Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win32/Alureon Trojan


  • This topic is locked This topic is locked
2 replies to this topic

#1 kylana

kylana

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:02:43 PM

Posted 24 July 2010 - 03:53 PM

EDIT:Moved to Virus, Trojan, Spyware, and Malware Removal Logs for better assisstamnce~~boopme

Hi there!
So I recently scanned my computer with Malwarebytes and Spybot Search and Destroy and removed some viruses such as Win32.PornPopUp, a few Trojan Downloaders and I don't even know what else. I thought I was clean and everything was gone until I noticed that my broswers were being hijacked. Every time I enter a query into a search engine and attempt to click a link, I am redirected to some sketchy search engine page that sometimes has nothing to do with what I am looking for.
So, I tried scanning with the free Windows Live OneCare online scan, and it found something called Win32/Alureon, but it was unable to remove it. Upon doing some research I discovered Alureon can cause browser hijacking, so this makes sense. I've scanned with AVG free, Spybot Search and Destroy and Malwarebytes and none of them detected it. OneCare was the only one that did, but it could not remove it.
I have followed the steps outlined here: http://www.geekstogo.com/forum/topic/2852-...cleaning-guide/ so I will post my logs. I was originally going to post this on the geekstogo forum, which is why I was using their instructions, but for some reason I get an error every time I try and post there.

I scanned with everything listed there except GMER. I tried many times to scan with it, but my system kept freezing and restarting. The last time I tried, I thought it was working, but after 3 hours it froze at SYSTEM\WPA\Starter. If a GMER log is needed I will attempt to scan again, and this time I will shut down my firewall and etc. while it runs to see if that helps.

MBAM found nothing, but here is the log anyway:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4337

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

7/24/2010 9:54:08 AM
mbam-log-2010-07-24 (09-54-08).txt

Scan type: Quick scan
Objects scanned: 149505
Time elapsed: 11 minute(s), 37 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


**************************************Here is the OTL log:

OTL logfile created on: 7/24/2010 1:10:57 PM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Kyla\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 0.00 Gb Available Physical Memory | 36.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): C:\pagefile.sys 1920 3840 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 146.01 Gb Total Space | 31.00 Gb Free Space | 21.23% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 3.65 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
I: Drive not present or media not loaded
Drive K: | 698.64 Gb Total Space | 598.71 Gb Free Space | 85.70% Space Free | Partition Type: NTFS

Computer Name: CAM-6B8466B9035
Current User Name: Kyla
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/07/24 13:09:36 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kyla\My Documents\Downloads\OTL.exe
PRC - [2010/07/20 09:37:34 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe
PRC - [2010/07/15 12:20:33 | 002,065,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/07/15 12:20:30 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/07/15 12:20:29 | 000,620,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/07/15 12:20:26 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/07/15 12:19:41 | 000,723,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/07/15 12:19:39 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/06/23 13:52:56 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe
PRC - [2010/06/23 13:51:30 | 001,043,968 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2010/06/16 12:36:44 | 000,134,808 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Kyla\Local Settings\Application Data\Google\Update\1.2.183.29\GoogleCrashHandler.exe
PRC - [2010/06/02 15:56:02 | 001,036,464 | ---- | M] () -- C:\Program Files\Air Mouse\Air Mouse\Air Mouse.exe
PRC - [2010/05/26 06:35:18 | 000,493,032 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe
PRC - [2010/05/26 06:35:14 | 000,730,600 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
PRC - [2010/04/16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/03/13 12:42:27 | 000,557,056 | ---- | M] (BitLeader) -- C:\Program Files\lg_fwupdate\fwupdate.exe
PRC - [2010/02/02 00:10:14 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2010/02/02 00:10:10 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2010/01/15 05:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/07/01 23:12:46 | 000,623,960 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/30 19:36:14 | 000,044,176 | ---- | M] (Panasonic Corporation) -- C:\Program Files\Panasonic\PHOTOfunSTUDIO\PhAutoRun.exe
PRC - [2008/10/24 09:14:36 | 000,206,112 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
PRC - [2008/09/16 12:03:18 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/11/26 15:54:22 | 001,629,480 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
PRC - [2007/11/26 15:54:12 | 001,554,728 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
PRC - [2007/11/26 15:54:02 | 001,057,064 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\InCD\InCD.exe
PRC - [2007/06/15 12:57:42 | 000,145,504 | ---- | M] (B.H.A Corporation) -- C:\WINDOWS\system32\bgsvcgen.exe
PRC - [2007/01/31 14:55:42 | 000,096,370 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2005/05/12 00:33:52 | 000,479,232 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
PRC - [2005/03/22 23:20:44 | 000,339,968 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2004/09/29 12:14:36 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe


========== Modules (SafeList) ==========

MOD - [2010/07/24 13:09:36 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kyla\My Documents\Downloads\OTL.exe
MOD - [2010/05/26 06:35:24 | 000,640,488 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
MOD - [2009/07/12 02:12:06 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll
MOD - [2009/07/12 02:09:20 | 000,554,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcp80.dll
MOD - [2008/04/13 17:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/07/20 09:37:34 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2010/07/15 12:20:26 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/06/23 13:52:56 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2010/05/26 06:35:18 | 000,493,032 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe -- (IswSvc)
SRV - [2010/04/25 15:08:22 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/04/16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/03/29 08:51:54 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®
SRV - [2010/03/18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/15 05:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2008/09/16 12:03:18 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor7.0)
SRV - [2007/11/26 15:54:12 | 001,554,728 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe -- (InCDsrv)
SRV - [2007/06/15 12:57:42 | 000,145,504 | ---- | M] (B.H.A Corporation) [Auto | Running] -- C:\WINDOWS\System32\bgsvcgen.exe -- (bgsvcgen)
SRV - [2007/01/31 14:55:42 | 000,096,370 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2004/09/29 12:14:36 | 000,069,632 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - [2010/07/15 12:20:31 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/07/15 12:19:41 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/06/02 08:23:57 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/05/26 06:35:10 | 000,026,352 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
DRV - [2010/05/13 10:02:32 | 000,532,224 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2009/10/04 14:33:14 | 000,115,312 | ---- | M] (QFX Software Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\keyscrambler.sys -- (KeyScrambler)
DRV - [2008/04/13 09:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/11/26 15:54:12 | 000,038,440 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDRm.sys -- (incdrm)
DRV - [2007/11/26 15:54:12 | 000,036,776 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDPass.sys -- (InCDPass)
DRV - [2007/11/26 15:54:02 | 000,118,952 | ---- | M] (Nero AG) [File_System | Disabled | Running] -- C:\WINDOWS\system32\drivers\InCDfs.sys -- (InCDfs)
DRV - [2006/02/20 19:17:40 | 000,033,408 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdrbsdrv.sys -- (cdrbsdrv)
DRV - [2005/08/04 03:10:18 | 001,273,344 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/06/14 21:40:08 | 000,180,864 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA) High Definition Audio Driver (WDM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://thesims2.ea.com/
IE - HKCU\..\URLSearchHook: {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - C:\Program Files\ZoneAlarm\tbZone.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.youtube.com/"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {FFB96CC1-7EB3-449D-B827-DB661701C6BB}:1.5.227.0
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.1
FF - prefs.js..extensions.enabledItems: keyscrambler@qfx.software.corporation:2.6.0.0
FF - prefs.js..extensions.enabledItems: {66f2e20d-0da8-4c11-a9c8-dd8477b88acd}:2.6.0.15
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.5.3

