Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

NON RESPONSES FROM COMPUTER


  • This topic is locked This topic is locked
1 reply to this topic

#1 PIAOWAKA

PIAOWAKA

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:38 AM

Posted 01 April 2012 - 01:09 PM

My friend told me what you needed downloaded in order to see my problems. Someone hacked into my computer through my wireless connection and make a real mess of things. I have run anti-virus-Avast and Winddows Essentials, Malwarebyte, Spybot Search and Destroy and it is still way too slow. I have XP Pro 32 bit. The computer is a Dell Dimension 2400 and it has served me well. I have other computers and laptops too. I was able to fix all of them except two. The other I will address in another topic.

Here is a copy of my first run with GMER. It is attached.

Here is the Extras.Txt after doing the paste per his instruction. I did accidentally press scan and not quick scan. If you need to do it over I will.

12:06 PM 4/1/2012OTL Extras logfile created on: 4/1/2012 11:19:44 AM - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\Administrator\My Documents-SUNA-BEDROOM\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 50.21% Memory free
3.85 Gb Paging File | 2.75 Gb Available in Paging File | 71.47% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.15 Gb Total Space | 24.86 Gb Free Space | 66.91% Space Free | Partition Type: NTFS
Drive G: | 298.09 Gb Total Space | 240.86 Gb Free Space | 80.80% Space Free | Partition Type: NTFS

Computer Name: SUNA-BEDROOM | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

[HKEY_USERS\S-1-5-21-1292428093-1085031214-839522115-500\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Add to archive] -- "C:\Program Files\PeaZip\PEAZIP.EXE" "-add2multi" "%1" (Giorgio Tani)
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse path with PeaZip] -- "C:\Program Files\PeaZip\PEAZIP.EXE" "-ext2browsepath" "%1" (Giorgio Tani)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"5985:TCP" = 5985:TCP:*:Disabled:Windows Remote Management
"80:TCP" = 80:TCP:*:Disabled:Windows Remote Management - Compatibility Mode (HTTP-In)
"5910:TCP" = 5910:TCP:*:Enabled:vnc5910

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe" = C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe:*:Enabled:javaw -- ()
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe" = C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe:*:Enabled:Agent.exe -- (CHENGDU YIWO Tech Development Co., Ltd)
"C:\Program Files\EaseUS\Todo Backup\bin\TbService.exe" = C:\Program Files\EaseUS\Todo Backup\bin\TbService.exe:*:Enabled:TbService.exe -- (CHENGDU YIWO Tech Development Co., Ltd)
"C:\Program Files\EaseUS\Todo Backup\bin\TBConsoleUI.exe" = C:\Program Files\EaseUS\Todo Backup\bin\TBConsoleUI.exe:*:Enabled:Local TBConsoleUI.exe -- (CHENGDU YIWO Tech Development Co., Ltd)
"C:\Program Files\Sticky-Notes\stickynotes.exe" = C:\Program Files\Sticky-Notes\stickynotes.exe:*:Enabled:Sticky-Notes -- ()
"C:\Documents and Settings\Administrator\Local Settings\Application Data\CrossLoop\vncviewer.exe" = C:\Documents and Settings\Administrator\Local Settings\Application Data\CrossLoop\vncviewer.exe:*:Enabled:vncviewer.exe -- (UltraVNC)
"C:\Documents and Settings\Administrator\Local Settings\Application Data\CrossLoop\tvnserver.exe" = C:\Documents and Settings\Administrator\Local Settings\Application Data\CrossLoop\tvnserver.exe:*:Enabled:tvnserver.exe -- (GlavSoft LLC.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP250_series" = Canon MP250 series MP Drivers
"{1485B7CD-4CBD-4039-8EAE-5A22993D7F54}" = hp LaserJet 1150 / 1300
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1B758D8A-B999-45AD-B7AA-14D10FDC19D2}_is1" = E-Z Contact Book version 2.5.0.0
"{1BC77CEF-C52F-4092-BF87-0D4E6B86D860}" = Memeo Share
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java™ 6 Update 31
"{302A1E2E-DD58-4673-BC99-9CC10EC2637A}" = WinPatrol
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52504CE6-E909-4113-B232-4AFEC6543A61}" = Broadcom 440x 10/100 Integrated Controller
"{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client
"{5A2BC38A-406C-4A5B-BF45-6991F9A05325}_is1" = PeaZip 4.4
"{5CDA3B5A-0737-40A1-AF93-4F35BD38A1B6}" = SlimDrivers
"{60CE6B15-E8DC-4096-83FA-5D8DE8B9ED5B}" = OpenOffice.org 3.2
"{6CD568E0-5A76-46E5-A167-D52542F3CBDA}" = Macrium Reflect Free Edition
"{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}" = HP Photo and Imaging 2.0 - All-in-One Drivers
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75B7F766-7998-44d8-A202-F1EC76A121BA}" = Memeo AutoSync
"{81784157-3D4D-4bc1-B988-B24C32A26DA8}" = Memeo Send
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics Driver
"{8E666407-AC41-46a2-9692-6C7BFCBFDD37}" = Memeo Instant Backup
"{90EC11E4-854E-4C0F-9B4C-76D6C7CF7C68}" = Linksys WUSB600N Dual-Band Wireless-N USB Network Adapter
"{92E2CA49-B6B9-4FE2-A39B-F6EA18AC5405}_is1" = Auslogics Task Manager
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{976475B8-63E9-4559-BE2C-D26086BE4C40}" = LogMeIn
"{98613C99-1399-416C-A07C-1EE1C585D872}" = SeaTools for Windows
"{9867A917-5D17-40DE-83BA-BEA5293194B1}" = HP Photo and Imaging 2.0 - All-in-One
"{998C9435-DAF8-4BDF-B9A5-F844B01D524C}_is1" = TCPEye 1.0
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.2)
"{B376402D-58EA-45EA-BD50-DD924EB67A70}" = HP Memories Disc
"{B3E7DD3D-1806-4317-89CF-4BCC7823B775}" = Acid Rane
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4C89330-0416-4B4A-93C1-E577D208D805}" = Sticky-Notes
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C34FAEF3-4241-4C4E-9CFF-7BBD8BCEABE7}" = WebEx Support Manager for Internet Explorer
"{C3A11907-930D-41AC-A135-CC3B12F92011}" = Seagate Dashboard
"{C4039DC0-905D-4372-8B20-120F0B6CF283}" = COMODO System-Cleaner
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D6AB1F5B-FED6-49A9-9747-327BD28FB3C7}" = COMODO Internet Security
"{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD
"{DF8195AF-8E6F-4487-A0EE-196F7E3F4B8A}" = COWON Media Center - jetAudio Basic VX
"{E00A6137-2D82-4386-88EF-9AD4DFFF148A}" = Linksys WUSB100 RangePlus Wireless USB Adapter
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{FBDBC490-089D-4476-BF72-1F7A6368200A}" = Pure Networks Platform
"{FC274982-5AAD-4C20-848D-4424A5043010}_is1" = WinUtilities 10.44 Free Edition
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"7-Zip 9.20" = 7-Zip 9.20
"Active Ports" = Active Ports
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Advanced SystemCare 5_is1" = Advanced SystemCare 5
"AirSnare" = AirSnare
"Anti-phishing Domain Advisor" = Anti-phishing Domain Advisor
"avast" = avast! Free Antivirus
"AVG Secure Search" = AVG Security Toolbar
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CCleaner" = CCleaner
"CloneSpy" = CloneSpy 2.62
"Comodo Dragon" = Comodo Dragon
"COMODO GeekBuddy" = COMODO GeekBuddy
"Connection Booster_is1" = Connection Booster 4.0.0.0
"CrossLoop_is1" = CrossLoop 2.81
"doPDF 7 printer_is1" = doPDF 7.3 printer
"Drive Folder" = Drive Folder
"EaseUS Todo Backup Free 4.0_is1" = EaseUS Todo Backup Free 4.0
"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
"Ethereal" = Ethereal 0.99.0
"FBackup 4_is1" = FBackup 4
"Foxit Reader_is1" = Foxit Reader 5.1
"FoxyTunesForFirefox" = FoxyTunes for Firefox
"ie8" = Windows Internet Explorer 8
"InstallShield_{52504CE6-E909-4113-B232-4AFEC6543A61}" = Broadcom 440x 10/100 Integrated Controller
"InstallShield_{90EC11E4-854E-4C0F-9B4C-76D6C7CF7C68}" = Linksys Dual-Band Wireless-N USB Network Adapter
"InstallShield_{E00A6137-2D82-4386-88EF-9AD4DFFF148A}" = Linksys WUSB100 RangePlus Wireless USB Adapter
"Intel® 537EP V9x DF PCI Modem" = Intel® 537EP V9x DF PCI Modem
"JetBoost_is1" = JetBoost
"KeyScrambler" = KeyScrambler
"Linkman" = Linkman
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Client" = Microsoft Security Essentials
"MozBackup" = MozBackup 1.5.1
"Mozilla Firefox 11.0 (x86 en-US)" = Mozilla Firefox 11.0 (x86 en-US)
"Mozilla Thunderbird 11.0 (x86 en-US)" = Mozilla Thunderbird 11.0 (x86 en-US)
"MP Navigator EX 3.0" = Canon MP Navigator EX 3.0
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"PhoneTray" = PhoneTray Free
"Popcompanion" = Popcompanion 2.26
"Process_Hacker2_is1" = Process Hacker 2.27 (r4957)
"Quick Startup_is1" = Quick Startup 2.9.0.823
"Revo Uninstaller" = Revo Uninstaller 1.93
"SnapShot_is1" = SnapShot
"SpeeditupFree" = SpeeditupFree
"Startup Optimizer_is1" = Startup Optimizer 1.6
"SugarSync" = SugarSync Manager
"TagScanner_is1" = TagScanner 5.1.611
"TotalMounter" = TotalMounter V1.50 (Remove only)
"VLC media player" = VLC media player 2.0.1
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinGuard Pro 2011_is1" = WinGuard Pro 2011, v7.9.6.4
"WinPcapInst" = WinPcap 3.1
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1292428093-1085031214-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Foxit PDF Creator Toolbar Updater
"CNET TechTracker" = CNET TechTracker

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/3/2012 12:53:24 PM | Computer Name = SUNA-BEDROOM | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80072efe, P2 endsearch, P3 search, P4 3.0.8402.0,
P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
P8 NIL, P9 NIL, P10 NIL.

