Antivirus software alert

3 posters

WiredWX Hobby Weather Tools :: Archive :: Technical Support

Antivirus software alert27th June 2010, 10:32 pm

I seem to have stumbled upon a pain of a virus that I cannot seem to get rid of. When I run the computer regularly I cannot get on the internet, it automatically rerouts me saying that the site may harm my comp, and of course the only option it gives me to get rid of it is to purchase the software. Also it keeps coming up with a message in my bottom right toolbar that states "Windows security alert." Every time I try to open a file it tells me it is infected and asks me to run my antivirus software, but I am afraid if I tell it to it will just run the virus. Now if I start it in safe mode I can access the internet and open files. I ran both mbam and avg and it found threats but when removed it did nothing. I also tried to run eset online but at step 2 it comes up with an unexpected error. The virus that infected seems to be calling itself just antivirus software alert and has a shield symbol like AVG, any ideas?

Re: Antivirus software alert27th June 2010, 10:53 pm

Hello and welcome to GeekPolice.net.

My name is Sneakyone, and I will do my best to help get your problem resolved today.

I am currently a student in GeekPolice Academy, and will be a little delayed on each reply, as my instructors must review and approve each reply.

If you have any questions, please ask, and I will do my best to get to the question promptly.

Please wait here, while I get the first set of instructions for you.

Re: Antivirus software alert27th June 2010, 11:42 pm

Thank you very much in advance for your help. I look forward to whatever advice you may have.

Re: Antivirus software alert28th June 2010, 12:12 am

Hi trailblazer250v6, Smile...

Welcome to GeekPolice.net!

My username is Sneakyone and I will be assisting you today.

Please download and run RKill.

Download mirror 1 - Download mirror 2 - Download mirror 3

Save it to your Desktop.
Double click the RKill desktop icon.
It will quickly run and launch a log. If it does not launch a log, try another download link until it does.
Please post its log in your next reply.
After it has run successfully, delete RKill.

Note: This tool only kills the active infection, the actual infection will not be gone. Once you reboot the infection will be active again! Please do not reboot until instructed further to do so.

======

Download OTL to your Desktop

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Under the Custom Scan box paste this in

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
%systemroot%\*. /mp /s
c:\$recycle.bin\*.* /s
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
nvstor32.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
explorer.exe
svchost.exe
userinit.exe
qmgr.dll
ws2_32.dll
proquota.exe
imm32.dll
kernel32.dll
ndis.sys
autochk.exe
spoolsv.exe
xmlprov.dll
ntmssvc.dll
mswsock.dll
Beep.SYS
ntfs.sys
termsrv.dll
sfcfiles.dll
st3shark.sys
ahcix86.sys
srsvc.dll
nvrd32.sys
/md5stop
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time

Re: Antivirus software alert28th June 2010, 1:36 am

Rkill Results.

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.
Ran as Administrator on 06/27/2010 at 21:35:00.

Processes terminated by Rkill or while it was running:

C:\Users\Administrator\Desktop\rkill.scr

Rkill completed on 06/27/2010 at 21:35:02.