FF - HKLM\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2010/07/16 10:00:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/22 11:35:54 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/21 15:01:03 | 000,000,000 | ---D | M]

[2010/06/23 11:48:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kyla\Application Data\Mozilla\Extensions
[2010/06/23 11:48:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kyla\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2010/07/22 22:56:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kyla\Application Data\Mozilla\Firefox\Profiles\80vku7uv.default\extensions
[2010/05/01 10:18:45 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Kyla\Application Data\Mozilla\Firefox\Profiles\80vku7uv.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/04/27 06:40:30 | 000,000,000 | ---D | M] (Flashblock) -- C:\Documents and Settings\Kyla\Application Data\Mozilla\Firefox\Profiles\80vku7uv.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2010/07/07 10:14:55 | 000,000,000 | ---D | M] (ZoneAlarm Toolbar) -- C:\Documents and Settings\Kyla\Application Data\Mozilla\Firefox\Profiles\80vku7uv.default\extensions\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}
[2010/07/15 08:58:55 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\Kyla\Application Data\Mozilla\Firefox\Profiles\80vku7uv.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010/06/22 09:46:09 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Kyla\Application Data\Mozilla\Firefox\Profiles\80vku7uv.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010/07/10 10:31:24 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Kyla\Application Data\Mozilla\Firefox\Profiles\80vku7uv.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/04/27 07:52:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kyla\Application Data\Mozilla\Firefox\Profiles\80vku7uv.default\extensions\keyscrambler@qfx.software.corporation
[2010/07/07 10:33:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kyla\Application Data\Mozilla\Firefox\Profiles\80vku7uv.default\extensions\personas@christopher.beard
[2010/04/27 05:45:48 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2010/07/24 00:10:16 | 000,414,692 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 14321 more lines...
O2 - BHO: (IE7Pro BHO) - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\IEPro.dll (IE7Pro.com)
O2 - BHO: (KeyScramblerBHO Class) - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (ZoneAlarm Toolbar) - {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - C:\Program Files\ZoneAlarm\tbZone.dll (Conduit Ltd.)
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (Neopets) - {CD292324-974F-4224-D074-CACA427AA030} - C:\Program Files\Neopets\Toolbar\Toolbar.dll (Velocity Services, Inc.)
O2 - BHO: (SMTTB2009 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\HyperCam Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (HyperCam Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files\HyperCam Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (ZoneAlarm Toolbar) - {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - C:\Program Files\ZoneAlarm\tbZone.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\IEPro\IEProRecorder.dll ()
O3 - HKLM\..\Toolbar: (Neopets) - {CD292324-974F-4224-D074-CACA427AA030} - C:\Program Files\Neopets\Toolbar\Toolbar.dll (Velocity Services, Inc.)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKCU\..\Toolbar\WebBrowser: (HyperCam Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files\HyperCam Toolbar\tbcore3.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Toolbar) - {66F2E20D-0DA8-4C11-A9C8-DD8477B88ACD} - C:\Program Files\ZoneAlarm\tbZone.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\IEPro\IEProRecorder.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Neopets) - {CD292324-974F-4224-D074-CACA427AA030} - C:\Program Files\Neopets\Toolbar\Toolbar.dll (Velocity Services, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
O4 - HKLM..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe (Nero AG)
O4 - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [LGODDFU] C:\Program Files\lg_fwupdate\fwupdate.exe (BitLeader)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe (Nero AG)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [EA Core] C:\Program Files\Electronic Arts\EA Link\Core.exe (Electronic Arts)
O4 - HKCU..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKCU..\Run: [msnmsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe File not found
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Air Mouse.lnk = C:\Program Files\Air Mouse\Air Mouse\Air Mouse.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PHOTOfunSTUDIO HD Edition.lnk = C:\Program Files\Panasonic\PHOTOfunSTUDIO\PhAutoRun.exe (Panasonic Corporation)
O4 - Startup: C:\Documents and Settings\Kyla\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Download with ImTOO YouTube to iPod Converter - C:\Program Files\ImTOO\YouTube to iPod Converter\upod_link.HTM ()
O9 - Extra Button: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\IEPro.dll (IE7Pro.com)
O9 - Extra 'Tools' menuitem : IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\IEPro.dll (IE7Pro.com)
O9 - Extra Button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\IEPro.dll (IE7Pro.com)
O9 - Extra 'Tools' menuitem : IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\IEPro.dll (IE7Pro.com)
O9 - Extra 'Tools' menuitem : &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/...lscbase6087.cab (Windows Live Safety Center Base Module)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.0...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 64.59.144.16 64.59.144.17
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop WallPaper: C:\Documents and Settings\Kyla\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Kyla\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/03/11 15:36:14 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/09/19 09:06:40 | 000,000,000 | R--D | M] - H:\Autoplay -- [ UDF ]
O32 - AutoRun File - [2008/07/08 03:34:13 | 000,189,808 | R--- | M] (Adobe Systems Incorporated) - H:\Autoplay.exe -- [ UDF ]
O32 - AutoRun File - [2007/08/29 04:03:48 | 000,000,068 | R--- | M] () - H:\AUTORUN.INF -- [ UDF ]
O32 - AutoRun File - [2007/05/10 08:48:26 | 000,000,032 | ---- | M] () - K:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

Drivers32: midi - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\WINDOWS\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.imaadpcm - C:\WINDOWS\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\WINDOWS\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msaudio1 - C:\WINDOWS\System32\msaud32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\WINDOWS\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msg723 - C:\WINDOWS\System32\msg723.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\WINDOWS\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.I420 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.iyuv - C:\WINDOWS\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.LEAD - LCODCCMP.DLL File not found
Drivers32: vidc.M261 - C:\WINDOWS\System32\msh261.drv (Microsoft Corporation)
Drivers32: vidc.M263 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.mrle - C:\WINDOWS\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\WINDOWS\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.uyvy - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.VP60 - C:\WINDOWS\system32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\WINDOWS\system32\vp6vfw.dll (On2.com)
Drivers32: vidc.yuy2 - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvu9 - C:\WINDOWS\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\WINDOWS\System32\msacm32.drv (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (74885954556395520)