Error - 3/4/2012 11:46:03 AM | Computer Name = SUNA-BEDROOM | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 3/4/2012 11:46:12 AM | Computer Name = SUNA-BEDROOM | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 3/4/2012 11:47:47 AM | Computer Name = SUNA-BEDROOM | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: A connection with the server could not be established

Error - 3/4/2012 11:47:47 AM | Computer Name = SUNA-BEDROOM | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: A connection with the server could not be established

Error - 3/4/2012 11:48:10 AM | Computer Name = SUNA-BEDROOM | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.

[ Application Events ]
Error - 3/3/2012 12:53:24 PM | Computer Name = SUNA-BEDROOM | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80072efe, P2 endsearch, P3 search, P4 3.0.8402.0,
P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
P8 NIL, P9 NIL, P10 NIL.

Error - 3/4/2012 11:46:03 AM | Computer Name = SUNA-BEDROOM | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 3/4/2012 11:46:12 AM | Computer Name = SUNA-BEDROOM | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 3/4/2012 11:47:47 AM | Computer Name = SUNA-BEDROOM | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: A connection with the server could not be established

Error - 3/4/2012 11:47:47 AM | Computer Name = SUNA-BEDROOM | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: A connection with the server could not be established

Error - 3/4/2012 11:48:10 AM | Computer Name = SUNA-BEDROOM | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.

[ Application Events ]
Error - 3/3/2012 12:53:24 PM | Computer Name = SUNA-BEDROOM | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80072efe, P2 endsearch, P3 search, P4 3.0.8402.0,
P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
P8 NIL, P9 NIL, P10 NIL.

Error - 3/4/2012 11:46:03 AM | Computer Name = SUNA-BEDROOM | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 3/4/2012 11:46:12 AM | Computer Name = SUNA-BEDROOM | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 3/4/2012 11:47:47 AM | Computer Name = SUNA-BEDROOM | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: A connection with the server could not be established

Error - 3/4/2012 11:47:47 AM | Computer Name = SUNA-BEDROOM | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: A connection with the server could not be established

Error - 3/4/2012 11:48:10 AM | Computer Name = SUNA-BEDROOM | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.

[ System Events ]
Error - 3/31/2012 7:29:26 PM | Computer Name = SUNA-BEDROOM | Source = Service Control Manager | ID = 7034
Description = The Seagate Dashboard Service service terminated unexpectedly. It
has done this 1 time(s).

Error - 3/31/2012 7:29:45 PM | Computer Name = SUNA-BEDROOM | Source = Service Control Manager | ID = 7034
Description = The LMIGuardianSvc service terminated unexpectedly. It has done this
1 time(s).

Error - 3/31/2012 7:30:33 PM | Computer Name = SUNA-BEDROOM | Source = Service Control Manager | ID = 7034
Description = The COMODO System - Cleaner Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 3/31/2012 7:31:52 PM | Computer Name = SUNA-BEDROOM | Source = Service Control Manager | ID = 7034
Description = The vToolbarUpdater10.2.0 service terminated unexpectedly. It has
done this 1 time(s).

Error - 4/1/2012 1:24:12 AM | Computer Name = SUNA-BEDROOM | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
SUNA-DEN that believes that it is the master browser for the domain on transport
NetBT_Tcpip_{5C126968-7731-43F1-. The master browser is stopping or an election
is being forced.

Error - 4/1/2012 2:02:32 AM | Computer Name = SUNA-BEDROOM | Source = Service Control Manager | ID = 7034
Description = The AZHEAUY service terminated unexpectedly. It has done this 1 time(s).

Error - 4/1/2012 11:18:17 AM | Computer Name = SUNA-BEDROOM | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

Error - 4/1/2012 11:18:34 AM | Computer Name = SUNA-BEDROOM | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

Error - 4/1/2012 11:19:59 AM | Computer Name = SUNA-BEDROOM | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

Error - 4/1/2012 11:24:48 AM | Computer Name = SUNA-BEDROOM | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

[ System Events ]
Error - 3/31/2012 7:29:26 PM | Computer Name = SUNA-BEDROOM | Source = Service Control Manager | ID = 7034
Description = The Seagate Dashboard Service service terminated unexpectedly. It
has done this 1 time(s).

Error - 3/31/2012 7:29:45 PM | Computer Name = SUNA-BEDROOM | Source = Service Control Manager | ID = 7034
Description = The LMIGuardianSvc service terminated unexpectedly. It has done this
1 time(s).

Error - 3/31/2012 7:30:33 PM | Computer Name = SUNA-BEDROOM | Source = Service Control Manager | ID = 7034
Description = The COMODO System - Cleaner Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 3/31/2012 7:31:52 PM | Computer Name = SUNA-BEDROOM | Source = Service Control Manager | ID = 7034
Description = The vToolbarUpdater10.2.0 service terminated unexpectedly. It has
done this 1 time(s).

Error - 4/1/2012 1:24:12 AM | Computer Name = SUNA-BEDROOM | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
SUNA-DEN that believes that it is the master browser for the domain on transport
NetBT_Tcpip_{5C126968-7731-43F1-. The master browser is stopping or an election
is being forced.

Error - 4/1/2012 2:02:32 AM | Computer Name = SUNA-BEDROOM | Source = Service Control Manager | ID = 7034
Description = The AZHEAUY service terminated unexpectedly. It has done this 1 time(s).

Error - 4/1/2012 11:18:17 AM | Computer Name = SUNA-BEDROOM | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

Error - 4/1/2012 11:18:34 AM | Computer Name = SUNA-BEDROOM | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

Error - 4/1/2012 11:19:59 AM | Computer Name = SUNA-BEDROOM | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

Error - 4/1/2012 11:24:48 AM | Computer Name = SUNA-BEDROOM | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.


< End of report >

Here is a copy of the OTL.Txt results. I have not deleted or fixed anything. I await your help and instructions. This is out of my ball park and I need help with this.

OTL logfile created on: 4/1/2012 11:19:44 AM - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\Administrator\My Documents-SUNA-BEDROOM\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 50.21% Memory free
3.85 Gb Paging File | 2.75 Gb Available in Paging File | 71.47% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.15 Gb Total Space | 24.86 Gb Free Space | 66.91% Space Free | Partition Type: NTFS
Drive G: | 298.09 Gb Total Space | 240.86 Gb Free Space | 80.80% Space Free | Partition Type: NTFS

Computer Name: SUNA-BEDROOM | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/01 10:04:44 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\My Documents-SUNA-BEDROOM\Downloads\OTL.exe
PRC - [2012/03/31 17:28:36 | 000,982,880 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
PRC - [2012/03/19 15:32:24 | 009,413,712 | ---- | M] (SugarSync, Inc.) -- C:\Program Files\SugarSync\SugarSyncManager.exe
PRC - [2012/03/17 09:06:47 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/03/14 17:38:14 | 000,913,752 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
PRC - [2012/03/14 12:04:27 | 000,225,280 | ---- | M] ("winguardpro.com") -- C:\Program Files\winguard\wgpro7.exe
PRC - [2012/03/11 16:13:21 | 001,983,232 | ---- | M] (COMODO) -- C:\Program Files\Comodo\COMODO Internet Security\cmdagent.exe
PRC - [2012/03/11 16:13:00 | 006,749,512 | ---- | M] (COMODO) -- C:\Program Files\Comodo\COMODO Internet Security\cfp.exe
PRC - [2012/03/06 18:39:50 | 000,574,296 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe
PRC - [2012/03/06 18:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/03/06 18:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/02/24 17:18:46 | 000,328,800 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
PRC - [2012/01/21 23:10:58 | 001,133,056 | ---- | M] (wj32) -- C:\Program Files\Process Hacker 2\ProcessHacker.exe
PRC - [2012/01/17 14:18:44 | 000,232,616 | ---- | M] (Visicom Media Inc. (Powered by Panda Security)) -- C:\Documents and Settings\All Users\Application Data\Anti-phishing Domain Advisor\visicom_antiphishing.exe
PRC - [2012/01/13 15:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/12/22 23:09:56 | 000,023,176 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\Program Files\EaseUS\Todo Backup\bin\GuardAgent.exe
PRC - [2011/12/22 23:09:46 | 000,061,064 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe
PRC - [2011/11/23 05:27:04 | 001,052,472 | ---- | M] (COMODO) -- C:\Program Files\Comodo\COMODO GeekBuddy\CLPSLS.exe
PRC - [2011/06/15 16:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/04/27 16:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2011/03/24 00:57:08 | 000,442,056 | ---- | M] () -- C:\Program Files\Traysoft\PhoneTray\PhoneTray.exe
PRC - [2008/12/12 19:06:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/04/14 06:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/11/01 13:07:06 | 000,334,720 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Documents and Settings\Administrator\Desktop\RootkitRevealer.exe
PRC - [2006/03/23 00:13:46 | 001,591,808 | ---- | M] (YourWare Solutions ™) -- C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe


========== Modules (No Company Name) ==========

MOD - [2012/04/01 03:41:15 | 001,752,064 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\12040100\algo.dll
MOD - [2012/03/31 17:28:36 | 000,982,880 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
MOD - [2012/03/22 14:04:50 | 000,421,888 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qreeploa.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\platform\WINNT\components\FoxyTunes.11.dll
MOD - [2012/03/17 09:06:41 | 001,969,080 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/03/14 09:38:26 | 000,106,120 | ---- | M] () -- C:\Program Files\EaseUS\Todo Backup\bin\NASOperator.dll
MOD - [2012/02/27 10:52:57 | 008,527,008 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2012/02/23 19:26:34 | 000,051,336 | ---- | M] () -- C:\Program Files\EaseUS\Todo Backup\bin\TBGetRemoteNetInfo.dll
MOD - [2012/02/08 13:28:24 | 000,095,880 | ---- | M] () -- C:\Program Files\EaseUS\Todo Backup\bin\TBFireWall.dll
MOD - [2012/01/17 16:04:12 | 000,027,784 | ---- | M] () -- C:\Program Files\EaseUS\Todo Backup\bin\CompressFile.dll
MOD - [2011/12/23 15:15:24 | 000,023,176 | ---- | M] () -- C:\Program Files\EaseUS\Todo Backup\bin\AccountManager.dll
MOD - [2011/12/22 23:08:36 | 000,064,648 | ---- | M] () -- C:\Program Files\EaseUS\Todo Backup\bin\TbTapeBrowse.dll
MOD - [2011/12/22 23:08:30 | 000,245,896 | ---- | M] () -- C:\Program Files\EaseUS\Todo Backup\bin\ExImage.dll
MOD - [2011/12/22 23:08:30 | 000,114,312 | ---- | M] () -- C:\Program Files\EaseUS\Todo Backup\bin\ExchBackupSize.dll
MOD - [2011/12/22 23:08:30 | 000,069,768 | ---- | M] () -- C:\Program Files\EaseUS\Todo Backup\bin\EnumTapeDevice.dll
MOD - [2011/12/22 23:08:28 | 000,051,848 | ---- | M] () -- C:\Program Files\EaseUS\Todo Backup\bin\CodeLog.dll
MOD - [2011/11/10 22:43:26 | 000,138,072 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 5\ASCv5ExtMenu.dll
MOD - [2011/04/21 16:54:40 | 000,347,024 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 5\madexcept_.bpl
MOD - [2011/04/21 16:54:40 | 000,179,088 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 5\madbasic_.bpl
MOD - [2011/04/21 16:54:40 | 000,046,480 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 5\maddisAsm_.bpl
MOD - [2011/04/14 20:01:33 | 000,548,854 | ---- | M] () -- C:\Program Files\BillP Studios\WinPatrol\sqlite3.dll
MOD - [2011/03/24 00:57:08 | 000,442,056 | ---- | M] () -- C:\Program Files\Traysoft\PhoneTray\PhoneTray.exe
MOD - [2008/11/25 17:18:00 | 001,291,264 | ---- | M] () -- C:\Program Files\EaseUS\Todo Backup\bin\libxml2.dll
MOD - [2004/10/05 03:08:00 | 000,055,808 | ---- | M] () -- C:\Program Files\EaseUS\Todo Backup\bin\zlib1.dll
MOD - [2001/07/31 04:17:12 | 000,094,274 | ---- | M] () -- C:\WINDOWS\system32\HPBHEALR.DLL


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\AZHEAUY.exe -- (AZHEAUY)
SRV - [2012/03/20 20:35:48 | 000,224,920 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Macrium\Reflect\ReflectService.exe -- (ReflectService.exe)
SRV - [2012/03/14 17:38:14 | 000,913,752 | ---- | M] (IObit) [Disabled | Running] -- C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe -- (AdvancedSystemCareService5)
SRV - [2012/03/11 16:13:21 | 001,983,232 | ---- | M] (COMODO) [Disabled | Running] -- C:\Program Files\Comodo\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2012/03/06 18:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012/02/25 23:40:01 | 000,136,584 | ---- | M] (LogMeIn, Inc.) [Disabled | Stopped] -- C:\Program Files\LogMeIn\x86\ramaint.exe -- (LMIMaint)
SRV - [2012/02/25 23:38:18 | 000,374,152 | ---- | M] (LogMeIn, Inc.) [Disabled | Stopped] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2012/01/13 15:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Disabled | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/12/22 23:09:56 | 000,023,176 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Disabled | Running] -- C:\Program Files\EaseUS\Todo Backup\bin\GuardAgent.exe -- (Guard Agent)
SRV - [2011/12/22 23:09:46 | 000,061,064 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Disabled | Running] -- C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe -- (EaseUS Agent)
SRV - [2011/11/23 05:27:04 | 001,052,472 | ---- | M] (COMODO) [Disabled | Running] -- C:\Program Files\Comodo\COMODO GeekBuddy\CLPSLS.exe -- (CLPSLS)
SRV - [2011/09/16 15:10:50 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Disabled | Stopped] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2011/04/27 16:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Disabled | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2011/03/24 00:57:08 | 000,442,056 | ---- | M] () [Disabled | Running] -- C:\Program Files\Traysoft\PhoneTray\PhoneTray.exe -- (PhoneTray)
SRV - [2010/12/09 07:08:10 | 000,305,600 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Comodo\COMODO System-Cleaner\Cleaner_Validator.exe -- (Cleaner_Validator)
SRV - [2010/04/30 09:47:00 | 000,014,088 | ---- | M] (Memeo) [Disabled | Stopped] -- C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe -- (SeagateDashboardService)
SRV - [2010/04/22 19:33:04 | 000,025,824 | ---- | M] (Memeo) [Disabled | Stopped] -- C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe -- (MemeoBackgroundService)
SRV - [2008/12/12 19:06:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) [Disabled | Running] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Disabled | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2005/08/02 15:18:50 | 000,086,016 | ---- | M] (CACE Technologies) [Disabled | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2002/08/01 11:22:40 | 000,065,536 | ---- | M] (HP) [Disabled | Stopped] -- C:\WINDOWS\system32\hpzipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\kwldipow.sys -- (kwldipow)
DRV - [2012/03/31 12:07:59 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{71019A21-A6ED-4203-AD37-97918FC9A932}\MpKsl366fba70.sys -- (MpKsl366fba70)
DRV - [2012/03/20 20:36:00 | 000,016,024 | ---- | M] (Macrium Software) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\pssnap.sys -- (pssnap)
DRV - [2012/03/14 08:31:15 | 000,031,704 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cmdhlp.sys -- (cmdHlp)
DRV - [2012/03/11 16:13:46 | 000,097,760 | ---- | M] (COMODO) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\inspect.sys -- (Inspect)
DRV - [2012/03/11 16:13:44 | 000,494,968 | ---- | M] (COMODO) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\cmdGuard.sys -- (cmdGuard)
DRV - [2012/03/06 18:03:51 | 000,612,184 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/03/06 18:03:38 | 000,337,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/03/06 18:02:00 | 000,035,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (AswRdr)
DRV - [2012/03/06 18:01:53 | 000,053,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/03/06 18:01:39 | 000,095,704 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2012/03/06 18:01:30 | 000,020,696 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012/03/06 17:58:29 | 000,024,920 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2012/02/27 16:37:17 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2012/02/25 23:38:46 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2012/02/08 15:46:34 | 000,040,840 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\EUBKMON.sys -- (EUBKMON)
DRV - [2012/01/04 18:01:54 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\taphss.sys -- (taphss)
DRV - [2011/12/22 23:09:40 | 000,185,864 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\EuFdDisk.sys -- (EUFDDISK)
DRV - [2011/12/22 23:09:32 | 000,016,008 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\eudskacs.sys -- (EUDSKACS)
DRV - [2011/12/22 23:09:30 | 000,050,312 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\eubakup.sys -- (EUBAKUP)
DRV - [2011/12/14 19:41:38 | 000,173,880 | ---- | M] (QFX Software Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\keyscrambler.sys -- (KeyScrambler)
DRV - [2011/12/10 16:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/09/16 15:10:50 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2011/09/16 15:10:50 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2011/08/25 18:31:50 | 000,033,352 | ---- | M] (wj32) [Kernel | Disabled | Running] -- C:\Program Files\Process Hacker 2\kprocesshacker.sys -- (KProcessHacker2)
DRV - [2011/08/25 17:54:12 | 000,120,152 | ---- | M] (KernSafe Technologies) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\KScsiPrt.sys -- (KScsiPrt)
DRV - [2011/08/25 17:54:10 | 000,024,408 | ---- | M] (KernSafe Technologies) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\ksbus.sys -- (ksbus)
DRV - [2010/12/09 07:15:18 | 000,033,232 | ---- | M] (Windows ® Win 7 DDK provider) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\CFRPD.sys -- (CFRPD)
DRV - [2010/12/09 07:14:56 | 000,066,584 | ---- | M] (Windows ® Win 7 DDK provider) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\CFRMD.sys -- (CFRMD)
DRV - [2008/12/12 19:05:20 | 000,025,264 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\purendis.sys -- (purendis)
DRV - [2008/12/12 19:05:18 | 000,023,984 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pnarp.sys -- (pnarp)
DRV - [2008/04/14 01:23:10 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2007/12/14 19:04:24 | 000,551,680 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt2870.sys -- (rt2870)
DRV - [2007/06/15 02:47:26 | 001,127,936 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\P17.sys -- (P17)
DRV - [2006/11/28 22:46:20 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PCASp50.sys -- (PCASp50)
DRV - [2005/08/02 15:10:14 | 000,032,512 | ---- | M] (CACE Technologies) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2005/01/10 10:15:30 | 000,106,496 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2005/01/10 10:15:24 | 000,138,752 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2004/10/07 20:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2004/03/05 22:15:34 | 000,647,929 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC52.sys -- (IntelC52)
DRV - [2004/03/05 22:14:42 | 001,233,525 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC51.sys -- (IntelC51)
DRV - [2004/03/05 22:13:52 | 000,060,949 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC53.sys -- (IntelC53)
DRV - [2004/03/05 22:13:38 | 000,037,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mohfilt.sys -- (mohfilt)
DRV - [2003/06/30 19:11:52 | 000,043,136 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2001/08/22 09:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (OMCI)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?ilc=8&fr=mkg029
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?ilc=8&fr=mkg029
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1292428093-1085031214-839522115-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://isearch.avg.com/?cid={7857BF47-B376-49A7-AD52-4B72B5DC7B25}&mid=1611c004a98547d0928ad14410c88726-7bd7d5e3e4528eaca4775c49bd90b90ee2bd805e&lang=en&ds=ts024&pr=sa&d=2012-03-31 17:31:25&v=10.2.0.3&sap=hp
IE - HKU\S-1-5-21-1292428093-1085031214-839522115-500\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - No CLSID value found
IE - HKU\S-1-5-21-1292428093-1085031214-839522115-500\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No CLSID value found
IE - HKU\S-1-5-21-1292428093-1085031214-839522115-500\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKU\S-1-5-21-1292428093-1085031214-839522115-500\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-1292428093-1085031214-839522115-500\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://blekko.com/?source=c3348dd4&tbp=rbox&toolbarid=blekkotb&u=20120324DB8D4ED7AF531418D49F14F5&q={searchTerms}
IE - HKU\S-1-5-21-1292428093-1085031214-839522115-500\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={7857BF47-B376-49A7-AD52-4B72B5DC7B25}&mid=1611c004a98547d0928ad14410c88726-7bd7d5e3e4528eaca4775c49bd90b90ee2bd805e&lang=en&ds=ts024&pr=sa&d=2012-03-31 17:31:25&v=10.2.0.3&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-1292428093-1085031214-839522115-500\..\SearchScopes\{A910BDF8-0746-4288-A594-7F72A2EA02AB}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=FXTV5&o=101703&src=crm&q={searchTerms}&locale=&apn_ptnrs=F3&apn_dtid=YYYYYYYYUS&apn_uid=e6264f66-76be-4dee-aa43-9ceafdbe3c58&apn_sauid=B453711B-032C-4C22-B9B0-6A7D71ACDD7F
IE - HKU\S-1-5-21-1292428093-1085031214-839522115-500\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2998738
IE - HKU\S-1-5-21-1292428093-1085031214-839522115-500\..\SearchScopes\{c99fdc39-a1ae-4b24-8d71-e5274f8d7c54}: "URL" = http://search.hotspotshield.com/g/results.php?c=s&q={searchTerms}
IE - HKU\S-1-5-21-1292428093-1085031214-839522115-500\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo.com/search?p={searchTerms}&fr=mkg028
IE - HKU\S-1-5-21-1292428093-1085031214-839522115-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1292428093-1085031214-839522115-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo.com/search?fr=mkg030&p="
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Bing"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "WWW.MY.YAHOO.COM"