Re: Antivirus software alert28th June 2010, 1:56 am

Extras.Txt Results

OTL Extras logfile created on: 6/27/2010 9:39:30 PM - Run 1
OTL by OldTimer - Version 3.2.7.0 Folder = C:\Users\Administrator\Desktop
Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 86.00% Memory free
7.00 Gb Paging File | 6.00 Gb Available in Paging File | 96.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 596.16 Gb Total Space | 325.33 Gb Free Space | 54.57% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JCODYT
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"UpdatesDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0220E00E-DA14-4F03-8611-F4A388388CFC}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{0981E387-6AD2-409F-9228-52DC0D6BE275}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{0F19CC90-9A65-48AA-8EA6-129A310291D6}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1CC6180C-4007-4BDE-BA7D-A72582062090}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{57131189-E349-48AA-94DC-CD75BFEF67E9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6A2EE3B4-60B4-4A10-B76B-D1DC61658CF9}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{6BFE5B26-6B96-4464-8D93-2ABBEC967C76}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D2F25B37-1B27-4650-BA5B-09BBA615EB64}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{DDE14660-F201-451D-B344-595944289F27}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0B67A62A-E85C-436A-B59E-BCDE44F26C93}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"{107272E1-26C3-4E52-B6F8-E11EDE49DE3D}" = protocol=17 | dir=in | app=c:\windows\system32\logonui.exe |
"{1EBF2A1E-5FB5-4DF1-807C-444E5F05CCBE}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{2BC47D24-E965-49A9-8696-7A29D173E111}" = dir=in | app=c:\program files\avg\avg9\avgnsx.exe |
"{2ED646AC-FEF5-4450-B2E2-3E57044BFF83}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{36321434-93DC-47CA-9539-2E899063C9EB}" = protocol=6 | dir=in | app=c:\windows\system32\lsass.exe |
"{3BA973A9-9C31-4F5D-846E-4F6832A56965}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{4F2EF6FB-9F3D-4D01-9347-E8014FD00477}" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"{4FE63269-D731-45D0-B483-B5884F7AF13A}" = dir=in | app=c:\program files\avg\avg9\avgupd.exe |
"{54337D13-F1F1-4A71-8C8A-D4197A5DDB3C}" = protocol=17 | dir=in | app=c:\windows\system32\lsass.exe |
"{5ABBF017-9110-4CA2-97BA-98C59D6CF4E7}" = protocol=6 | dir=in | app=c:\windows\system32\logonui.exe |
"{5AC3AD42-FBF4-488C-9D81-661B0DC14F1F}" = protocol=17 | dir=in | app=c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe |
"{5AFC552E-3102-4A00-A761-25BE8A5738BD}" = protocol=6 | dir=in | app=c:\program files\aim\aim.exe |
"{5EFE7437-BFFE-4B61-BBAB-3FCC46D4E85D}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{615CE833-0ED7-4DDF-8345-55CA91DCAEAE}" = protocol=6 | dir=in | app=c:\program files\aim6\aim6.exe |
"{6972A885-D444-4FCC-82EF-FCDE418DC612}" = protocol=6 | dir=in | app=c:\windows\system32\wininit.exe |
"{6A4CC519-54B1-4411-923F-BB583D95031C}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{81903C23-67DF-4AB8-8DA2-CA9266CA6F7C}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{84C3A0B3-D7A8-4B2A-B8FC-D8A9E2F87EEF}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{85054611-24FA-4935-8637-FB5A8F5D99DF}" = protocol=17 | dir=in | app=c:\windows\system32\wininit.exe |
"{8626B702-B248-4413-BB66-4FF38922A89E}" = protocol=17 | dir=in | app=c:\windows\system32\services.exe |
"{8AB2F53F-62AE-49F2-9163-67D183A8B05F}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{9347E555-0BB4-4584-9165-2B18EB0289A0}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{987DC7EF-684F-47E0-A1E7-30524221A2E6}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"{9F761C51-90BD-4072-B0AA-FB65EBB357E0}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"{A5F4F811-2D20-4E54-99B3-9C1048375DB8}" = protocol=6 | dir=in | app=c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe |
"{AD5F452D-676B-4B70-B148-4AB83617DF5B}" = protocol=17 | dir=in | app=c:\program files\aim\aim.exe |
"{B49D7D6D-47AC-4A21-AE09-521A93943DB5}" = protocol=6 | dir=in | app=c:\windows\system32\services.exe |
"{B5413300-1550-4F29-8949-572B1554D1DA}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{BC41A2F7-25C2-4A30-965C-198E3C4794A0}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{D3A1AC8E-36E9-4046-B2A9-409860D65BA8}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{D941DB4A-A9D7-4489-9087-C24AFAA7F9E4}" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"{E3A64EF5-A268-4559-91E0-9855C537304F}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"{E43FACB7-96FA-42F4-9AEF-39C7A79FA199}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{F0BEDDC0-C45F-4122-BF93-2252E014FB82}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{F25D5684-043F-4F86-A390-EFFD5C090EBF}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{F9CC81F5-03DC-462E-A9EB-866839D12BAB}" = protocol=17 | dir=in | app=c:\program files\aim6\aim6.exe |
