default\extensions\{f701c26a-479a-4724-b4f1-870db12f063c}
[2009/11/01 20:17:51 | 00,000,000 | ---D | M] -- C:\Users\Mikel0329\AppData\Roaming\Mozilla\Firefox\Profiles\8o7rfpq9.default\extensions\moveplayer@movenetworks.com
[2009/11/01 20:07:20 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/11/01 20:07:20 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/10/29 14:36:29 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2009/10/29 14:36:29 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2009/05/01 16:02:48 | 01,044,480 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\Mozilla Firefox\plugins\libdivx.dll
[2007/04/10 20:21:08 | 00,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
[2009/05/12 13:46:20 | 01,650,992 | ---- | M] (DivX,Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll
[2009/05/18 17:41:32 | 00,098,304 | ---- | M] (DivX, Inc) -- C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
[2008/06/27 15:03:12 | 01,446,440 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
[2009/10/29 14:36:30 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2009/11/20 13:31:13 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
[2009/11/20 13:31:13 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
[2009/11/20 13:31:13 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
[2009/11/20 13:31:13 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
[2009/11/20 13:31:13 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
[2009/11/20 13:31:13 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
[2009/11/20 13:31:13 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
[2009/05/01 16:02:48 | 00,200,704 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\Mozilla Firefox\plugins\ssldivx.dll
[2008/12/16 22:29:29 | 00,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2008/12/16 22:29:29 | 00,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2008/12/16 22:29:29 | 00,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2008/12/16 22:29:29 | 00,002,343 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2008/12/16 22:29:29 | 00,001,706 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2008/12/16 22:29:29 | 00,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2008/12/16 22:29:29 | 00,000,792 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: (352008 bytes) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 12067 more lines...
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (IeMonitorBho Class) - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll (Megaupload Limited)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Windows\System32\BAE.dll (Gateway Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - No CLSID value found.
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKCU..\Run: [ehTray.exe] C:\Windows\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKCU..\Run: [EPSON Stylus CX7400 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATICDA.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKCU..\Run: [NVIDIA nTune] C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe (NVIDIA)
O4 - HKCU..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\Mikel0329\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O8 - Extra context menu item: Download Link Using Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKLM\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} http://dl.tvunetworks.com/TVUAx.cab (CTVUAxCtrl Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} http://gameadvisor.futuremark.com/global/msc3121.cab (Measurement Services Client v.3.12)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 74.128.19.102 74.128.17.114
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2004/04/30 19:01:00 | 00,000,053 | -HS- | M] () - D:\Autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/11/27 10:43:57 | 00,000,000 | ---D | C] -- C:\Users\Mikel0329\AppData\Roaming\Malwarebytes
[2009/11/27 10:43:52 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/11/27 10:43:51 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/11/27 10:43:51 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/11/27 10:43:51 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009/11/25 10:21:59 | 00,531,456 | ---- | C] (OldTimer Tools) -- C:\Users\Mikel0329\Desktop\OTL.exe
[2009/11/24 08:47:03 | 00,000,000 | ---D | C] -- C:\rsit