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\PROGRAM FILES\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/03/21 15:34:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\Documents and Settings\All Users\Application Data\AVG Secure Search\10.2.0.3\ [2012/03/31 17:41:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/03/17 09:06:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012/03/17 11:56:36 | 000,000,000 | ---D | M]

[2012/02/25 11:30:12 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2012/03/26 11:10:43 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qreeploa.default\bookmark-recycler-extension
[2012/04/01 11:11:50 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qreeploa.default\extensions
[2012/03/23 18:45:19 | 000,000,000 | ---D | M] (Toolbar Buttons) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qreeploa.default\extensions\{03B08592-E5B4-45ff-A0BE-C1D975458688}
[2012/03/15 17:00:37 | 000,000,000 | ---D | M] (Complitly - Speed up your search with your personal search suggestions tool) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qreeploa.default\extensions\{33e0daa6-3af3-d8b5-6752-10e949c61516}
[2012/03/23 18:47:08 | 000,000,000 | ---D | M] (FoxyTunes) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qreeploa.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}
[2012/03/10 15:37:59 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qreeploa.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2012/03/29 11:55:15 | 000,000,000 | ---D | M] (Bitdefender QuickScan) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qreeploa.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2012/02/28 16:38:20 | 000,000,000 | ---D | M] (Click&amp;Clean) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qreeploa.default\extensions\clickclean@hotcleaner.com
[2012/02/27 12:33:09 | 000,000,000 | ---D | M] (Do Not Fool) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qreeploa.default\extensions\dnf@mozilla.org
[2012/03/15 09:30:49 | 000,000,000 | ---D | M] (Ghostery) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qreeploa.default\extensions\firefox@ghostery.com
[2012/03/22 10:37:39 | 000,000,000 | ---D | M] (gTranslator) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qreeploa.default\extensions\jyboy.yy@gmail.com
[2012/03/23 18:45:07 | 000,000,000 | ---D | M] (KeyScrambler) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qreeploa.default\extensions\keyscrambler@qfx.software.corporation
[2012/04/01 11:11:50 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qreeploa.default\extensions\staged
[2012/03/21 00:22:28 | 000,002,576 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qreeploa.default\searchplugins\askcom.xml
[2012/03/17 09:07:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
() (No name found) -- C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\QREEPLOA.DEFAULT\EXTENSIONS\{023E9CA0-63F3-47B1-BCB2-9BADF9D9EF28}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\QREEPLOA.DEFAULT\EXTENSIONS\{0545B830-F0AA-4D7E-8820-50A4629A56FE}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\QREEPLOA.DEFAULT\EXTENSIONS\{268AD77E-CFF8-42D7-B479-DA60A7B93305}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\QREEPLOA.DEFAULT\EXTENSIONS\{52A7F893-D228-412E-9B28-BC61491462F6}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\QREEPLOA.DEFAULT\EXTENSIONS\{6614D11D-D21D-B211-AE23-815234E1EBB5}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\QREEPLOA.DEFAULT\EXTENSIONS\{8E9008B4-EC7C-4C2A-828E-007D5D2DAD22}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\QREEPLOA.DEFAULT\EXTENSIONS\{A81031F3-6CEE-4A19-809F-4E26C1D9C1D1}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\QREEPLOA.DEFAULT\EXTENSIONS\{AB4B5718-3998-4A2C-91AE-18A7C2DB513E}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\QREEPLOA.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\QREEPLOA.DEFAULT\EXTENSIONS\{D40F5E7B-D2CF-4856-B441-CC613EEFFBE3}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\QREEPLOA.DEFAULT\EXTENSIONS\ADBLOCKPOPUPS@JESSEHAKANEN.NET.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\QREEPLOA.DEFAULT\EXTENSIONS\AFTERTHEDEADLINE@AFTERTHEDEADLINE.COM.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\QREEPLOA.DEFAULT\EXTENSIONS\AUTOREFRESH@PLUGIN.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\QREEPLOA.DEFAULT\EXTENSIONS\BACKUPFOX_959A5970_ADA3_11E0_9F1C_0800200C9A66@MOZILLAFIREFOXEXTENSION.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\QREEPLOA.DEFAULT\EXTENSIONS\BROWSERPROTECT@BROWSERPROTECT.COM.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\QREEPLOA.DEFAULT\EXTENSIONS\FASTERFOX_LITE@BIGREDBRENT.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\QREEPLOA.DEFAULT\EXTENSIONS\GAURANGNSHAH@GMAIL.COM.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\QREEPLOA.DEFAULT\EXTENSIONS\GUICONFIG@SLOSD.NET.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\QREEPLOA.DEFAULT\EXTENSIONS\HARIOMBALHARA@GMAIL.COM.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\QREEPLOA.DEFAULT\EXTENSIONS\MULTICOLUMNBOOKMARKS@MAXIM.KUDIMOV.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\QREEPLOA.DEFAULT\EXTENSIONS\NADIR.KADEM@GMAIL.COM.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\QREEPLOA.DEFAULT\EXTENSIONS\NOSQUINT@URANDOM.CA.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\QREEPLOA.DEFAULT\EXTENSIONS\QUICKPASSWORDS@AXELG.COM.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\QREEPLOA.DEFAULT\EXTENSIONS\TOGGLEPRIVATEBROWSING@SUPERNOVA00.BIZ.XPI
[2012/03/31 17:41:22 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\AVG SECURE SEARCH\10.2.0.3
[2012/03/21 15:34:42 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2012/02/27 10:43:43 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2012/02/29 04:27:05 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2012/03/17 09:06:50 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/03/31 17:26:18 | 000,003,749 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/02/16 05:42:53 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/03/23 22:39:48 | 000,002,127 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\blekkotb.xml
[2012/02/16 05:42:53 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/03/24 12:36:10 | 000,441,319 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 15171 more lines...
O2 - BHO: (KeyScramblerBHO Class) - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (&Linkman) - {5C9DCA26-CEC4-4280-A831-D622D4DBF113} - C:\Program Files\Linkman\LinkmanCom.dll (Outertech)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKU\S-1-5-21-1292428093-1085031214-839522115-500..\Run: [Popcompanion] C:\Program Files\Popcompanion\Popcompanion.exe (Popfax)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1292428093-1085031214-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1292428093-1085031214-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Nosecuritytab = 1
O8 - Extra context menu item: >Search in Linkman - file://C:\Documents and Settings\Administrator\My Documents\Linkman\iescript_search.htm File not found
O8 - Extra context menu item: Add to Linkman - file://C:\Documents and Settings\Administrator\My Documents\Linkman\iescript_add.htm File not found
O8 - Extra context menu item: Add to Linkman (all tabs) - file://C:\Documents and Settings\Administrator\My Documents\Linkman\iescript_addall.htm File not found
O8 - Extra context menu item: Add to Linkman and Edit - file://C:\Documents and Settings\Administrator\My Documents\Linkman\iescript_edit.htm File not found
O8 - Extra context menu item: Show Linkman - file://C:\Documents and Settings\Administrator\My Documents\Linkman\iescript_show.htm File not found
O9 - Extra 'Tools' menuitem : &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 12.213.80.61
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5C126968-7731-43F1-A5F2-9C377D36AF09}: DhcpNameServer = 12.213.80.61
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5C126968-7731-43F1-A5F2-9C377D36AF09}: NameServer = 8.26.56.26,156.154.70.22
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O20 - AppInit_DLLs: (C:\WINDOWS\system32\guard32.dll) - C:\WINDOWS\system32\guard32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O20 - Winlogon\Notify\LMIinit: DllName - (LMIinit.dll) - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/01/14 16:32:59 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/04/14 07:00:00 | 001,053,184 | ---- | M] (Microsoft Corporation) - G:\AUTORUN.DLL -- [ NTFS ]
O32 - AutoRun File - [2008/04/14 07:00:00 | 000,018,944 | ---- | M] (Microsoft Corporation) - G:\AUTORUN.EXE -- [ NTFS ]
O32 - AutoRun File - [2010/01/10 20:54:52 | 000,000,170 | ---- | M] () - G:\AUTORUN_.INF -- [ NTFS ]
O32 - AutoRun File - [2011/09/20 12:15:26 | 000,000,182 | ---- | M] () - G:\AUTORUN_.INF.wg7 -- [ NTFS ]
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - Services: "YahooAUService"
MsConfig - Services: "WMPNetworkSvc"
MsConfig - Services: "SeagateDashboardService"
MsConfig - Services: "rpcapd"
MsConfig - Services: "ReflectService.exe"
MsConfig - Services: "Pml Driver HPZ12"
MsConfig - Services: "PhoneTray"
MsConfig - Services: "nmservice"
MsConfig - Services: "MsMpSvc"
MsConfig - Services: "MemeoBackgroundService"
MsConfig - Services: "MBAMService"
MsConfig - Services: "LMIGuardianSvc"
MsConfig - Services: "JavaQuickStarterService"
MsConfig - Services: "idsvc"
MsConfig - Services: "Guard Agent"
MsConfig - Services: "EaseUS Agent"
MsConfig - Services: "cmdAgent"
MsConfig - Services: "CLPSLS"
MsConfig - Services: "Cleaner_Validator"
MsConfig - Services: "avast! Antivirus"
MsConfig - Services: "AdvancedSystemCareService5"
MsConfig - StartUpReg: Advanced SystemCare 5 - hkey= - key= - C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe (IObit)
MsConfig - StartUpReg: Anti-phishing Domain Advisor - hkey= - key= - C:\Documents and Settings\All Users\Application Data\Anti-phishing Domain Advisor\visicom_antiphishing.exe (Visicom Media Inc. (Powered by Panda Security))
MsConfig - StartUpReg: COMODO Internet Security - hkey= - key= - C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
MsConfig - StartUpReg: FreeRAM XP - hkey= - key= - C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe (YourWare Solutions ™)
MsConfig - StartUpReg: MSC - hkey= - key= - c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
MsConfig - StartUpReg: Process Hacker 2 - hkey= - key= - C:\Program Files\Process Hacker 2\ProcessHacker.exe (wj32)
MsConfig - StartUpReg: SugarSync - hkey= - key= - C:\Program Files\SugarSync\SugarSyncManager.exe (SugarSync, Inc.)
MsConfig - StartUpReg: TomcatStartup - hkey= - key= - C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe (Hewlett-Packard)
MsConfig - StartUpReg: WinGuard Pro - hkey= - key= - C:\Program Files\winguard\wgpro7.exe ("winguardpro.com")
MsConfig - StartUpReg: WinPatrol - hkey= - key= - C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
MsConfig - State: "system.ini" - 1
MsConfig - State: "win.ini" - 1
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 1
MsConfig - State: "startup" - 1