"TCP Query User{535BD6D8-3891-40F9-971F-C1F87878FACF}C:\program files\aim6\aim6.exe" = protocol=6 | dir=in | app=c:\program files\aim6\aim6.exe |
"TCP Query User{A30F823C-6C91-43A4-9CAA-F03977219438}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{B89695CC-D302-4F13-85D6-D1CF8383527D}C:\program files\aim6\aim6 .exe" = protocol=6 | dir=in | app=c:\program files\aim6\aim6 .exe |
"UDP Query User{7EA88CE5-AD2F-4EDC-A24C-29EC1D01A71C}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{8D441852-A42A-4948-A4B9-D80073355729}C:\program files\aim6\aim6.exe" = protocol=17 | dir=in | app=c:\program files\aim6\aim6.exe |
"UDP Query User{9919877B-0403-48B9-8C20-C4072C3B72F5}C:\program files\aim6\aim6 .exe" = protocol=17 | dir=in | app=c:\program files\aim6\aim6 .exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04010300-6D72-4D54-8686-91D884A27B5C}" = Cisco Clean Access Agent
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{057E5B17-5372-661B-44A9-33E5F50A405D}" = ATI Catalyst Install Manager
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{09DE4F85-D0E9-6D61-3CBE-10DD50517EE5}" = Skins
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java(TM) 6 Update 14
"{27F00C63-449B-2FAB-CBE8-24AB80E17449}" = Acrobat.com
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver
"{3611E7F9-A818-EE16-61F2-E5AA4D6C9E75}" = Catalyst Control Center InstallProxy
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D7E3EC9-46CF-4359-9289-39CE01DFB82F}" = Adobe Photoshop CS3
"{3E58496A-77B5-6B44-15E5-A91B0DB6A20B}" = ccc-utility
"{40CB0D72-3B19-9BFE-F1B9-896BC4022145}" = HydraVision
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{534FC343-5A79-072D-1F8A-EC5F02589ABA}" = ccc-core-static
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{56B83336-FBC1-4C46-8613-90A9E3B440D6}" = EPU-6 Engine
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7AB3A249-FB81-416B-917A-A2A10E74C503}" = iTunes
"{7D531AA9-79CA-BD7A-6B88-C6B36D6EA80E}" = CCC Help English
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{85F8D12C-30DF-BB7D-FA6B-EFADD374A9BC}" = Catalyst Control Center Core Implementation
"{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}" = ATI AVIVO Codecs
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{98177940-C048-4831-A279-F3888B1E2C7F}" = InstallMgr
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A67BB21E-D419-45BB-AB86-7D87D14BBCE2}" = Safari
"{A83E7C4E-1D80-63FA-62CA-68DB60A3C51F}" = Catalyst Control Center Graphics Previews Vista
"{A8AC89BA-D8CB-4372-9743-1C54D23286B0}" = MSN Toolbar
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B6EF6DCE-078E-4952-A7FA-352A9C349EB0}" = MSN Toolbar
"{B7148D71-0A8F-4501-96B4-4E1CC67F874E}" = Microsoft Default Manager
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BA165460-FCF7-4D6C-A7A2-F2321700720F}" = MobileMe Control Panel
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe Extendscript Toolkit 2
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C51603EF-245E-68A1-6D75-22B2A80AFAC7}" = Catalyst Control Center Graphics Full New
"{C74A8975-4A0C-97BA-80EC-96FC997992BC}" = Catalyst Control Center Graphics Light
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEF7211D-CE3A-44C4-B321-D84A2099AE94}" = Comcast Desktop Software (v1.2.0.9)
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{EDA61F22-1232-B0B2-301C-EB72C186981A}" = Catalyst Control Center HydraVision Full
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F7BB24A4-0135-9962-6EAD-3B3D60A3BDA6}" = Catalyst Control Center Graphics Full Existing
"{FA3A247D-437A-455E-A88F-7EB6E5F9E799}" = Catalyst Control Center - Branding
"{FF11004C-F42A-4A31-9BCF-7F5C8FDBE53C}" = Adobe Setup
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_719d6f144d0c086a0dfa7ff76bb9ac1" = Adobe Photoshop CS3
"AIM_7" = AIM 7
"AVG9Uninstall" = AVG Free 9.0
"AviSynth" = AviSynth 2.5
"CameraWindowDC" = Canon Utilities CameraWindow DC
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DivX Setup.divx.com" = DivX Setup
"DVD Decrypter" = DVD Decrypter (Remove Only)
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ESET Online Scanner" = ESET Online Scanner v3
"EXAM MASTER Interactive" = EXAM MASTER Interactive
"Graboid Video" = Graboid Video 1.71
"LimeWire" = LimeWire 5.5.7
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox (3.6.6)" = Mozilla Firefox (3.6.6)
"mv61xxDriver" = marvell 61xx
"MyCamera" = Canon Utilities MyCamera
"MyCameraDC" = Canon Utilities MyCamera DC
"PeerGuardian_is1" = PeerGuardian 2.0
"PhotoStitch" = Canon Utilities PhotoStitch
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"Veetle TV" = Veetle TV 0.9.17
"Videora iPod Converter" = Videora iPod Converter 4.08
"VLC media player" = VLC media player 1.0.1
"YouTube Downloader App" = YouTube Downloader App 1.03
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Move Media Player" = Move Media Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6/27/2010 6:06:16 PM | Computer Name = JCodyT | Source = EventSystem | ID = 4609
Description =