[2009/11/20 13:32:17 | 00,107,368 | ---- | C] (GEAR Software Inc.) -- C:\Windows\System32\GEARAspi.dll
[2009/11/20 13:32:17 | 00,026,600 | ---- | C] (GEAR Software Inc.) -- C:\Windows\System32\drivers\GEARAspiWDM.sys
[2009/11/20 13:31:52 | 00,000,000 | ---D | C] -- C:\Program Files\iTunes
[2009/11/20 13:31:52 | 00,000,000 | ---D | C] -- C:\Program Files\iPod
[2009/11/20 13:31:52 | 00,000,000 | ---D | C] -- C:\ProgramData\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/11/20 13:31:01 | 00,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2009/11/13 22:00:14 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/11/13 21:19:30 | 00,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2009/11/13 21:19:30 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2009/11/12 19:06:32 | 00,000,000 | -H-D | C] -- C:\$AVG
[2009/11/12 19:06:27 | 00,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2009/11/12 19:06:26 | 00,028,424 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2009/11/12 19:06:25 | 00,000,000 | ---D | C] -- C:\Windows\System32\drivers\Avg
[2009/11/12 19:06:07 | 00,025,608 | ---- | C] (AVG Technologies ) -- C:\Windows\System32\drivers\AVGIDSwx.sys
[2009/11/12 19:06:06 | 00,360,584 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2009/11/12 19:06:06 | 00,333,192 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2009/11/12 19:06:06 | 00,161,800 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgrkx86.sys
[2009/11/12 19:05:45 | 00,024,856 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgfwd6x.sys
[2009/11/12 19:05:45 | 00,000,000 | ---D | C] -- C:\Program Files\AVG
[2009/11/12 19:05:42 | 00,000,000 | ---D | C] -- C:\ProgramData\avg9
[2009/11/12 07:26:11 | 26,768,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MRT.exe
[2009/11/10 23:08:24 | 00,094,208 | ---- | C] (Apple Inc.) -- C:\Windows\System32\QuickTimeVR.qtx
[2009/11/10 23:08:24 | 00,069,632 | ---- | C] (Apple Inc.) -- C:\Windows\System32\QuickTime.qts
[2009/11/10 16:20:11 | 00,000,000 | ---D | C] -- C:\Users\Mikel0329\AppData\Local\MigWiz
[2009/11/09 11:53:57 | 00,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2009/11/03 19:52:38 | 00,000,000 | R-SD | C] -- C:\Users\Mikel0329\Documents\My Stationery
[2009/11/03 19:49:13 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2009/11/03 19:48:42 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2009/11/03 19:48:24 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live SkyDrive
[2009/11/03 19:39:30 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2009/11/03 19:38:30 | 05,958,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.dll
[2009/11/03 19:38:29 | 00,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2009/11/01 22:56:24 | 00,000,000 | ---D | C] -- C:\Windows\Panther
[2009/11/01 22:45:36 | 00,000,000 | -H-D | C] -- C:\$WINDOWS.~Q
[2009/11/01 22:37:51 | 00,000,000 | -H-D | C] -- C:\$INPLACE.~TR
[2009/11/01 21:32:58 | 00,257,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msv1_0.dll
[2009/11/01 21:30:21 | 11,406,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmp.dll
[2009/11/01 21:30:20 | 01,320,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CertEnroll.dll
[2009/11/01 21:30:20 | 00,728,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgkrnl.sys
[2009/11/01 21:30:19 | 02,613,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2009/11/01 21:30:19 | 00,507,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winload.exe
[2009/11/01 21:30:19 | 00,108,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2009/11/01 21:30:19 | 00,071,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2009/11/01 21:30:18 | 12,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2009/11/01 21:30:18 | 00,442,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winresume.exe
[2009/11/01 21:30:18 | 00,293,888 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2009/11/01 21:30:16 | 00,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msasn1.dll
[2009/11/01 21:28:39 | 00,000,000 | ---D | C] -- C:\ProgramData\Logs
[2009/11/01 21:12:14 | 00,201,968 | ---- | C] (CA, Inc.) -- C:\Windows\System32\Isafprod.dll
[2009/11/01 21:12:14 | 00,128,240 | ---- | C] (Computer Associates International, Inc.) -- C:\Windows\System32\Isafeif.dll
[2009/11/01 21:12:14 | 00,095,472 | ---- | C] (Computer Associates International, Inc.) -- C:\Windows\System32\Vetredir.dll
[2009/11/01 21:09:47 | 00,000,000 | -H-D | C] -- C:\Config.msi