Drivers32: midi - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\WINDOWS\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.imaadpcm - C:\WINDOWS\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\WINDOWS\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msaudio1 - C:\WINDOWS\System32\msaud32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\WINDOWS\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msg723 - C:\WINDOWS\System32\msg723.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\WINDOWS\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.I420 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.iyuv - C:\WINDOWS\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.M261 - C:\WINDOWS\System32\msh261.drv (Microsoft Corporation)
Drivers32: vidc.M263 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.mrle - C:\WINDOWS\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\WINDOWS\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.uyvy - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yuy2 - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvu9 - C:\WINDOWS\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)
Drivers32: wave2 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\WINDOWS\System32\msacm32.drv (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/04/01 11:17:05 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2012/03/31 17:45:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Popcompanion
[2012/03/31 17:43:05 | 000,000,000 | ---D | C] -- C:\Program Files\Popcompanion
[2012/03/31 17:37:05 | 000,638,784 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Documents and Settings\Administrator\Desktop\autoruns.exe
[2012/03/31 17:32:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\AVG Secure Search
[2012/03/31 17:32:18 | 000,334,720 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Documents and Settings\Administrator\Desktop\RootkitRevealer.exe
[2012/03/31 17:31:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG Secure Search
[2012/03/31 17:28:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVG Secure Search
[2012/03/31 17:27:55 | 000,000,000 | ---D | C] -- C:\Program Files\AVG Secure Search
[2012/03/31 17:16:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SlimDrivers
[2012/03/31 17:15:39 | 000,000,000 | ---D | C] -- C:\Program Files\SlimDrivers
[2012/03/31 17:13:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Downloaded Installers
[2012/03/29 21:53:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents
[2012/03/29 21:41:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents-SUNA-DEN
[2012/03/29 21:36:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents-SUNA-BEDROOM\Magic Briefcase
[2012/03/29 20:24:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\SugarSync
[2012/03/29 20:20:16 | 000,000,000 | ---D | C] -- C:\Program Files\SugarSync
[2012/03/29 02:16:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\JetBoost
[2012/03/29 02:16:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\BlueSprig
[2012/03/28 02:29:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\CrossLoop
[2012/03/28 02:29:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\CrossLoop
[2012/03/27 21:28:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\4Sync
[2012/03/27 20:38:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup Optimizer
[2012/03/27 20:38:40 | 000,000,000 | ---D | C] -- C:\Program Files\Startup Optimizer
[2012/03/27 02:34:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Dmitri_Karshakevich
[2012/03/26 15:03:30 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2012/03/26 15:03:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\firebird
[2012/03/26 15:02:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\E-Z Contact Book
[2012/03/25 20:37:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Linkman
[2012/03/25 20:36:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents-SUNA-BEDROOM\Linkman
[2012/03/25 20:36:22 | 000,000,000 | ---D | C] -- C:\Program Files\Linkman
[2012/03/25 18:25:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\com.zoosk.Desktop.096E6A67431258A508A2446A847B240591D2C99B.1
[2012/03/25 18:24:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2012/03/25 10:55:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\E-Z Contact Book
[2012/03/25 10:54:47 | 000,000,000 | ---D | C] -- C:\Program Files\E-Z Contact Book
[2012/03/24 11:41:49 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
[2012/03/24 11:34:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\RegSeeker
[2012/03/24 11:14:16 | 000,000,000 | ---D | C] -- C:\Program Files\UnThreat AntiVirus
[2012/03/24 11:14:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVSoftware
[2012/03/24 10:40:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2012/03/24 10:38:40 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2012/03/24 10:38:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2012/03/24 01:01:47 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents-SUNA-BEDROOM\My Music
[2012/03/24 01:01:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents-SUNA-BEDROOM\My Documents-SUNA-BEDROOM
[2012/03/24 01:01:46 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents-SUNA-BEDROOM\My Videos
[2012/03/24 01:01:46 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents-SUNA-BEDROOM\My Pictures
[2012/03/24 00:38:24 | 000,016,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\modemcsa.sys
[2012/03/23 22:43:33 | 000,000,000 | ---D | C] -- C:\Program Files\Acid Rane
[2012/03/23 22:43:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Acid Rane
[2012/03/23 22:43:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Acid Rane
[2012/03/23 22:40:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\blekkotb
[2012/03/23 21:57:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\TrackZapper.com
[2012/03/23 21:57:05 | 000,917,504 | ---- | C] (Macromedia, Inc.) -- C:\WINDOWS\System32\Flash.ocx
[2012/03/23 21:57:04 | 000,188,416 | ---- | C] (SoftShape Development) -- C:\WINDOWS\System32\actsplash.ocx
[2012/03/23 21:57:01 | 000,000,000 | ---D | C] -- C:\Program Files\Connection Booster
[2012/03/23 21:20:33 | 000,000,000 | ---D | C] -- C:\Downloads
[2012/03/23 21:19:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2012/03/23 21:07:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe
[2012/03/23 20:23:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\U3
[2012/03/23 18:34:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Macrium
[2012/03/23 18:34:20 | 000,000,000 | ---D | C] -- C:\Program Files\Macrium
[2012/03/23 18:19:39 | 001,388,032 | ---- | C] (Chestysoft) -- C:\WINDOWS\System32\csXImage.ocx
[2012/03/23 18:19:36 | 001,064,960 | ---- | C] (Chilkat Software, Inc.) -- C:\WINDOWS\System32\ChilkatFtp2.dll
[2012/03/23 18:19:34 | 000,311,296 | ---- | C] (AdminSystem Software Limited) -- C:\WINDOWS\System32\aosmtp.dll
[2012/03/23 18:19:32 | 000,106,496 | ---- | C] (Marco Bellinaso) -- C:\WINDOWS\System32\mbprgbar.ocx
[2012/03/23 18:19:31 | 000,070,144 | ---- | C] (Merrion Computing Ltd) -- C:\WINDOWS\System32\MCLHotkey.ocx
[2012/03/23 18:19:30 | 000,110,592 | ---- | C] (Common Controls Replacement Project (CCRP)) -- C:\WINDOWS\System32\ccrpbds6.dll
[2012/03/23 18:19:26 | 000,140,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comdlg32.ocx
[2012/03/23 18:19:07 | 000,000,000 | ---D | C] -- C:\Program Files\SnapShot
[2012/03/23 17:13:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\FreeRAM XP Pro
[2012/03/23 17:13:33 | 000,000,000 | ---D | C] -- C:\Program Files\YourWare Solutions
[2012/03/23 16:44:18 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2012/03/23 16:20:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\COWON
[2012/03/23 16:20:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\COWON Media Center - jetAudio
[2012/03/23 16:19:54 | 000,000,000 | ---D | C] -- C:\Program Files\JetAudio
[2012/03/23 15:51:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Media Player Classic
[2012/03/23 15:43:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\PeaZip
[2012/03/23 15:01:50 | 000,000,000 | ---D | C] -- C:\Program Files\CloneSpy
[2012/03/23 13:36:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PeaZip
[2012/03/23 13:31:28 | 000,000,000 | ---D | C] -- C:\Program Files\PeaZip
[2012/03/23 13:31:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\OpenCandy
[2012/03/23 13:06:29 | 000,000,000 | ---D | C] -- C:\Program Files\KernSafe
[2012/03/23 13:06:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\KernSafe
[2012/03/23 12:54:35 | 000,000,000 | ---D | C] -- C:\Program Files\TagScanner
[2012/03/23 12:47:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Vasilios Applications
[2012/03/23 12:41:57 | 000,000,000 | ---D | C] -- C:\Program Files\Vasilios Applications
[2012/03/23 12:14:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\FBackup 4
[2012/03/23 11:54:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\visi_coupon
[2012/03/23 11:51:23 | 000,185,864 | ---- | C] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\WINDOWS\System32\drivers\EuFdDisk.sys
[2012/03/23 11:51:21 | 000,016,008 | ---- | C] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\WINDOWS\System32\drivers\eudskacs.sys
[2012/03/23 11:51:17 | 000,050,312 | ---- | C] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\WINDOWS\System32\drivers\eubakup.sys
[2012/03/23 11:50:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\EaseUS Todo Backup 4.0
[2012/03/23 11:47:37 | 000,020,616 | ---- | C] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\WINDOWS\System32\fbnative.exe
[2012/03/23 11:42:16 | 000,000,000 | ---D | C] -- C:\Program Files\EaseUS
[2012/03/23 11:38:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\WinPatrol
[2012/03/23 11:35:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinPatrol
[2012/03/23 11:34:51 | 000,000,000 | ---D | C] -- C:\Program Files\BillP Studios
[2012/03/23 11:34:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\InstallMate
[2012/03/22 20:07:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\WindowsPowerShell
[2012/03/22 20:07:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\winrm
[2012/03/22 20:07:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\GroupPolicy
[2012/03/22 20:05:58 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$968930Uinstall_KB968930$
[2012/03/22 17:38:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\PandoraRecovery
[2012/03/22 12:41:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Anti-phishing Domain Advisor
[2012/03/22 12:33:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Pandora Recovery
[2012/03/22 12:33:04 | 000,000,000 | ---D | C] -- C:\Program Files\Pandora Recovery
[2012/03/22 12:24:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\BlueSprig
[2012/03/22 12:24:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\JetClean
[2012/03/22 12:17:52 | 000,000,000 | ---D | C] -- C:\Program Files\BlueSprig
[2012/03/22 12:09:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinUtilities
[2012/03/22 12:01:30 | 000,544,768 | ---- | C] (Stardock Corporation) -- C:\WINDOWS\System32\wbocx.ocx
[2012/03/22 12:01:30 | 000,056,496 | ---- | C] (Stardock.Net, Inc) -- C:\WINDOWS\System32\wbhelp2.dll
[2012/03/22 12:01:29 | 000,258,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\unicows.dll
[2012/03/22 12:01:28 | 000,033,968 | ---- | C] (Neil Banfield) -- C:\WINDOWS\System32\anim.dll
[2012/03/22 12:01:27 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\W95INF32.DLL
[2012/03/22 12:01:27 | 000,002,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\W95INF16.DLL
[2012/03/22 12:01:22 | 000,000,000 | ---D | C] -- C:\Program Files\WinUtilities
[2012/03/22 11:17:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Auslogics
[2012/03/22 11:17:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Auslogics
[2012/03/22 11:17:30 | 000,000,000 | ---D | C] -- C:\Program Files\Auslogics
[2012/03/21 19:48:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNTREG BKUP
[2012/03/21 19:14:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\SpeedItup Free
[2012/03/21 19:13:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\SpeedItup Free
[2012/03/21 19:13:52 | 000,000,000 | ---D | C] -- C:\Program Files\SpeedItup Free
[2012/03/21 18:37:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Quick Startup
[2012/03/21 18:37:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\GlarySoft
[2012/03/21 18:36:54 | 000,000,000 | ---D | C] -- C:\Program Files\Quick Startup
[2012/03/21 17:46:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Memeo
[2012/03/21 17:45:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Seagate
[2012/03/21 17:25:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Seagate
[2012/03/21 17:16:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Seagate Dashboard
[2012/03/21 17:13:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\ServiceTest
[2012/03/21 17:12:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Memeo
[2012/03/21 17:12:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Memeo
[2012/03/21 17:12:12 | 000,000,000 | ---D | C] -- C:\Program Files\Memeo
[2012/03/21 17:05:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Leadertech
[2012/03/21 17:03:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Seagate
[2012/03/21 17:03:33 | 000,000,000 | ---D | C] -- C:\Program Files\Seagate