Error - 6/27/2010 6:23:46 PM | Computer Name = JCodyT | Source = WinMgmt | ID = 10
Description =

Error - 6/27/2010 6:38:31 PM | Computer Name = JCodyT | Source = EventSystem | ID = 4609
Description =

Error - 6/27/2010 6:39:07 PM | Computer Name = JCodyT | Source = WinMgmt | ID = 10
Description =

Error - 6/27/2010 9:00:49 PM | Computer Name = JCodyT | Source = WinMgmt | ID = 10
Description =

Error - 6/27/2010 9:05:10 PM | Computer Name = JCodyT | Source = EventSystem | ID = 4609
Description =

Error - 6/27/2010 9:05:42 PM | Computer Name = JCodyT | Source = WinMgmt | ID = 10
Description =

Error - 6/27/2010 9:23:55 PM | Computer Name = JCodyT | Source = EventSystem | ID = 4609
Description =

Error - 6/27/2010 9:24:40 PM | Computer Name = JCodyT | Source = WinMgmt | ID = 10
Description =

Error - 6/27/2010 9:34:14 PM | Computer Name = JCodyT | Source = EventSystem | ID = 4609
Description =

[ OSession Events ]
Error - 5/17/2010 6:43:54 PM | Computer Name = JCodyT | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 3
seconds with 0 seconds of active time. This session ended with a crash.

Error - 5/17/2010 6:44:08 PM | Computer Name = JCodyT | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 4
seconds with 0 seconds of active time. This session ended with a crash.