========== Files/Folders - Created Within 90 Days ==========

[2010/07/24 09:54:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kyla\My Documents\Logs
[2010/07/24 09:41:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/07/24 09:41:09 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/07/23 14:29:37 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety Center
[2010/07/23 14:19:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVS4YOU
[2010/07/23 14:19:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kyla\Application Data\AVS4YOU
[2010/07/23 14:15:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVSMedia
[2010/07/23 14:14:58 | 000,000,000 | ---D | C] -- C:\Program Files\AVS4YOU
[2010/07/22 11:03:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kyla\My Documents\Sounds and Music
[2010/07/22 10:01:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kyla\Application Data\Publish Providers
[2010/07/22 09:58:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kyla\Local Settings\Application Data\Sony
[2010/07/22 09:58:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kyla\Application Data\Sony
[2010/07/22 09:53:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sony
[2010/07/22 09:53:08 | 000,000,000 | ---D | C] -- C:\Program Files\Sony
[2010/07/21 23:55:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kyla\Application Data\Malwarebytes
[2010/07/21 23:55:32 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/07/21 23:55:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/07/21 23:55:24 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/07/21 23:55:23 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/07/21 23:13:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/07/21 23:13:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/07/21 23:01:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kyla\Application Data\288F7BD4716D014850730753D0D7D48A
[2010/07/21 09:17:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kyla\Application Data\Toolbar4
[2010/07/21 09:17:12 | 000,000,000 | ---D | C] -- C:\Program Files\HyperCam Toolbar
[2010/07/21 09:17:02 | 000,000,000 | ---D | C] -- C:\Program Files\HyCam2
[2010/07/16 10:39:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2010/07/15 12:20:29 | 000,012,536 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/07/15 08:48:18 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Connect 2
[2010/07/15 08:46:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF
[2010/07/15 08:46:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
[2010/07/07 10:14:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kyla\Local Settings\Application Data\Conduit
[2010/07/07 10:14:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kyla\Local Settings\Application Data\ZoneAlarm
[2010/07/07 10:14:46 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2010/07/07 10:14:45 | 000,000,000 | ---D | C] -- C:\Program Files\ZoneAlarm
[2010/07/07 10:14:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ZoneLabs
[2010/07/07 10:14:05 | 000,000,000 | ---D | C] -- C:\Program Files\Zone Labs
[2010/07/07 10:13:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\Internet Logs
[2010/07/03 20:52:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
[2010/07/03 20:51:55 | 000,000,000 | ---D | C] -- C:\Program Files\SmartSound Software
[2010/07/02 11:37:46 | 000,000,000 | ---D | C] -- C:\Program Files\MP3 WAV WMA Converter
[2010/07/02 11:27:50 | 000,000,000 | ---D | C] -- C:\Program Files\SmartAudioConverter
[2010/07/02 11:25:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kyla\My Documents\Any DVD Converter Professional
[2010/07/02 11:25:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/07/02 11:25:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kyla\Application Data\AnvSoft
[2010/07/02 11:25:14 | 000,000,000 | ---D | C] -- C:\Program Files\AnvSoft
[2010/07/01 18:28:26 | 000,000,000 | ---D | C] -- C:\Program Files\Audacity
[2010/06/23 11:45:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kyla\Application Data\LimeWire
[2010/06/23 11:44:48 | 000,000,000 | ---D | C] -- C:\Program Files\LimeWire
[2010/06/22 15:46:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PopCap Games
[2010/06/22 15:46:39 | 000,000,000 | ---D | C] -- C:\Program Files\PopCap Games
[2010/06/21 13:55:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kyla\My Documents\DVDVideoSoft
[2010/06/21 13:53:25 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoft
[2010/06/21 13:53:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DVDVideoSoft
[2010/06/17 12:30:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Roxio
[2010/06/17 12:30:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kyla\Application Data\Roxio
[2010/06/17 12:23:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kyla\Application Data\InstallShield
[2010/06/17 12:22:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\InstallShield
[2010/06/17 12:20:11 | 000,000,000 | ---D | C] -- C:\Program Files\Roxio
[2010/06/17 12:20:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Roxio
[2010/06/17 12:13:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kyla\Application Data\Research In Motion
[2010/06/17 12:12:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
[2010/06/17 12:10:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Roxio Shared
[2010/06/17 12:10:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Research In Motion
[2010/06/17 12:10:08 | 000,000,000 | ---D | C] -- C:\Program Files\Research In Motion
[2010/06/15 16:01:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kyla\Tracing
[2010/06/15 15:59:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\microsoft
[2010/06/15 15:59:46 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live SkyDrive
[2010/06/15 15:52:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2010/06/08 19:11:01 | 000,000,000 | ---D | C] -- C:\Program Files\Air Mouse
[2010/06/04 17:04:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kyla\My Documents\ImTOO
[2010/06/04 17:04:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kyla\Application Data\ImTOO
[2010/06/04 17:03:11 | 000,000,000 | ---D | C] -- C:\Program Files\ImTOO
[2010/05/31 20:14:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kyla\Application Data\Apple Computer
[2010/05/31 20:12:58 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/05/31 20:12:52 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/05/31 20:12:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/05/31 20:11:37 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/05/31 20:11:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2010/05/31 20:10:26 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2010/05/31 20:10:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2010/05/31 20:09:29 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/05/31 20:07:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2010/05/31 14:42:29 | 000,000,000 | ---D | C] -- C:\ProgramData
[2010/05/31 14:37:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kyla\Application Data\HpUpdate
[2010/05/31 14:37:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\Hewlett-Packard
[2010/05/29 13:07:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kyla\Desktop\New Folder
[2010/05/29 12:44:50 | 000,000,000 | ---D | C] -- C:\Program Files\Sims2Pack Clean Installer
[2010/05/27 17:32:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kyla\Local Settings\Application Data\Temp
[2010/05/27 17:31:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kyla\Local Settings\Application Data\Google
[2010/05/27 17:31:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kyla\Local Settings\Application Data\Deployment
[2010/05/24 19:49:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kyla\Application Data\WinRAR
[2010/05/24 19:49:24 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2010/05/24 19:47:40 | 000,000,000 | ---D | C] -- C:\Program Files\PocketRAR
[2010/05/23 11:13:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kyla\My Documents\MTS_StaleMuffin_1010296_HunterHostage_Flora69_Cooled
[2010/05/22 22:40:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kyla\My Documents\MTS2_frillen_479618_Frillen-PrisonWindow01
[2010/05/22 22:40:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kyla\My Documents\MTS2_frillen_479617_Frillen-fencePrisonTop01
[2010/05/22 22:40:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kyla\My Documents\MTS2_frillen_479616_Frillen-PrisonGate01
[2010/05/22 22:39:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kyla\My Documents\MTS2_frillen_479610_Frillen-fencePrison01
[2010/05/19 06:44:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kyla\My Documents\backup
[2010/05/15 22:42:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\EA Core
[2010/05/15 22:41:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2010/05/15 22:39:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kyla\Local Settings\Application Data\Downloaded Installations
[2010/05/15 22:31:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
[2010/05/14 06:19:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kyla\My Documents\CM_EN
