Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Latest News:    Apple Releases Security Updates for MacOS, iOS, and Safari

Featured Deal: Pay What You Want Complete Cyber Security Certification Bundle Deal

Photo

possible rootkit infection

Started by AngelFarook , Apr 17 2010 05:35 PM

  • This topic is locked This topic is locked
8 replies to this topic

#1 AngelFarook

AngelFarook

  • Members
  • 13 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:San Diego, CA
  • Local time:08:03 PM

Posted 17 April 2010 - 05:35 PM

Hello Great Team!
My PC stared with these symptoms after rebooted I noticed all services were disabled, then I stared them manually, I was using AVAST but was not working properly and switch to AVG 9.0. I’ve using Stagebu for a wile to download movies but lately every time I want to open one of these files I receive the alert “Windows Explorer has encountered a problem and need to closeâ€, and sometimes also “Dr Watson Postmorten Debugger has encounter a problem and need to close†and the documents close. I ran Malwarebytes in safe mode and found nothing. Tried to run Root Repeal but PC got frozen and had to disconnected. I’m adding the reports of Adware, GMER, and MBAM. My knowledge in computers is very limited but I know there is something wrong with my machine. I appreciate any help in the matter. Thanks ANGEL

Logfile created: 4/16/2010 14:04:33
Ad-Aware version: 8.2.2
User performing scan: user

*********************** Definitions database information ***********************
Lavasoft definition file: 149.210
Genotype definition file version: 2010/04/14 14:55:59

******************************** Scan results: *********************************
Scan profile name: Full Scan (ID: full)
Objects scanned: 138447
Objects detected: 3


Type Detected
==========================
Processes.......: 0
Registry entries: 0
Hostfile entries: 0
Files...........: 0
Folders.........: 0
LSPs............: 0
Cookies.........: 3
Browser hijacks.: 0
MRU objects.....: 0



Removed items:
Description: *ad.yieldmanager* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409172 Family ID: 0
Description: *atdmt* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408910 Family ID: 0
Description: *atdmt* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408910 Family ID: 0

Scan and cleaning complete: Finished correctly after 25084 seconds

*********************************** Settings ***********************************

Scan profile:
ID: full, enabled:1, value: Full Scan
ID: folderstoscan, enabled:1, value: C:
ID: useantivirus, enabled:1, value: true
ID: sections, enabled:1
ID: scancriticalareas, enabled:1, value: true
ID: scanrunningapps, enabled:1, value: true
ID: scanregistry, enabled:1, value: true
ID: scanlsp, enabled:1, value: true
ID: scanads, enabled:1, value: true
ID: scanhostsfile, enabled:1, value: true
ID: scanmru, enabled:1, value: true
ID: scanbrowserhijacks, enabled:1, value: true
ID: scantrackingcookies, enabled:1, value: true
ID: closebrowsers, enabled:1, value: false
ID: filescanningoptions, enabled:1
ID: archives, enabled:1, value: true
ID: onlyexecutables, enabled:1, value: false
ID: skiplargerthan, enabled:1, value: 20480
ID: scanrootkits, enabled:1, value: true
ID: rootkitlevel, enabled:1, value: mild, domain: medium,mild,strict
ID: usespywareheuristics, enabled:1, value: true

Scan global:
ID: global, enabled:1
ID: addtocontextmenu, enabled:1, value: true
ID: playsoundoninfection, enabled:1, value: false
ID: soundfile, enabled:0, value: *to be filled in automatically*alert.wav

Scheduled scan settings:
<Empty>

Update settings:
ID: updates, enabled:1
ID: launchthreatworksafterscan, enabled:1, value: off, domain: normal,off,silently
ID: deffiles, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall
ID: licenseandinfo, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall
ID: schedules, enabled:1, value: true
ID: updatedaily1, enabled:1, value: Daily 1
ID: time, enabled:1, value: Fri Apr 16 13:58:00 2010
ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: false
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: false
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false
ID: updatedaily2, enabled:1, value: Daily 2
ID: time, enabled:1, value: Fri Apr 16 19:58:00 2010
ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: false
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: false
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false
ID: updatedaily3, enabled:1, value: Daily 3
ID: time, enabled:1, value: Fri Apr 16 01:58:00 2010
ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: false
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: false
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false
ID: updatedaily4, enabled:1, value: Daily 4
ID: time, enabled:1, value: Fri Apr 16 07:58:00 2010
ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: false
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: false
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false
ID: updateweekly1, enabled:1, value: Weekly
ID: time, enabled:1, value: Fri Apr 16 13:58:00 2010
ID: frequency, enabled:1, value: weekly, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: true
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: false
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: true
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false

Appearance settings:
ID: appearance, enabled:1
ID: skin, enabled:1, value: default.egl, reglocation: HKEY_LOCAL_MACHINESOFTWARELavasoftAd-AwareResource
ID: showtrayicon, enabled:1, value: true
ID: autoentertainmentmode, enabled:1, value: true
ID: guimode, enabled:1, value: mode_simple, domain: mode_advanced,mode_simple
ID: language, enabled:1, value: en, reglocation: HKEY_LOCAL_MACHINESOFTWARELavasoftAd-AwareLanguage

Realtime protection settings:
ID: realtime, enabled:1
ID: layers, enabled:1
ID: useantivirus, enabled:1, value: true
ID: usespywareheuristics, enabled:1, value: true
ID: infomessages, enabled:1, value: onlyimportant, domain: display,dontnotify,onlyimportant
ID: modules, enabled:1
ID: processprotection, enabled:1, value: true
ID: onaccessprotection, enabled:1, value: true
ID: registryprotection, enabled:1, value: true
ID: networkprotection, enabled:1, value: true


****************************** System information ******************************
Computer name: EMACHINE-A25C25
Processor name: AMD Athlon™ Processor 2650e
Processor identifier: x86 Family 15 Model 127 Stepping 2
Processor speed: ~1607MHZ
Raw info: processorarchitecture 0, processortype 586, processorlevel 15, processor revision 32514, number of processors 1, processor features: [MMX,SSE,SSE2,3DNow]
Physical memory available: 444522496 bytes
Physical memory total: 937869312 bytes
Virtual memory available: 1915199488 bytes
Virtual memory total: 2147352576 bytes
Memory load: 52%
Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Windows startup mode:

Running processes:
PID: 600 name: SystemRootSystem32smss.exe owner: SYSTEM domain: NT AUTHORITY
PID: 672 name: ??C:WINDOWSsystem32csrss.exe owner: SYSTEM domain: NT AUTHORITY
PID: 696 name: ??C:WINDOWSsystem32winlogon.exe owner: SYSTEM domain: NT AUTHORITY
PID: 740 name: C:WINDOWSsystem32services.exe owner: SYSTEM domain: NT AUTHORITY
PID: 752 name: C:WINDOWSsystem32lsass.exe owner: SYSTEM domain: NT AUTHORITY
PID: 908 name: C:WINDOWSsystem32svchost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 968 name: C:WINDOWSsystem32svchost.exe owner: NETWORK SERVICE domain: NT AUTHORITY
PID: 1060 name: C:WINDOWSSystem32svchost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1100 name: C:WINDOWSsystem32svchost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1156 name: C:WINDOWSsystem32svchost.exe owner: NETWORK SERVICE domain: NT AUTHORITY
PID: 1188 name: C:WINDOWSsystem32svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY
PID: 1456 name: C:Program FilesLavasoftAd-AwareAAWService.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1528 name: C:WINDOWSsystem32spoolsv.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1576 name: C:WINDOWSSystem32SCardSvr.exe owner: LOCAL SERVICE domain: NT AUTHORITY
PID: 1784 name: C:WINDOWSExplorer.EXE owner: user domain: EMACHINE-A25C25
PID: 1924 name: C:Program FilesLavasoftAd-AwareAd-Aware.exe owner: user domain: EMACHINE-A25C25
PID: 2008 name: C:WINDOWSsystem32netdde.exe owner: SYSTEM domain: NT AUTHORITY
PID: 232 name: C:WINDOWSsystem32msdtc.exe owner: NETWORK SERVICE domain: NT AUTHORITY
PID: 308 name: C:Program Filesa-squared Freea2service.exe owner: SYSTEM domain: NT AUTHORITY
PID: 336 name: C:WINDOWSSystem32alg.exe owner: LOCAL SERVICE domain: NT AUTHORITY
PID: 440 name: C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe owner: SYSTEM domain: NT AUTHORITY
PID: 472 name: C:WINDOWSMicrosoft.NETFrameworkv2.0.50727aspnet_state.exe owner: NETWORK SERVICE domain: NT AUTHORITY
PID: 508 name: C:Program FilesBonjourmDNSResponder.exe owner: SYSTEM domain: NT AUTHORITY
PID: 532 name: C:WINDOWSsystem32cisvc.exe owner: SYSTEM domain: NT AUTHORITY
PID: 544 name: C:WINDOWSsystem32clipsrv.exe owner: SYSTEM domain: NT AUTHORITY
PID: 676 name: C:WINDOWSsystem32dllhost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1056 name: C:WINDOWSSystem32svchost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1168 name: C:Program FilesCommon FilesInstallShieldDriver1050Intel 32IDriverT.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1328 name: C:Program FilesiPodbiniPodService.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1376 name: C:Program FilesJavajre6binjqs.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1296 name: C:Program FilesMicrosoft OfficeOffice12GrooveAuditService.exe owner: LOCAL SERVICE domain: NT AUTHORITY
PID: 1752 name: C:WINDOWSsystem32msiexec.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1808 name: C:WINDOWSsystem32nvsvc32.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1232 name: C:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE owner: SYSTEM domain: NT AUTHORITY
PID: 1832 name: C:WINDOWSsystem32sessmgr.exe owner: SYSTEM domain: NT AUTHORITY
PID: 2160 name: C:WINDOWSsystem32locator.exe owner: NETWORK SERVICE domain: NT AUTHORITY
PID: 2196 name: C:WINDOWSsystem32rsvp.exe owner: SYSTEM domain: NT AUTHORITY
PID: 2248 name: C:WINDOWSsystem32svchost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 2280 name: C:WINDOWSsystem32dllhost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 2460 name: C:WINDOWSsystem32tlntsvr.exe owner: SYSTEM domain: NT AUTHORITY
PID: 2532 name: C:WINDOWSSystem32vssvc.exe owner: SYSTEM domain: NT AUTHORITY
PID: 2744 name: C:WINDOWSsystem32wbemwmiapsrv.exe owner: SYSTEM domain: NT AUTHORITY
PID: 2800 name: C:Program FilesWindows Media PlayerWMPNetwk.exe owner: NETWORK SERVICE domain: NT AUTHORITY
PID: 2840 name: C:WINDOWSSystem32dmadmin.exe owner: SYSTEM domain: NT AUTHORITY
PID: 3100 name: C:WINDOWSsystem32wscntfy.exe owner: user domain: EMACHINE-A25C25
PID: 3236 name: C:WINDOWSsystem32wbemunsecapp.exe owner: SYSTEM domain: NT AUTHORITY
PID: 3336 name: C:WINDOWSsystem32wbemwmiprvse.exe owner: SYSTEM domain: NT AUTHORITY
PID: 4036 name: C:Program FilesLavasoftAd-AwareAAWTray.exe owner: user domain: EMACHINE-A25C25

Startup items:
Name: PostBootReminder
imagepath: {7849596a-48ea-486e-8937-a2a3009f31a9}
Name: CDBurn
imagepath: {fbeb8a05-beee-4442-804e-409d6c4515e9}
Name: WebCheck
imagepath: {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
Name: SysTray
imagepath: {35CEC8A3-2BE6-11D2-8773-92E220524153}
Name: WPDShServiceObj
imagepath: {AAA288BA-9A4C-45B0-95D7-94D524869DB5}
Name: {438755C2-A8BA-11D1-B96B-00A0C90312E1}
imagepath: Browseui preloader
Name: {8C7461EF-2B13-11d2-BE35-3078302C2030}
imagepath: Component Categories cache daemon
Name: MSConfig
imagepath: C:WINDOWSPCHealthHelpCtrBinariesMSConfig.exe /auto
Name: NvCplDaemon
imagepath: RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup
Name:
imagepath: C:Documents and SettingsAll UsersStart MenuProgramsStartupdesktop.ini

Bootexecute items:
Name:
imagepath: autocheck autochk *

Running services:
Name: a2free
displayname: a-squared Free Service
Name: Alerter
displayname: Alerter
Name: ALG
displayname: Application Layer Gateway Service
Name: Apple Mobile Device
displayname: Apple Mobile Device
Name: AppMgmt
displayname: Application Management
Name: aspnet_state
displayname: ASP.NET State Service
Name: AudioSrv
displayname: Windows Audio
Name: BITS
displayname: Background Intelligent Transfer Service
Name: Bonjour Service
displayname: Bonjour Service
Name: CiSvc
displayname: Indexing Service
Name: ClipSrv
displayname: ClipBook
Name: COMSysApp
displayname: COM+ System Application
Name: CryptSvc
displayname: Cryptographic Services
Name: DcomLaunch
displayname: DCOM Server Process Launcher
Name: Dhcp
displayname: DHCP Client
Name: dmadmin
displayname: Logical Disk Manager Administrative Service
Name: dmserver
displayname: Logical Disk Manager
Name: Dnscache
displayname: DNS Client
Name: ERSvc
displayname: Error Reporting Service
Name: Eventlog
displayname: Event Log
Name: EventSystem
displayname: COM+ Event System
Name: FastUserSwitchingCompatibility
displayname: Fast User Switching Compatibility
Name: helpsvc
displayname: Help and Support
Name: HidServ
displayname: HID Input Service
Name: HTTPFilter
displayname: HTTP SSL
Name: IDriverT
displayname: InstallDriver Table Manager
Name: iPod Service
displayname: iPod Service
Name: JavaQuickStarterService
displayname: Java Quick Starter
Name: lanmanserver
displayname: Server
Name: lanmanworkstation
displayname: Workstation
Name: Lavasoft Ad-Aware Service
displayname: Lavasoft Ad-Aware Service
Name: LmHosts
displayname: TCP/IP NetBIOS Helper
Name: Messenger
displayname: Messenger
Name: Microsoft Office Groove Audit Service
displayname: Microsoft Office Groove Audit Service
Name: MSDTC
displayname: Distributed Transaction Coordinator
Name: MSIServer
displayname: Windows Installer
Name: NetDDE
displayname: Network DDE
Name: NetDDEdsdm
displayname: Network DDE DSDM
Name: Netman
displayname: Network Connections
Name: Nla
displayname: Network Location Awareness (NLA)
Name: NtLmSsp
displayname: NT LM Security Support Provider
Name: NVSvc
displayname: NVIDIA Display Driver Service
Name: ose
displayname: Office Source Engine
Name: PlugPlay
displayname: Plug and Play
Name: PolicyAgent
displayname: IPSEC Services
Name: ProtectedStorage
displayname: Protected Storage
Name: RasAuto
displayname: Remote Access Auto Connection Manager
Name: RasMan
displayname: Remote Access Connection Manager
Name: RDSessMgr
displayname: Remote Desktop Help Session Manager
Name: RemoteAccess
displayname: Routing and Remote Access
Name: RemoteRegistry
displayname: Remote Registry
Name: RpcLocator
displayname: Remote Procedure Call (RPC) Locator
Name: RpcSs
displayname: Remote Procedure Call (RPC)
Name: RSVP
displayname: QoS RSVP
Name: SamSs
displayname: Security Accounts Manager
Name: SCardSvr
displayname: Smart Card
Name: Schedule
displayname: Task Scheduler
Name: seclogon
displayname: Secondary Logon
Name: SENS
displayname: System Event Notification
Name: SharedAccess
displayname: Windows Firewall/Internet Connection Sharing (ICS)
Name: ShellHWDetection
displayname: Shell Hardware Detection
Name: Spooler
displayname: Print Spooler
Name: srservice
displayname: System Restore Service
Name: SSDPSRV
displayname: SSDP Discovery Service
Name: stisvc
displayname: Windows Image Acquisition (WIA)
Name: SwPrv
displayname: MS Software Shadow Copy Provider
Name: TapiSrv
displayname: Telephony
Name: TermService
displayname: Terminal Services
Name: Themes
displayname: Themes
Name: TlntSvr
displayname: Telnet
Name: TrkWks
displayname: Distributed Link Tracking Client
Name: upnphost
displayname: Universal Plug and Play Device Host
Name: VSS
displayname: Volume Shadow Copy
Name: W32Time
displayname: Windows Time
Name: WebClient
displayname: WebClient
Name: winmgmt
displayname: Windows Management Instrumentation
Name: WmdmPmSN
displayname: Portable Media Serial Number Service
Name: Wmi
displayname: Windows Management Instrumentation Driver Extensions
Name: WmiApSrv
displayname: WMI Performance Adapter
Name: WMPNetworkSvc
displayname: Windows Media Player Network Sharing Service
Name: wscsvc
displayname: Security Center
Name: WudfSvc
displayname: Windows Driver Foundation - User-mode Driver Framework
Name: WZCSVC
displayname: Wireless Zero Configuration
Name: xmlprov
displayname: Network Provisioning Service

GMER 1.0.15.15020 [gmer.exe] - http://www.gmer.net
Rootkit quick scan 2010-04-17 12:35:03
Windows 5.1.2600 Service Pack 2


---- Devices - GMER 1.0.15 ----

AttachedDevice DriverTcpip DeviceIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice DriverTcpip DeviceRawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice DriverTcpip DeviceRawIp Lbd.sys (Boot Driver/Lavasoft AB)
AttachedDevice DriverTcpip DeviceTcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice DriverTcpip DeviceTcp Lbd.sys (Boot Driver/Lavasoft AB)
AttachedDevice DriverTcpip DeviceUdp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice DriverTcpip DeviceUdp Lbd.sys (Boot Driver/Lavasoft AB)
AttachedDevice FileSystemNtfs Ntfs AVGIDSFilter.sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )

---- EOF - GMER 1.0.15 ----

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 4001

Windows 5.1.2600 Service Pack 2 (Safe Mode)
Internet Explorer 7.0.5730.11

4/17/2010 9:05:53 AM
mbam-log-2010-04-17 (09-05-53).txt

Scan type: Full scan (C:|)
Objects scanned: 229926
Time elapsed: 1 hour(s), 46 minute(s), 50 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

One more thing I forgot to mention that PC experiences screen saver changing, the task bar hiding itself and also PC fails to respond inputs from mouse or keyboard, as additional info. Thanks.