[2009/11/01 21:08:36 | 00,000,000 | ---D | C] -- C:\Windows\rnapxs
[2009/11/01 20:47:59 | 00,000,000 | ---D | C] -- C:\Users\Mikel0329\AppData\Local\Diagnostics
[2009/11/01 20:42:25 | 00,000,000 | -HSD | C] -- C:\Recovery
[2009/11/01 20:01:53 | 00,000,000 | --SD | C] -- C:\Users\Mikel0329\AppData\Roaming\Microsoft
[2009/11/01 20:01:53 | 00,000,000 | R--D | C] -- C:\Users\Mikel0329\Videos
[2009/11/01 20:01:53 | 00,000,000 | R--D | C] -- C:\Users\Mikel0329\Saved Games
[2009/11/01 20:01:53 | 00,000,000 | R--D | C] -- C:\Users\Mikel0329\Pictures
[2009/11/01 20:01:53 | 00,000,000 | R--D | C] -- C:\Users\Mikel0329\Music
[2009/11/01 20:01:53 | 00,000,000 | R--D | C] -- C:\Users\Mikel0329\Links
[2009/11/01 20:01:53 | 00,000,000 | R--D | C] -- C:\Users\Mikel0329\Favorites
[2009/11/01 20:01:53 | 00,000,000 | R--D | C] -- C:\Users\Mikel0329\Downloads
[2009/11/01 20:01:53 | 00,000,000 | R--D | C] -- C:\Users\Mikel0329\Documents
[2009/11/01 20:01:53 | 00,000,000 | R--D | C] -- C:\Users\Mikel0329\Desktop
[2009/11/01 20:01:53 | 00,000,000 | -HSD | C] -- C:\Users\Mikel0329\AppData\Local\Temporary Internet Files
[2009/11/01 20:01:53 | 00,000,000 | -HSD | C] -- C:\Users\Mikel0329\Templates
[2009/11/01 20:01:53 | 00,000,000 | -HSD | C] -- C:\Users\Mikel0329\Start Menu
[2009/11/01 20:01:53 | 00,000,000 | -HSD | C] -- C:\Users\Mikel0329\SendTo
[2009/11/01 20:01:53 | 00,000,000 | -HSD | C] -- C:\Users\Mikel0329\Recent
[2009/11/01 20:01:53 | 00,000,000 | -HSD | C] -- C:\Users\Mikel0329\PrintHood
[2009/11/01 20:01:53 | 00,000,000 | -HSD | C] -- C:\Users\Mikel0329\NetHood
[2009/11/01 20:01:53 | 00,000,000 | -HSD | C] -- C:\Users\Mikel0329\Documents\My Videos
[2009/11/01 20:01:53 | 00,000,000 | -HSD | C] -- C:\Users\Mikel0329\Documents\My Pictures
[2009/11/01 20:01:53 | 00,000,000 | -HSD | C] -- C:\Users\Mikel0329\Documents\My Music
[2009/11/01 20:01:53 | 00,000,000 | -HSD | C] -- C:\Users\Mikel0329\My Documents
[2009/11/01 20:01:53 | 00,000,000 | -HSD | C] -- C:\Users\Mikel0329\Local Settings
[2009/11/01 20:01:53 | 00,000,000 | -HSD | C] -- C:\Users\Mikel0329\AppData\Local\History
[2009/11/01 20:01:53 | 00,000,000 | -HSD | C] -- C:\Users\Mikel0329\Cookies
[2009/11/01 20:01:53 | 00,000,000 | -HSD | C] -- C:\Users\Mikel0329\Application Data
[2009/11/01 20:01:53 | 00,000,000 | -HSD | C] -- C:\Users\Mikel0329\AppData\Local\Application Data
[2009/11/01 20:01:53 | 00,000,000 | -H-D | C] -- C:\Users\Mikel0329\AppData
[2009/11/01 20:01:53 | 00,000,000 | ---D | C] -- C:\Users\Mikel0329\AppData\Local\Temp
[2009/11/01 20:01:53 | 00,000,000 | ---D | C] -- C:\Users\Mikel0329\AppData\Local\Microsoft
[2009/11/01 20:01:53 | 00,000,000 | ---D | C] -- C:\Users\Mikel0329\AppData\Roaming\Media Center Programs
[2009/11/01 20:01:05 | 00,000,000 | ---D | C] -- C:\ProgramData\EPSON
[2009/11/01 19:59:43 | 00,000,000 | ---D | C] -- C:\Windows\System32\RTCOM
[2009/11/01 19:59:40 | 00,000,000 | ---D | C] -- C:\Program Files\CONEXANT
[2009/11/01 19:58:10 | 00,000,000 | ---D | C] -- C:\Windows\Prefetch
[2008/12/10 22:28:17 | 00,047,360 | ---- | C] (VSO Software) -- C:\Users\Mikel0329\AppData\Roaming\pcouffin.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2009/11/28 13:37:01 | 06,029,312 | -HS- | M] () -- C:\Users\Mikel0329\NTUSER.DAT
[2009/11/28 06:07:15 | 45,855,703 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2009/11/28 05:51:26 | 00,000,000 | ---- | M] () -- C:\Users\Mikel0329\AppData\Local\prvlcl.dat
[2009/11/27 18:07:09 | 00,544,112 | ---- | M] () -- C:\Windows\System32\drivers\Avg\iavifw.avm
[2009/11/27 18:06:57 | 00,105,805 | ---- | M] () -- C:\Windows\System32\drivers\Avg\microavi.avg
[2009/11/27 10:43:55 | 00,000,979 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/11/26 22:35:09 | 00,713,888 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/11/26 22:35:09 | 00,615,122 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/11/26 22:35:09 | 00,103,496 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/11/25 10:22:00 | 00,531,456 | ---- | M] (OldTimer Tools) -- C:\Users\Mikel0329\Desktop\OTL.exe
[2009/11/24 16:28:12 | 00,017,241 | ---- | M] () -- C:\Users\Mikel0329\Documents\one two three.docx
[2009/11/24 12:06:37 | 00,010,288 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2009/11/24 12:06:37 | 00,010,288 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2009/11/24 11:59:29 | 00,000,020 | ---- | M] () -- C:\Windows\System32\SYSTEM