[2010/05/13 15:17:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kyla\My Documents\CEP_Documentation
[2010/05/12 19:25:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\EA Games
[2010/05/12 18:55:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kyla\My Documents\Blah
[2010/05/11 19:25:55 | 000,000,000 | ---D | C] -- C:\Program Files\Sim File Maid 2
[2010/05/10 20:17:20 | 000,000,000 | ---D | C] -- C:\Program Files\Electronic Arts
[2010/05/10 20:11:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kyla\My Documents\EA Games
[2010/05/10 19:50:17 | 000,000,000 | ---D | C] -- C:\Program Files\EA GAMES
[2010/05/10 19:50:16 | 000,445,504 | R--- | C] (On2.com) -- C:\WINDOWS\System32\vp6vfw.dll
[2010/05/10 16:39:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\McAfee
[2010/05/03 20:14:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kyla\Local Settings\Application Data\AirMouse
[2010/05/03 19:01:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kyla\Application Data\IObit
[2010/05/02 15:36:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2010/05/01 10:20:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2010/05/01 10:20:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee Security Scan
[2010/05/01 10:20:14 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan
[2010/04/27 11:33:58 | 000,000,000 | ---D | C] -- C:\Program Files\NOS
[2010/04/27 06:40:52 | 000,115,312 | ---- | C] (QFX Software Corporation) -- C:\WINDOWS\System32\drivers\keyscrambler.sys
[2010/04/27 06:40:52 | 000,000,000 | ---D | C] -- C:\Program Files\KeyScrambler
[2010/04/27 05:51:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kyla\Local Settings\Application Data\Neopets
[2010/04/27 05:51:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kyla\My Documents\Downloads
[2010/04/27 05:46:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kyla\Local Settings\Application Data\Mozilla
[2010/04/27 05:46:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kyla\Application Data\Mozilla
[2010/04/27 05:45:46 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/04/25 18:31:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\espionServerData
[2010/04/25 18:28:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\FLEXnet
[2010/04/25 15:08:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared
[2010/04/25 15:05:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\Fonts\Fonts
[2 C:\Documents and Settings\Kyla\My Documents\*.tmp files -> C:\Documents and Settings\Kyla\My Documents\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/07/24 13:07:52 | 000,000,337 | ---- | M] () -- C:\WINDOWS\lgfwup.ini
[2010/07/24 13:07:17 | 000,004,212 | -H-- | M] () -- C:\WINDOWS\System32\zllictbl.dat
[2010/07/24 13:04:48 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/24 13:04:34 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/07/24 10:02:02 | 009,437,184 | -H-- | M] () -- C:\Documents and Settings\Kyla\NTUSER.DAT
[2010/07/24 09:41:12 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\Kyla\Desktop\NTREGOPT.lnk
[2010/07/24 09:41:12 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Kyla\Desktop\ERUNT.lnk
[2010/07/24 09:41:00 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1935655697-1637723038-839522115-1006UA.job
[2010/07/24 09:33:12 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/07/24 09:33:07 | 000,309,992 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/07/24 09:29:00 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Kyla\ntuser.ini
[2010/07/24 08:36:37 | 062,436,221 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/07/24 00:10:16 | 000,414,692 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/07/23 14:19:03 | 000,079,480 | ---- | M] () -- C:\Documents and Settings\Kyla\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/07/23 12:41:00 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1935655697-1637723038-839522115-1006Core.job
[2010/07/22 14:34:38 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/07/22 14:34:16 | 000,239,104 | ---- | M] () -- C:\Documents and Settings\Kyla\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/22 14:33:21 | 000,023,288 | ---- | M] () -- C:\Documents and Settings\Kyla\My Documents\intro.veg
[2010/07/22 14:32:36 | 000,000,030 | ---- | M] () -- C:\Documents and Settings\Kyla\My Documents\intro.avi.sfl
[2010/07/22 13:26:31 | 000,023,016 | ---- | M] () -- C:\Documents and Settings\Kyla\My Documents\intro.veg.bak
[2010/07/22 10:00:08 | 000,002,632 | ---- | M] () -- C:\Documents and Settings\Kyla\My Documents\Register Vegas Pro.htm
[2010/07/22 09:54:16 | 000,001,645 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Vegas Pro 9.0.lnk
[2010/07/21 23:55:38 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/21 09:54:18 | 007,006,812 | ---- | M] () -- C:\Documents and Settings\Kyla\My Documents\clip0010.avi
[2010/07/21 09:53:53 | 020,298,832 | ---- | M] () -- C:\Documents and Settings\Kyla\My Documents\clip0009.avi
[2010/07/21 09:53:23 | 004,717,142 | ---- | M] () -- C:\Documents and Settings\Kyla\My Documents\clip0008.avi
[2010/07/21 09:52:54 | 011,662,244 | ---- | M] () -- C:\Documents and Settings\Kyla\My Documents\clip0007.avi
[2010/07/21 09:20:48 | 031,376,344 | ---- | M] () -- C:\Documents and Settings\Kyla\My Documents\clip0006.avi
[2010/07/21 09:19:02 | 028,611,918 | ---- | M] () -- C:\Documents and Settings\Kyla\My Documents\clip0005.avi
[2010/07/16 16:37:11 | 009,057,615 | ---- | M] () -- C:\Documents and Settings\Kyla\My Documents\HD TEST !.wmv
[2010/07/16 14:24:24 | 015,378,397 | ---- | M] () -- C:\Documents and Settings\Kyla\My Documents\Test.wmv
[2010/07/16 10:45:52 | 000,000,256 | ---- | M] () -- C:\WINDOWS\System32\pool.bin
[2010/07/16 10:40:42 | 000,000,800 | ---- | M] () -- C:\Documents and Settings\Kyla\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2010/07/16 09:48:55 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/07/16 03:21:06 | 000,421,443 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2010/07/16 03:20:53 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/07/16 03:20:53 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/07/16 03:00:52 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/07/15 12:20:31 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/07/15 12:20:29 | 000,012,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/07/15 12:19:41 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/07/15 08:48:31 | 000,000,658 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/07/15 08:47:34 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2010/07/15 08:46:41 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2010/07/14 23:24:41 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/07/14 11:35:11 | 000,105,306 | ---- | M] () -- C:\Documents and Settings\Kyla\My Documents\WOO.wmv
[2010/07/14 11:15:36 | 005,688,250 | ---- | M] () -- C:\Documents and Settings\Kyla\My Documents\Flashback.wmv
[2010/07/13 23:31:55 | 000,411,890 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100724-001016.backup
[2010/07/13 20:52:52 | 003,118,470 | ---- | M] () -- C:\Documents and Settings\Kyla\My Documents\Theme Song.wmv
[2010/07/13 15:40:31 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/07/10 23:01:00 | 000,118,784 | ---- | M] () -- C:\Documents and Settings\Kyla\My Documents\popular.doc
[2010/07/07 10:14:25 | 000,000,731 | ---- | M] () -- C:\Documents and Settings\Kyla\Desktop\ZoneAlarm Security.lnk
[2010/07/07 09:47:37 | 000,571,712 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/07/07 09:47:37 | 000,483,464 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/07/07 09:47:37 | 000,079,860 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/07/06 19:45:21 | 000,022,528 | ---- | M] () -- C:\Documents and Settings\Kyla\My Documents\cover letter.doc
[2010/07/06 12:54:04 | 000,022,528 | ---- | M] () -- C:\Documents and Settings\Kyla\My Documents\cover lette jugo.doc
[2010/07/06 07:38:00 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Kyla\My Documents\~$ver letter.doc
[2010/07/04 22:19:19 | 000,035,087 | ---- | M] () -- C:\Documents and Settings\Kyla\My Documents\scream.wma
[2010/07/04 10:34:11 | 000,850,762 | ---- | M] () -- C:\Documents and Settings\Kyla\My Documents\3.wmv
[2010/07/04 10:28:14 | 000,582,122 | ---- | M] () -- C:\Documents and Settings\Kyla\My Documents\Lightning.wmv
[2010/07/04 10:12:38 | 001,403,430 | ---- | M] () -- C:\Documents and Settings\Kyla\My Documents\MOOORE.wmv
[2010/07/04 09:50:15 | 001,122,102 | ---- | M] () -- C:\Documents and Settings\Kyla\My Documents\more.wmv
[2010/07/03 23:37:35 | 000,786,238 | ---- | M] () -- C:\Documents and Settings\Kyla\My Documents\2.wmv
[2010/07/03 23:29:46 | 000,492,190 | ---- | M] () -- C:\Documents and Settings\Kyla\My Documents\Untitled.wmv
[2010/07/03 22:39:07 | 003,056,768 | ---- | M] () -- C:\Documents and Settings\Kyla\My Documents\Keegie Dance Beginning.wmv
[2010/07/03 20:50:27 | 000,001,882 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Premiere Elements 7.0.lnk
[2010/07/03 05:41:32 | 000,002,277 | ---- | M] () -- C:\Documents and Settings\Kyla\Desktop\Google Chrome.lnk