Edited by Budapest, 17 April 2010 - 10:10 PM.
Posts merged ~BP

BC AdBot (Login to Remove)

 

#2 mpascal

mpascal

    Math Nerd


  • Members
  • 1,653 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Canada
  • Local time:11:03 PM

Posted 22 April 2010 - 10:39 PM

Hi AngelFarook,

Welcome to Bleeping Computer.

My name is mpascal, and I will be helping you fix your problem.

Before we begin, I would like to make a few things clear so that we can fix your problem as efficiently as possible:
  • Be sure to follow all my instructions carefully! If there is anything you don''t understand, don''t hesitate to ask.
  • Please do not do anything or perform other steps unless I have asked you to do so.
  • Please make sure you post all logs I ask you to, and make sure that the entire log gets posted.
  • Don't attach any logs unless asked. Posting them in the forums will make them easier to analyze.
  • If you are unsure of how to reply, or need help with anything regarding the website, please look here.

As it has been a few days, I'm going to need some fresh logs. Please run the following:

STEP 1 - MBAM

Open Malwarebyte's Anti-Malware.
  • Under the Updates tab, click Check for Updates. Let the updates install (if any).
  • After that, under the Scanner tab, click Perform Quick Scan and then Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

STEP 2 - GMER

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.
-- If you encounter any problems, try running GMER in safe mode.
-- If GMER crashes or keeps resulting in a BSODs, uncheck Devices on the right side before scanning.

STEP 3 - OTL

Open OTL. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Change the Standard Registry and Extra Registry options to Use Safelist.
  • Check the boxes beside LOP Check and Purity Check.
  • In the Custom Scans box, copy and paste the following:
    CODE
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    symmpi.sys
    adp3132.sys
    mv61xx.sys
    nvraid.sys
    /md5stop
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
STEP 4 - Reply

Please reply with the following logs:
  • MBAM Log
  • OTL Log
  • GMER Log

Posted Image

Stay with your topic! Topics that go 4 days without a reply will be closed. PM me to reopen.

Please don't PM asking for support. Post on the forums instead.

My help is free, but if you wish to donate and help continue my fight against malware, click here: Posted Image

#3 AngelFarook

AngelFarook
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:San Diego, CA
  • Local time:08:03 PM

Posted 23 April 2010 - 09:07 PM

Hi mpascal!

Thank you for your help, I followed your instructions as requested and here are the logs:


Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 4028

Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.11

4/23/2010 2:54:37 PM
mbam-log-2010-04-23 (14-54-37).txt

Scan type: Quick scan
Objects scanned: 148151
Time elapsed: 14 minute(s), 21 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


OTL Extras logfile created on: 4/23/2010 6:40:49 PM - Run 1
OTL by OldTimer - Version 3.2.2.0 Folder = C:\Documents and Settings\user\My Documents\My Documents\Set Up Programs
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

894.00 Mb Total Physical Memory | 275.00 Mb Available Physical Memory | 31.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 73.00% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 114.48 Gb Total Space | 26.63 Gb Free Space | 23.26% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: EMACHINE-A25C25
Current User Name: user
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Minimal
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = SafariHTML] -- C:\Program Files\Safari\Safari.exe (Apple Inc.)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\AVG\AVG9\avgam.exe" = C:\Program Files\AVG\AVG9\avgam.exe:*:Enabled:avgam.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgdiagex.exe" = C:\Program Files\AVG\AVG9\avgdiagex.exe:*:Enabled:avgdiagex.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F63ED0B-EDD2-4037-B6AB-1358C624AF48}" = Scan
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java™ 6 Update 16
"{2E8131B2-8DAF-41E2-B954-18FD5DEF0B54}" = BlackBerry Desktop Software 5.0.1
"{338F08AB-C262-42C7-B000-34DE1A475273}" = Ad-Aware Email Scanner for Outlook
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{40A594D0-1490-4979-9382-D2B764F949C6}" = BlackBerry® Media Sync
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{46A5D1D1-8956-497C-92FB-59C44EFA6214}" = Safari
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5F05C28D-DEA9-4AD6-A73A-064175988EAB}" = Search Settings v1.2.3
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{714DAA5E-803F-44A2-8512-64F26E681030}_is1" = Gygan BETA
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{81063354-9060-42B2-A000-1EBE96778AA9}" = iTunes
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84B2CF01-194D-2284-B313-F2E0D78D1033}" = Nero 7 Demo
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A1062847-0846-427A-92A1-BB8251A91E91}" = HP PSC & OfficeJet 4.2
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A4EA3AB4-E78C-4286-96DF-26035507CE55}" = AiO_Scan
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B98BE95C-E76F-4246-B8E6-BEB8EE791D06}" = Roxio Media Manager
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB543BA1-82D4-4B45-96BF-30D0E5ED220A}" = InstallIQ Updater
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Advanced SystemCare 3_is1" = Advanced SystemCare 3
"a-squared Free_is1" = a-squared Free 4.5
"AVG9Uninstall" = AVG 9.0
"BlackBerry_{2E8131B2-8DAF-41E2-B954-18FD5DEF0B54}" = BlackBerry Desktop Software 5.0.1
"CCleaner" = CCleaner (remove only)
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX Setup
"DVD Shrink_is1" = DVD Shrink 3.2
"DVDFab 6_is1" = DVDFab 6.2.1.8 (31/12/2009)
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Free FLV Converter_is1" = Free FLV Converter V 6.7.6
"Free Screen To Video_is1" = Free Screen To Video V 1.2
"Free Video Converter_is1" = Free Video Converter V 2.5
"Free Videos To DVD_is1" = Free Videos To DVD V 3.2.0
"HP Photo & Imaging" = HP Image Zone 4.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InterActual Player" = InterActual Player
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.6)" = Mozilla Firefox (3.6)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"Rhapsody" = Rhapsody
"Vidomi" = Vidomi (remove only)
"VLC media player" = VLC media player 1.0.1
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xvid_is1" = Xvid 1.1.3 final uninstall

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/20/2010 1:06:45 AM | Computer Name = EMACHINE-A25C25 | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.2180, faulting
module xvid.dll, version 0.0.0.0, fault address 0x0001d554.

Error - 4/20/2010 1:11:58 AM | Computer Name = EMACHINE-A25C25 | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.2180, faulting
module xvid.dll, version 0.0.0.0, fault address 0x0001d554.

Error - 4/20/2010 1:12:29 AM | Computer Name = EMACHINE-A25C25 | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.2180, faulting
module xvid.dll, version 0.0.0.0, fault address 0x0001d554.

Error - 4/20/2010 9:32:49 PM | Computer Name = EMACHINE-A25C25 | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.2180, faulting
module unknown, version 0.0.0.0, fault address 0x049c9290.

Error - 4/22/2010 12:07:47 PM | Computer Name = EMACHINE-A25C25 | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.2180, faulting
module unknown, version 0.0.0.0, fault address 0x05089290.

Error - 4/22/2010 3:28:46 PM | Computer Name = EMACHINE-A25C25 | Source = ESENT | ID = 490
Description = svchost (1076) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb"
for read / write access failed with system error 32 (0x00000020): "The process
cannot access the file because it is being used by another process. ". The open
file operation will fail with error -1032 (0xfffffbf8).

Error - 4/22/2010 3:28:46 PM | Computer Name = EMACHINE-A25C25 | Source = ESENT | ID = 470
Description = Catalog Database (1076) Database C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb
is partially attached. Attachment stage: 3. Error: -1032.

Error - 4/22/2010 3:49:46 PM | Computer Name = EMACHINE-A25C25 | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.2180, faulting
module unknown, version 0.0.0.0, fault address 0x044f9290.

Error - 4/22/2010 4:53:55 PM | Computer Name = EMACHINE-A25C25 | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.2180, faulting
module xvid.dll, version 0.0.0.0, fault address 0x0001d554.

Error - 4/22/2010 6:08:11 PM | Computer Name = EMACHINE-A25C25 | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.2180, faulting
module xvid.dll, version 0.0.0.0, fault address 0x0001d554.

[ System Events ]
Error - 4/19/2010 8:47:51 AM | Computer Name = EMACHINE-A25C25 | Source = Service Control Manager | ID = 7001
Description = The Network DDE service depends on the Network DDE DSDM service which
failed to start because of the following error: %%1058

Error - 4/19/2010 8:48:21 AM | Computer Name = EMACHINE-A25C25 | Source = Service Control Manager | ID = 7001
Description = The Telnet service depends on the NT LM Security Support Provider
service which failed to start because of the following error: %%1058

Error - 4/19/2010 8:48:37 AM | Computer Name = EMACHINE-A25C25 | Source = Service Control Manager | ID = 7001
Description = The Telnet service depends on the NT LM Security Support Provider
service which failed to start because of the following error: %%1058

Error - 4/21/2010 7:55:24 AM | Computer Name = EMACHINE-A25C25 | Source = DCOM | ID = 10010
Description = The server {2692A9D5-61DF-46D5-A5A1-A6CCA921D578} did not register
with DCOM within the required timeout.

Error - 4/22/2010 10:38:41 PM | Computer Name = EMACHINE-A25C25 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 4/22/2010 10:40:21 PM | Computer Name = EMACHINE-A25C25 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 4/23/2010 12:57:01 AM | Computer Name = EMACHINE-A25C25 | Source = DCOM | ID = 10010
Description = The server {DC0C2640-1415-4644-875C-6F4D769839BA} did not register
with DCOM within the required timeout.

Error - 4/23/2010 8:41:20 PM | Computer Name = EMACHINE-A25C25 | Source = NETLOGON | ID = 3095
Description = This computer is configured as a member of a workgroup, not as a member
of a domain. The Netlogon service does not need to run in this configuration.

Error - 4/23/2010 8:41:51 PM | Computer Name = EMACHINE-A25C25 | Source = UPS | ID = 2481
Description = The UPS service is not configured correctly.

Error - 4/23/2010 8:42:03 PM | Computer Name = EMACHINE-A25C25 | Source = Service Control Manager | ID = 7023
Description = The Uninterruptible Power Supply service terminated with the following
error: %%2481


< End of report >


OTL logfile created on: 4/23/2010 6:40:49 PM - Run 1
OTL by OldTimer - Version 3.2.2.0 Folder = C:\Documents and Settings\user\My Documents\My Documents\Set Up Programs
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

894.00 Mb Total Physical Memory | 275.00 Mb Available Physical Memory | 31.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 73.00% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 114.48 Gb Total Space | 26.63 Gb Free Space | 23.26% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: EMACHINE-A25C25
Current User Name: user
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Minimal
Quick Scan

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\user\My Documents\My Documents\Set Up Programs\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\a-squared Free\a2service.exe (Emsi Software GmbH)
PRC - C:\Program Files\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgam.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
PRC - C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe ()
PRC - C:\Program Files\Safari\Safari.exe (Apple Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\user\My Documents\My Documents\Set Up Programs\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (a2free) -- C:\Program Files\a-squared Free\a2service.exe (Emsi Software GmbH)
SRV - (avg9wd) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (AVG Security Toolbar Service) -- C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe ()
SRV - (Application Updater) -- C:\Program Files\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)


========== Driver Services (SafeList) ==========

DRV - (AvgTdiX) -- C:\WINDOWS\system32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSErHrxpx) -- C:\WINDOWS\System32\Drivers\AVGIDSxx.sys (AVG Technologies CZ, s.r.o. )
DRV - (AvgRkx86) -- C:\WINDOWS\System32\Drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgLdx86) -- C:\WINDOWS\system32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86) -- C:\WINDOWS\system32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSDriverxpx) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSFilterxpx) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSShimxpx) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys (AVG Technologies CZ, s.r.o. )
DRV - (Lbd) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (nvgts) -- C:\WINDOWS\system32\DRIVERS\nvgts.sys (NVIDIA Corporation)
DRV - (nvnetbus) -- C:\WINDOWS\system32\drivers\nvnetbus.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- C:\WINDOWS\system32\drivers\NVENETFD.sys (NVIDIA Corporation)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\Hdaudbus.sys (Windows ® Server 2003 DDK provider)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKCU\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\SearchSettings.dll (Spigot, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=867034"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: dealio@mybrowserbar.com:4.0.2
FF - prefs.js..extensions.enabledItems: searchsettings@spigot.com:1.2.3
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.1

FF - HKLM\software\mozilla\Firefox\extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/04/23 17:40:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\avg@igeared: C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared [2010/04/16 16:17:46 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/03/06 18:01:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/03/06 18:01:34 | 000,000,000 | ---D | M]