[2009/11/24 11:59:09 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/11/24 11:59:01 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/11/24 11:58:59 | 24,147,31264 | -HS- | M] () -- C:\hiberfil.sys
[2009/11/22 21:06:37 | 00,687,126 | ---- | M] () -- C:\Users\Mikel0329\Desktop\IMG00029-20091122-2103.jpg
[2009/11/20 13:44:00 | 02,483,985 | -H-- | M] () -- C:\Users\Mikel0329\AppData\Local\IconCache.db
[2009/11/20 13:32:20 | 00,002,429 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2009/11/20 13:31:05 | 00,001,815 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2009/11/13 21:25:26 | 00,352,008 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2009/11/13 21:19:36 | 00,001,216 | ---- | M] () -- C:\Users\Mikel0329\Desktop\Spybot - Search & Destroy.lnk
[2009/11/12 19:06:27 | 00,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2009/11/12 19:06:27 | 00,001,812 | ---- | M] () -- C:\Users\Public\Desktop\AVG 9.0.lnk
[2009/11/12 19:06:26 | 00,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2009/11/12 19:06:25 | 06,061,540 | ---- | M] () -- C:\Windows\System32\drivers\Avg\avi7.avg
[2009/11/12 19:06:25 | 00,492,629 | ---- | M] () -- C:\Windows\System32\drivers\Avg\miniavi.avg
[2009/11/12 19:06:25 | 00,113,461 | ---- | M] () -- C:\Windows\System32\drivers\Avg\iavichjw.avm
[2009/11/12 19:06:07 | 00,025,608 | ---- | M] (AVG Technologies ) -- C:\Windows\System32\drivers\AVGIDSwx.sys
[2009/11/12 19:06:06 | 00,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2009/11/12 19:06:06 | 00,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2009/11/12 19:06:06 | 00,161,800 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgrkx86.sys
[2009/11/12 19:05:45 | 00,024,856 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgfwd6x.sys
[2009/11/10 23:08:24 | 00,094,208 | ---- | M] (Apple Inc.) -- C:\Windows\System32\QuickTimeVR.qtx
[2009/11/10 23:08:24 | 00,069,632 | ---- | M] (Apple Inc.) -- C:\Windows\System32\QuickTime.qts
[2009/11/10 17:05:04 | 00,007,605 | ---- | M] () -- C:\Users\Mikel0329\AppData\Local\Resmon.ResmonCfg
[2009/11/05 09:36:22 | 26,768,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MRT.exe
[2009/11/02 22:55:00 | 00,060,700 | ---- | M] () -- C:\Windows\System32\drivers\KmxAgent.asc
[2009/11/02 20:42:06 | 00,195,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2009/11/01 22:56:11 | 00,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2009/11/01 21:37:55 | 00,334,344 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/11/01 21:36:55 | 00,000,273 | ---- | M] () -- C:\Windows\System32\drivers\kmxzone.u2k1
[2009/11/01 21:36:55 | 00,000,273 | ---- | M] () -- C:\Windows\System32\drivers\kmxzone.u2k0
[2009/11/01 21:36:55 | 00,000,045 | ---- | M] () -- C:\Windows\System32\drivers\kmxzone.u2k7
[2009/11/01 21:36:55 | 00,000,045 | ---- | M] () -- C:\Windows\System32\drivers\kmxzone.u2k6
[2009/11/01 21:36:55 | 00,000,045 | ---- | M] () -- C:\Windows\System32\drivers\kmxzone.u2k5
[2009/11/01 21:36:55 | 00,000,045 | ---- | M] () -- C:\Windows\System32\drivers\kmxzone.u2k4
[2009/11/01 21:36:55 | 00,000,045 | ---- | M] () -- C:\Windows\System32\drivers\kmxzone.u2k3
[2009/11/01 21:36:55 | 00,000,045 | ---- | M] () -- C:\Windows\System32\drivers\kmxzone.u2k2
[2009/11/01 21:32:39 | 00,079,064 | ---- | M] () -- C:\Users\Mikel0329\AppData\Local\GDIPFONTCACHEV1.DAT
[2009/11/01 21:20:33 | 00,008,192 | ---- | M] () -- C:\bootsect.lxe.bak
[2009/11/01 21:20:32 | 00,383,592 | RHS- | M] () -- C:\gdrop
[2009/11/01 21:20:32 | 00,171,136 | RHS- | M] () -- C:\xeldr
[2009/11/01 21:11:39 | 00,000,219 | ---- | M] () -- C:\Windows\SYSTEM.INI
[2009/11/01 21:09:41 | 00,000,007 | ---- | M] () -- C:\Windows\System32\mkghj.dll
[2009/11/01 20:42:34 | 00,000,020 | -HS- | M] () -- C:\Users\Mikel0329\ntuser.ini
[2009/11/01 20:39:26 | 00,040,251 | ---- | M] () -- C:\Windows\System32\license.rtf
[2009/11/01 20:29:28 | 00,021,316 | ---- | M] () -- C:\Windows\System32\emptyregdb.dat
[2009/11/01 20:01:54 | 00,524,288 | -HS- | M] () -- C:\Users\Mikel0329\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
[2009/11/01 20:01:54 | 00,524,288 | -HS- | M] () -- C:\Users\Mikel0329\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
[2009/11/01 20:01:54 | 00,065,536 | -HS- | M] () -- C:\Users\Mikel0329\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf
[2009/11/01 20:01:25 | 00,000,057 | ---- | M] () -- C:\Windows\System32\mapisvc.inf
[2009/11/01 19:59:16 | 00,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2009/11/01 19:33:25 | 00,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/11/01 19:33:25 | 00,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/11/01 18:41:57 | 00,001,890 | ---- | M] () -- C:\Windows\diagwrn.xml
[2009/11/01 18:41:57 | 00,001,890 | ---- | M] () -- C:\Windows\diagerr.xml
[2009/11/01 18:34:46 | 00,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2009/11/01 17:51:33 | 00,000,000 | ---- | M] () -- C:\Windows\DbgOut.INI
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/11/27 10:43:55 | 00,000,979 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/11/26 19:35:50 | 00,000,000 | ---- | C] () -- C:\Users\Mikel0329\AppData\Local\prvlcl.dat
[2009/11/24 11:59:29 | 00,000,020 | ---- | C] () -- C:\Windows\System32\SYSTEM
[2009/11/22 21:06:40 | 00,687,126 | ---- | C] () -- C:\Users\Mikel0329\Desktop\IMG00029-20091122-2103.jpg
[2009/11/20 13:32:20 | 00,002,429 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2009/11/20 13:31:05 | 00,001,815 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2009/11/13 21:19:36 | 00,001,216 | ---- | C] () -- C:\Users\Mikel0329\Desktop\Spybot - Search & Destroy.lnk
[2009/11/12 19:06:27 | 00,001,812 | ---- | C] () -- C:\Users\Public\Desktop\AVG 9.0.lnk
[2009/11/12 19:06:25 | 45,855,703 | ---- | C] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2009/11/12 19:06:25 | 06,061,540 | ---- | C] () -- C:\Windows\System32\drivers\Avg\avi7.avg
[2009/11/12 19:06:25 | 00,544,112 | ---- | C] () -- C:\Windows\System32\drivers\Avg\iavifw.avm
[2009/11/12 19:06:25 | 00,492,629 | ---- | C] () -- C:\Windows\System32\drivers\Avg\miniavi.avg
[2009/11/12 19:06:25 | 00,113,461 | ---- | C] () -- C:\Windows\System32\drivers\Avg\iavichjw.avm
[2009/11/12 19:06:25 | 00,105,805 | ---- | C] () -- C:\Windows\System32\drivers\Avg\microavi.avg
[2009/11/10 17:05:04 | 00,007,605 | ---- | C] () -- C:\Users\Mikel0329\AppData\Local\Resmon.ResmonCfg
[2009/11/01 21:36:55 | 00,060,700 | ---- | C] () -- C:\Windows\System32\drivers\KmxAgent.asc
[2009/11/01 21:36:31 | 02,483,985 | -H-- | C] () -- C:\Users\Mikel0329\AppData\Local\IconCache.db
[2009/11/01 21:34:36 | 00,000,273 | ---- | C] () -- C:\Windows\System32\drivers\kmxzone.u2k1
[2009/11/01 21:34:36 | 00,000,273 | ---- | C] () -- C:\Windows\System32\drivers\kmxzone.u2k0
[2009/11/01 21:34:36 | 00,000,045 | ---- | C] () -- C:\Windows\System32\drivers\kmxzone.u2k7
[2009/11/01 21:34:36 | 00,000,045 | ---- | C] () -- C:\Windows\System32\drivers\kmxzone.u2k6
[2009/11/01 21:34:36 | 00,000,045 | ---- | C] () -- C:\Windows\System32\drivers\kmxzone.u2k5
[2009/11/01 21:34:36 | 00,000,045 | ---- | C] () -- C:\Windows\System32\drivers\kmxzone.u2k4
[2009/11/01 21:34:36 | 00,000,045 | ---- | C] () -- C:\Windows\System32\drivers\kmxzone.u2k3
[2009/11/01 21:34:36 | 00,000,045 | ---- | C] () -- C:\Windows\System32\drivers\kmxzone.u2k2
[2009/11/01 21:32:39 | 00,079,064 | ---- | C] () -- C:\Users\Mikel0329\AppData\Local\GDIPFONTCACHEV1.DAT
[2009/11/01 21:20:33 | 00,008,192 | ---- | C] () -- C:\bootsect.lxe.bak
[2009/11/01 21:20:32 | 00,383,592 | RHS- | C] () -- C:\gdrop
[2009/11/01 21:20:32 | 00,171,136 | RHS- | C] () -- C:\xeldr
[2009/11/01 21:09:41 | 00,000,007 | ---- | C] () -- C:\Windows\System32\mkghj.dll
[2009/11/01 20:47:29 | 00,713,888 | ---- | C] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/11/01 20:42:34 | 00,000,020 | -HS- | C] () -- C:\Users\Mikel0329\ntuser.ini
[2009/11/01 20:40:53 | 24,147,31264 | -HS- | C] () -- C:\hiberfil.sys
[2009/11/01 20:29:28 | 00,021,316 | ---- | C] () -- C:\Windows\System32\emptyregdb.dat
[2009/11/01 20:01:53 | 06,029,312 | -HS- | C] () -- C:\Users\Mikel0329\NTUSER.DAT
[2009/11/01 20:01:53 | 00,524,288 | -HS- | C] () -- C:\Users\Mikel0329\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
[2009/11/01 20:01:53 | 00,524,288 | -HS- | C] () -- C:\Users\Mikel0329\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
[2009/11/01 20:01:53 | 00,065,536 | -HS- | C] () -- C:\Users\Mikel0329\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf
[2009/11/01 20:00:43 | 00,010,288 | -H-- | C] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2009/11/01 20:00:43 | 00,010,288 | -H-- | C] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2009/11/01 19:59:16 | 00,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2009/11/01 18:23:20 | 00,001,890 | ---- | C] () -- C:\Windows\diagwrn.xml