[2010/07/03 05:41:32 | 000,002,255 | ---- | M] () -- C:\Documents and Settings\Kyla\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/07/02 14:14:53 | 000,000,025 | ---- | M] () -- C:\WINDOWS\popcinfot.dat
[2010/07/02 11:39:36 | 000,000,023 | ---- | M] () -- C:\WINDOWS\System32\sysmwwod.dll
[2010/07/02 11:37:49 | 000,000,700 | ---- | M] () -- C:\Documents and Settings\Kyla\Desktop\MP3 WAV WMA Converter.lnk
[2010/07/02 11:28:10 | 000,000,740 | ---- | M] () -- C:\Documents and Settings\Kyla\Desktop\SmartAudioConverter.lnk
[2010/07/02 11:25:27 | 000,000,834 | ---- | M] () -- C:\Documents and Settings\Kyla\Desktop\Any DVD Converter Professional.lnk
[2010/07/01 18:28:27 | 000,000,630 | ---- | M] () -- C:\Documents and Settings\Kyla\Desktop\Audacity.lnk
[2010/06/30 10:23:00 | 000,058,661 | ---- | M] () -- C:\Documents and Settings\Kyla\My Documents\Penguin Icon.png
[2010/06/30 10:17:21 | 000,054,120 | ---- | M] () -- C:\Documents and Settings\Kyla\My Documents\Penguin Icon2.png
[2010/06/23 11:47:40 | 000,001,580 | ---- | M] () -- C:\Documents and Settings\Kyla\Desktop\LimeWire 5.5.10.lnk
[2010/06/22 15:46:46 | 000,000,966 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Plants vs. Zombies.lnk
[2010/06/22 15:46:46 | 000,000,194 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Play More Great Games!.url
[2010/06/22 15:46:39 | 000,000,000 | ---- | M] () -- C:\WINDOWS\popcreg.dat
[2010/06/22 10:49:38 | 000,059,140 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/06/22 10:23:33 | 008,830,824 | ---- | M] () -- C:\Documents and Settings\Kyla\My Documents\Baman Piderman - Hab Da Pumkin.mp4
[2010/06/22 10:22:44 | 012,745,139 | ---- | M] () -- C:\Documents and Settings\Kyla\My Documents\Baman Piderman - Pwactice Da Counting.mp4
[2010/06/22 10:21:32 | 005,486,378 | ---- | M] () -- C:\Documents and Settings\Kyla\My Documents\Baman Piderman - Find Da Sandwich.mp4
[2010/06/22 10:21:03 | 022,342,300 | ---- | M] () -- C:\Documents and Settings\Kyla\My Documents\Baman Piderman - Hab Da Sleepover.mp4
[2010/06/22 10:16:21 | 011,883,379 | ---- | M] () -- C:\Documents and Settings\Kyla\My Documents\Baman Piderman - Make Da Band.mp4
[2010/06/22 10:15:20 | 011,660,293 | ---- | M] () -- C:\Documents and Settings\Kyla\My Documents\Baman Piderman - Escape Da Cakes.mp4
[2010/06/22 10:14:08 | 016,429,830 | ---- | M] () -- C:\Documents and Settings\Kyla\My Documents\Baman Piderman - Make Da Cards.mp4
[2010/06/22 10:12:54 | 016,475,343 | ---- | M] () -- C:\Documents and Settings\Kyla\My Documents\Baman Piderman - Guess Da Number.mp4
[2010/06/22 10:11:22 | 030,450,338 | ---- | M] () -- C:\Documents and Settings\Kyla\My Documents\Baman Piderman - Baman Piderman - Tell Da Joke.mp4
[2010/06/22 10:09:16 | 040,442,862 | ---- | M] () -- C:\Documents and Settings\Kyla\My Documents\Baman Piderman - Frow Da Party.mp4
[2010/06/22 10:03:28 | 031,456,806 | ---- | M] () -- C:\Documents and Settings\Kyla\My Documents\Baman Piderman - Happy Winter Friends (Part 1).mp4
[2010/06/22 10:00:49 | 011,961,543 | ---- | M] () -- C:\Documents and Settings\Kyla\My Documents\Kiwi.mp4
[2010/06/17 12:10:34 | 000,001,823 | ---- | M] () -- C:\Documents and Settings\Kyla\Desktop\Desktop Manager.lnk
[2010/06/17 08:49:02 | 000,096,768 | ---- | M] () -- C:\Documents and Settings\Kyla\My Documents\French Project.doc
[2010/06/15 17:06:21 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Kyla\My Documents\~$ench Project.doc
[2010/06/08 19:11:02 | 000,001,756 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Air Mouse.lnk
[2010/06/05 12:50:32 | 000,031,074 | ---- | M] () -- C:\Documents and Settings\Kyla\My Documents\Exam 3 Key.pdf
[2010/06/05 12:50:22 | 003,907,564 | ---- | M] () -- C:\Documents and Settings\Kyla\My Documents\Exam 3.pdf
[2010/06/05 12:50:13 | 000,029,873 | ---- | M] () -- C:\Documents and Settings\Kyla\My Documents\Exam 2 Key.pdf
[2010/06/05 12:50:04 | 003,404,360 | ---- | M] () -- C:\Documents and Settings\Kyla\My Documents\Exam 2.pdf
[2010/06/05 12:49:54 | 000,034,447 | ---- | M] () -- C:\Documents and Settings\Kyla\My Documents\Exam 1 Key.pdf
[2010/06/05 12:49:42 | 004,458,423 | ---- | M] () -- C:\Documents and Settings\Kyla\My Documents\Exam 1.pdf
[2010/06/04 17:09:19 | 023,759,906 | ---- | M] () -- C:\Documents and Settings\Kyla\My Documents\The Pet Penguin.mp4
[2010/06/04 17:07:57 | 007,552,929 | ---- | M] () -- C:\Documents and Settings\Kyla\My Documents\Malaise de L'Orange.mp4
[2010/06/04 17:03:48 | 000,001,913 | ---- | M] () -- C:\Documents and Settings\Kyla\Application Data\Microsoft\Internet Explorer\Quick Launch\ImTOO YouTube to iPod Converter.lnk
[2010/06/04 17:03:48 | 000,001,895 | ---- | M] () -- C:\Documents and Settings\Kyla\Desktop\ImTOO YouTube to iPod Converter.lnk
[2010/06/04 17:01:18 | 000,001,223 | ---- | M] () -- C:\Documents and Settings\Kyla\Desktop\Continue Youtube Downloader Installation.lnk
[2010/06/02 08:23:57 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/05/31 20:22:37 | 000,088,423 | ---- | M] () -- C:\WINDOWS\hpoins06.dat
[2010/05/31 20:11:55 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/05/29 12:44:50 | 000,000,886 | ---- | M] () -- C:\Documents and Settings\Kyla\Desktop\Sims2Pack Clean Installer.lnk
[2010/05/24 19:19:09 | 001,030,717 | ---- | M] () -- C:\Documents and Settings\Kyla\My Documents\aquaticplus.rar
[2010/05/11 19:25:55 | 000,000,751 | ---- | M] () -- C:\Documents and Settings\Kyla\Desktop\Sim File Maid 2.lnk
[2010/05/10 20:11:26 | 000,002,031 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\The Sims 2 Store Edition.lnk
[2010/05/10 20:11:25 | 000,002,001 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\The Sims™ 2 Double Deluxe.lnk
[2010/05/10 16:39:37 | 000,001,619 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Scan Plus.lnk
[2010/05/10 16:39:37 | 000,001,611 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2010/05/03 06:24:45 | 000,021,504 | ---- | M] () -- C:\Documents and Settings\Kyla\My Documents\Conclusion.doc
[2010/05/02 15:37:10 | 000,000,812 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Paint.NET.lnk
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/27 05:46:08 | 000,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2010/04/27 05:45:51 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\Kyla\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/04/27 05:45:51 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/04/25 15:08:12 | 000,000,938 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Photoshop Elements 7.0.lnk
[2 C:\Documents and Settings\Kyla\My Documents\*.tmp files -> C:\Documents and Settings\Kyla\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/07/24 10:01:13 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Kyla\Desktop\gmer.exe
[2010/07/24 09:41:12 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\Kyla\Desktop\NTREGOPT.lnk
[2010/07/24 09:41:12 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Kyla\Desktop\ERUNT.lnk
[2010/07/22 21:30:50 | 000,164,456 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/07/22 14:16:43 | 000,000,030 | ---- | C] () -- C:\Documents and Settings\Kyla\My Documents\intro.avi.sfl
[2010/07/22 13:05:25 | 000,023,288 | ---- | C] () -- C:\Documents and Settings\Kyla\My Documents\intro.veg
[2010/07/22 13:05:25 | 000,023,016 | ---- | C] () -- C:\Documents and Settings\Kyla\My Documents\intro.veg.bak
[2010/07/22 10:00:08 | 000,002,632 | ---- | C] () -- C:\Documents and Settings\Kyla\My Documents\Register Vegas Pro.htm
[2010/07/22 09:54:16 | 000,001,645 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Vegas Pro 9.0.lnk
[2010/07/21 23:55:38 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/21 22:53:51 | 000,012,981 | ---- | C] () -- C:\Documents and Settings\Kyla\hs_err_pid4848.log
[2010/07/21 09:54:02 | 007,006,812 | ---- | C] () -- C:\Documents and Settings\Kyla\My Documents\clip0010.avi
[2010/07/21 09:53:45 | 020,298,832 | ---- | C] () -- C:\Documents and Settings\Kyla\My Documents\clip0009.avi
[2010/07/21 09:53:02 | 004,717,142 | ---- | C] () -- C:\Documents and Settings\Kyla\My Documents\clip0008.avi
[2010/07/21 09:52:44 | 011,662,244 | ---- | C] () -- C:\Documents and Settings\Kyla\My Documents\clip0007.avi
[2010/07/21 09:20:37 | 031,376,344 | ---- | C] () -- C:\Documents and Settings\Kyla\My Documents\clip0006.avi
[2010/07/21 09:18:27 | 028,611,918 | ---- | C] () -- C:\Documents and Settings\Kyla\My Documents\clip0005.avi
[2010/07/16 16:29:40 | 009,057,615 | ---- | C] () -- C:\Documents and Settings\Kyla\My Documents\HD TEST !.wmv
[2010/07/16 14:12:36 | 015,378,397 | ---- | C] () -- C:\Documents and Settings\Kyla\My Documents\Test.wmv
[2010/07/15 08:46:41 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2010/07/14 11:35:06 | 000,105,306 | ---- | C] () -- C:\Documents and Settings\Kyla\My Documents\WOO.wmv
[2010/07/14 11:09:03 | 005,688,250 | ---- | C] () -- C:\Documents and Settings\Kyla\My Documents\Flashback.wmv
[2010/07/13 20:48:51 | 003,118,470 | ---- | C] () -- C:\Documents and Settings\Kyla\My Documents\Theme Song.wmv
[2010/07/10 20:03:36 | 000,118,784 | ---- | C] () -- C:\Documents and Settings\Kyla\My Documents\popular.doc