Error - 5/17/2010 8:08:51 PM | Computer Name = JCodyT | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 8
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 10/3/2009 12:58:00 AM | Computer Name = JCodyT | Source = HTTP | ID = 15016
Description =

Error - 10/7/2009 10:07:48 PM | Computer Name = JCodyT | Source = HTTP | ID = 15016
Description =

< End of report >

Re: Antivirus software alert28th June 2010, 1:57 am

OTL.txt results Part 1

OTL logfile created on: 6/27/2010 9:39:30 PM - Run 1
OTL by OldTimer - Version 3.2.7.0 Folder = C:\Users\Administrator\Desktop
Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 86.00% Memory free
7.00 Gb Paging File | 6.00 Gb Available in Paging File | 96.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 596.16 Gb Total Space | 325.33 Gb Free Space | 54.57% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JCODYT
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/06/27 21:38:03 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

========== Modules (SafeList) ==========

MOD - [2010/06/27 21:38:03 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
MOD - [2009/04/11 02:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
MOD - [2008/01/20 22:22:45 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx

========== Win32 Services (SafeList) ==========

SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/04/28 07:24:48 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/03/18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/23 14:04:14 | 000,369,920 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2009/09/24 21:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/05/10 01:22:48 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/01/14 17:53:02 | 000,226,656 | ---- | M] (Microsoft Corp.) [Auto | Stopped] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2008/01/20 22:21:41 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

========== Driver Services (SafeList) ==========

DRV - [2010/06/02 09:47:13 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/06/02 09:47:13 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Stopped] -- C:\Windows\System32\drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/04/28 07:25:46 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2008/09/23 23:09:56 | 003,976,192 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008/06/30 13:28:00 | 000,047,616 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1E60x86.sys -- (L1E)
DRV - [2008/06/23 18:21:48 | 000,150,568 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\mv61xx.sys -- (mv61xx)
DRV - [2008/05/20 06:01:00 | 002,143,136 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/01/20 22:21:35 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/20 22:21:35 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/20 22:21:35 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/20 22:21:34 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/20 22:21:34 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/20 22:21:34 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/20 22:21:33 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/20 22:21:33 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/20 22:21:33 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2008/01/20 22:21:33 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/20 22:21:32 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/20 22:21:32 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/20 22:21:32 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/20 22:21:31 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/20 22:21:31 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/20 22:21:31 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/20 22:21:31 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/20 22:21:30 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/20 22:21:29 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/20 22:21:29 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/20 22:21:29 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/20 22:21:28 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/20 22:21:09 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/20 22:21:09 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/20 22:21:09 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007/12/17 05:14:06 | 000,012,400 | R--- | M] () [Kernel | System | Stopped] -- C:\Windows\System32\drivers\AsIO.sys -- (AsIO)
DRV - [2006/11/02 05:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 05:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 05:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 05:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 05:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 05:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 05:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 05:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 05:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 05:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 05:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 04:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 04:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 04:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 04:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 04:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 04:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 03:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/10/18 09:44:48 | 000,007,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2005/09/18 18:02:52 | 000,005,632 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\PeerGuardian2\pgfilter.sys -- (pgfilter)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net?cid=NET_mmhpset
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5577

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
FF - prefs.js..browser.search.defaulturl: "http://aim.search.aol.com/aol/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us"
FF - prefs.js..browser.search.selectedEngine: "Yahoo! Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.aol.com/?src=aim&ncid=snsusaimc00000001"
FF - prefs.js..extensions.enabledItems: illimitux@illimitux.net:3.4
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.%(version)s
FF - prefs.js..extensions.enabledItems: {c2f863cd-0429-48c7-bb54-db756a951760}:5.96.10.5331
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.825
FF - prefs.js..extensions.enabledItems: avg@igeared:4.504.019.002
FF - prefs.js..keyword.URL: "http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/06/02 22:34:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared [2010/05/27 07:43:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/06/27 13:51:47 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/06/27 13:51:47 | 000,000,000 | ---D | M]