[2010/02/20 14:26:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Mozilla\Extensions
[2010/03/07 13:40:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\jbtm74j7.default\extensions
[2010/03/07 13:40:52 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\jbtm74j7.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/03/06 18:01:41 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\jbtm74j7.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}(2)
[2010/03/18 16:20:59 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2004/08/04 05:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O2 - BHO: (SearchSettings Class) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\SearchSettings.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop WallPaper: C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/02/18 17:13:47 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/04/23 14:35:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\My Documents\Bleeping Computers Reports
[2010/04/20 18:35:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\AVG9
[2010/04/18 03:21:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\KB905474
[2010/04/18 03:06:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2010/04/18 03:04:29 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2010/04/18 03:02:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie7updates
[2010/04/18 00:24:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot_bak
[2010/04/17 18:31:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
[2010/04/17 17:08:43 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\user\Recent
[2010/04/17 14:59:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2010/04/17 11:44:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\My Documents\REPORTS
[2010/04/17 10:44:54 | 000,472,064 | ---- | C] ( ) -- C:\Documents and Settings\user\My Documents\RootRepeal.exe
[2010/04/17 06:33:02 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy
[2010/04/17 01:14:29 | 000,000,000 | -H-D | C] -- C:\$AVG
[2010/04/16 16:19:11 | 000,025,096 | ---- | C] (AVG Technologies CZ, s.r.o. ) -- C:\WINDOWS\System32\drivers\AVGIDSxx.sys
[2010/04/16 16:19:11 | 000,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/04/16 16:19:10 | 000,052,872 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgrkx86.sys
[2010/04/16 16:19:02 | 000,242,896 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/04/16 16:18:54 | 000,216,200 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/04/16 16:18:48 | 000,029,512 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/04/16 16:18:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
[2010/04/16 16:17:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2010/04/16 16:05:41 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2010/04/16 16:03:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/04/16 13:58:25 | 000,064,288 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2010/04/16 13:58:19 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/04/16 13:57:11 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
[2010/04/16 13:56:48 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2010/04/16 13:56:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2010/04/14 19:17:26 | 000,000,000 | ---D | C] -- C:\divx
[2010/04/14 18:39:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DivX
[2010/04/14 16:34:39 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2010/04/11 20:36:35 | 005,505,024 | ---- | C] () -- C:\Documents and Settings\user\ntuser.dat
[2010/04/09 15:33:44 | 000,000,000 | ---D | C] -- C:\Program Files\Vidomi
[2010/04/07 22:40:35 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2010/04/07 22:40:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\FreeApp
[2010/04/03 20:43:44 | 000,000,000 | ---D | C] -- C:\Program Files\W3i
[2010/04/03 20:43:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\W3i
[2010/04/03 20:43:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\W3i, LLC
[2010/03/30 18:58:24 | 000,353,592 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\DivXControlPanelApplet.cpl
[2010/03/26 05:40:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\FreeMoviesToDVD
[2010/03/24 21:04:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\FVZilla
[2010/03/24 21:04:42 | 000,000,000 | ---D | C] -- C:\downloads
[2010/03/21 09:14:49 | 000,000,000 | ---D | C] -- C:\Program Files\DVDFab 6
[2010/03/21 06:48:20 | 000,000,033 | ---- | C] () -- C:\Documents and Settings\user\Application Data\pcouffin.log
[2010/03/21 06:47:46 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\user\Application Data\inst.exe
[2010/03/21 06:47:46 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\user\Application Data\pcouffin.sys
[2010/03/21 06:47:46 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\user\Application Data\pcouffin.cat
[2010/03/21 06:47:46 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\user\Application Data\pcouffin.inf
[2010/03/21 06:47:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\Vso
[2010/03/19 17:18:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\vlc
[2010/03/18 11:43:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2010/03/16 17:00:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/03/13 13:33:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\Real
[2010/03/13 13:30:04 | 000,000,000 | ---D | C] -- C:\Program Files\Rhapsody
[2010/03/13 10:53:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2010/03/12 18:45:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/03/12 18:44:59 | 000,000,000 | ---D | C] -- C:\Program Files\Xvid
[2010/03/10 22:47:40 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2010/03/10 22:47:23 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live SkyDrive
[2010/03/09 15:12:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ PersonSecurityUninstall
[2010/03/09 15:12:16 | 000,000,000 | ---D | C] -- C:\Program Files\ PersonSecurity
[2010/03/08 10:59:18 | 000,094,208 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\dpl100.dll
[2010/03/07 12:46:56 | 000,000,000 | ---D | C] -- C:\Program Files\InterActual
[2010/03/07 09:07:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\FreeScreenToVideo
[2010/03/07 09:07:06 | 000,000,000 | ---D | C] -- C:\Program Files\Free Screen To Video
[2010/03/06 18:01:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood(2)
[2010/03/06 12:26:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\My Documents\Gygan Downloads
[2010/03/06 12:26:23 | 000,000,000 | ---D | C] -- C:\Program Files\Gygan BETA
[2010/03/06 12:26:05 | 002,516,656 | ---- | C] (Gygan Inc ) -- C:\Documents and Settings\user\My Documents\gyganinstall_0_5_1.exe
[2010/03/06 12:20:07 | 000,000,000 | ---D | C] -- C:\Program Files\efs
[2010/03/06 12:17:49 | 000,327,680 | ---- | C] (Viscom Software www.viscomsoft.com) -- C:\WINDOWS\System32\dvdauthor.ocx
[2010/03/06 12:17:49 | 000,233,472 | ---- | C] (Viscom Software www.viscomsoft.com) -- C:\WINDOWS\System32\viscomdvdimg.dll
[2010/03/06 12:17:48 | 000,000,000 | ---D | C] -- C:\Program Files\Videos To DVD
[2010/03/06 12:03:17 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\user\Recent(2)
[2010/03/05 20:53:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Local Settings\Application Data\Move Networks
[2010/03/05 20:53:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\Move Networks
[2010/03/03 22:20:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Hewlett-Packard
[2010/03/03 22:19:02 | 000,000,000 | -H-D | C] -- C:\Config.Msi
[2010/02/28 13:59:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\HandBrake
[2010/02/28 13:59:23 | 000,000,000 | ---D | C] -- C:\Program Files\Handbrake
[2010/02/28 10:33:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\My Documents\San Felipe
[2010/02/26 23:17:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DVD Shrink
[2010/02/26 23:17:54 | 000,000,000 | ---D | C] -- C:\Program Files\DVD Shrink
[2010/02/26 19:24:54 | 000,000,000 | ---D | C] -- C:\Program Files\Orbitdownloader
[2010/02/26 19:24:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\Orbit
[2010/02/25 06:06:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\ArcSoft
[2010/02/24 15:00:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\microsoft
[2010/02/24 15:00:14 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2010/02/24 14:58:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2010/02/23 23:06:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2010/02/23 22:32:18 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2010/02/23 22:31:04 | 000,005,492 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2010/02/22 00:30:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\Search Settings
[2010/02/21 11:52:07 | 000,055,296 | ---- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/21 11:14:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\WinRAR
[2010/02/21 06:47:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\Research In Motion
[2010/02/21 03:11:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Roxio
[2010/02/21 03:05:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\InstallShield
[2010/02/21 03:05:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sonic
[2010/02/21 03:04:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Sonic Shared
[2010/02/21 03:04:02 | 000,000,000 | ---D | C] -- C:\Program Files\Roxio
[2010/02/21 03:04:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Roxio
[2010/02/21 02:56:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
[2010/02/21 02:56:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Roxio Shared
[2010/02/21 02:56:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Research In Motion
[2010/02/21 02:56:09 | 000,000,000 | ---D | C] -- C:\Program Files\Research In Motion
[2010/02/21 02:34:53 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 6.0
[2010/02/21 02:29:26 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
[2010/02/20 20:23:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\DivX
[2010/02/20 18:48:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\Gygan
[2010/02/20 18:48:10 | 000,000,000 | ---D | C] -- C:\Program Files\Xenocode
[2010/02/20 18:48:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Local Settings\Application Data\Xenocode
[2010/02/20 18:29:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Local Settings\Application Data\Graboid_Inc
[2010/02/20 18:29:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Local Settings\Application Data\Graboid
[2010/02/20 18:28:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\MozillaControl
[2010/02/20 18:28:45 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla ActiveX Control v1.7.12
[2010/02/20 18:28:10 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2010/02/20 18:26:42 | 000,000,000 | ---D | C] -- C:\Program Files\Graboid
[2010/02/20 18:23:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DivX Shared
[2010/02/20 18:23:14 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
[2010/02/20 18:09:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\Macromedia
[2010/02/20 17:45:21 | 000,083,904 | ---- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/02/20 17:45:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\FreeVideoConverter
[2010/02/20 17:45:15 | 000,000,000 | ---D | C] -- C:\Program Files\Free Video Converter
[2010/02/20 17:44:23 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/02/20 17:40:06 | 000,000,000 | R-SD | C] -- C:\WINDOWS\assembly
[2010/02/20 17:38:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET
[2010/02/20 17:35:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\My Documents\[email]
[2010/02/20 17:27:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Local Settings\Application Data\Adobe
[2010/02/20 17:27:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\Adobe
[2010/02/20 16:22:48 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/02/20 16:22:44 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/02/20 16:22:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010/02/20 16:21:11 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/02/20 16:09:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2010/02/20 16:02:58 | 000,000,000 | ---D | C] -- C:\Program Files\Search Settings
[2010/02/20 16:02:53 | 000,000,000 | ---D | C] -- C:\Program Files\Application Updater
[2010/02/20 15:38:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\My Documents\ArcSoft
[2010/02/20 15:38:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\My Documents\Apustas NFL
[2010/02/20 15:38:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\My Documents\A R A B I C
[2010/02/20 15:38:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\My Documents\WINDOWS
[2010/02/20 15:38:45 | 000,000,000 | R--D | C] -- C:\Documents and Settings\user\My Documents\Start Menu
[2010/02/20 15:38:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\My Documents\RECON
[2010/02/20 15:38:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\My Documents\PcSetup
[2010/02/20 15:38:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\My Documents\OneNote Notebooks
[2010/02/20 15:38:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\My Documents\NeroVision
[2010/02/20 15:37:49 | 000,000,000 | R--D | C] -- C:\Documents and Settings\user\My Documents\My Videos
[2010/02/20 15:37:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\My Documents\My Recordings
[2010/02/20 15:34:12 | 000,000,000 | R--D | C] -- C:\Documents and Settings\user\My Documents\My Pictures
[2010/02/20 15:30:31 | 000,000,000 | R--D | C] -- C:\Documents and Settings\user\My Documents\My Music
[2010/02/20 15:24:02 | 000,000,000 | R--D | C] -- C:\Documents and Settings\user\My Documents\My Documents
[2010/02/20 15:24:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\My Documents\My Albums
[2010/02/20 15:24:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\My Documents\Graboid
[2010/02/20 15:24:00 | 000,000,000 | R--D | C] -- C:\Documents and Settings\user\My Documents\Favorites
[2010/02/20 15:04:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\My Documents\DVD Burning Xpress
[2010/02/20 15:04:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\My Documents\Downloads
[2010/02/20 15:04:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\My Documents\DoctorWeb
[2010/02/20 15:04:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\My Documents\Desktop
[2010/02/20 15:04:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\My Documents\CyberLink
[2010/02/20 14:43:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\My Documents\Burn DVD's
[2010/02/20 14:43:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\My Documents\a-squared Free
[2010/02/20 14:43:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\My Documents\Ask and Record Toolbar
[2010/02/20 14:40:24 | 000,000,000 | ---D | C] -- C:\Program Files\a-squared Free
[2010/02/20 14:33:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\Malwarebytes
[2010/02/20 14:33:11 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/02/20 14:33:10 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/02/20 14:33:10 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/02/20 14:33:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/02/20 14:28:25 | 000,311,296 | ---- | C] (Koyote Soft - http://www.koyotesoft.com) -- C:\WINDOWS\System32\TubeFinder.exe
[2010/02/20 14:28:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\FreeFLVConverter
[2010/02/20 14:28:23 | 000,000,000 | ---D | C] -- C:\Program Files\Free FLV Converter
[2010/02/20 14:26:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Local Settings\Application Data\Mozilla
[2010/02/20 14:26:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\Mozilla
[2010/02/20 14:26:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\IObit
[2010/02/20 14:26:10 | 000,000,000 | ---D | C] -- C:\Program Files\IObit
[2010/02/20 14:25:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Local Settings\Application Data\Ahead
[2010/02/20 14:23:17 | 000,000,176 | ---- | C] () -- C:\Documents and Settings\user\default.pls
[2010/02/20 14:19:16 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/02/20 13:12:00 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/02/20 13:12:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/02/20 12:56:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Local Settings\Application Data\Apple Computer
[2010/02/20 12:56:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\Apple Computer
[2010/02/19 12:27:36 | 000,720,384 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\DivX.dll
[2010/02/19 12:27:16 | 000,856,064 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\divx_xx0c.dll
[2010/02/19 12:27:16 | 000,856,064 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\divx_xx07.dll
[2010/02/19 12:27:16 | 000,847,872 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\divx_xx0a.dll
[2010/02/19 12:27:16 | 000,843,776 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\divx_xx16.dll
[2010/02/19 12:27:16 | 000,839,680 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\divx_xx11.dll
[2010/02/18 21:09:39 | 000,000,000 | ---D | C] -- C:\FAMILY DOCUMENTS
[2010/02/18 19:38:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2010/02/18 18:52:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Lang
[2010/02/18 18:45:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\RTCOM
[2010/02/18 18:45:20 | 002,808,832 | ---- | C] (RealTek Semicoductor Corp.) -- C:\WINDOWS\ALCWZRD.EXE
[2010/02/18 18:39:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2010/02/18 18:39:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US
[2010/02/18 18:38:23 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie7
[2010/02/18 18:38:09 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
[2010/02/18 18:37:58 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
[2010/02/18 18:37:47 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$
[2010/02/18 18:37:08 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/02/18 18:35:32 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Connect 2
[2010/02/18 18:34:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF
[2010/02/18 18:34:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
[2010/02/18 18:34:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2010/02/18 18:29:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\Ahead
[2010/02/18 18:28:54 | 000,000,000 | ---D | C] -- C:\Program Files\Nero
[2010/02/18 18:28:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Ahead
[2010/02/18 18:24:26 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Works
[2010/02/18 18:24:20 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2010/02/18 18:24:03 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio
[2010/02/18 18:24:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2010/02/18 18:21:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\SHELLNEW
[2010/02/18 18:21:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Local Settings\Application Data\Microsoft Help
[2010/02/18 18:21:04 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2010/02/18 18:21:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help
[2010/02/18 18:20:50 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2010/02/18 18:09:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\My Documents\DVDFab
[2010/02/18 18:08:37 | 000,000,000 | ---D | C] -- C:\Program Files\Safari
[2010/02/18 18:08:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2010/02/18 18:08:27 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/02/18 18:08:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Local Settings\Application Data\Apple
[2010/02/18 18:08:23 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2010/02/18 18:08:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple
[2010/02/18 18:07:39 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2010/02/18 18:07:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\Sun
[2010/02/18 18:07:20 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/02/18 18:05:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2010/02/18 18:05:29 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2010/02/18 18:05:29 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2010/02/18 18:04:07 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2010/02/18 18:01:54 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2010/02/18 18:01:54 | 000,000,000 | ---D | C] -- C:\Program Files\Hewlett-Packard
[2010/02/18 18:01:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2010/02/18 18:01:20 | 000,000,000 | ---D | C] -- C:\SWSetup
[2010/02/18 17:54:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\nview
[2010/02/18 17:50:37 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2010/02/18 17:35:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2010/02/18 17:29:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ReinstallBackups
[2010/02/18 17:26:19 | 009,110,350 | -H-- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\IconCache.db
[2010/02/18 17:18:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\Identities
[2010/02/18 17:18:27 | 000,000,000 | -H-D | C] -- C:\Program Files\Uninstall Information
[2010/02/18 17:18:24 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\user\ntuser.dat.LOG
[2010/02/18 17:18:24 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\user\ntuser.ini
[2010/02/18 17:18:24 | 000,000,062 | -HS- | C] () -- C:\Documents and Settings\user\Application Data\desktop.ini
[2010/02/18 17:18:23 | 000,000,000 | --SD | C] -- C:\Documents and Settings\user\Application Data\Microsoft
[2010/02/18 17:18:23 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\user\SendTo
[2010/02/18 17:18:23 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\user\Application Data
[2010/02/18 17:18:23 | 000,000,000 | R--D | C] -- C:\Documents and Settings\user\Start Menu
[2010/02/18 17:18:23 | 000,000,000 | R--D | C] -- C:\Documents and Settings\user\My Documents
[2010/02/18 17:18:23 | 000,000,000 | R--D | C] -- C:\Documents and Settings\user\Favorites
[2010/02/18 17:18:23 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\user\Cookies
[2010/02/18 17:18:23 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\user\Templates
[2010/02/18 17:18:23 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\user\PrintHood
[2010/02/18 17:18:23 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\user\NetHood
[2010/02/18 17:18:23 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\user\Local Settings
[2010/02/18 17:18:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Local Settings\Application Data\Microsoft
[2010/02/18 17:18:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Desktop
[2010/02/18 17:17:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution
[2010/02/18 17:17:46 | 000,000,000 | --SD | C] -- C:\WINDOWS\System32\Microsoft
[2010/02/18 17:17:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2010/02/18 17:17:45 | 000,000,000 | --SD | C] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2010/02/18 17:17:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2010/02/18 17:16:57 | 000,000,000 | --SD | C] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2010/02/18 17:16:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010/02/18 17:15:38 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2010/02/18 17:15:38 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2010/02/18 17:15:38 | 000,026,624 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw330ext.dll