[2010/07/07 10:14:25 | 000,000,731 | ---- | C] () -- C:\Documents and Settings\Kyla\Desktop\ZoneAlarm Security.lnk
[2010/07/07 10:14:06 | 000,421,443 | ---- | C] () -- C:\WINDOWS\System32\vsconfig.xml
[2010/07/06 12:28:22 | 000,022,528 | ---- | C] () -- C:\Documents and Settings\Kyla\My Documents\cover lette jugo.doc
[2010/07/06 07:38:00 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Kyla\My Documents\~$ver letter.doc
[2010/07/04 22:19:16 | 000,035,087 | ---- | C] () -- C:\Documents and Settings\Kyla\My Documents\scream.wma
[2010/07/04 20:37:47 | 000,022,528 | ---- | C] () -- C:\Documents and Settings\Kyla\My Documents\cover letter.doc
[2010/07/04 10:33:22 | 000,850,762 | ---- | C] () -- C:\Documents and Settings\Kyla\My Documents\3.wmv
[2010/07/04 10:27:53 | 000,582,122 | ---- | C] () -- C:\Documents and Settings\Kyla\My Documents\Lightning.wmv
[2010/07/04 10:11:37 | 001,403,430 | ---- | C] () -- C:\Documents and Settings\Kyla\My Documents\MOOORE.wmv
[2010/07/04 09:49:12 | 001,122,102 | ---- | C] () -- C:\Documents and Settings\Kyla\My Documents\more.wmv
[2010/07/03 23:37:10 | 000,786,238 | ---- | C] () -- C:\Documents and Settings\Kyla\My Documents\2.wmv
[2010/07/03 23:29:23 | 000,492,190 | ---- | C] () -- C:\Documents and Settings\Kyla\My Documents\Untitled.wmv
[2010/07/03 22:36:58 | 003,056,768 | ---- | C] () -- C:\Documents and Settings\Kyla\My Documents\Keegie Dance Beginning.wmv
[2010/07/03 20:50:27 | 000,001,882 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Premiere Elements 7.0.lnk
[2010/07/03 19:34:17 | 012,219,392 | ---- | C] () -- C:\Documents and Settings\Kyla\Desktop\Kyla .avi
[2010/07/02 11:39:36 | 000,000,023 | ---- | C] () -- C:\WINDOWS\System32\sysmwwod.dll
[2010/07/02 11:37:49 | 000,000,700 | ---- | C] () -- C:\Documents and Settings\Kyla\Desktop\MP3 WAV WMA Converter.lnk
[2010/07/02 11:28:10 | 000,000,740 | ---- | C] () -- C:\Documents and Settings\Kyla\Desktop\SmartAudioConverter.lnk
[2010/07/02 11:25:27 | 000,000,834 | ---- | C] () -- C:\Documents and Settings\Kyla\Desktop\Any DVD Converter Professional.lnk
[2010/07/01 18:28:27 | 000,000,630 | ---- | C] () -- C:\Documents and Settings\Kyla\Desktop\Audacity.lnk
[2010/06/30 10:17:18 | 000,054,120 | ---- | C] () -- C:\Documents and Settings\Kyla\My Documents\Penguin Icon2.png
[2010/06/30 10:15:16 | 000,058,661 | ---- | C] () -- C:\Documents and Settings\Kyla\My Documents\Penguin Icon.png
[2010/06/23 11:47:39 | 000,001,580 | ---- | C] () -- C:\Documents and Settings\Kyla\Desktop\LimeWire 5.5.10.lnk
[2010/06/22 15:46:46 | 000,000,966 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Plants vs. Zombies.lnk
[2010/06/22 15:46:46 | 000,000,194 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Play More Great Games!.url
[2010/06/22 15:46:39 | 000,000,025 | ---- | C] () -- C:\WINDOWS\popcinfot.dat
[2010/06/22 15:46:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\popcreg.dat
[2010/06/22 10:22:47 | 008,830,824 | ---- | C] () -- C:\Documents and Settings\Kyla\My Documents\Baman Piderman - Hab Da Pumkin.mp4
[2010/06/22 10:21:35 | 012,745,139 | ---- | C] () -- C:\Documents and Settings\Kyla\My Documents\Baman Piderman - Pwactice Da Counting.mp4
[2010/06/22 10:21:06 | 005,486,378 | ---- | C] () -- C:\Documents and Settings\Kyla\My Documents\Baman Piderman - Find Da Sandwich.mp4
[2010/06/22 10:16:24 | 022,342,300 | ---- | C] () -- C:\Documents and Settings\Kyla\My Documents\Baman Piderman - Hab Da Sleepover.mp4
[2010/06/22 10:15:23 | 011,883,379 | ---- | C] () -- C:\Documents and Settings\Kyla\My Documents\Baman Piderman - Make Da Band.mp4
[2010/06/22 10:14:10 | 011,660,293 | ---- | C] () -- C:\Documents and Settings\Kyla\My Documents\Baman Piderman - Escape Da Cakes.mp4
[2010/06/22 10:12:57 | 016,429,830 | ---- | C] () -- C:\Documents and Settings\Kyla\My Documents\Baman Piderman - Make Da Cards.mp4
[2010/06/22 10:11:25 | 016,475,343 | ---- | C] () -- C:\Documents and Settings\Kyla\My Documents\Baman Piderman - Guess Da Number.mp4
[2010/06/22 10:09:18 | 030,450,338 | ---- | C] () -- C:\Documents and Settings\Kyla\My Documents\Baman Piderman - Baman Piderman - Tell Da Joke.mp4
[2010/06/22 10:03:31 | 040,442,862 | ---- | C] () -- C:\Documents and Settings\Kyla\My Documents\Baman Piderman - Frow Da Party.mp4
[2010/06/22 10:00:52 | 031,456,806 | ---- | C] () -- C:\Documents and Settings\Kyla\My Documents\Baman Piderman - Happy Winter Friends (Part 1).mp4
[2010/06/22 09:58:40 | 011,961,543 | ---- | C] () -- C:\Documents and Settings\Kyla\My Documents\Kiwi.mp4
[2010/06/17 12:13:24 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\pool.bin
[2010/06/17 12:10:34 | 000,001,823 | ---- | C] () -- C:\Documents and Settings\Kyla\Desktop\Desktop Manager.lnk
[2010/06/15 17:06:21 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Kyla\My Documents\~$ench Project.doc
[2010/06/12 22:22:47 | 000,096,768 | ---- | C] () -- C:\Documents and Settings\Kyla\My Documents\French Project.doc
[2010/06/08 19:11:02 | 000,001,756 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Air Mouse.lnk
[2010/06/05 12:50:32 | 000,031,074 | ---- | C] () -- C:\Documents and Settings\Kyla\My Documents\Exam 3 Key.pdf
[2010/06/05 12:50:22 | 003,907,564 | ---- | C] () -- C:\Documents and Settings\Kyla\My Documents\Exam 3.pdf
[2010/06/05 12:50:13 | 000,029,873 | ---- | C] () -- C:\Documents and Settings\Kyla\My Documents\Exam 2 Key.pdf
[2010/06/05 12:50:03 | 003,404,360 | ---- | C] () -- C:\Documents and Settings\Kyla\My Documents\Exam 2.pdf
[2010/06/05 12:49:54 | 000,034,447 | ---- | C] () -- C:\Documents and Settings\Kyla\My Documents\Exam 1 Key.pdf
[2010/06/05 12:49:42 | 004,458,423 | ---- | C] () -- C:\Documents and Settings\Kyla\My Documents\Exam 1.pdf
[2010/06/04 17:08:31 | 023,759,906 | ---- | C] () -- C:\Documents and Settings\Kyla\My Documents\The Pet Penguin.mp4
[2010/06/04 17:07:17 | 007,552,929 | ---- | C] () -- C:\Documents and Settings\Kyla\My Documents\Malaise de L'Orange.mp4
[2010/06/04 17:03:48 | 000,001,913 | ---- | C] () -- C:\Documents and Settings\Kyla\Application Data\Microsoft\Internet Explorer\Quick Launch\ImTOO YouTube to iPod Converter.lnk
[2010/06/04 17:03:48 | 000,001,895 | ---- | C] () -- C:\Documents and Settings\Kyla\Desktop\ImTOO YouTube to iPod Converter.lnk
[2010/06/04 17:01:18 | 000,001,223 | ---- | C] () -- C:\Documents and Settings\Kyla\Desktop\Continue Youtube Downloader Installation.lnk
[2010/05/31 20:34:34 | 000,059,140 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/05/31 20:21:55 | 000,600,034 | ---- | C] () -- C:\Documents and Settings\Kyla\ProductContext3200.log
[2010/05/31 20:14:07 | 000,002,137 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/05/31 20:11:55 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/05/29 12:44:50 | 000,000,886 | ---- | C] () -- C:\Documents and Settings\Kyla\Desktop\Sims2Pack Clean Installer.lnk
[2010/05/27 18:07:38 | 000,002,277 | ---- | C] () -- C:\Documents and Settings\Kyla\Desktop\Google Chrome.lnk
[2010/05/27 18:07:38 | 000,002,255 | ---- | C] () -- C:\Documents and Settings\Kyla\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/05/27 17:31:59 | 000,000,974 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1935655697-1637723038-839522115-1006UA.job
[2010/05/27 17:31:58 | 000,000,922 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1935655697-1637723038-839522115-1006Core.job
[2010/05/24 19:19:08 | 001,030,717 | ---- | C] () -- C:\Documents and Settings\Kyla\My Documents\aquaticplus.rar
[2010/05/11 19:25:55 | 000,000,751 | ---- | C] () -- C:\Documents and Settings\Kyla\Desktop\Sim File Maid 2.lnk
[2010/05/10 20:11:26 | 000,002,031 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\The Sims 2 Store Edition.lnk
[2010/05/10 20:11:24 | 000,002,001 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\The Sims™ 2 Double Deluxe.lnk
[2010/05/04 15:40:18 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/05/03 06:24:45 | 000,021,504 | ---- | C] () -- C:\Documents and Settings\Kyla\My Documents\Conclusion.doc
[2010/05/01 10:20:15 | 000,001,611 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2010/05/01 10:20:14 | 000,001,619 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Scan Plus.lnk
[2010/04/27 05:46:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/04/27 05:45:51 | 000,001,620 | ---- | C] () -- C:\Documents and Settings\Kyla\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/04/27 05:45:51 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/04/25 15:08:12 | 000,000,938 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Photoshop Elements 7.0.lnk
[2010/03/28 10:30:47 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2010/03/14 14:21:48 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2010/03/13 12:54:43 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010/03/13 12:41:27 | 000,000,337 | ---- | C] () -- C:\WINDOWS\lgfwup.ini
[2010/03/12 17:42:28 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2003/05/15 12:39:00 | 000,155,136 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/07/06 15:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== LOP Check ==========