[2012/03/21 17:00:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2012/03/21 15:50:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
[2012/03/21 15:21:00 | 000,016,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2012/03/21 15:17:28 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Connect 2
[2012/03/21 15:05:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF
[2012/03/21 13:35:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\TCPEye
[2012/03/21 13:34:56 | 000,000,000 | ---D | C] -- C:\Program Files\TCPEye
[2012/03/21 13:30:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2012/03/21 13:16:17 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2012/03/21 13:16:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit
[2012/03/21 13:15:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Temp
[2012/03/21 13:13:43 | 000,000,000 | ---D | C] -- C:\Program Files\Router Commander
[2012/03/21 12:41:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Sticky-Notes
[2012/03/21 12:41:46 | 000,000,000 | ---D | C] -- C:\Program Files\Sticky-Notes
[2012/03/21 12:29:14 | 000,000,000 | ---D | C] -- C:\Program Files\The Extractor
[2012/03/21 12:21:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\CNET TechTracker
[2012/03/21 12:21:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\CBS Interactive
[2012/03/20 20:36:10 | 000,012,952 | ---- | C] (Paramount Software UK Ltd) -- C:\WINDOWS\System32\drivers\PSVolAcc.sys
[2012/03/20 20:36:00 | 000,016,024 | ---- | C] (Macrium Software) -- C:\WINDOWS\System32\drivers\pssnap.sys
[2012/03/20 20:35:54 | 000,047,256 | ---- | C] (Macrium Software) -- C:\WINDOWS\System32\drivers\psmounter.sys
[2012/03/18 18:08:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Foxit Software
[2012/03/18 17:51:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Foxit Reader 5.1
[2012/03/18 17:50:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\AskToolbar
[2012/03/18 17:47:02 | 000,000,000 | ---D | C] -- C:\Program Files\Foxit Software
[2012/03/18 17:41:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2012/03/18 17:41:57 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2012/03/18 17:37:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2012/03/17 17:55:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\OpenOffice.org
[2012/03/17 12:55:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Thunderbird
[2012/03/17 12:55:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Thunderbird
[2012/03/17 12:00:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\MozBackup
[2012/03/17 12:00:50 | 000,000,000 | ---D | C] -- C:\Program Files\MozBackup
[2012/03/17 11:56:17 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird
[2012/03/15 18:10:19 | 000,000,000 | ---D | C] -- C:\a3350aafb5de7c1f38e8ae6f
[2012/03/15 18:07:05 | 000,021,336 | ---- | C] (IObit) -- C:\WINDOWS\System32\RegistryDefragBootTime.exe
[2012/03/15 17:18:35 | 000,049,664 | ---- | C] (MindVision Software) -- C:\WINDOWS\unvise32.exe
[2012/03/15 17:18:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Active Ports
[2012/03/15 17:18:23 | 000,000,000 | ---D | C] -- C:\Program Files\Active Ports
[2012/03/15 17:13:36 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\IECompatCache
[2012/03/15 16:57:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Softland
[2012/03/15 16:57:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Softland
[2012/03/15 16:57:22 | 000,023,392 | ---- | C] (Softland) -- C:\WINDOWS\System32\dopdfmn7.dll
[2012/03/15 16:57:22 | 000,020,832 | ---- | C] (Softland) -- C:\WINDOWS\System32\dopdfmi7.dll
[2012/03/15 16:56:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\doPDF 7
[2012/03/15 16:56:07 | 000,000,000 | ---D | C] -- C:\Program Files\Softland
[2012/03/15 13:44:27 | 000,055,824 | ---- | C] (Agere Systems) -- C:\WINDOWS\System32\agrsmdel.exe
[2012/03/15 13:44:27 | 000,013,824 | ---- | C] (Agere Systems) -- C:\WINDOWS\System32\agrscoin.dll
[2012/03/15 13:43:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\Options
[2012/03/14 12:03:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinGuard Pro
[2012/03/14 12:03:17 | 001,572,864 | ---- | C] (Chilkat Software, Inc.) -- C:\WINDOWS\System32\ChilkatCrypt2.dll
[2012/03/14 12:03:16 | 000,933,888 | ---- | C] (Adroit Technologies) -- C:\WINDOWS\System32\SmartTabs29.ocx
[2012/03/14 12:03:03 | 000,000,000 | ---D | C] -- C:\Program Files\winguard
[2012/03/14 11:35:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Yahoo!
[2012/03/14 11:33:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Yahoo! Messenger
[2012/03/14 11:33:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo!
[2012/03/13 17:02:25 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo!
[2012/03/10 22:24:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\QFX Software
[2012/03/10 22:24:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\QFX Software
[2012/03/10 20:51:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Ethereal
[2012/03/10 18:05:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\KeyScrambler
[2012/03/10 18:04:56 | 000,173,880 | ---- | C] (QFX Software Corporation) -- C:\WINDOWS\System32\drivers\keyscrambler.sys
[2012/03/10 18:04:52 | 000,000,000 | ---D | C] -- C:\Program Files\KeyScrambler
[2012/03/10 18:03:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Ethereal
[2012/03/10 18:02:41 | 000,000,000 | ---D | C] -- C:\Program Files\Ethereal
[2012/03/10 18:00:27 | 000,000,000 | ---D | C] -- C:\Program Files\WinPcap
[2012/03/10 17:59:16 | 000,000,000 | ---D | C] -- C:\Temp
[2012/03/10 17:58:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\AirSnare
[2012/03/10 17:58:18 | 000,000,000 | ---D | C] -- C:\Program Files\AirSnare
[2012/03/10 15:25:05 | 000,303,104 | ---- | C] (CANON INC.) -- C:\WINDOWS\System32\CNC250L.dll
[2012/03/10 15:25:04 | 000,110,592 | ---- | C] (CANON INC.) -- C:\WINDOWS\System32\CNC250I.dll
[2012/03/10 15:25:03 | 001,310,720 | ---- | C] (CANON INC.) -- C:\WINDOWS\System32\CNC250C.dll
[2012/03/10 15:25:02 | 000,106,496 | ---- | C] (CANON INC.) -- C:\WINDOWS\System32\CNC250U.dll
[2012/03/10 15:24:57 | 000,015,872 | ---- | C] (CANON INC.) -- C:\WINDOWS\System32\CNHMCA.dll
[2012/03/10 14:49:35 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2012/03/10 14:45:43 | 000,272,384 | ---- | C] (CANON INC.) -- C:\WINDOWS\System32\CNMLM9W.DLL
[2012/03/10 14:45:08 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\CanonIJ Uninstaller Information
[2012/03/10 14:45:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Canon MP250 series
[2012/03/10 14:44:57 | 000,090,112 | ---- | C] (Canon Inc.) -- C:\WINDOWS\System32\CNC250O.dll
[2012/03/10 14:44:56 | 000,178,176 | ---- | C] (CANON INC.) -- C:\WINDOWS\System32\CNMIU9W.DLL
[2012/03/10 14:44:35 | 000,000,000 | ---D | C] -- C:\Program Files\CanonBJ
[2012/03/10 14:43:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Canon Utilities
[2012/03/10 14:35:26 | 000,000,000 | ---D | C] -- C:\Program Files\Canon
[2012/03/10 13:10:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Hewlett-Packard
[2012/03/10 13:09:51 | 000,035,840 | ---- | C] (Oak Technology Inc.) -- C:\WINDOWS\System32\drivers\AFS2K.SYS
[2012/03/10 13:04:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Hewlett-Packard
[2012/03/10 12:56:46 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbprint.sys
[2012/03/10 12:54:54 | 000,237,568 | ---- | C] (Hewlett-Packard Co.) -- C:\WINDOWS\System32\HPZc3212.dll
[2012/03/10 12:54:51 | 000,081,920 | R--- | C] (Hewlett-Packard Co.) -- C:\WINDOWS\System32\hpovst08.dll
[2012/03/10 12:54:12 | 000,015,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbscan.sys
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/04/01 10:10:13 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\zx8tbj0g.exe
[2012/04/01 10:04:44 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2012/04/01 01:55:59 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2012/03/31 17:45:47 | 000,000,752 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Popcompanion.lnk
[2012/03/31 17:16:12 | 000,001,854 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SlimDrivers.lnk
[2012/03/31 16:57:59 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012/03/31 13:38:57 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\ASC5_PerformanceMonitor.job
[2012/03/31 12:52:27 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2012/03/31 12:15:13 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/03/31 12:07:00 | 000,000,466 | ---- | M] () -- C:\WINDOWS\tasks\COMODO Updater.job
[2012/03/31 12:06:34 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/03/31 11:27:06 | 000,032,426 | ---- | M] () -- C:\WINDOWS\cscmondump.bin
[2012/03/31 11:26:52 | 000,203,190 | ---- | M] () -- C:\WINDOWS\CSC_ServiceDump.dat
[2012/03/31 11:26:52 | 000,000,012 | ---- | M] () -- C:\WINDOWS\CSC_ActiveCleanLog.dat
[2012/03/31 11:04:47 | 000,000,045 | ---- | M] () -- C:\WINDOWS\System32\_WKERNEL.FRE
[2012/03/29 21:36:20 | 000,000,529 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Magic Briefcase.lnk
[2012/03/29 20:22:41 | 000,001,613 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SugarSync Manager.lnk
[2012/03/29 02:43:26 | 000,000,911 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Auslogics Task Manager.lnk
[2012/03/29 02:17:25 | 000,000,798 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\JetBoost.lnk
[2012/03/29 00:03:56 | 000,002,441 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\SeaTools for Windows.lnk
[2012/03/28 02:31:49 | 000,002,388 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\CrossLoop Connect.lnk
[2012/03/27 20:38:56 | 000,000,675 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Startup Optimizer.lnk
[2012/03/25 20:37:04 | 000,000,752 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Linkman.lnk
[2012/03/25 10:55:01 | 000,000,710 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\E-Z Contact Book.lnk
[2012/03/24 15:27:50 | 000,186,608 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/03/24 15:18:55 | 000,000,587 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2012/03/24 12:36:10 | 000,441,319 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/03/24 11:40:30 | 000,000,703 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\WinUtilities.lnk
[2012/03/24 10:40:58 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Spybot - Search & Destroy.lnk
[2012/03/24 00:57:57 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2012/03/24 00:39:18 | 000,432,356 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/03/24 00:39:18 | 000,067,312 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/03/23 22:43:34 | 000,002,000 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Acid Rane.lnk
[2012/03/23 21:57:07 | 000,000,725 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Connection Booster.lnk
[2012/03/23 18:34:49 | 000,001,980 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Reflect.lnk
[2012/03/23 18:19:58 | 000,000,722 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\SnapShot.lnk
[2012/03/23 16:54:23 | 000,000,719 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2012/03/23 16:29:38 | 000,001,496 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\COWON Media Center - jetAudio.lnk
[2012/03/23 15:01:58 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\CloneSpy.lnk
[2012/03/23 14:47:15 | 002,167,684 | ---- | M] () -- C:\WINDOWS\System32\CT4MGM.SF2
[2012/03/23 13:36:27 | 000,000,654 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\PeaZip.lnk
[2012/03/23 12:58:11 | 000,000,689 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\TagScanner.lnk
[2012/03/23 12:47:16 | 000,001,856 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Drive Folder.lnk
[2012/03/23 12:14:55 | 000,000,719 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\FBackup 4.lnk
[2012/03/23 11:50:48 | 000,001,744 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\EaseUS Todo Backup 4.0.lnk
[2012/03/22 20:12:57 | 000,000,291 | ---- | M] () -- C:\WINDOWS\System32\spupdsvc.inf
[2012/03/22 12:33:30 | 000,001,669 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Pandora Recovery.lnk
[2012/03/22 12:24:06 | 000,000,798 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\JetClean.lnk
[2012/03/22 12:14:00 | 002,883,584 | ---- | M] () -- C:\Documents and Settings\Administrator\ntuser.bak
[2012/03/22 11:17:47 | 000,000,899 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Auslogics Disk Defrag.lnk
[2012/03/21 19:15:31 | 000,001,056 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\My PC Geek Support.lnk
[2012/03/21 19:14:18 | 000,001,629 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\SpeedItup Free.lnk
[2012/03/21 18:37:18 | 000,000,710 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Quick Startup.lnk
[2012/03/21 17:16:49 | 000,000,886 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Seagate Dashboard.lnk
[2012/03/21 17:16:33 | 000,000,162 | ---- | M] () -- C:\MemeoSendAddin
[2012/03/21 15:50:50 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2012/03/21 15:23:17 | 000,000,800 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2012/03/21 15:18:53 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2012/03/21 15:18:53 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2012/03/21 15:06:02 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2012/03/21 14:51:15 | 000,000,925 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Uninstaller.lnk