[2010/03/18 20:14:51 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Mozilla\Extensions
[2010/03/18 20:14:51 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2010/06/27 13:29:01 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\7j14pyu4.default\extensions
[2010/05/16 21:40:51 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\7j14pyu4.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/03/25 08:02:17 | 000,000,000 | ---D | M] (AIM Toolbar) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\7j14pyu4.default\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}
[2009/11/22 16:03:17 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\7j14pyu4.default\extensions\illimitux@illimitux.net
[2010/03/28 20:23:35 | 000,002,267 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\7j14pyu4.default\searchplugins\aim-search.xml
[2009/11/22 12:28:48 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2010/03/23 17:40:58 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Desktop Software] C:\Program Files\Common Files\SupportSoft\bin\bcont .exe (SupportSoft, Inc.)
O4 - HKCU..\Run: [ivjcyyof] C:\Users\Administrator\AppData\Local\pxcnrwqrg\sobtwyotssd.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} https://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} https://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (app_dll.dll) - File not found
O20 - AppInit_DLLs: (tugufiki.dll) - File not found
O20 - AppInit_DLLs: (c:\windows\system32\vogakape.dll) - C:\Windows\System32\vogakape.dll File not found
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: Ias - C:\Windows\System32\ias [2008/01/20 22:32:53 | 000,000,000 | ---D | M]
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - File not found
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {47B3BDBB-F2AE-4B55-95C8-921C25DB3B76} - .NET Framework
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows script 5.8
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {AA31BE96-6F9D-0C36-D041-C9E5ADC47F4B} - Internet Explorer
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)

========== Files/Folders - Created Within 90 Days ==========

[2010/06/27 21:38:02 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
[2010/06/27 14:55:57 | 000,000,000 | -H-D | C] -- C:\$AVG
[2010/06/27 11:31:08 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\pxcnrwqrg
[2010/06/24 07:57:13 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/06/22 16:54:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2010/06/21 22:02:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Symantec
[2010/06/21 22:02:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2010/06/21 22:02:12 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2010/06/21 19:11:46 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\DivX
[2010/06/21 19:11:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PX Storage Engine
[2010/06/21 19:11:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DivX Shared
[2010/06/21 19:01:57 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
[2010/06/21 19:01:06 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[2010/06/21 19:00:52 | 000,895,256 | ---- | C] (DivX, Inc. ) -- C:\Users\Administrator\Desktop\DivXWebPlayerInstaller.exe
[2010/06/13 22:35:08 | 000,000,000 | ---D | C] -- C:\Program Files\Veetle
[2010/06/12 10:24:16 | 000,000,000 | ---D | C] -- C:\PALHIntro
[2010/06/12 10:24:10 | 000,000,000 | ---D | C] -- C:\Program Files\exammaster int palh
[2010/05/02 21:32:06 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\AVG Security Toolbar
[2010/04/28 07:25:52 | 000,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2010/04/28 07:25:50 | 000,242,896 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2010/04/28 07:25:45 | 000,216,200 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2010/04/28 07:25:43 | 000,029,584 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2010/04/28 07:25:43 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\Avg
[2010/04/28 07:25:41 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Security Toolbar
[2010/04/28 07:08:54 | 002,131,808 | ---- | C] (AVG Technologies) -- C:\Users\Administrator\Desktop\avg_free_stb_all_9_114_cnet.exe
[2010/04/28 07:06:31 | 005,153,344 | ---- | C] (Sammsoft ) -- C:\Users\Administrator\Desktop\ARO2010_mt.exe
[2010/04/26 18:04:42 | 000,353,592 | ---- | C] (DivX, Inc.) -- C:\Windows\System32\DivXControlPanelApplet.cpl
[2010/04/13 19:07:53 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\MCE Logs
[2010/04/13 19:07:53 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\vlc
[2010/04/08 07:25:32 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/04/08 07:19:33 | 000,000,000 | ---D | C] -- C:\Program Files\Safari