[2010/07/21 23:31:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/05/15 22:42:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EA Core
[2010/05/15 22:41:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
[2010/04/25 18:31:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\espionServerData
[2010/06/22 15:46:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap Games
[2010/06/17 12:12:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
[2010/07/03 20:52:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
[2010/07/22 09:53:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony
[2010/07/22 00:01:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/05/31 20:13:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/07/22 09:04:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kyla\Application Data\288F7BD4716D014850730753D0D7D48A
[2010/07/02 11:25:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kyla\Application Data\AnvSoft
[2010/04/18 14:39:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kyla\Application Data\Canon
[2010/06/22 09:51:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kyla\Application Data\CheckPoint
[2010/04/20 12:20:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kyla\Application Data\GrabPro
[2010/04/20 12:22:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kyla\Application Data\IEPro
[2010/06/04 17:04:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kyla\Application Data\ImTOO
[2010/05/03 19:01:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kyla\Application Data\IObit
[2010/07/22 10:59:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kyla\Application Data\LimeWire
[2010/04/20 12:25:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kyla\Application Data\MiniDm
[2010/04/18 13:41:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kyla\Application Data\Neopets Toolbar
[2010/04/17 15:01:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kyla\Application Data\OpenOffice.org
[2010/03/23 15:33:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kyla\Application Data\Panasonic
[2010/07/22 10:01:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kyla\Application Data\Publish Providers
[2010/06/17 12:13:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kyla\Application Data\Research In Motion
[2010/07/22 10:01:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kyla\Application Data\Sony
[2010/07/21 09:17:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kyla\Application Data\Toolbar4