[2012/03/21 14:51:15 | 000,000,874 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Advanced SystemCare 5.lnk
[2012/03/21 13:40:43 | 000,000,797 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\MonitorInfoView.exe.lnk
[2012/03/21 13:35:05 | 000,000,606 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TCPEye.lnk
[2012/03/21 13:31:29 | 000,001,035 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\PrcView.exe.lnk
[2012/03/21 12:41:51 | 000,001,653 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Sticky-Notes.lnk
[2012/03/21 12:21:47 | 000,001,229 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\CNET TechTracker.lnk
[2012/03/21 12:07:26 | 000,000,835 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\COMODO System-Cleaner.lnk
[2012/03/21 10:32:18 | 000,638,784 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Documents and Settings\Administrator\Desktop\autoruns.exe
[2012/03/20 20:36:10 | 000,012,952 | ---- | M] (Paramount Software UK Ltd) -- C:\WINDOWS\System32\drivers\PSVolAcc.sys
[2012/03/20 20:36:00 | 000,016,024 | ---- | M] (Macrium Software) -- C:\WINDOWS\System32\drivers\pssnap.sys
[2012/03/20 20:35:54 | 000,047,256 | ---- | M] (Macrium Software) -- C:\WINDOWS\System32\drivers\psmounter.sys
[2012/03/18 17:51:38 | 000,000,791 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Foxit Reader 5.1.lnk
[2012/03/17 12:00:56 | 000,000,702 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\MozBackup.lnk
[2012/03/17 11:56:41 | 000,001,686 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2012/03/17 11:56:41 | 000,001,668 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Thunderbird.lnk
[2012/03/15 17:18:31 | 000,000,638 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Active Ports.lnk
[2012/03/15 08:56:02 | 000,023,392 | ---- | M] (Softland) -- C:\WINDOWS\System32\dopdfmn7.dll
[2012/03/15 08:56:00 | 000,020,832 | ---- | M] (Softland) -- C:\WINDOWS\System32\dopdfmi7.dll
[2012/03/14 11:35:02 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/03/14 11:33:56 | 000,000,820 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2012/03/14 11:33:56 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Yahoo! Messenger.lnk
[2012/03/14 11:21:34 | 000,002,198 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2012/03/14 08:31:15 | 000,031,704 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\cmdhlp.sys
[2012/03/11 16:13:46 | 000,097,760 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\inspect.sys
[2012/03/11 16:13:44 | 000,494,968 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\cmdGuard.sys
[2012/03/11 16:13:43 | 000,018,056 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\cmderd.sys
[2012/03/11 16:13:19 | 000,033,984 | ---- | M] (COMODO) -- C:\WINDOWS\System32\cmdcsr.dll
[2012/03/11 16:13:18 | 000,301,224 | ---- | M] (COMODO) -- C:\WINDOWS\System32\guard32.dll
[2012/03/10 21:11:42 | 000,001,654 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ethereal.lnk
[2012/03/10 15:19:44 | 000,001,680 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Canon Solution Menu.lnk
[2012/03/10 15:07:49 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Canon Easy-PhotoPrint EX.lnk
[2012/03/10 14:44:27 | 000,001,736 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Canon MP Navigator EX 3.0.lnk
[2012/03/10 13:12:17 | 000,020,454 | ---- | M] () -- C:\WINDOWS\hpoins01.dat.temp
[2012/03/10 13:12:17 | 000,020,454 | ---- | M] () -- C:\WINDOWS\hpoins01.dat
[2012/03/10 13:11:01 | 000,000,669 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HP Memories Disc.lnk
[2012/03/10 12:53:00 | 000,000,851 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HP Photo & Imaging.lnk
[2012/03/10 12:53:00 | 000,000,851 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HP Director.lnk
[2012/03/06 18:15:19 | 000,041,184 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2012/03/06 18:15:14 | 000,201,352 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2012/03/06 18:03:51 | 000,612,184 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2012/03/06 18:03:38 | 000,337,880 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2012/03/06 18:02:00 | 000,035,672 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2012/03/06 18:01:53 | 000,053,848 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2012/03/06 18:01:39 | 000,095,704 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2012/03/06 18:01:35 | 000,089,048 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2012/03/06 18:01:30 | 000,020,696 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2012/03/06 17:58:29 | 000,024,920 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/04/01 11:18:42 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\zx8tbj0g.exe
[2012/03/31 17:45:47 | 000,000,752 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Popcompanion.lnk
[2012/03/31 17:16:12 | 000,001,854 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SlimDrivers.lnk
[2012/03/31 11:01:55 | 000,000,045 | ---- | C] () -- C:\WINDOWS\System32\_WKERNEL.FRE
[2012/03/29 21:36:20 | 000,000,529 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Magic Briefcase.lnk
[2012/03/29 20:22:41 | 000,001,613 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SugarSync Manager.lnk
[2012/03/29 20:22:37 | 000,001,619 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\SugarSync Manager.lnk
[2012/03/29 02:43:25 | 000,000,911 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Auslogics Task Manager.lnk
[2012/03/29 02:17:25 | 000,000,798 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\JetBoost.lnk
[2012/03/28 02:31:49 | 000,002,388 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\CrossLoop Connect.lnk
[2012/03/27 20:38:56 | 000,000,675 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Startup Optimizer.lnk
[2012/03/27 15:56:10 | 000,000,286 | ---- | C] () -- C:\WINDOWS\tasks\ASC5_PerformanceMonitor.job
[2012/03/25 20:37:04 | 000,000,752 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Linkman.lnk
[2012/03/25 10:55:01 | 000,000,710 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\E-Z Contact Book.lnk
[2012/03/24 15:27:50 | 000,186,608 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/03/24 15:13:15 | 000,000,587 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2012/03/24 10:40:58 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Spybot - Search & Destroy.lnk
[2012/03/24 00:57:56 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2012/03/24 00:57:48 | 000,002,347 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2012/03/23 22:43:34 | 000,002,000 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Acid Rane.lnk
[2012/03/23 21:57:07 | 000,000,725 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Connection Booster.lnk
[2012/03/23 21:57:05 | 000,389,120 | ---- | C] () -- C:\WINDOWS\System32\actskn43.ocx
[2012/03/23 20:33:52 | 000,097,952 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2012/03/23 18:34:49 | 000,001,980 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Reflect.lnk
[2012/03/23 18:19:56 | 000,000,722 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\SnapShot.lnk
[2012/03/23 16:54:20 | 000,000,719 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2012/03/23 16:29:38 | 000,001,496 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\COWON Media Center - jetAudio.lnk
[2012/03/23 15:01:57 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\CloneSpy.lnk
[2012/03/23 14:46:03 | 002,167,684 | ---- | C] () -- C:\WINDOWS\System32\CT4MGM.SF2
[2012/03/23 13:36:27 | 000,000,654 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\PeaZip.lnk
[2012/03/23 12:58:06 | 000,000,689 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\TagScanner.lnk
[2012/03/23 12:47:16 | 000,001,856 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Drive Folder.lnk
[2012/03/23 12:14:55 | 000,000,719 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\FBackup 4.lnk
[2012/03/23 11:51:13 | 000,040,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\EUBKMON.sys
[2012/03/23 11:50:48 | 000,001,744 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\EaseUS Todo Backup 4.0.lnk
[2012/03/22 20:12:57 | 000,000,291 | ---- | C] () -- C:\WINDOWS\System32\spupdsvc.inf
[2012/03/22 12:33:30 | 000,001,669 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Pandora Recovery.lnk
[2012/03/22 12:24:06 | 000,000,798 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\JetClean.lnk
[2012/03/22 12:10:04 | 000,000,703 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\WinUtilities.lnk
[2012/03/22 12:01:27 | 000,000,439 | ---- | C] () -- C:\WINDOWS\System32\shfolder.inf
[2012/03/22 11:17:47 | 000,000,899 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Auslogics Disk Defrag.lnk
[2012/03/21 19:15:31 | 000,001,056 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\My PC Geek Support.lnk
[2012/03/21 19:14:18 | 000,001,629 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\SpeedItup Free.lnk
[2012/03/21 18:37:18 | 000,000,710 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Quick Startup.lnk
[2012/03/21 17:32:45 | 000,032,426 | ---- | C] () -- C:\WINDOWS\cscmondump.bin
[2012/03/21 17:32:29 | 000,203,190 | ---- | C] () -- C:\WINDOWS\CSC_ServiceDump.dat
[2012/03/21 17:32:29 | 000,000,012 | ---- | C] () -- C:\WINDOWS\CSC_ActiveCleanLog.dat
[2012/03/21 17:16:49 | 000,000,886 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Seagate Dashboard.lnk
[2012/03/21 17:16:40 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Memeo Send.lnk
[2012/03/21 17:16:33 | 000,000,162 | ---- | C] () -- C:\MemeoSendAddin
[2012/03/21 17:03:48 | 000,002,441 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\SeaTools for Windows.lnk
[2012/03/21 15:47:03 | 000,020,454 | ---- | C] () -- C:\WINDOWS\hpoins01.dat.temp
[2012/03/21 15:47:03 | 000,016,618 | ---- | C] () -- C:\WINDOWS\hpomdl01.dat.temp
[2012/03/21 15:23:17 | 000,000,800 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2012/03/21 15:06:02 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2012/03/21 14:51:15 | 000,000,925 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Uninstaller.lnk
[2012/03/21 13:40:43 | 000,000,797 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\MonitorInfoView.exe.lnk
[2012/03/21 13:35:05 | 000,000,606 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TCPEye.lnk
[2012/03/21 13:31:29 | 000,001,035 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\PrcView.exe.lnk
[2012/03/21 12:41:51 | 000,001,653 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Sticky-Notes.lnk
[2012/03/21 12:21:47 | 000,001,229 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\CNET TechTracker.lnk
[2012/03/21 12:07:52 | 000,000,466 | ---- | C] () -- C:\WINDOWS\tasks\COMODO Updater.job
[2012/03/21 12:07:26 | 000,000,835 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\COMODO System-Cleaner.lnk
[2012/03/18 17:51:38 | 000,000,791 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Foxit Reader 5.1.lnk
[2012/03/17 12:00:56 | 000,000,702 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\MozBackup.lnk
[2012/03/17 11:56:41 | 000,001,686 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2012/03/17 11:56:41 | 000,001,674 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Thunderbird.lnk
[2012/03/17 11:56:41 | 000,001,668 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Thunderbird.lnk
[2012/03/15 17:40:53 | 002,883,584 | ---- | C] () -- C:\Documents and Settings\Administrator\ntuser.bak
[2012/03/15 17:18:31 | 000,000,638 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Active Ports.lnk
[2012/03/15 16:57:23 | 000,007,549 | ---- | C] () -- C:\WINDOWS\System32\dopdf7.ctm
[2012/03/14 11:33:56 | 000,000,820 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2012/03/14 11:33:56 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Yahoo! Messenger.lnk
[2012/03/10 18:03:11 | 000,001,654 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ethereal.lnk
[2012/03/10 15:25:05 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\CNC173AD.TBL
[2012/03/10 15:19:44 | 000,001,680 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Canon Solution Menu.lnk
[2012/03/10 15:07:49 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Canon Easy-PhotoPrint EX.lnk
[2012/03/10 14:44:27 | 000,001,736 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Canon MP Navigator EX 3.0.lnk
[2012/03/10 13:11:01 | 000,000,669 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HP Memories Disc.lnk
[2012/03/10 12:54:40 | 000,561,152 | R--- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[2012/03/10 12:53:00 | 000,000,851 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HP Photo & Imaging.lnk
[2012/03/10 12:53:00 | 000,000,851 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HP Director.lnk
[2012/03/10 12:46:24 | 000,020,454 | ---- | C] () -- C:\WINDOWS\hpoins01.dat
[2012/03/10 12:46:24 | 000,016,618 | ---- | C] () -- C:\WINDOWS\hpomdl01.dat
[2012/02/25 10:48:09 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/02/24 13:50:31 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\A3d.dll
[2012/01/16 12:25:11 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\vusetup.dll
[2012/01/14 19:26:41 | 000,017,172 | ---- | C] () -- C:\WINDOWS\hplj1300.ini
[2012/01/14 16:35:51 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2012/01/14 16:29:01 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2012/01/14 09:13:17 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