========== Files - Modified Within 90 Days ==========

[2010/06/27 21:39:39 | 002,883,584 | -HS- | M] () -- C:\Users\Administrator\NTUSER.DAT
[2010/06/27 21:38:03 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
[2010/06/27 21:34:01 | 000,363,520 | ---- | M] () -- C:\Users\Administrator\Desktop\rkill.scr
[2010/06/27 21:27:46 | 001,492,384 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/06/27 21:27:46 | 000,664,440 | ---- | M] () -- C:\Windows\System32\perfh019.dat
[2010/06/27 21:27:46 | 000,606,420 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/06/27 21:27:46 | 000,129,654 | ---- | M] () -- C:\Windows\System32\perfc019.dat
[2010/06/27 21:27:46 | 000,104,430 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/06/27 21:23:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/06/27 21:21:33 | 000,524,288 | -HS- | M] () -- C:\Users\Administrator\NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TMContainer00000000000000000001.regtrans-ms
[2010/06/27 21:21:33 | 000,065,536 | -HS- | M] () -- C:\Users\Administrator\NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TM.blf
[2010/06/27 21:21:29 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/06/27 21:21:05 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/06/27 21:21:05 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/06/27 21:00:23 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/06/27 18:27:02 | 000,002,191 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/06/27 18:27:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/06/27 13:51:48 | 000,001,708 | ---- | M] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/06/27 13:51:48 | 000,001,684 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/06/27 13:03:35 | 000,001,356 | ---- | M] () -- C:\Users\Administrator\AppData\Local\d3d9caps.dat
[2010/06/27 10:21:02 | 000,000,000 | ---- | M] () -- C:\Users\Administrator\AppData\Local\prvlcl.dat
[2010/06/27 08:17:47 | 061,434,072 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2010/06/21 19:12:04 | 000,001,402 | ---- | M] () -- C:\Users\Administrator\Desktop\DivX Movies.lnk
[2010/06/21 19:11:43 | 000,000,877 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
[2010/06/21 19:11:25 | 000,000,917 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk
[2010/06/21 19:01:06 | 000,895,256 | ---- | M] (DivX, Inc. ) -- C:\Users\Administrator\Desktop\DivXWebPlayerInstaller.exe
[2010/06/20 18:51:28 | 000,060,928 | ---- | M] () -- C:\Users\Administrator\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/13 22:34:57 | 011,048,840 | ---- | M] () -- C:\Users\Administrator\Desktop\veetle-0.9.17.exe
[2010/06/12 10:24:16 | 000,001,173 | ---- | M] () -- C:\Users\Public\Desktop\Exam Master Interactive LAH.lnk
[2010/06/09 03:22:03 | 001,717,216 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/06/02 09:47:13 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2010/06/02 09:47:13 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2010/04/28 07:25:53 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2010/04/28 07:25:53 | 000,001,607 | ---- | M] () -- C:\Users\Public\Desktop\AVG Free 9.0.lnk
[2010/04/28 07:25:46 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2010/04/28 07:25:43 | 000,113,461 | ---- | M] () -- C:\Windows\System32\drivers\Avg\iavichjw.avm
[2010/04/28 07:20:57 | 002,131,808 | ---- | M] (AVG Technologies) -- C:\Users\Administrator\Desktop\avg_free_stb_all_9_114_cnet.exe
[2010/04/28 07:07:02 | 005,153,344 | ---- | M] (Sammsoft ) -- C:\Users\Administrator\Desktop\ARO2010_mt.exe
[2010/04/26 18:04:42 | 000,353,592 | ---- | M] (DivX, Inc.) -- C:\Windows\System32\DivXControlPanelApplet.cpl
[2010/04/13 17:58:06 | 000,001,093 | ---- | M] () -- C:\Users\Administrator\Desktop\Graboid Video.lnk
[2010/04/13 17:57:59 | 000,000,859 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2010/04/08 07:24:07 | 000,001,726 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010/04/08 07:19:36 | 000,001,854 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[2010/04/08 07:19:36 | 000,001,854 | ---- | M] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2010/04/05 08:05:46 | 003,284,257 | ---- | M] () -- C:\Users\Administrator\Desktop\sample_iTunes.mov