[2009/11/01 18:23:20 | 00,001,890 | ---- | C] () -- C:\Windows\diagerr.xml
[2009/11/01 17:51:33 | 00,000,000 | ---- | C] () -- C:\Windows\DbgOut.INI
[2009/09/23 22:01:04 | 00,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/07/28 12:12:47 | 00,000,006 | -HS- | C] () -- C:\Users\Mikel0329\AppData\Roaming\desktop.ini
[2009/07/13 23:52:31 | 00,043,318 | ---- | C] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
[2009/07/13 23:52:31 | 00,029,779 | ---- | C] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/13 23:52:31 | 00,026,489 | ---- | C] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/13 23:52:31 | 00,026,040 | ---- | C] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/13 23:41:57 | 00,000,174 | -HS- | C] () -- C:\Program Files\desktop.ini
[2009/07/13 21:04:57 | 00,001,405 | ---- | C] () -- C:\Windows\msdfmap.ini
[2009/07/13 21:04:23 | 00,000,219 | ---- | C] () -- C:\Windows\SYSTEM.INI
[2009/07/13 18:51:43 | 00,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 18:42:10 | 00,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/07/13 16:40:44 | 00,027,097 | ---- | C] () -- C:\Windows\System32\country.sys
[2009/07/13 16:40:43 | 00,042,809 | ---- | C] () -- C:\Windows\System32\KEY01.SYS
[2009/07/13 16:40:43 | 00,042,537 | ---- | C] () -- C:\Windows\System32\KEYBOARD.SYS
[2009/07/13 16:40:41 | 00,009,029 | ---- | C] () -- C:\Windows\System32\ANSI.SYS
[2009/07/13 16:40:40 | 00,004,768 | ---- | C] () -- C:\Windows\System32\HIMEM.SYS
[2009/07/13 16:40:39 | 00,029,274 | ---- | C] () -- C:\Windows\System32\NTDOS412.SYS
[2009/07/13 16:40:35 | 00,029,370 | ---- | C] () -- C:\Windows\System32\NTDOS411.SYS
[2009/07/13 16:40:31 | 00,029,146 | ---- | C] () -- C:\Windows\System32\NTDOS404.SYS
[2009/07/13 16:40:27 | 00,029,146 | ---- | C] () -- C:\Windows\System32\NTDOS804.SYS
[2009/07/13 16:40:23 | 00,027,866 | ---- | C] () -- C:\Windows\System32\NTDOS.SYS
[2009/07/13 16:40:19 | 00,035,536 | ---- | C] () -- C:\Windows\System32\NTIO412.SYS
[2009/07/13 16:40:17 | 00,035,776 | ---- | C] () -- C:\Windows\System32\NTIO411.SYS
[2009/07/13 16:40:15 | 00,034,672 | ---- | C] () -- C:\Windows\System32\NTIO404.SYS
[2009/07/13 16:40:13 | 00,034,672 | ---- | C] () -- C:\Windows\System32\NTIO804.SYS
[2009/07/13 16:40:11 | 00,033,952 | ---- | C] () -- C:\Windows\System32\NTIO.SYS
[2009/07/13 16:03:59 | 00,364,544 | ---- | C] () -- C:\Windows\System32\msjetoledb40.dll
[2009/07/13 15:29:46 | 00,013,312 | ---- | C] () -- C:\Windows\System32\win87em.dll
[2009/06/10 16:39:59 | 00,060,124 | ---- | C] () -- C:\Windows\System32\tcpmon.ini
[2009/06/10 16:19:56 | 00,142,416 | ---- | C] () -- C:\Windows\System32\drivers\nvstor.sys
[2008/12/10 22:29:25 | 00,000,033 | ---- | C] () -- C:\Users\Mikel0329\AppData\Roaming\pcouffin.log
[2008/12/10 22:28:17 | 00,087,608 | ---- | C] () -- C:\Users\Mikel0329\AppData\Roaming\inst.exe
[2008/12/10 22:28:17 | 00,007,887 | ---- | C] () -- C:\Users\Mikel0329\AppData\Roaming\pcouffin.cat
[2008/12/10 22:28:17 | 00,001,144 | ---- | C] () -- C:\Users\Mikel0329\AppData\Roaming\pcouffin.inf
[2008/08/26 22:15:21 | 00,000,094 | ---- | C] () -- C:\Windows\family.ini
[2008/08/15 16:08:08 | 00,000,089 | ---- | C] () -- C:\Windows\MyHeritage.INI
[2008/08/15 16:04:46 | 00,454,656 | ---- | C] () -- C:\Windows\System32\PaintX.dll
[2008/03/04 17:52:34 | 00,286,720 | ---- | C] () -- C:\Windows\System32\libcurl.dll
[2008/02/12 17:52:10 | 00,000,398 | ---- | C] () -- C:\Users\Mikel0329\AppData\Roaming\wklnhst.dat
[2008/01/02 22:07:33 | 00,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2008/01/02 22:05:56 | 00,000,079 | ---- | C] () -- C:\Windows\EPSCX7400.ini
[2007/10/31 08:39:54 | 00,059,904 | ---- | C] () -- C:\Windows\System32\zlib1.dll
[2007/05/17 12:58:10 | 00,143,360 | ---- | C] () -- C:\Windows\System32\libexpatw.dll
[2007/03/12 12:01:30 | 00,217,088 | ---- | C] () -- C:\Windows\NVGfxOgl.dll
[2006/11/22 17:16:18 | 00,003,612 | ---- | C] () -- C:\Windows\ReaderString.ini
[2006/11/21 13:50:06 | 00,000,037 | ---- | C] () -- C:\Windows\sunkist.ini
[2006/11/02 05:23:31 | 00,000,169 | ---- | C] () -- C:\Windows\win.ini
[2001/11/19 22:05:18 | 00,003,972 | ---- | C] () -- C:\Windows\System32\drivers\PciBus.sys
[1996/04/03 14:33:26 | 00,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys

========== LOP Check ==========

[2009/11/01 20:17:11 | 00,000,000 | ---D | M] -- C:\Users\Mikel0329\AppData\Roaming\Adobe
[2009/11/21 10:21:34 | 00,000,000 | ---D | M] -- C:\Users\Mikel0329\AppData\Roaming\Apple Computer
[2009/11/01 20:17:11 | 00,000,000 | ---D | M] -- C:\Users\Mikel0329\AppData\Roaming\ArcSoft
[2009/11/01 20:17:11 | 00,000,000 | ---D | M] -- C:\Users\Mikel0329\AppData\Roaming\Bioshock
[2009/11/23 12:25:22 | 00,000,000 | ---D | M] -- C:\Users\Mikel0329\AppData\Roaming\BitTorrent
[2009/11/01 20:17:11 | 00,000,000 | ---D | M] -- C:\Users\Mikel0329\AppData\Roaming\Blackberry Desktop
[2009/11/01 20:17:11 | 00,000,000 | ---D | M] -- C:\Users\Mikel0329\AppData\Roaming\CyberLink
[2009/11/01 20:17:11 | 00,000,000 | ---D | M] -- C:\Users\Mikel0329\AppData\Roaming\DivX
[2009/11/01 20:17:11 | 00,000,000 | ---D | M] -- C:\Users\Mikel0329\AppData\Roaming\Gaijin Ent
[2007/12/30 21:25:47 | 00,000,000 | ---D | M] -- C:\Users\Mikel0329\AppData\Roaming\Google
[2009/11/01 20:17:11 | 00,000,000 | ---D | M] -- C:\Users\Mikel0329\AppData\Roaming\HotSync
[2009/11/03 19:52:33 | 00,000,000 | ---D | M] -- C:\Users\Mikel0329\AppData\Roaming\Identities
[2009/11/01 20:17:12 | 00,000,000 | ---D | M] -- C:\Users\Mikel0329\AppData\Roaming\ImgBurn
[2009/11/01 20:17:12 | 00,000,000 | ---D | M] -- C:\Users\Mikel0329\AppData\Roaming\InstallShield
[2009/11/01 20:17:12 | 00,000,000 | ---D | M] -- C:\Users\Mikel0329\AppData\Roaming\Leadertech
[2009/11/01 20:17:13 | 00,000,000 | ---D | M] -- C:\Users\Mikel0329\AppData\Roaming\LimeWire
[2009/11/01 20:17:13 | 00,000,000 | ---D | M] -- C:\Users\Mikel0329\AppData\Roaming\Logitech
[2009/11/01 20:17:13 | 00,000,000 | ---D | M] -- C:\Users\Mikel0329\AppData\Roaming\Macromedia
[2009/11/27 10:43:57 | 00,000,000 | ---D | M] -- C:\Users\Mikel0329\AppData\Roaming\Malwarebytes
[2009/07/14 02:48:45 | 00,000,000 | ---D | M] -- C:\Users\Mikel0329\AppData\Roaming\Media Center Programs
[2009/11/01 20:17:46 | 00,000,000 | ---D | M] -- C:\Users\Mikel0329\AppData\Roaming\Megaupload
[2009/11/12 19:04:40 | 00,000,000 | --SD | M] -- C:\Users\Mikel0329\AppData\Roaming\Microsoft
[2009/11/01 20:17:49 | 00,000,000 | ---D | M] -- C:\Users\Mikel0329\AppData\Roaming\Move Networks
[2009/11/01 20:17:49 | 00,000,000 | ---D | M] -- C:\Users\Mikel0329\AppData\Roaming\Mozilla
[2009/11/01 20:17:51 | 00,000,000 | ---D | M] -- C:\Users\Mikel0329\AppData\Roaming\NCH Software
[2009/11/01 20:17:51 | 00,000,000 | ---D | M] -- C:\Users\Mikel0329\AppData\Roaming\NCH Swift Sound
[2009/11/01 20:17:51 | 00,000,000 | ---D | M] -- C:\Users\Mikel0329\AppData\Roaming\Research In Motion
[2009/11/01 20:18:04 | 00,000,000 | ---D | M] -- C:\Users\Mikel0329\AppData\Roaming\RipIt4Me
[2009/11/01 20:18:04 | 00,000,000 | ---D | M] -- C:\Users\Mikel0329\AppData\Roaming\Roxio
[2008/01/02 23:19:11 | 00,000,000 | ---D | M] -- C:\Users\Mikel0329\AppData\Roaming\SampleView
[2009/11/01 20:18:04 | 00,000,000 | ---D | M] -- C:\Users\Mikel0329\AppData\Roaming\Sandlot Games
[2009/11/01 20:18:04 | 00,000,000 | ---D | M] -- C:\Users\Mikel0329\AppData\Roaming\Spare Backup
[2009/11/01 20:18:04 | 00,000,000 | ---D | M] -- C:\Users\Mikel0329\AppData\Roaming\SystemRequirementsLab
[2009/11/01 20:18:04 | 00,000,000 | ---D | M] -- C:\Users\Mikel0329\AppData\Roaming\Teleca
[2009/11/01 20:18:05 | 00,000,000 | ---D | M] -- C:\Users\Mikel0329\AppData\Roaming\Template
[2008/08/15 16:04:46 | 00,000,000 | ---D | M] -- C:\Users\Mikel0329\AppData\Roaming\The Complete Genealogy Reporter - FTB
[2009/05/10 19:44:47 | 00,000,000 | ---D | M] -- C:\Users\Mikel0329\AppData\Roaming\Vso
[2008/01/10 23:58:57 | 00,000,000 | ---D | M] -- C:\Users\Mikel0329\AppData\Roaming\yahoo!
[2009/11/24 11:59:09 | 00,000,006 | -H-- | M] () -- C:\Windows\Tasks\SA.DAT
[2009/07/13 23:53:46 | 00,003,378 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========