[2010/02/18 17:14:35 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2010/02/18 17:14:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\xircom
[2010/02/18 17:14:04 | 000,000,000 | ---D | C] -- C:\Program Files\xerox
[2010/02/18 17:14:04 | 000,000,000 | ---D | C] -- C:\Program Files\microsoft frontpage
[2010/02/18 17:12:48 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\DRM
[2010/02/18 17:12:38 | 000,000,000 | --SD | C] -- C:\WINDOWS\Downloaded Program Files
[2010/02/18 17:12:38 | 000,000,000 | R--D | C] -- C:\WINDOWS\Offline Web Pages
[2010/02/18 17:12:28 | 000,000,000 | -H-D | C] -- C:\Program Files\WindowsUpdate
[2010/02/18 17:12:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DirectX
[2010/02/18 17:11:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Services
[2010/02/18 17:11:32 | 000,000,000 | --SD | C] -- C:\WINDOWS\Tasks
[2010/02/18 17:11:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MSSoap
[2010/02/18 17:11:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\srchasst
[2010/02/18 17:11:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Macromed
[2010/02/18 17:11:19 | 000,000,000 | ---D | C] -- C:\Program Files\Movie Maker
[2010/02/18 17:11:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Restore
[2010/02/18 17:11:07 | 000,000,000 | ---D | C] -- C:\Program Files\NetMeeting
[2010/02/18 17:11:04 | 000,000,000 | ---D | C] -- C:\Program Files\Outlook Express
[2010/02/18 17:10:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\System
[2010/02/18 17:10:56 | 000,000,000 | ---D | C] -- C:\Program Files\Internet Explorer
[2010/02/18 17:10:55 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Pictures
[2010/02/18 17:10:24 | 000,000,000 | ---D | C] -- C:\Program Files\ComPlus Applications
[2010/02/18 17:10:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\Registration
[2010/02/18 17:10:10 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Music
[2010/02/18 17:10:10 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Player
[2010/02/18 17:10:10 | 000,000,000 | ---D | C] -- C:\Program Files\Online Services
[2010/02/18 17:10:04 | 000,000,000 | ---D | C] -- C:\Program Files\Messenger
[2010/02/18 17:10:00 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Gaming Zone
[2010/02/18 17:09:23 | 000,000,000 | ---D | C] -- C:\Program Files\MSN
[2010/02/18 17:09:22 | 000,281,088 | ---- | C] (Cinematronics) -- C:\WINDOWS\System32\dllcache\pinball.exe
[2010/02/18 17:09:21 | 000,000,000 | ---D | C] -- C:\Program Files\Windows NT
[2010/02/18 17:09:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MsDtc
[2010/02/18 17:09:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Com
[2010/02/18 17:09:03 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
[2010/02/18 09:02:09 | 000,000,000 | -HSD | C] -- C:\WINDOWS\Installer
[2010/02/18 09:02:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ODBC
[2010/02/18 09:02:05 | 000,000,000 | R--D | C] -- C:\Program Files
[2010/02/18 09:02:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SpeechEngines
[2010/02/18 09:02:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Microsoft Shared
[2010/02/18 09:02:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files
[2010/02/18 09:01:39 | 000,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2010/02/18 09:01:39 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu
[2010/02/18 09:01:39 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents
[2010/02/18 09:01:39 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Templates
[2010/02/18 09:01:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Favorites
[2010/02/18 09:01:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Desktop
[2010/02/18 09:01:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot2
[2010/02/18 09:01:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot
[2010/02/18 09:01:21 | 000,000,000 | --SD | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2010/02/18 09:01:21 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\All Users\Application Data
[2010/02/18 09:00:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings
[2010/02/18 09:00:58 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2010/02/18 08:54:19 | 000,000,000 | R-SD | C] -- C:\WINDOWS\Fonts
[2010/02/18 08:54:19 | 000,000,000 | RHSD | C] -- C:\WINDOWS\System32\dllcache
[2010/02/18 08:54:19 | 000,000,000 | R--D | C] -- C:\WINDOWS\Web
[2010/02/18 08:54:19 | 000,000,000 | -H-D | C] -- C:\WINDOWS\inf
[2010/02/18 08:54:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\WinSxS
[2010/02/18 08:54:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wins
[2010/02/18 08:54:19 | 000,000,000 | ---D | C] -- C:\WINDOWS
[2010/02/18 08:54:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wbem
[2010/02/18 08:54:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\usmt
[2010/02/18 08:54:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\twain_32
[2010/02/18 08:54:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\Temp
[2010/02/18 08:54:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\system32
[2010/02/18 08:54:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\system
[2010/02/18 08:54:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\spool
[2010/02/18 08:54:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ShellExt
[2010/02/18 08:54:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Setup
[2010/02/18 08:54:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\security
[2010/02/18 08:54:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\Resources
[2010/02/18 08:54:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\repair
[2010/02/18 08:54:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ras
[2010/02/18 08:54:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\Provisioning
[2010/02/18 08:54:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\PeerNet
[2010/02/18 08:54:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\pchealth
[2010/02/18 08:54:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\oobe
[2010/02/18 08:54:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\npp
[2010/02/18 08:54:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\mui
[2010/02/18 08:54:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\mui
[2010/02/18 08:54:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\msapps
[2010/02/18 08:54:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\msagent
[2010/02/18 08:54:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\Media
[2010/02/18 08:54:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\java
[2010/02/18 08:54:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\inetsrv
[2010/02/18 08:54:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\IME
[2010/02/18 08:54:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\ime
[2010/02/18 08:54:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\icsxml
[2010/02/18 08:54:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ias
[2010/02/18 08:54:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\Help
[2010/02/18 08:54:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\export
[2010/02/18 08:54:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\etc
[2010/02/18 08:54:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\ehome
[2010/02/18 08:54:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers
[2010/02/18 08:54:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\Driver Cache
[2010/02/18 08:54:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\disdn
[2010/02/18 08:54:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\dhcp
[2010/02/18 08:54:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\Debug
[2010/02/18 08:54:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\Cursors
[2010/02/18 08:54:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\Connection Wizard
[2010/02/18 08:54:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\config
[2010/02/18 08:54:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\Config
[2010/02/18 08:54:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\AppPatch
[2010/02/18 08:54:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\addins
[2010/02/18 08:54:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3com_dmi
[2010/02/18 08:54:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3076
[2010/02/18 08:54:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\2052
[2010/02/18 08:54:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1054
[2010/02/18 08:54:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1042
[2010/02/18 08:54:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1041
[2010/02/18 08:54:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1037
[2010/02/18 08:54:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1033
[2010/02/18 08:54:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1031
[2010/02/18 08:54:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1028
[2010/02/18 08:54:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1025
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/04/23 17:46:02 | 000,434,042 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/04/23 17:46:02 | 000,366,704 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/04/23 17:46:02 | 000,059,660 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/04/23 17:45:42 | 000,002,187 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Safari.lnk
[2010/04/23 17:44:23 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2010/04/23 17:42:56 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/04/23 17:40:58 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/04/23 17:40:44 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/04/23 17:40:39 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/04/23 17:40:08 | 005,505,024 | ---- | M] () -- C:\Documents and Settings\user\ntuser.dat
[2010/04/23 17:38:16 | 009,110,350 | -H-- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\IconCache.db
[2010/04/23 17:35:03 | 059,223,774 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/04/22 23:50:30 | 000,000,176 | ---- | M] () -- C:\Documents and Settings\user\default.pls
[2010/04/22 23:49:19 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/04/22 22:45:20 | 000,055,296 | ---- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/22 19:36:38 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/04/22 12:44:28 | 000,000,740 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/04/22 12:41:23 | 4010,289,152 | ---- | M] () -- C:\Documents and Settings\user\My Documents\Top Secret!.VOB
[2010/04/22 10:56:25 | 244,273,152 | ---- | M] () -- C:\Documents and Settings\user\My Documents\[Boxing] Edwin Rosario vs. Julio Cesar Chavez_871121.avi
[2010/04/22 10:25:06 | 566,514,046 | ---- | M] () -- C:\Documents and Settings\user\My Documents\Julio Cesar Chavez vs Greg Haugen.avi
[2010/04/22 09:06:56 | 416,148,380 | ---- | M] () -- C:\Documents and Settings\user\My Documents\Wilfredo Gomez Vs Salvador Sanchez.avi
[2010/04/22 04:54:35 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/04/22 04:54:35 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2010/04/20 09:27:35 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/04/19 03:16:05 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\user\ntuser.ini
[2010/04/18 03:46:38 | 000,310,784 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/04/18 03:29:41 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/04/18 03:18:26 | 000,329,353 | ---- | M] () -- C:\WINDOWS\iis6.BAK
[2010/04/16 16:19:19 | 000,001,507 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 9.0.lnk
[2010/04/16 16:19:17 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/04/16 16:19:11 | 000,025,096 | ---- | M] (AVG Technologies CZ, s.r.o. ) -- C:\WINDOWS\System32\drivers\AVGIDSxx.sys
[2010/04/16 16:19:10 | 000,052,872 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgrkx86.sys
[2010/04/16 16:18:56 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/04/16 16:18:54 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/04/16 16:18:48 | 000,113,461 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2010/04/16 13:58:19 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/04/16 13:58:18 | 000,015,880 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe
[2010/04/16 13:57:10 | 000,000,867 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2010/04/15 22:14:37 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/04/14 19:00:52 | 000,000,256 | ---- | M] () -- C:\WINDOWS\System32\pool.bin
[2010/04/14 18:40:34 | 000,000,817 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DivX Plus Converter.lnk
[2010/04/12 10:34:14 | 000,183,959 | ---- | M] () -- C:\Documents and Settings\user\My Documents\blank.webarchive
[2010/04/12 09:33:55 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/04/10 12:27:29 | 005,401,088 | ---- | M] () -- C:\Documents and Settings\user\My Documents\TERREMOTO_7.2_Mexicali_4_Abril_2010.pps.ppt
[2010/04/10 10:31:15 | 000,016,800 | ---- | M] () -- C:\Documents and Settings\user\My Documents\Fax cobert.docx
[2010/04/10 09:53:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/04/09 20:30:32 | 000,000,050 | ---- | M] () -- C:\WINDOWS\MegaManager.INI
[2010/04/09 20:28:50 | 000,087,608 | ---- | M] () -- C:\Documents and Settings\user\Application Data\inst.exe
[2010/04/09 20:28:50 | 000,047,360 | ---- | M] (VSO Software) -- C:\Documents and Settings\user\Application Data\pcouffin.sys
[2010/04/09 20:28:50 | 000,007,887 | ---- | M] () -- C:\Documents and Settings\user\Application Data\pcouffin.cat
[2010/04/09 20:28:50 | 000,001,144 | ---- | M] () -- C:\Documents and Settings\user\Application Data\pcouffin.inf
[2010/04/09 18:42:50 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Free FLV Converter.lnk
[2010/04/09 15:33:45 | 000,000,646 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Vidomi.lnk
[2010/04/08 20:52:46 | 000,311,296 | ---- | M] (Koyote Soft - http://www.koyotesoft.com) -- C:\WINDOWS\System32\TubeFinder.exe
[2010/04/05 16:25:10 | 000,001,498 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Calculator.lnk
[2010/04/02 17:50:30 | 000,001,013 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Shortcut to VirtualDub.lnk
[2010/03/30 18:58:24 | 000,353,592 | ---- | M] (DivX, Inc.) -- C:\WINDOWS\System32\DivXControlPanelApplet.cpl
[2010/03/30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/03/30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/03/26 05:40:08 | 000,000,732 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Free Videos To DVD.lnk
[2010/03/22 21:57:27 | 000,000,440 | ---- | M] () -- C:\WINDOWS\cdplayer.ini
[2010/03/22 10:22:05 | 000,000,151 | ---- | M] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2010/03/21 09:15:00 | 000,000,618 | ---- | M] () -- C:\Documents and Settings\user\Desktop\DVDFab 6.lnk
[2010/03/20 18:03:29 | 000,010,124 | ---- | M] () -- C:\Documents and Settings\user\My Documents\Stagevu.docx
[2010/03/20 07:48:27 | 000,011,148 | ---- | M] () -- C:\Documents and Settings\user\My Documents\ANNA RECON.docx
[2010/03/19 18:26:58 | 000,002,191 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Nero WaveEditor.lnk
[2010/03/18 16:15:22 | 000,000,621 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Gygan.lnk
[2010/03/13 13:35:15 | 000,000,630 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Rhapsody.lnk
[2010/03/13 03:51:26 | 000,001,208 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Shortcut to PhotoBase.lnk
[2010/03/12 18:45:28 | 000,000,000 | ---- | M] () -- C:\WINDOWS\AoADVDRipper.INI
[2010/03/09 19:33:26 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/03/08 21:35:44 | 000,103,535 | ---- | M] () -- C:\WINDOWS\hpoins04.dat
[2010/03/08 10:59:18 | 000,094,208 | ---- | M] (DivX, Inc.) -- C:\WINDOWS\System32\dpl100.dll
[2010/03/07 12:48:38 | 000,000,000 | ---- | M] () -- C:\WINDOWS\iPlayer.INI
[2010/03/07 12:35:44 | 000,000,670 | ---- | M] () -- C:\Documents and Settings\user\Desktop\DVD Shrink 3.2.lnk
[2010/03/07 09:07:09 | 000,000,801 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Free Screen To Video.lnk
[2010/03/06 12:26:06 | 002,516,656 | ---- | M] (Gygan Inc ) -- C:\Documents and Settings\user\My Documents\gyganinstall_0_5_1.exe
[2010/03/06 12:20:10 | 000,000,629 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Effective File Search.lnk
[2010/03/05 20:53:05 | 001,794,896 | ---- | M] () -- C:\Documents and Settings\user\My Documents\MoveMediaPlayerWin_071706000001.exe
[2010/03/03 22:20:49 | 000,103,509 | ---- | M] () -- C:\WINDOWS\hpoins04.dat.temp
[2010/03/03 21:34:10 | 000,029,280 | ---- | M] () -- C:\WINDOWS\hpoins03.dat
[2010/02/23 23:06:40 | 000,000,035 | ---- | M] () -- C:\WINDOWS\hpoins03.dat.temp
[2010/02/23 22:05:47 | 000,018,638 | ---- | M] () -- C:\Documents and Settings\user\My Documents\journal #2.docx
[2010/02/23 22:05:47 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\user\My Documents\~$urnal #2.docx
[2010/02/23 21:31:57 | 000,013,346 | ---- | M] () -- C:\Documents and Settings\user\My Documents\The Bluefish.docx
[2010/02/23 21:31:57 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\user\My Documents\~$e Bluefish.docx
[2010/02/21 07:11:00 | 000,066,704 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/02/21 06:49:06 | 000,083,904 | ---- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/02/21 02:58:41 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\Msft_User_WpdMtpDr_01_00_00.Wdf
[2010/02/20 17:45:17 | 000,000,816 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Free Video Converter.lnk
[2010/02/20 17:32:39 | 000,000,851 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Shortcut to ATF-Cleaner.lnk
[2010/02/20 14:40:40 | 000,000,648 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\a-squared Free.lnk
[2010/02/20 14:26:24 | 000,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2010/02/20 14:26:14 | 000,000,874 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Advanced SystemCare.lnk
[2010/02/19 12:27:36 | 000,720,384 | ---- | M] (DivX, Inc.) -- C:\WINDOWS\System32\DivX.dll
[2010/02/19 12:27:16 | 000,856,064 | ---- | M] (DivX, Inc.) -- C:\WINDOWS\System32\divx_xx0c.dll
[2010/02/19 12:27:16 | 000,856,064 | ---- | M] (DivX, Inc.) -- C:\WINDOWS\System32\divx_xx07.dll
[2010/02/19 12:27:16 | 000,847,872 | ---- | M] (DivX, Inc.) -- C:\WINDOWS\System32\divx_xx0a.dll
[2010/02/19 12:27:16 | 000,843,776 | ---- | M] (DivX, Inc.) -- C:\WINDOWS\System32\divx_xx16.dll
[2010/02/19 12:27:16 | 000,839,680 | ---- | M] (DivX, Inc.) -- C:\WINDOWS\System32\divx_xx11.dll
[2010/02/18 18:52:19 | 000,940,794 | ---- | M] () -- C:\WINDOWS\System32\LoopyMusic.wav
[2010/02/18 18:52:19 | 000,146,650 | ---- | M] () -- C:\WINDOWS\System32\BuzzingBee.wav
[2010/02/18 18:35:40 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/02/18 18:35:40 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/02/18 18:34:51 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2010/02/18 18:29:49 | 000,002,319 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Nero StartSmart.lnk
[2010/02/18 18:07:21 | 000,001,548 | ---- | M] () -- C:\Documents and Settings\user\Desktop\CCleaner.lnk
[2010/02/18 17:55:44 | 000,004,299 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2010/02/18 17:17:00 | 000,008,192 | ---- | M] () -- C:\WINDOWS\REGLOCS.OLD
[2010/02/18 17:16:16 | 000,000,261 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2010/02/18 17:13:47 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/02/18 17:13:47 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/02/18 17:13:47 | 000,000,000 | ---- | M] () -- C:\WINDOWS\control.ini
[2010/02/18 17:13:47 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/02/18 17:13:47 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/02/18 17:13:38 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2010/02/18 17:13:28 | 000,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2010/02/18 17:12:38 | 000,000,488 | RH-- | M] () -- C:\WINDOWS\System32\WindowsLogon.manifest
[2010/02/18 17:12:38 | 000,000,488 | RH-- | M] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2010/02/18 17:12:33 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2010/02/18 17:12:33 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\WindowsShell.Manifest
[2010/02/18 17:12:33 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2010/02/18 17:12:33 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2010/02/18 17:12:33 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2010/02/18 17:12:33 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\cdplayer.exe.manifest
[2010/02/18 17:10:34 | 000,021,640 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/02/18 17:10:22 | 000,000,037 | ---- | M] () -- C:\WINDOWS\vbaddin.ini
[2010/02/18 17:10:22 | 000,000,036 | ---- | M] () -- C:\WINDOWS\vb.ini
[2010/02/04 08:53:02 | 000,064,288 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/04/22 12:31:02 | 4010,289,152 | ---- | C] () -- C:\Documents and Settings\user\My Documents\Top Secret!.VOB
[2010/04/22 10:49:05 | 244,273,152 | ---- | C] () -- C:\Documents and Settings\user\My Documents\[Boxing] Edwin Rosario vs. Julio Cesar Chavez_871121.avi
[2010/04/22 10:06:08 | 566,514,046 | ---- | C] () -- C:\Documents and Settings\user\My Documents\Julio Cesar Chavez vs Greg Haugen.avi
[2010/04/22 08:56:21 | 416,148,380 | ---- | C] () -- C:\Documents and Settings\user\My Documents\Wilfredo Gomez Vs Salvador Sanchez.avi
[2010/04/18 03:21:07 | 000,000,260 | ---- | C] () -- C:\WINDOWS\tasks\WGASetup.job
[2010/04/17 18:31:30 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2010/04/17 18:31:29 | 000,329,353 | ---- | C] () -- C:\WINDOWS\iis6.BAK
[2010/04/17 11:05:32 | 000,287,744 | ---- | C] () -- C:\Documents and Settings\user\My Documents\gmer.exe
[2010/04/16 21:12:24 | 000,015,880 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2010/04/16 16:19:19 | 000,001,507 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 9.0.lnk
[2010/04/16 16:18:42 | 000,113,461 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2010/04/16 16:18:12 | 059,223,774 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/04/16 13:59:32 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/04/16 13:57:10 | 000,000,867 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2010/04/14 18:40:34 | 000,000,817 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DivX Plus Converter.lnk
[2010/04/12 10:34:14 | 000,183,959 | ---- | C] () -- C:\Documents and Settings\user\My Documents\blank.webarchive
[2010/04/12 08:07:04 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/04/10 12:27:29 | 005,401,088 | ---- | C] () -- C:\Documents and Settings\user\My Documents\TERREMOTO_7.2_Mexicali_4_Abril_2010.pps.ppt
[2010/04/10 10:31:15 | 000,016,800 | ---- | C] () -- C:\Documents and Settings\user\My Documents\Fax cobert.docx
[2010/04/09 15:33:45 | 000,000,646 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Vidomi.lnk
[2010/04/05 16:25:10 | 000,001,498 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Calculator.lnk