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2010/04/25 18:31:43 | 000,000,000 | ---- | M] () -- C:\AdobeDebug.txt
[2010/03/11 15:36:14 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/03/11 15:32:14 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2010/03/11 15:36:14 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/03/11 15:36:14 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/03/11 15:36:14 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/04 05:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2010/03/12 17:07:40 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/07/24 13:04:29 | 2013,265,920 | -HS- | M] () -- C:\pagefile.sys

< %systemroot%\system32\*.wt >

< %systemroot%\system32\*.ruy >

< %systemroot%\Fonts\*.com >
[2006/04/18 16:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 15:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 16:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 15:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >
[2005/05/11 23:36:48 | 000,012,288 | ---- | M] (Hewlett-Packard Co.) -- C:\WINDOWS\Fonts\RandFont.dll

< %systemroot%\Fonts\*.ini >
[2010/03/11 15:35:55 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 05:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2005/05/05 08:48:54 | 000,067,072 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp3xu.dll
[2007/04/09 13:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
[2008/07/06 03:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2010/03/11 07:18:46 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2010/03/11 07:18:46 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2010/03/11 07:18:46 | 000,901,120 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\user32.dll /md5 >
[2008/04/13 17:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\system32\user32.dll

< %systemroot%\system32\ws2_32.dll /md5 >
[2008/04/13 17:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\system32\ws2_32.dll

< %systemroot%\system32\ws2help.dll /md5 >
[2008/04/13 17:12:10 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=9789E95E1D88EEB4B922BF3EA7779C28 -- C:\WINDOWS\system32\ws2help.dll

[color=#A23BEC]< HKEY_LOCAL_MACHINE\SOFTWARE\P

Edited by boopme, 24 July 2010 - 10:40 PM.


BC AdBot (Login to Remove)

 


#2 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:03:43 PM

Posted 02 August 2010 - 03:57 PM

Welcome to the BleepingComputer Forums.

Since it has been a few days since you scanned your computer with HijackThis, we will need a new HijackThis log. If you have not already downloaded Random's System Information Tool (RSIT), please download Random's System Information Tool (RSIT) by random/random which includes a HijackThis log and save it to your desktop. If you have RSIT already on your computer, please run it again.
  1. Double click on RSIT.exe to run RSIT.
  2. Click Continue at the disclaimer screen.
  3. Please post the contents of log.txt.
Thank you for your patience.

Please see Preparation Guide for use before posting about your potential Malware problem.

If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped.

Please post your HijackThis log as a reply to this thread and not as an attachment. I am always leery of opening attachments so I always request that HijackThis logs are to be posted as a reply to the thread. I do not think that you are attaching anything scary but others may do so.

While we are working on your HijackThis log, please:
  1. Reply to this thread; do not start another!
  2. Do not make any changes on your computer during the cleaning process or download/add programs on your computer unless instructed to do so.
  3. Do not run any other tool until instructed to do so!
  4. Let me know if any of the links do not work or if any of the tools do not work.
  5. Tell me about problems or symptoms that occur during the fix.
  6. Do not run any other programs or open any other windows while doing a fix.
  7. Ask any questions that you have regarding the fix(es), the infection(s), the performance of your computer, etc.
Thanks.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#3 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:03:43 PM

Posted 08 August 2010 - 10:15 AM

This subject is now closed. If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request. If you should have a new issue, please start a new topic. This applies only to the original topic starter. Everyone else please begin a New Topic.

You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users