< MD5 for: AGP440.SYS >
[2009/07/13 20:26:15 | 00,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009/07/13 20:26:15 | 00,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys
[2009/07/13 20:26:15 | 00,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/07/13 20:26:15 | 00,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009/07/13 20:26:15 | 00,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[2009/07/13 20:26:15 | 00,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2009/07/13 20:15:06 | 00,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009/07/13 20:15:06 | 00,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll

< MD5 for: IASTORV.SYS >
[2009/07/13 20:20:36 | 00,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\drivers\iaStorV.sys
[2009/07/13 20:20:36 | 00,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys
[2009/07/13 20:20:36 | 00,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2009/07/13 20:16:02 | 00,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll
[2009/07/13 20:16:02 | 00,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2009/07/13 20:20:44 | 00,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/13 20:20:44 | 00,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
[2009/07/13 20:20:44 | 00,142,416 | ---- | M] () Unable to obtain MD5 -- C:\Windows\System32\drivers\nvstor.sys

< MD5 for: SCECLI.DLL >
[2009/07/13 20:16:13 | 00,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll
[2009/07/13 20:16:13 | 00,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 182 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:A8ADE5D8
< End of report >

#15 Net_Surfer

Net_Surfer

  • Banned
  • 2,154 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:43 PM

Posted 29 November 2009 - 12:59 PM



Hello again mexycan, :)

sorry for the delay.


One or more of the identified infections is a backdoor trojan/Rootkit.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:
How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.

If you decide you want to proceed with trying to clean your machine please follow these next steps.


Please carefully follow my next set of steps:
:)
  • Download The Avenger by Swandog46 from here.
Next...
:) Since this is Win 7 Firstly you will need to got to: > Start > Search > then type in cmd.
Click OK.
When you see cmd come up then Right click on the below command line in bold and choose Run as Administrator.
Then copy the below command line in bold into the command prompt window and click OK.

copy C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys C:\ /y


:(
  • Then Unzip/extract Avenger to a folder on your desktop.
  • Since this is Win 7 Firstly you will need to got to: > Start > Search > then type in cmd.
  • Click OK.
    When you see cmd come up then Right click on avenger.exe and choose Run as Administrator.to run The Avenger.
  • Make sure that the box next to Scan for rootkits has a tick in it and that the box next to Automatically disable any rootkits found does not have a tick in it.
  • Copy all of the text in the below code box to the clipboard by highlighting it and then pressing Ctrl+C. Do NOT copy the word: CODE
    Files to move:
    C:\nvstor.sys | C:\WINDOWS\system32\nvstor.sys
  • In the avenger window, click the Paste Script from Clipboard, Posted Image button.
  • Click the Execute button.
  • You will be asked Are you sure you want to execute the current script?.
  • Click Yes.
  • You will now be asked First step completed --- The Avenger has been successfully set up to run on next boot. Reboot now?.
  • Click Yes.
  • Your PC will now be rebooted.
  • Note: If the above script contains Drivers to delete: or Drivers to disable:, then The Avenger will require two reboots to complete its operation.
  • After your PC has completed the necessary reboots, a log should automatically open. If it does not automatically open, then the log can be found at %systemdrive%\avenger.txt (typically C:\avenger.txt).
  • Please post this log, along with a new OTL log in your next reply.
Please DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean and free of malware!!!

Summary of the logs I will need in your next reply:
  • The report log of the avenger
  • The report log of OTL
And a description of your current problems.


Upon completing the above steps I will review your logs again and take the steps necessary with you to get your machine back in working order clean and free of malware.

Kind regards
Net_Surfer

:(




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users