[2010/04/03 18:36:42 | 000,000,050 | ---- | C] () -- C:\WINDOWS\MegaManager.INI
[2010/04/02 17:50:30 | 000,001,013 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Shortcut to VirtualDub.lnk
[2010/04/01 06:08:21 | 000,002,187 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Safari.lnk
[2010/03/22 21:57:27 | 000,000,440 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2010/03/21 09:15:00 | 000,000,618 | ---- | C] () -- C:\Documents and Settings\user\Desktop\DVDFab 6.lnk
[2010/03/21 09:11:35 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/03/21 09:11:34 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010/03/20 18:03:27 | 000,010,124 | ---- | C] () -- C:\Documents and Settings\user\My Documents\Stagevu.docx
[2010/03/19 18:26:58 | 000,002,191 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Nero WaveEditor.lnk
[2010/03/13 13:30:43 | 000,000,630 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Rhapsody.lnk
[2010/03/13 03:51:26 | 000,001,208 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Shortcut to PhotoBase.lnk
[2010/03/12 18:45:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\AoADVDRipper.INI
[2010/03/08 21:29:31 | 000,103,509 | ---- | C] () -- C:\WINDOWS\hpoins04.dat.temp
[2010/03/08 21:29:31 | 000,017,176 | ---- | C] () -- C:\WINDOWS\hpomdl04.dat.temp
[2010/03/07 12:48:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2010/03/07 12:35:44 | 000,000,670 | ---- | C] () -- C:\Documents and Settings\user\Desktop\DVD Shrink 3.2.lnk
[2010/03/07 09:07:09 | 000,000,801 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Free Screen To Video.lnk
[2010/03/06 12:20:10 | 000,000,629 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Effective File Search.lnk
[2010/03/06 12:17:51 | 000,000,732 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Free Videos To DVD.lnk
[2010/03/06 12:17:49 | 000,000,401 | ---- | C] () -- C:\WINDOWS\System32\dvdauthor.lic
[2010/03/05 20:53:05 | 001,794,896 | ---- | C] () -- C:\Documents and Settings\user\My Documents\MoveMediaPlayerWin_071706000001.exe
[2010/03/03 22:18:32 | 000,103,535 | ---- | C] () -- C:\WINDOWS\hpoins04.dat
[2010/03/03 22:18:32 | 000,017,176 | ---- | C] () -- C:\WINDOWS\hpomdl04.dat
[2010/03/03 21:24:00 | 000,038,868 | ---- | C] () -- C:\WINDOWS\hpomdl03.dat
[2010/03/03 21:24:00 | 000,029,280 | ---- | C] () -- C:\WINDOWS\hpoins03.dat
[2010/02/28 10:24:00 | 000,011,148 | ---- | C] () -- C:\Documents and Settings\user\My Documents\ANNA RECON.docx
[2010/02/23 23:06:15 | 000,038,868 | ---- | C] () -- C:\WINDOWS\hpomdl03.dat.temp
[2010/02/23 23:06:15 | 000,000,035 | ---- | C] () -- C:\WINDOWS\hpoins03.dat.temp
[2010/02/23 22:05:47 | 000,018,638 | ---- | C] () -- C:\Documents and Settings\user\My Documents\journal #2.docx
[2010/02/23 22:05:47 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\user\My Documents\~$urnal #2.docx
[2010/02/23 21:31:57 | 000,013,346 | ---- | C] () -- C:\Documents and Settings\user\My Documents\The Bluefish.docx
[2010/02/23 21:31:57 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\user\My Documents\~$e Bluefish.docx
[2010/02/21 02:58:41 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\Msft_User_WpdMtpDr_01_00_00.Wdf
[2010/02/21 02:57:41 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\pool.bin
[2010/02/20 18:48:09 | 000,000,621 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Gygan.lnk
[2010/02/20 18:04:07 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2010/02/20 17:45:17 | 000,000,816 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Free Video Converter.lnk
[2010/02/20 17:45:16 | 000,290,816 | ---- | C] () -- C:\WINDOWS\System32\decdll.dll
[2010/02/20 17:32:39 | 000,000,851 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Shortcut to ATF-Cleaner.lnk
[2010/02/20 16:25:46 | 000,002,137 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/02/20 15:44:30 | 000,066,704 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/02/20 14:40:40 | 000,000,648 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\a-squared Free.lnk
[2010/02/20 14:33:14 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/02/20 14:28:26 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Free FLV Converter.lnk
[2010/02/20 14:28:23 | 000,364,544 | ---- | C] () -- C:\WINDOWS\System32\PropertyGrid.ocx
[2010/02/20 14:28:23 | 000,208,500 | ---- | C] () -- C:\WINDOWS\System32\ReyXpBasics.tlb
[2010/02/20 14:28:23 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\ControlSubX.ocx
[2010/02/20 14:26:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/02/20 14:26:14 | 000,000,874 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Advanced SystemCare.lnk
[2010/02/20 14:23:09 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010/02/18 22:23:45 | 000,136,797 | ---- | C] () -- C:\WINDOWS\System32\nvapps.nvb
[2010/02/18 22:23:34 | 000,017,525 | ---- | C] () -- C:\WINDOWS\System32\nvdisp.nvu
[2010/02/18 22:23:13 | 000,009,417 | ---- | C] () -- C:\WINDOWS\System32\nvide.nvu
[2010/02/18 22:22:56 | 000,003,948 | ---- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin
[2010/02/18 22:22:55 | 000,005,836 | ---- | C] () -- C:\WINDOWS\System32\nvnrm.nvu
[2010/02/18 22:20:45 | 001,626,112 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2010/02/18 22:20:45 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2010/02/18 22:20:44 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2010/02/18 22:20:44 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2010/02/18 22:20:44 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\nvtuicpl.cpl
[2010/02/18 22:20:42 | 001,482,752 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2010/02/18 22:20:42 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2010/02/18 22:20:40 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2010/02/18 22:20:39 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2010/02/18 18:52:19 | 000,940,794 | ---- | C] () -- C:\WINDOWS\System32\LoopyMusic.wav
[2010/02/18 18:52:19 | 000,146,650 | ---- | C] () -- C:\WINDOWS\System32\BuzzingBee.wav
[2010/02/18 18:34:51 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2010/02/18 18:29:49 | 000,002,319 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Nero StartSmart.lnk
[2010/02/18 18:08:24 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/02/18 18:07:21 | 000,001,548 | ---- | C] () -- C:\Documents and Settings\user\Desktop\CCleaner.lnk
[2010/02/18 17:55:44 | 000,004,299 | ---- | C] () -- C:\WINDOWS\System32\NvApps.xml
[2010/02/18 17:53:51 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2010/02/18 17:24:14 | 000,002,016 | ---- | C] () -- C:\WINDOWS\System32\nvsmb.nvu
[2010/02/18 17:17:00 | 000,008,192 | ---- | C] () -- C:\WINDOWS\REGLOCS.OLD
[2010/02/18 17:16:16 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/02/18 17:16:05 | 000,028,288 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xjis.nls
[2010/02/18 17:15:33 | 000,083,748 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prcp.nls
[2010/02/18 17:15:33 | 000,083,748 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prc.nls
[2010/02/18 17:15:31 | 000,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll
[2010/02/18 17:15:14 | 000,047,066 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ksc.nls
[2010/02/18 17:15:13 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2010/02/18 17:15:06 | 000,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2010/02/18 17:15:04 | 000,196,665 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe
[2010/02/18 17:15:02 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2010/02/18 17:14:56 | 013,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
[2010/02/18 17:14:52 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2010/02/18 17:14:47 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\dllcache\fpencode.dll
[2010/02/18 17:14:37 | 000,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2010/02/18 17:14:34 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_864.nls
[2010/02/18 17:14:34 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_862.nls
[2010/02/18 17:14:34 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_858.nls
[2010/02/18 17:14:34 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_870.nls
[2010/02/18 17:14:33 | 000,177,698 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20949.nls
[2010/02/18 17:14:33 | 000,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20936.nls
[2010/02/18 17:14:33 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_720.nls
[2010/02/18 17:14:33 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_708.nls
[2010/02/18 17:14:33 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28596.nls
[2010/02/18 17:14:33 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_21027.nls
[2010/02/18 17:14:33 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_21025.nls
[2010/02/18 17:14:32 | 000,180,770 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20932.nls
[2010/02/18 17:14:32 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20924.nls
[2010/02/18 17:14:32 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20880.nls
[2010/02/18 17:14:32 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20871.nls
[2010/02/18 17:14:32 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20838.nls
[2010/02/18 17:14:32 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20833.nls
[2010/02/18 17:14:32 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20424.nls
[2010/02/18 17:14:32 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20423.nls
[2010/02/18 17:14:32 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20420.nls
[2010/02/18 17:14:31 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20297.nls
[2010/02/18 17:14:31 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20290.nls
[2010/02/18 17:14:31 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20285.nls
[2010/02/18 17:14:31 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20284.nls
[2010/02/18 17:14:31 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20280.nls
[2010/02/18 17:14:31 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20278.nls
[2010/02/18 17:14:31 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20277.nls
[2010/02/18 17:14:31 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20273.nls
[2010/02/18 17:14:31 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20269.nls
[2010/02/18 17:14:30 | 000,187,938 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20005.nls
[2010/02/18 17:14:30 | 000,186,402 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20001.nls
[2010/02/18 17:14:30 | 000,185,378 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20003.nls
[2010/02/18 17:14:30 | 000,180,258 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20004.nls
[2010/02/18 17:14:30 | 000,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20002.nls
[2010/02/18 17:14:30 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20108.nls
[2010/02/18 17:14:30 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20107.nls
[2010/02/18 17:14:30 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20106.nls
[2010/02/18 17:14:30 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20105.nls
[2010/02/18 17:14:29 | 000,189,986 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1361.nls
[2010/02/18 17:14:29 | 000,180,258 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20000.nls
[2010/02/18 17:14:29 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1149.nls
[2010/02/18 17:14:29 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1148.nls
[2010/02/18 17:14:29 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1147.nls
[2010/02/18 17:14:29 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1146.nls
[2010/02/18 17:14:29 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1145.nls
[2010/02/18 17:14:29 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1144.nls
[2010/02/18 17:14:28 | 000,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10008.nls
[2010/02/18 17:14:28 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1143.nls
[2010/02/18 17:14:28 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1142.nls
[2010/02/18 17:14:28 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1141.nls
[2010/02/18 17:14:28 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1140.nls
[2010/02/18 17:14:28 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1047.nls
[2010/02/18 17:14:28 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10021.nls
[2010/02/18 17:14:28 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10005.nls
[2010/02/18 17:14:27 | 000,195,618 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10002.nls
[2010/02/18 17:14:27 | 000,177,698 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10003.nls
[2010/02/18 17:14:27 | 000,162,850 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10001.nls
[2010/02/18 17:14:27 | 000,082,172 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bopomofo.nls
[2010/02/18 17:14:27 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10004.nls
[2010/02/18 17:14:26 | 000,066,728 | ---- | C] () -- C:\WINDOWS\System32\dllcache\big5.nls
[2010/02/18 17:13:47 | 000,002,577 | ---- | C] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/02/18 17:13:47 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2010/02/18 17:13:47 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2010/02/18 17:13:47 | 000,000,000 | ---- | C] () -- C:\CONFIG.SYS
[2010/02/18 17:13:47 | 000,000,000 | ---- | C] () -- C:\AUTOEXEC.BAT
[2010/02/18 17:13:38 | 000,023,392 | ---- | C] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/02/18 17:13:38 | 000,016,832 | ---- | C] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/02/18 17:13:37 | 000,316,640 | ---- | C] () -- C:\WINDOWS\WMSysPr9.prx
[2010/02/18 17:12:38 | 000,000,488 | RH-- | C] () -- C:\WINDOWS\System32\WindowsLogon.manifest
[2010/02/18 17:12:38 | 000,000,488 | RH-- | C] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2010/02/18 17:12:33 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2010/02/18 17:12:33 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\WindowsShell.Manifest
[2010/02/18 17:12:33 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2010/02/18 17:12:33 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2010/02/18 17:12:33 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2010/02/18 17:12:33 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\cdplayer.exe.manifest
[2010/02/18 17:12:16 | 004,399,505 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nls302en.lex
[2010/02/18 17:11:44 | 000,048,680 | -HS- | C] () -- C:\WINDOWS\winnt256.bmp
[2010/02/18 17:11:44 | 000,048,680 | -HS- | C] () -- C:\WINDOWS\winnt.bmp
[2010/02/18 17:11:37 | 000,000,984 | ---- | C] () -- C:\WINDOWS\System32\dllcache\srframe.mmf
[2010/02/18 17:11:24 | 000,004,639 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.exe
[2010/02/18 17:11:13 | 000,376,320 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msinfo.dll
[2010/02/18 17:10:34 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/02/18 17:09:43 | 000,065,954 | ---- | C] () -- C:\WINDOWS\Prairie Wind.bmp
[2010/02/18 17:09:43 | 000,065,832 | ---- | C] () -- C:\WINDOWS\Santa Fe Stucco.bmp
[2010/02/18 17:09:43 | 000,026,680 | ---- | C] () -- C:\WINDOWS\River Sumida.bmp
[2010/02/18 17:09:43 | 000,026,582 | ---- | C] () -- C:\WINDOWS\Greenstone.bmp
[2010/02/18 17:09:43 | 000,017,362 | ---- | C] () -- C:\WINDOWS\Rhododendron.bmp
[2010/02/18 17:09:43 | 000,009,522 | ---- | C] () -- C:\WINDOWS\Zapotec.bmp
[2010/02/18 17:09:42 | 000,093,702 | ---- | C] () -- C:\WINDOWS\System32\subrange.uce
[2010/02/18 17:09:42 | 000,065,978 | ---- | C] () -- C:\WINDOWS\Soap Bubbles.bmp
[2010/02/18 17:09:42 | 000,017,336 | ---- | C] () -- C:\WINDOWS\Gone Fishing.bmp
[2010/02/18 17:09:42 | 000,017,062 | ---- | C] () -- C:\WINDOWS\Coffee Bean.bmp
[2010/02/18 17:09:42 | 000,016,740 | ---- | C] () -- C:\WINDOWS\System32\shiftjis.uce
[2010/02/18 17:09:42 | 000,016,730 | ---- | C] () -- C:\WINDOWS\FeatherTexture.bmp
[2010/02/18 17:09:42 | 000,001,272 | ---- | C] () -- C:\WINDOWS\Blue Lace 16.bmp
[2010/02/18 17:09:41 | 000,060,458 | ---- | C] () -- C:\WINDOWS\System32\ideograf.uce
[2010/02/18 17:09:41 | 000,024,006 | ---- | C] () -- C:\WINDOWS\System32\gb2312.uce
[2010/02/18 17:09:41 | 000,022,984 | ---- | C] () -- C:\WINDOWS\System32\bopomofo.uce
[2010/02/18 17:09:41 | 000,012,876 | ---- | C] () -- C:\WINDOWS\System32\korean.uce
[2010/02/18 17:09:41 | 000,008,484 | ---- | C] () -- C:\WINDOWS\System32\kanji_2.uce
[2010/02/18 17:09:41 | 000,006,948 | ---- | C] () -- C:\WINDOWS\System32\kanji_1.uce
[2010/02/18 17:09:39 | 000,003,286 | ---- | C] () -- C:\WINDOWS\System32\tslabels.h
[2010/02/18 17:09:39 | 000,001,161 | ---- | C] () -- C:\WINDOWS\System32\usrlogon.cmd
[2010/02/18 17:09:38 | 000,000,768 | ---- | C] () -- C:\WINDOWS\System32\msdtcprf.h
[2010/02/18 17:09:31 | 000,063,488 | ---- | C] () -- C:\WINDOWS\System32\wmimgmt.msc
[2010/02/18 09:02:06 | 001,685,606 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sam.spd
[2010/02/18 09:02:06 | 000,643,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ltts1033.lxa
[2010/02/18 09:02:06 | 000,605,050 | ---- | C] () -- C:\WINDOWS\System32\dllcache\r1033tts.lxa
[2010/02/18 09:02:06 | 000,000,888 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sam.sdf
[2010/02/18 09:02:04 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28603.nls
[2010/02/18 09:02:04 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_28603.nls
[2010/02/18 09:02:02 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_857.nls
[2010/02/18 09:02:02 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_857.nls
[2010/02/18 09:02:02 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28599.nls
[2010/02/18 09:02:02 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_28599.nls
[2010/02/18 09:02:02 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10081.nls
[2010/02/18 09:02:02 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10081.nls
[2010/02/18 09:01:59 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28595.nls
[2010/02/18 09:01:59 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\C_28595.NLS
[2010/02/18 09:01:59 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10017.nls
[2010/02/18 09:01:59 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10017.nls
[2010/02/18 09:01:59 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10007.nls
[2010/02/18 09:01:59 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10007.nls
[2010/02/18 09:01:57 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_869.nls
[2010/02/18 09:01:57 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_869.nls
[2010/02/18 09:01:57 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_737.nls
[2010/02/18 09:01:57 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_737.nls
[2010/02/18 09:01:57 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_875.nls
[2010/02/18 09:01:57 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_875.nls
[2010/02/18 09:01:57 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28597.nls
[2010/02/18 09:01:57 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\C_28597.NLS
[2010/02/18 09:01:57 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10006.nls
[2010/02/18 09:01:57 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10006.nls
[2010/02/18 09:01:55 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_866.nls
[2010/02/18 09:01:55 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_866.nls
[2010/02/18 09:01:55 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_855.nls
[2010/02/18 09:01:55 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_855.nls
[2010/02/18 09:01:55 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28594.nls
[2010/02/18 09:01:55 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\C_28594.NLS
[2010/02/18 09:01:53 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_852.nls
[2010/02/18 09:01:53 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_852.nls
[2010/02/18 09:01:53 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10082.nls
[2010/02/18 09:01:53 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10082.nls
[2010/02/18 09:01:53 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10029.nls
[2010/02/18 09:01:53 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10029.nls
[2010/02/18 09:01:53 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10010.nls
[2010/02/18 09:01:53 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10010.nls
[2010/02/18 09:01:52 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20127.nls
[2010/02/18 09:01:52 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_20127.nls
[2010/02/18 09:01:48 | 000,001,688 | ---- | C] () -- C:\WINDOWS\System32\AUTOEXEC.NT
[2010/02/18 09:01:38 | 000,797,189 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2010/02/18 09:01:38 | 000,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2010/02/18 09:01:38 | 000,141,702 | ---- | C] () -- C:\WINDOWS\System32\dllcache\netfx.cat
[2010/02/18 09:01:38 | 000,110,116 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tabletpc.cat
[2010/02/18 09:01:38 | 000,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
[2010/02/18 09:01:38 | 000,031,965 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mediactr.cat
[2010/02/18 09:01:38 | 000,031,281 | ---- | C] () -- C:\WINDOWS\System32\dllcache\FP4.CAT
[2010/02/18 09:01:38 | 000,024,209 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn7.cat
[2010/02/18 09:01:38 | 000,013,753 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IMS.CAT
[2010/02/18 09:01:38 | 000,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT
[2010/02/18 09:01:38 | 000,011,651 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn9.cat
[2010/02/18 09:01:38 | 000,009,581 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSMSGS.CAT
[2010/02/18 09:01:38 | 000,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2010/02/18 09:01:38 | 000,007,382 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2010/02/18 09:01:38 | 000,007,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmerrenu.cat
[2010/02/18 09:01:38 | 000,007,245 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSTSWEB.CAT
[2010/02/18 09:01:37 | 002,012,670 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5.CAT
[2010/02/18 09:01:37 | 001,042,903 | ---- | C] () -- C:\WINDOWS\System32\dllcache\SP2.CAT
[2010/02/18 09:01:37 | 000,502,724 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5INF.CAT
[2010/02/18 09:00:58 | 000,310,784 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/02/18 09:00:09 | 000,000,211 | -HS- | C] () -- C:\boot.ini
[2010/02/18 09:00:06 | 000,000,261 | ---- | C] () -- C:\WINDOWS\System32\$winnt$.inf
[2009/11/08 21:50:28 | 001,945,088 | ---- | C] () -- C:\WINDOWS\System32\avcodec.dll
[2009/11/08 21:50:28 | 000,219,136 | ---- | C] () -- C:\WINDOWS\System32\avformat.dll
[2009/11/08 21:50:28 | 000,022,528 | ---- | C] () -- C:\WINDOWS\System32\avutil.dll
[2004/08/04 05:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2002/06/11 00:08:00 | 000,023,180 | ---- | C] () -- C:\WINDOWS\System32\evgainit.sys
[2002/05/13 02:16:19 | 000,356,352 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll

========== LOP Check ==========

[2010/04/14 16:15:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/04/20 23:03:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2010/04/16 16:04:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/04/07 22:40:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FreeApp
[2010/02/21 03:00:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
[2010/03/21 09:12:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/04/03 20:43:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\W3i
[2010/04/16 13:57:13 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
[2010/02/20 16:25:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010/04/20 18:35:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\AVG9
[2010/04/17 17:17:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\FreeFLVConverter
[2010/04/18 16:41:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\FreeMoviesToDVD
[2010/04/03 17:15:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\FreeScreenToVideo
[2010/02/20 17:45:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\FreeVideoConverter
[2010/04/09 20:29:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\FVZilla
[2010/03/06 12:26:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Gygan
[2010/02/28 13:59:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\HandBrake
[2010/02/20 14:26:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\IObit
[2010/03/06 18:01:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Orbit
[2010/02/21 06:47:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Research In Motion
[2010/02/22 00:30:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Search Settings
[2010/04/09 20:28:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Vso
[2010/04/03 20:43:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\W3i, LLC
[2010/04/23 17:42:56 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2010/04/23 17:44:23 | 000,000,260 | ---- | M] () -- C:\WINDOWS\Tasks\WGASetup.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2004/08/04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/04/13 11:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/04/13 11:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\atapi.sys
[2004/08/04 05:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 05:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0000\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 17:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\eventlog.dll
[2004/08/04 05:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2004/08/04 05:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 17:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\netlogon.dll
[2009/02/06 11:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009/02/06 11:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[2009/02/06 11:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\SoftwareDistribution\Download\78cf8552430e25a8f24bc1e4dfb1970e\sp2qfe\netlogon.dll
[2009/02/06 11:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\SoftwareDistribution\Download\de81b460c3abcfc5b8494c785a5f3944\sp2qfe\netlogon.dll
[2004/08/04 05:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2004/08/04 05:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: NVGTS.SYS >
[2009/11/14 13:29:04 | 000,132,096 | ---- | M] (NVIDIA Corporation) MD5=A117466B0ACB13288DEEE4F2E936E67F -- C:\FAMILY DOCUMENTS\user\emachines el1200\EL1200_CHIPSET_NVIDIA_15.15\CHIPSETVGA\IDE\WINXP\SATA_IDE\FLOPPY\DISK1\NVGTS.SYS
[2009/11/14 13:29:05 | 000,132,096 | ---- | M] (NVIDIA Corporation) MD5=A117466B0ACB13288DEEE4F2E936E67F -- C:\FAMILY DOCUMENTS\user\emachines el1200\EL1200_CHIPSET_NVIDIA_15.15\CHIPSETVGA\IDE\WINXP\SATA_IDE\NVGTS.SYS
[2009/11/14 13:29:02 | 000,132,096 | ---- | M] (NVIDIA Corporation) MD5=A117466B0ACB13288DEEE4F2E936E67F -- C:\FAMILY DOCUMENTS\user\emachines el1200\EL1200_CHIPSET_NVIDIA_15.15\CHIPSETVGA\IDE\WINXP\SATARAID\FLOPPY\DISK1\NVGTS.SYS
[2009/11/14 13:29:03 | 000,132,096 | ---- | M] (NVIDIA Corporation) MD5=A117466B0ACB13288DEEE4F2E936E67F -- C:\FAMILY DOCUMENTS\user\emachines el1200\EL1200_CHIPSET_NVIDIA_15.15\CHIPSETVGA\IDE\WINXP\SATARAID\NVGTS.SYS
[2009/11/14 13:29:05 | 000,132,096 | ---- | M] (NVIDIA Corporation) MD5=A117466B0ACB13288DEEE4F2E936E67F -- C:\WINDOWS\system32\drivers\nvgts.sys

< MD5 for: NVRD32.SYS >
[2009/11/14 13:29:02 | 000,125,440 | ---- | M] (NVIDIA Corporation) MD5=B71BFBC2FE958A6DA1E31357E03AD545 -- C:\FAMILY DOCUMENTS\user\emachines el1200\EL1200_CHIPSET_NVIDIA_15.15\CHIPSETVGA\IDE\WINXP\SATARAID\FLOPPY\DISK1\NVRD32.SYS
[2009/11/14 13:29:04 | 000,125,440 | ---- | M] (NVIDIA Corporation) MD5=B71BFBC2FE958A6DA1E31357E03AD545 -- C:\FAMILY DOCUMENTS\user\emachines el1200\EL1200_CHIPSET_NVIDIA_15.15\CHIPSETVGA\IDE\WINXP\SATARAID\NVRD32.SYS

< MD5 for: SCECLI.DLL >
[2004/08/04 05:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\dllcache\scecli.dll
[2004/08/04 05:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\scecli.dll
[2008/04/13 17:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2004/08/04 05:00:00 | 001,251,840 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\comsvcs.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2010/02/18 09:00:09 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2010/02/18 09:00:09 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2010/02/18 09:00:08 | 000,892,928 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\drivers\*.sys /90 >
[2010/04/16 16:19:11 | 000,025,096 | ---- | M] (AVG Technologies CZ, s.r.o. ) -- C:\WINDOWS\system32\drivers\AVGIDSxx.sys
[2010/04/16 16:18:56 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgldx86.sys
[2010/04/16 16:18:54 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgmfx86.sys
[2010/04/16 16:19:10 | 000,052,872 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgrkx86.sys
[2010/04/20 09:27:35 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgtdix.sys
[2010/02/04 08:53:02 | 000,064,288 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\system32\drivers\Lbd.sys
[2010/03/30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbam.sys
[2010/03/30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
[2010/02/24 05:31:30 | 000,454,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mrxsmb.sys
[2010/02/18 16:38:45 | 001,048,480 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nvmfdx32.sys
[2010/03/21 09:15:05 | 000,047,360 | ---- | M] (VSO Software) -- C:\WINDOWS\system32\drivers\pcouffin.sys
[2010/03/30 18:58:04 | 000,044,944 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\pxhelp20.sys
[2010/04/16 13:58:19 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\system32\drivers\SBREDrv.sys
[2010/02/11 05:01:43 | 000,226,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\tcpip6.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:30FD0CBD
< End of report >

< MD5 for: [2004/08/04 05:00:00 | 000,055,808 | ---- | M] (MICROSOFT CORPORATION) >
[2004/08/04 05:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2004/08/04 05:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: [2004/08/04 05:00:00 | 000,095,360 | ---- | M] (MICROSOFT CORPORATION) >
[2004/08/04 05:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 05:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ReinstallBackups\0000\DriverFiles\i386\atapi.sys

< MD5 for: [2004/08/04 05:00:00 | 000,180,224 | ---- | M] (MICROSOFT CORPORATION) >
[2004/08/04 05:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dllcache\scecli.dll
[2004/08/04 05:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\scecli.dll

< MD5 for: [2004/08/04 05:00:00 | 000,407,040 | ---- | M] (MICROSOFT CORPORATION) >
[2004/08/04 05:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2004/08/04 05:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: [2008/04/13 11:36:38 | 000,042,368 | ---- | M] (MICROSOFT CORPORATION) >
[2008/04/13 11:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\agp440.sys

< MD5 for: [2008/04/13 11:40:30 | 000,096,512 | ---- | M] (MICROSOFT CORPORATION) >
[2008/04/13 11:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\atapi.sys

< MD5 for: [2008/04/13 17:11:53 | 000,056,320 | ---- | M] (MICROSOFT CORPORATION) >
[2008/04/13 17:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\eventlog.dll

< MD5 for: [2008/04/13 17:12:01 | 000,407,040 | ---- | M] (MICROSOFT CORPORATION) >
[2008/04/13 17:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\netlogon.dll

< MD5 for: [2008/04/13 17:12:05 | 000,181,248 | ---- | M] (MICROSOFT CORPORATION) >
[2008/04/13 17:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\scecli.dll

< MD5 for: [2009/02/06 11:46:09 | 000,408,064 | ---- | M] (MICROSOFT CORPORATION) >
[2009/02/06 11:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009/02/06 11:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[2009/02/06 11:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SoftwareDistribution\Download\78cf8552430e25a8f24bc1e4dfb1970e\sp2qfe\netlogon.dll
[2009/02/06 11:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SoftwareDistribution\Download\de81b460c3abcfc5b8494c785a5f3944\sp2qfe\netlogon.dll

< MD5 for: [2009/11/14 13:29:02 | 000,125,440 | ---- | M] (NVIDIA CORPORATION) >
[2009/11/14 13:29:02 | 000,125,440 | ---- | M] (NVIDIA Corporation) -- C:\FAMILY DOCUMENTS\user\emachines el1200\EL1200_CHIPSET_NVIDIA_15.15\CHIPSETVGA\IDE\WINXP\SATARAID\FLOPPY\DISK1\NVRD32.SYS

< MD5 for: [2009/11/14 13:29:02 | 000,132,096 | ---- | M] (NVIDIA CORPORATION) >
[2009/11/14 13:29:02 | 000,132,096 | ---- | M] (NVIDIA Corporation) -- C:\FAMILY DOCUMENTS\user\emachines el1200\EL1200_CHIPSET_NVIDIA_15.15\CHIPSETVGA\IDE\WINXP\SATARAID\FLOPPY\DISK1\NVGTS.SYS

< MD5 for: [2009/11/14 13:29:03 | 000,132,096 | ---- | M] (NVIDIA CORPORATION) >
[2009/11/14 13:29:03 | 000,132,096 | ---- | M] (NVIDIA Corporation) -- C:\FAMILY DOCUMENTS\user\emachines el1200\EL1200_CHIPSET_NVIDIA_15.15\CHIPSETVGA\IDE\WINXP\SATARAID\NVGTS.SYS

< MD5 for: [2009/11/14 13:29:04 | 000,125,440 | ---- | M] (NVIDIA CORPORATION) >
[2009/11/14 13:29:04 | 000,125,440 | ---- | M] (NVIDIA Corporation) -- C:\FAMILY DOCUMENTS\user\emachines el1200\EL1200_CHIPSET_NVIDIA_15.15\CHIPSETVGA\IDE\WINXP\SATARAID\NVRD32.SYS

< MD5 for: [2009/11/14 13:29:04 | 000,132,096 | ---- | M] (NVIDIA CORPORATION) >
[2009/11/14 13:29:04 | 000,132,096 | ---- | M] (NVIDIA Corporation) -- C:\FAMILY DOCUMENTS\user\emachines el1200\EL1200_CHIPSET_NVIDIA_15.15\CHIPSETVGA\IDE\WINXP\SATA_IDE\FLOPPY\DISK1\NVGTS.SYS

< MD5 for: [2009/11/14 13:29:05 | 000,132,096 | ---- | M] (NVIDIA CORPORATION) >
[2009/11/14 13:29:05 | 000,132,096 | ---- | M] (NVIDIA Corporation) -- C:\FAMILY DOCUMENTS\user\emachines el1200\EL1200_CHIPSET_NVIDIA_15.15\CHIPSETVGA\IDE\WINXP\SATA_IDE\NVGTS.SYS
[2009/11/14 13:29:05 | 000,132,096 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nvgts.sys

< MD5 for: AGP440.SYS >
[2004/08/04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2004/08/04 05:00:00 | 001,251,840 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\comsvcs.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2010/02/18 09:00:09 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2010/02/18 09:00:09 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2010/02/18 09:00:08 | 000,892,928 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\drivers\*.sys /90 >
[2010/04/16 16:19:11 | 000,025,096 | ---- | M] (AVG Technologies CZ, s.r.o. ) -- C:\WINDOWS\system32\drivers\AVGIDSxx.sys
[2010/04/16 16:18:56 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgldx86.sys
[2010/04/16 16:18:54 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgmfx86.sys
[2010/04/16 16:19:10 | 000,052,872 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgrkx86.sys
[2010/04/20 09:27:35 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgtdix.sys
[2010/02/04 08:53:02 | 000,064,288 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\system32\drivers\Lbd.sys
[2010/03/30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbam.sys
[2010/03/30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
[2010/02/24 05:31:30 | 000,454,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mrxsmb.sys
[2010/02/18 16:38:45 | 001,048,480 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nvmfdx32.sys
[2010/03/21 09:15:05 | 000,047,360 | ---- | M] (VSO Software) -- C:\WINDOWS\system32\drivers\pcouffin.sys
[2010/03/30 18:58:04 | 000,044,944 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\pxhelp20.sys
[2010/04/16 13:58:19 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\system32\drivers\SBREDrv.sys
[2010/02/11 05:01:43 | 000,226,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\tcpip6.sys

< End of report >


OTL Extras logfile created on: 4/23/2010 6:40:49 PM - Run 1
OTL by OldTimer - Version 3.2.2.0 Folder = C:\Documents and Settings\user\My Documents\My Documents\Set Up Programs
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

894.00 Mb Total Physical Memory | 275.00 Mb Available Physical Memory | 31.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 73.00% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 114.48 Gb Total Space | 26.63 Gb Free Space | 23.26% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: EMACHINE-A25C25
Current User Name: user
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Minimal
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = SafariHTML] -- C:\Program Files\Safari\Safari.exe (Apple Inc.)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\AVG\AVG9\avgam.exe" = C:\Program Files\AVG\AVG9\avgam.exe:*:Enabled:avgam.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgdiagex.exe" = C:\Program Files\AVG\AVG9\avgdiagex.exe:*:Enabled:avgdiagex.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F63ED0B-EDD2-4037-B6AB-1358C624AF48}" = Scan
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java™ 6 Update 16
"{2E8131B2-8DAF-41E2-B954-18FD5DEF0B54}" = BlackBerry Desktop Software 5.0.1
"{338F08AB-C262-42C7-B000-34DE1A475273}" = Ad-Aware Email Scanner for Outlook
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{40A594D0-1490-4979-9382-D2B764F949C6}" = BlackBerry® Media Sync
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{46A5D1D1-8956-497C-92FB-59C44EFA6214}" = Safari
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5F05C28D-DEA9-4AD6-A73A-064175988EAB}" = Search Settings v1.2.3
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{714DAA5E-803F-44A2-8512-64F26E681030}_is1" = Gygan BETA
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{81063354-9060-42B2-A000-1EBE96778AA9}" = iTunes
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84B2CF01-194D-2284-B313-F2E0D78D1033}" = Nero 7 Demo
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A1062847-0846-427A-92A1-BB8251A91E91}" = HP PSC & OfficeJet 4.2
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A4EA3AB4-E78C-4286-96DF-26035507CE55}" = AiO_Scan
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B98BE95C-E76F-4246-B8E6-BEB8EE791D06}" = Roxio Media Manager
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB543BA1-82D4-4B45-96BF-30D0E5ED220A}" = InstallIQ Updater
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Advanced SystemCare 3_is1" = Advanced SystemCare 3
"a-squared Free_is1" = a-squared Free 4.5
"AVG9Uninstall" = AVG 9.0
"BlackBerry_{2E8131B2-8DAF-41E2-B954-18FD5DEF0B54}" = BlackBerry Desktop Software 5.0.1
"CCleaner" = CCleaner (remove only)
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX Setup
"DVD Shrink_is1" = DVD Shrink 3.2
"DVDFab 6_is1" = DVDFab 6.2.1.8 (31/12/2009)
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Free FLV Converter_is1" = Free FLV Converter V 6.7.6
"Free Screen To Video_is1" = Free Screen To Video V 1.2
"Free Video Converter_is1" = Free Video Converter V 2.5
"Free Videos To DVD_is1" = Free Videos To DVD V 3.2.0
"HP Photo & Imaging" = HP Image Zone 4.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InterActual Player" = InterActual Player
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.6)" = Mozilla Firefox (3.6)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"Rhapsody" = Rhapsody
"Vidomi" = Vidomi (remove only)
"VLC media player" = VLC media player 1.0.1
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xvid_is1" = Xvid 1.1.3 final uninstall

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/20/2010 1:06:45 AM | Computer Name = EMACHINE-A25C25 | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.2180, faulting
module xvid.dll, version 0.0.0.0, fault address 0x0001d554.