========== Custom Scans ==========

< %systemroot%\system32\*.dll /lockedfiles >
[3 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\*.sys /90 >
[2012/02/03 04:22:18 | 001,860,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\win32k.sys
[3 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2012/01/14 09:11:06 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2012/01/14 09:11:06 | 000,659,456 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2012/01/14 09:11:06 | 000,884,736 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

< %SYSTEMDRIVE%\*.* >
[2012/02/25 23:32:28 | 000,001,024 | ---- | M] () -- C:\.rnd
[2012/01/14 16:32:59 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2012/03/31 12:52:27 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2012/01/14 16:32:59 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2012/01/14 16:32:59 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2012/03/21 17:16:33 | 000,000,162 | ---- | M] () -- C:\MemeoSendAddin
[2012/01/14 16:32:59 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2012/03/23 23:02:01 | 000,000,124 | ---- | M] () -- C:\NetShareMonitor_Session.log
[2012/03/23 23:02:01 | 000,000,135 | ---- | M] () -- C:\NetShareMonitor_SharedFile.log
[2004/08/12 08:25:07 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2012/01/15 14:13:52 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2012/03/31 12:06:28 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2012/03/23 18:34:19 | 000,000,000 | ---- | M] () -- C:\ref~tmp~.txt

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2010/04/24 06:00:00 | 000,027,648 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\Spool\prtprocs\w32x86\CNMPD9W.DLL
[2010/04/24 06:00:00 | 000,070,656 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\Spool\prtprocs\w32x86\CNMPP9W.DLL
[2008/07/06 07:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2003/01/07 12:04:10 | 000,062,976 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\Spool\prtprocs\w32x86\HPPRN05.DLL
[2012/02/25 23:38:40 | 000,052,096 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\system32\Spool\prtprocs\w32x86\LMIproc.dll

< %systemroot%\*. /mp /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< End of report >

Thanks so much. Piaowaka

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:38 AM

Posted 01 April 2012 - 01:40 PM

Malware topic here
http://www.bleepingcomputer.com/forums/topic448436.html/page__p__2650069#entry2650069

Now that your log is properly posted, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a Malware Removal Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show it the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the Malware Removal Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the Malware Removal Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the Malware Removal Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRL Team member is already assisting you and not open the thread to respond.

The current wait time is 1 - 3 days and ALL logs are answered.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

To avoid confusion, I am closing this topic.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users