Error - 4/20/2010 1:11:58 AM | Computer Name = EMACHINE-A25C25 | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.2180, faulting
module xvid.dll, version 0.0.0.0, fault address 0x0001d554.

Error - 4/20/2010 1:12:29 AM | Computer Name = EMACHINE-A25C25 | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.2180, faulting
module xvid.dll, version 0.0.0.0, fault address 0x0001d554.

Error - 4/20/2010 9:32:49 PM | Computer Name = EMACHINE-A25C25 | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.2180, faulting
module unknown, version 0.0.0.0, fault address 0x049c9290.

Error - 4/22/2010 12:07:47 PM | Computer Name = EMACHINE-A25C25 | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.2180, faulting
module unknown, version 0.0.0.0, fault address 0x05089290.

Error - 4/22/2010 3:28:46 PM | Computer Name = EMACHINE-A25C25 | Source = ESENT | ID = 490
Description = svchost (1076) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb"
for read / write access failed with system error 32 (0x00000020): "The process
cannot access the file because it is being used by another process. ". The open
file operation will fail with error -1032 (0xfffffbf8).

Error - 4/22/2010 3:28:46 PM | Computer Name = EMACHINE-A25C25 | Source = ESENT | ID = 470
Description = Catalog Database (1076) Database C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb
is partially attached. Attachment stage: 3. Error: -1032.

Error - 4/22/2010 3:49:46 PM | Computer Name = EMACHINE-A25C25 | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.2180, faulting
module unknown, version 0.0.0.0, fault address 0x044f9290.

Error - 4/22/2010 4:53:55 PM | Computer Name = EMACHINE-A25C25 | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.2180, faulting
module xvid.dll, version 0.0.0.0, fault address 0x0001d554.

Error - 4/22/2010 6:08:11 PM | Computer Name = EMACHINE-A25C25 | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.2180, faulting
module xvid.dll, version 0.0.0.0, fault address 0x0001d554.

[ System Events ]
Error - 4/19/2010 8:47:51 AM | Computer Name = EMACHINE-A25C25 | Source = Service Control Manager | ID = 7001
Description = The Network DDE service depends on the Network DDE DSDM service which
failed to start because of the following error: %%1058

Error - 4/19/2010 8:48:21 AM | Computer Name = EMACHINE-A25C25 | Source = Service Control Manager | ID = 7001
Description = The Telnet service depends on the NT LM Security Support Provider
service which failed to start because of the following error: %%1058

Error - 4/19/2010 8:48:37 AM | Computer Name = EMACHINE-A25C25 | Source = Service Control Manager | ID = 7001
Description = The Telnet service depends on the NT LM Security Support Provider
service which failed to start because of the following error: %%1058

Error - 4/21/2010 7:55:24 AM | Computer Name = EMACHINE-A25C25 | Source = DCOM | ID = 10010
Description = The server {2692A9D5-61DF-46D5-A5A1-A6CCA921D578} did not register
with DCOM within the required timeout.

Error - 4/22/2010 10:38:41 PM | Computer Name = EMACHINE-A25C25 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 4/22/2010 10:40:21 PM | Computer Name = EMACHINE-A25C25 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 4/23/2010 12:57:01 AM | Computer Name = EMACHINE-A25C25 | Source = DCOM | ID = 10010
Description = The server {DC0C2640-1415-4644-875C-6F4D769839BA} did not register
with DCOM within the required timeout.

Error - 4/23/2010 8:41:20 PM | Computer Name = EMACHINE-A25C25 | Source = NETLOGON | ID = 3095
Description = This computer is configured as a member of a workgroup, not as a member
of a domain. The Netlogon service does not need to run in this configuration.

Error - 4/23/2010 8:41:51 PM | Computer Name = EMACHINE-A25C25 | Source = UPS | ID = 2481
Description = The UPS service is not configured correctly.

Error - 4/23/2010 8:42:03 PM | Computer Name = EMACHINE-A25C25 | Source = Service Control Manager | ID = 7023
Description = The Uninterruptible Power Supply service terminated with the following
error: %%2481


< End of report >

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = SafariHTML] -- C:\Program Files\Safari\Safari.exe (Apple Inc.)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\AVG\AVG9\avgam.exe" = C:\Program Files\AVG\AVG9\avgam.exe:*:Enabled:avgam.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgdiagex.exe" = C:\Program Files\AVG\AVG9\avgdiagex.exe:*:Enabled:avgdiagex.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F63ED0B-EDD2-4037-B6AB-1358C624AF48}" = Scan
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java™ 6 Update 16
"{2E8131B2-8DAF-41E2-B954-18FD5DEF0B54}" = BlackBerry Desktop Software 5.0.1
"{338F08AB-C262-42C7-B000-34DE1A475273}" = Ad-Aware Email Scanner for Outlook
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{40A594D0-1490-4979-9382-D2B764F949C6}" = BlackBerry® Media Sync
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{46A5D1D1-8956-497C-92FB-59C44EFA6214}" = Safari
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5F05C28D-DEA9-4AD6-A73A-064175988EAB}" = Search Settings v1.2.3
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{714DAA5E-803F-44A2-8512-64F26E681030}_is1" = Gygan BETA
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{81063354-9060-42B2-A000-1EBE96778AA9}" = iTunes
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84B2CF01-194D-2284-B313-F2E0D78D1033}" = Nero 7 Demo
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A1062847-0846-427A-92A1-BB8251A91E91}" = HP PSC & OfficeJet 4.2
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A4EA3AB4-E78C-4286-96DF-26035507CE55}" = AiO_Scan
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B98BE95C-E76F-4246-B8E6-BEB8EE791D06}" = Roxio Media Manager
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB543BA1-82D4-4B45-96BF-30D0E5ED220A}" = InstallIQ Updater
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Advanced SystemCare 3_is1" = Advanced SystemCare 3
"a-squared Free_is1" = a-squared Free 4.5
"AVG9Uninstall" = AVG 9.0
"BlackBerry_{2E8131B2-8DAF-41E2-B954-18FD5DEF0B54}" = BlackBerry Desktop Software 5.0.1
"CCleaner" = CCleaner (remove only)
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX Setup
"DVD Shrink_is1" = DVD Shrink 3.2
"DVDFab 6_is1" = DVDFab 6.2.1.8 (31/12/2009)
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Free FLV Converter_is1" = Free FLV Converter V 6.7.6
"Free Screen To Video_is1" = Free Screen To Video V 1.2
"Free Video Converter_is1" = Free Video Converter V 2.5
"Free Videos To DVD_is1" = Free Videos To DVD V 3.2.0
"HP Photo & Imaging" = HP Image Zone 4.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InterActual Player" = InterActual Player
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.6)" = Mozilla Firefox (3.6)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"Rhapsody" = Rhapsody
"Vidomi" = Vidomi (remove only)
"VLC media player" = VLC media player 1.0.1
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xvid_is1" = Xvid 1.1.3 final uninstall

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/20/2010 1:06:45 AM | Computer Name = EMACHINE-A25C25 | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.2180, faulting
module xvid.dll, version 0.0.0.0, fault address 0x0001d554.

Error - 4/20/2010 1:11:58 AM | Computer Name = EMACHINE-A25C25 | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.2180, faulting
module xvid.dll, version 0.0.0.0, fault address 0x0001d554.

Error - 4/20/2010 1:12:29 AM | Computer Name = EMACHINE-A25C25 | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.2180, faulting
module xvid.dll, version 0.0.0.0, fault address 0x0001d554.

Error - 4/20/2010 9:32:49 PM | Computer Name = EMACHINE-A25C25 | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.2180, faulting
module unknown, version 0.0.0.0, fault address 0x049c9290.

Error - 4/22/2010 12:07:47 PM | Computer Name = EMACHINE-A25C25 | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.2180, faulting
module unknown, version 0.0.0.0, fault address 0x05089290.

Error - 4/22/2010 3:28:46 PM | Computer Name = EMACHINE-A25C25 | Source = ESENT | ID = 490
Description = svchost (1076) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb"
for read / write access failed with system error 32 (0x00000020): "The process
cannot access the file because it is being used by another process. ". The open
file operation will fail with error -1032 (0xfffffbf8).

Error - 4/22/2010 3:28:46 PM | Computer Name = EMACHINE-A25C25 | Source = ESENT | ID = 470
Description = Catalog Database (1076) Database C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb
is partially attached. Attachment stage: 3. Error: -1032.

Error - 4/22/2010 3:49:46 PM | Computer Name = EMACHINE-A25C25 | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.2180, faulting
module unknown, version 0.0.0.0, fault address 0x044f9290.

Error - 4/22/2010 4:53:55 PM | Computer Name = EMACHINE-A25C25 | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.2180, faulting
module xvid.dll, version 0.0.0.0, fault address 0x0001d554.

Error - 4/22/2010 6:08:11 PM | Computer Name = EMACHINE-A25C25 | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.2180, faulting
module xvid.dll, version 0.0.0.0, fault address 0x0001d554.

[ System Events ]
Error - 4/19/2010 8:47:51 AM | Computer Name = EMACHINE-A25C25 | Source = Service Control Manager | ID = 7001
Description = The Network DDE service depends on the Network DDE DSDM service which
failed to start because of the following error: %%1058

Error - 4/19/2010 8:48:21 AM | Computer Name = EMACHINE-A25C25 | Source = Service Control Manager | ID = 7001
Description = The Telnet service depends on the NT LM Security Support Provider
service which failed to start because of the following error: %%1058

Error - 4/19/2010 8:48:37 AM | Computer Name = EMACHINE-A25C25 | Source = Service Control Manager | ID = 7001
Description = The Telnet service depends on the NT LM Security Support Provider
service which failed to start because of the following error: %%1058

Error - 4/21/2010 7:55:24 AM | Computer Name = EMACHINE-A25C25 | Source = DCOM | ID = 10010
Description = The server {2692A9D5-61DF-46D5-A5A1-A6CCA921D578} did not register
with DCOM within the required timeout.

Error - 4/22/2010 10:38:41 PM | Computer Name = EMACHINE-A25C25 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 4/22/2010 10:40:21 PM | Computer Name = EMACHINE-A25C25 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 4/23/2010 12:57:01 AM | Computer Name = EMACHINE-A25C25 | Source = DCOM | ID = 10010
Description = The server {DC0C2640-1415-4644-875C-6F4D769839BA} did not register
with DCOM within the required timeout.

Error - 4/23/2010 8:41:20 PM | Computer Name = EMACHINE-A25C25 | Source = NETLOGON | ID = 3095
Description = This computer is configured as a member of a workgroup, not as a member
of a domain. The Netlogon service does not need to run in this configuration.

Error - 4/23/2010 8:41:51 PM | Computer Name = EMACHINE-A25C25 | Source = UPS | ID = 2481
Description = The UPS service is not configured correctly.

Error - 4/23/2010 8:42:03 PM | Computer Name = EMACHINE-A25C25 | Source = Service Control Manager | ID = 7023
Description = The Uninterruptible Power Supply service terminated with the following
error: %%2481


< End of report >


GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-04-23 17:29:26
Windows 5.1.2600 Service Pack 2
Running: f5znzdv3 GMER.exe; Driver: C:\DOCUME~1\user\LOCALS~1\Temp\awxyqkod.sys


---- System - GMER 1.0.15 ----

SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwCreateKey [0xF74D787E]
SSDT \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0xF1874670]
SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwSetValueKey [0xF74D7BFE]
SSDT \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0xF1874720]
SSDT \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0xF18747C0]
SSDT \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0xF1874860]

---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF646F360, 0x30AF87, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\a-squared Free\a2service.exe[548] kernel32.dll!CreateThread + 1A 7C810661 4 Bytes CALL 00454E05 C:\Program Files\a-squared Free\a2service.exe (a-squared Service/Emsi Software GmbH)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp Lbd.sys (Boot Driver/Lavasoft AB)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp Lbd.sys (Boot Driver/Lavasoft AB)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp Lbd.sys (Boot Driver/Lavasoft AB)
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat AVGIDSFilter.sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\hp psc 1310 series@ChangeID 389909796

---- EOF - GMER 1.0.15 ----

Edited by mpascal, 24 April 2010 - 08:53 AM.
removed email address

#4 mpascal

mpascal

    Math Nerd


  • Members
  • 1,653 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Canada
  • Local time:11:03 PM

Posted 24 April 2010 - 12:56 AM

Hi AngelFarook,

STEP 1 - TFC

Download TFC to your desktop
  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

STEP 2 - Dr. Web

Download Dr.Web CureIt to the desktop.
  • Doubleclick the drweb-cureit.exe file, then on Start and allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, chose the Complete Scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow at the right, and the scan will start.
  • Click 'Yes to all' if it asks if you want to cure/move the file.
  • When the scan has finished, look and see if you can click the following icon next to the files found:
  • If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
  • This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
  • After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.
  • Reboot your computer to allow files that were in use to be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web you saved previously in your next reply along with a new OTL log.
NOTE: During the scan, a pop-up window will open asking for full version purchase. Simply close the window by clicking on X in upper right corner.

STEP 3 - Reply

Please reply with the following log:
  • Dr. Web Cureit Log

Posted Image

Stay with your topic! Topics that go 4 days without a reply will be closed. PM me to reopen.

Please don't PM asking for support. Post on the forums instead.

My help is free, but if you wish to donate and help continue my fight against malware, click here: Posted Image

#5 AngelFarook

AngelFarook
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:San Diego, CA
  • Local time:08:03 PM

Posted 24 April 2010 - 05:47 PM

mpascal

Thanks again for your help, here is the report requested:

Dr. Web

{7F396D1B-2720-4266-A4DB-B4EF528F4058}.qbd\data001;C:\FAMILY DOCUMENTS\emachines\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{8E39947E-F463-4B51-B57;Trojan.MulDrop.18844;;
{7F396D1B-2720-4266-A4DB-B4EF528F4058}.qbd;C:\FAMILY DOCUMENTS\emachines\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{8E39947E-F463-4B51-B57;Container contains infected objects;Moved.;



OTL logfile created on: 4/24/2010 3:38:00 PM - Run 2

OTL by OldTimer - Version 3.2.2.0 Folder = C:\Documents and Settings\user\My Documents\My Documents\Set Up Programs
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

894.00 Mb Total Physical Memory | 269.00 Mb Available Physical Memory | 30.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 55.00% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 114.48 Gb Total Space | 28.01 Gb Free Space | 24.47% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: EMACHINE-A25C25
Current User Name: user
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\user\My Documents\My Documents\Set Up Programs\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\a-squared Free\a2service.exe (Emsi Software GmbH)
PRC - C:\Program Files\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgam.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
PRC - C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe ()
PRC - C:\Program Files\Safari\Safari.exe (Apple Inc.)
PRC - C:\Program Files\Search Settings\SearchSettings.exe (Spigot, Inc.)
PRC - C:\Program Files\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)
PRC - C:\Program Files\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\user\My Documents\My Documents\Set Up Programs\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (a2free) -- C:\Program Files\a-squared Free\a2service.exe (Emsi Software GmbH)
SRV - (avg9wd) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (AVG Security Toolbar Service) -- C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe ()
SRV - (Application Updater) -- C:\Program Files\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)


========== Driver Services (SafeList) ==========

DRV - (AvgTdiX) -- C:\WINDOWS\system32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSErHrxpx) -- C:\WINDOWS\System32\Drivers\AVGIDSxx.sys (AVG Technologies CZ, s.r.o. )
DRV - (AvgRkx86) -- C:\WINDOWS\System32\Drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgLdx86) -- C:\WINDOWS\system32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86) -- C:\WINDOWS\system32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSDriverxpx) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSFilterxpx) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSShimxpx) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys (AVG Technologies CZ, s.r.o. )
DRV - (Lbd) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (nvgts) -- C:\WINDOWS\system32\DRIVERS\nvgts.sys (NVIDIA Corporation)
DRV - (nvnetbus) -- C:\WINDOWS\system32\drivers\nvnetbus.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- C:\WINDOWS\system32\drivers\NVENETFD.sys (NVIDIA Corporation)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\Hdaudbus.sys (Windows ® Server 2003 DDK provider)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKCU\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\SearchSettings.dll (Spigot, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=867034"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: dealio@mybrowserbar.com:4.0.2
FF - prefs.js..extensions.enabledItems: searchsettings@spigot.com:1.2.3
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.1

FF - HKLM\software\mozilla\Firefox\extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/04/23 17:40:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\avg@igeared: C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared [2010/04/16 16:17:46 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/03/06 18:01:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/03/06 18:01:34 | 000,000,000 | ---D | M]

[2010/02/20 14:26:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Mozilla\Extensions
[2010/03/07 13:40:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\jbtm74j7.default\extensions
[2010/03/07 13:40:52 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\jbtm74j7.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/03/06 18:01:41 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\jbtm74j7.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}(2)
[2010/04/23 22:04:23 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2004/08/04 05:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Dealio Toolbar) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\IE\4.0.2\dealioToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O2 - BHO: (SearchSettings Class) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\SearchSettings.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (Dealio Toolbar) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\IE\4.0.2\dealioToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe (Spigot, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop WallPaper: C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/02/18 17:13:47 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/04/24 15:39:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\My Documents\Bleeping Computers Reports 2
[2010/04/24 01:06:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\DoctorWeb
[2010/04/23 22:03:20 | 000,000,000 | ---D | C] -- C:\Program Files\Dealio Toolbar
[2010/04/23 14:35:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\My Documents\Bleeping Computers Reports
[2010/04/20 18:35:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\AVG9
[2010/04/18 03:21:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\KB905474
[2010/04/18 03:06:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2010/04/18 03:04:29 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2010/04/18 03:02:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie7updates
[2010/04/18 00:24:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot_bak
[2010/04/17 18:41:31 | 000,272,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthport.sys
[2010/04/17 18:39:28 | 000,454,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2010/04/17 18:35:25 | 002,137,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2010/04/17 18:35:23 | 002,181,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2010/04/17 18:35:19 | 002,058,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlpa.exe
[2010/04/17 18:35:19 | 002,016,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2010/04/17 18:34:29 | 000,351,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsp3res.dll
[2010/04/17 18:31:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
[2010/04/17 17:08:43 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\user\Recent
[2010/04/17 14:59:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2010/04/17 11:44:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\My Documents\REPORTS
[2010/04/17 10:44:54 | 000,472,064 | ---- | C] ( ) -- C:\Documents and Settings\user\My Documents\RootRepeal.exe
[2010/04/17 06:33:02 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy
[2010/04/17 01:14:29 | 000,000,000 | -H-D | C] -- C:\$AVG
[2010/04/16 16:19:11 | 000,025,096 | ---- | C] (AVG Technologies CZ, s.r.o. ) -- C:\WINDOWS\System32\drivers\AVGIDSxx.sys
[2010/04/16 16:19:11 | 000,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/04/16 16:19:10 | 000,052,872 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgrkx86.sys
[2010/04/16 16:19:02 | 000,242,896 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/04/16 16:18:54 | 000,216,200 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/04/16 16:18:48 | 000,029,512 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/04/16 16:18:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
[2010/04/16 16:17:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2010/04/16 16:05:41 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2010/04/16 16:03:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/04/16 13:58:25 | 000,064,288 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2010/04/16 13:58:19 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/04/16 13:57:11 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
[2010/04/16 13:56:48 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2010/04/16 13:56:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2010/04/14 19:17:26 | 000,000,000 | ---D | C] -- C:\divx
[2010/04/14 18:39:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DivX
[2010/04/14 16:34:39 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2010/04/09 15:33:44 | 000,000,000 | ---D | C] -- C:\Program Files\Vidomi
[2010/04/07 22:40:35 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2010/04/07 22:40:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\FreeApp
[2010/04/03 20:43:44 | 000,000,000 | ---D | C] -- C:\Program Files\W3i
[2010/04/03 20:43:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\W3i
[2010/04/03 20:43:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\W3i, LLC
[2010/03/30 18:58:24 | 000,353,592 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\DivXControlPanelApplet.cpl
[2010/03/26 05:40:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\FreeMoviesToDVD

========== Files - Modified Within 30 Days ==========

[2010/04/24 14:56:02 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2010/04/24 12:53:22 | 000,434,042 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/04/24 12:53:22 | 000,366,704 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/04/24 12:53:22 | 000,059,660 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/04/24 12:50:30 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/04/24 12:48:36 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/04/24 12:48:26 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/04/24 12:47:39 | 005,505,024 | ---- | M] () -- C:\Documents and Settings\user\ntuser.dat
[2010/04/24 12:46:41 | 009,113,386 | -H-- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\IconCache.db
[2010/04/24 11:34:27 | 000,002,187 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Safari.lnk
[2010/04/24 09:55:04 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/04/24 04:14:34 | 059,237,375 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/04/24 04:11:45 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/04/24 03:52:13 | 000,074,460 | ---- | M] () -- C:\Documents and Settings\user\My Documents\The Cranberries - Live in Paris(DVD Rip).avi.part1.rar.download
[2010/04/24 00:46:16 | 000,054,784 | ---- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/24 00:34:53 | 000,000,256 | ---- | M] () -- C:\WINDOWS\System32\pool.bin
[2010/04/23 22:27:58 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/04/23 22:03:06 | 000,000,740 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/04/23 20:20:46 | 287,179,352 | ---- | M] () -- C:\Documents and Settings\user\My Documents\hpgniyajmaii.avi
[2010/04/23 19:57:57 | 000,000,150 | ---- | M] () -- C:\Documents and Settings\user\default.pls
[2010/04/23 17:40:44 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/04/22 12:41:23 | 4010,289,152 | ---- | M] () -- C:\Documents and Settings\user\My Documents\Top Secret!.VOB
[2010/04/22 10:56:25 | 244,273,152 | ---- | M] () -- C:\Documents and Settings\user\My Documents\[Boxing] Edwin Rosario vs. Julio Cesar Chavez_871121.avi
[2010/04/22 10:25:06 | 566,514,046 | ---- | M] () -- C:\Documents and Settings\user\My Documents\Julio Cesar Chavez vs Greg Haugen.avi
[2010/04/22 09:06:56 | 416,148,380 | ---- | M] () -- C:\Documents and Settings\user\My Documents\Wilfredo Gomez Vs Salvador Sanchez.avi
[2010/04/22 04:54:35 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/04/22 04:54:35 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2010/04/20 09:27:35 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/04/20 00:57:38 | 000,311,296 | ---- | M] (Koyote Soft - http://www.koyotesoft.com) -- C:\WINDOWS\System32\TubeFinder.exe
[2010/04/19 03:16:05 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\user\ntuser.ini
[2010/04/18 03:46:38 | 000,310,784 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/04/18 03:29:41 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/04/18 03:18:26 | 000,329,353 | ---- | M] () -- C:\WINDOWS\iis6.BAK
[2010/04/16 16:19:19 | 000,001,507 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 9.0.lnk
[2010/04/16 16:19:17 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/04/16 16:19:11 | 000,025,096 | ---- | M] (AVG Technologies CZ, s.r.o. ) -- C:\WINDOWS\System32\drivers\AVGIDSxx.sys
[2010/04/16 16:19:10 | 000,052,872 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgrkx86.sys
[2010/04/16 16:18:56 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/04/16 16:18:54 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/04/16 16:18:48 | 000,113,461 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2010/04/16 13:58:19 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/04/16 13:58:18 | 000,015,880 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe
[2010/04/16 13:57:10 | 000,000,867 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2010/04/15 22:14:37 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/04/14 18:40:34 | 000,000,817 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DivX Plus Converter.lnk
[2010/04/12 10:34:14 | 000,183,959 | ---- | M] () -- C:\Documents and Settings\user\My Documents\blank.webarchive
[2010/04/12 09:33:55 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/04/10 12:27:29 | 005,401,088 | ---- | M] () -- C:\Documents and Settings\user\My Documents\TERREMOTO_7.2_Mexicali_4_Abril_2010.pps.ppt
[2010/04/10 10:31:15 | 000,016,800 | ---- | M] () -- C:\Documents and Settings\user\My Documents\Fax cobert.docx
[2010/04/09 20:30:32 | 000,000,050 | ---- | M] () -- C:\WINDOWS\MegaManager.INI
[2010/04/09 20:28:50 | 000,087,608 | ---- | M] () -- C:\Documents and Settings\user\Application Data\inst.exe
[2010/04/09 20:28:50 | 000,047,360 | ---- | M] (VSO Software) -- C:\Documents and Settings\user\Application Data\pcouffin.sys
[2010/04/09 20:28:50 | 000,007,887 | ---- | M] () -- C:\Documents and Settings\user\Application Data\pcouffin.cat
[2010/04/09 20:28:50 | 000,001,144 | ---- | M] () -- C:\Documents and Settings\user\Application Data\pcouffin.inf
[2010/04/09 18:42:50 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Free FLV Converter.lnk
[2010/04/09 15:33:45 | 000,000,646 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Vidomi.lnk
[2010/04/05 16:25:10 | 000,001,498 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Calculator.lnk
[2010/04/02 17:50:30 | 000,001,013 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Shortcut to VirtualDub.lnk
[2010/03/30 18:58:24 | 000,353,592 | ---- | M] (DivX, Inc.) -- C:\WINDOWS\System32\DivXControlPanelApplet.cpl
[2010/03/30 18:58:04 | 002,083,312 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\pxsfs.dll
[2010/03/30 18:58:04 | 000,678,384 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Px.dll
[2010/03/30 18:58:04 | 000,440,816 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\PxWave.dll
[2010/03/30 18:58:04 | 000,219,632 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\PxMas.dll
[2010/03/30 18:58:04 | 000,133,616 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\pxafs.dll
[2010/03/30 18:58:04 | 000,125,424 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\pxinsi64.exe
[2010/03/30 18:58:04 | 000,100,848 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\vxblock.dll
[2010/03/30 18:58:04 | 000,072,176 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\pxhpinst.exe
[2010/03/30 18:58:04 | 000,068,080 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\pxinsa64.exe
[2010/03/30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/03/30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/03/26 05:40:08 | 000,000,732 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Free Videos To DVD.lnk

========== Files Created - No Company Name ==========

[2010/04/24 03:51:22 | 000,074,460 | ---- | C] () -- C:\Documents and Settings\user\My Documents\The Cranberries - Live in Paris(DVD Rip).avi.part1.rar.download
[2010/04/23 19:14:54 | 287,179,352 | ---- | C] () -- C:\Documents and Settings\user\My Documents\hpgniyajmaii.avi
[2010/04/22 12:31:02 | 4010,289,152 | ---- | C] () -- C:\Documents and Settings\user\My Documents\Top Secret!.VOB
[2010/04/22 10:49:05 | 244,273,152 | ---- | C] () -- C:\Documents and Settings\user\My Documents\[Boxing] Edwin Rosario vs. Julio Cesar Chavez_871121.avi
[2010/04/22 10:06:08 | 566,514,046 | ---- | C] () -- C:\Documents and Settings\user\My Documents\Julio Cesar Chavez vs Greg Haugen.avi
[2010/04/22 08:56:21 | 416,148,380 | ---- | C] () -- C:\Documents and Settings\user\My Documents\Wilfredo Gomez Vs Salvador Sanchez.avi
[2010/04/18 03:21:07 | 000,000,260 | ---- | C] () -- C:\WINDOWS\tasks\WGASetup.job
[2010/04/17 18:31:30 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2010/04/17 18:31:29 | 000,329,353 | ---- | C] () -- C:\WINDOWS\iis6.BAK
[2010/04/17 11:05:32 | 000,287,744 | ---- | C] () -- C:\Documents and Settings\user\My Documents\gmer.exe
[2010/04/16 21:12:24 | 000,015,880 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2010/04/16 16:19:19 | 000,001,507 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 9.0.lnk
[2010/04/16 16:18:42 | 000,113,461 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2010/04/16 16:18:12 | 059,237,375 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/04/16 13:59:32 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/04/16 13:57:10 | 000,000,867 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2010/04/14 18:40:34 | 000,000,817 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DivX Plus Converter.lnk
[2010/04/12 10:34:14 | 000,183,959 | ---- | C] () -- C:\Documents and Settings\user\My Documents\blank.webarchive
[2010/04/12 08:07:04 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/04/11 20:36:35 | 005,505,024 | ---- | C] () -- C:\Documents and Settings\user\ntuser.dat
[2010/04/10 12:27:29 | 005,401,088 | ---- | C] () -- C:\Documents and Settings\user\My Documents\TERREMOTO_7.2_Mexicali_4_Abril_2010.pps.ppt
[2010/04/10 10:31:15 | 000,016,800 | ---- | C] () -- C:\Documents and Settings\user\My Documents\Fax cobert.docx
[2010/04/09 15:33:45 | 000,000,646 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Vidomi.lnk
[2010/04/05 16:25:10 | 000,001,498 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Calculator.lnk
[2010/04/03 18:36:42 | 000,000,050 | ---- | C] () -- C:\WINDOWS\MegaManager.INI
[2010/04/02 17:50:30 | 000,001,013 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Shortcut to VirtualDub.lnk
[2010/04/01 06:08:21 | 000,002,187 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Safari.lnk
[2010/03/22 21:57:27 | 000,000,440 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2010/03/21 09:11:35 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/03/21 09:11:34 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010/03/12 18:45:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\AoADVDRipper.INI
[2010/03/07 12:48:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2010/02/20 18:04:07 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2010/02/20 17:45:16 | 000,290,816 | ---- | C] () -- C:\WINDOWS\System32\decdll.dll
[2010/02/20 14:23:09 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010/02/18 22:20:45 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2010/02/18 22:20:44 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2010/02/18 22:20:44 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2010/02/18 22:20:42 | 001,482,752 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2010/02/18 17:53:51 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2009/11/08 21:50:28 | 001,945,088 | ---- | C] () -- C:\WINDOWS\System32\avcodec.dll
[2009/11/08 21:50:28 | 000,219,136 | ---- | C] () -- C:\WINDOWS\System32\avformat.dll
[2009/11/08 21:50:28 | 000,022,528 | ---- | C] () -- C:\WINDOWS\System32\avutil.dll
[2004/08/04 05:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2002/06/11 00:08:00 | 000,023,180 | ---- | C] () -- C:\WINDOWS\System32\evgainit.sys
[2002/05/13 02:16:19 | 000,356,352 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll

========== LOP Check ==========

[2010/04/14 16:15:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/04/20 23:03:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2010/04/16 16:04:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/04/07 22:40:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FreeApp
[2010/02/21 03:00:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
[2010/03/21 09:12:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/04/03 20:43:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\W3i
[2010/04/16 13:57:13 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
[2010/02/20 16:25:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010/04/20 18:35:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\AVG9
[2010/04/17 17:17:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\FreeFLVConverter
[2010/04/18 16:41:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\FreeMoviesToDVD
[2010/04/03 17:15:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\FreeScreenToVideo
[2010/02/20 17:45:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\FreeVideoConverter
[2010/04/09 20:29:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\FVZilla
[2010/03/06 12:26:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Gygan
[2010/02/28 13:59:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\HandBrake
[2010/02/20 14:26:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\IObit
[2010/03/06 18:01:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Orbit
[2010/02/21 06:47:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Research In Motion
[2010/02/22 00:30:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Search Settings
[2010/04/09 20:28:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Vso
[2010/04/03 20:43:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\W3i, LLC
[2010/04/24 12:50:30 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2010/04/24 14:56:02 | 000,000,260 | ---- | M] () -- C:\WINDOWS\Tasks\WGASetup.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:30FD0CBD
< End of report >

#6 mpascal

mpascal

    Math Nerd


  • Members
  • 1,653 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Canada
  • Local time:11:03 PM

Posted 24 April 2010 - 07:56 PM

Hi Angel,

There doesn't appear to be any malware problems on your machine. Have you still been getting those explorer errors?

Posted Image

Stay with your topic! Topics that go 4 days without a reply will be closed. PM me to reopen.

Please don't PM asking for support. Post on the forums instead.

My help is free, but if you wish to donate and help continue my fight against malware, click here: Posted Image

#7 AngelFarook

AngelFarook
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:San Diego, CA
  • Local time:08:03 PM

Posted 24 April 2010 - 10:18 PM

Hi to Canada!

mpascal I'm still having problems with the explorer errors it appears as "error signature" and next closes the window.
any ideas? thanks.

#8 mpascal

mpascal

    Math Nerd


  • Members
  • 1,653 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Canada
  • Local time:11:03 PM

Posted 25 April 2010 - 09:36 AM

Can you give me the exact error message you're given?

Posted Image

Stay with your topic! Topics that go 4 days without a reply will be closed. PM me to reopen.

Please don't PM asking for support. Post on the forums instead.

My help is free, but if you wish to donate and help continue my fight against malware, click here: Posted Image

#9 mpascal

mpascal

    Math Nerd


  • Members
  • 1,653 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Canada
  • Local time:11:03 PM

Posted 15 May 2010 - 12:41 PM

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.

Posted Image

Stay with your topic! Topics that go 4 days without a reply will be closed. PM me to reopen.

Please don't PM asking for support. Post on the forums instead.

My help is free, but if you wish to donate and help continue my fight against malware, click here: Posted Image

Back to Virus, Trojan, Spyware, and Malware Removal Logs


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users


  1. BleepingComputer.com
  2. Security
  3. Virus, Trojan, Spyware, and Malware Removal Logs
  4. Privacy Policy
  5. Rules ·