========== Files Created - No Company Name ==========

[2099/01/01 12:00:00 | 000,006,456 | -H-- | C] () -- C:\Windows\System32\dakebiti
[2010/06/27 21:34:01 | 000,363,520 | ---- | C] () -- C:\Users\Administrator\Desktop\rkill.scr
[2010/06/24 07:57:34 | 000,002,191 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/06/21 19:12:03 | 000,001,402 | ---- | C] () -- C:\Users\Administrator\Desktop\DivX Movies.lnk
[2010/06/21 19:11:43 | 000,000,877 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
[2010/06/21 19:11:25 | 000,000,917 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk
[2010/06/13 22:34:24 | 011,048,840 | ---- | C] () -- C:\Users\Administrator\Desktop\veetle-0.9.17.exe
[2010/06/12 10:24:16 | 000,001,173 | ---- | C] () -- C:\Users\Public\Desktop\Exam Master Interactive LAH.lnk
[2010/05/16 21:42:54 | 000,000,000 | ---- | C] () -- C:\Users\Administrator\AppData\Local\prvlcl.dat
[2010/04/28 07:25:53 | 000,001,607 | ---- | C] () -- C:\Users\Public\Desktop\AVG Free 9.0.lnk
[2010/04/28 07:25:43 | 061,434,072 | ---- | C] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2010/04/28 07:25:43 | 000,113,461 | ---- | C] () -- C:\Windows\System32\drivers\Avg\iavichjw.avm
[2010/04/13 17:57:59 | 000,000,859 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2010/04/08 07:24:07 | 000,001,726 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010/04/08 07:19:36 | 000,001,854 | ---- | C] () -- C:\Users\Public\Desktop\Safari.lnk
[2010/04/08 07:19:36 | 000,001,854 | ---- | C] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2010/04/05 08:05:46 | 003,284,257 | ---- | C] () -- C:\Users\Administrator\Desktop\sample_iTunes.mov
[2009/10/20 08:41:08 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/01/28 22:48:14 | 000,024,576 | R--- | C] () -- C:\Windows\System32\AsIO.dll
[2009/01/28 22:48:14 | 000,012,400 | R--- | C] () -- C:\Windows\System32\drivers\AsIO.sys
[2009/01/28 22:48:11 | 000,011,832 | ---- | C] () -- C:\Windows\System32\drivers\AsInsHelp64.sys
[2009/01/28 22:48:11 | 000,010,216 | ---- | C] () -- C:\Windows\System32\drivers\AsInsHelp32.sys
[2009/01/28 16:29:36 | 000,034,684 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2009/01/28 16:28:07 | 000,007,680 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys
[2009/01/28 16:28:04 | 000,034,294 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2008/09/23 22:19:02 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2008/02/04 19:23:10 | 000,693,792 | ---- | C] () -- C:\Windows\System32\OGACheckControl.DLL
[2008/01/20 22:23:41 | 000,081,158 | ---- | C] () -- C:\Windows\System32\manage-bde.ini.en
[2007/12/28 11:22:02 | 000,010,296 | ---- | C] () -- C:\Windows\System32\drivers\ASUSHWIO.SYS
[2006/11/02 08:34:20 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

Re: Antivirus software alert28th June 2010, 1:58 am

OTL.txt part 2

========== LOP Check ==========

[2009/02/07 19:47:02 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\acccore
[2010/03/28 20:18:59 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\AVG9
[2009/01/28 22:58:28 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\CiscoCAA
[2009/08/05 20:01:12 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/06/27 12:55:11 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\LimeWire
[2009/08/27 22:33:47 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Red Kawa
[2009/07/10 06:16:31 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\RegistryPC
[2010/06/27 21:21:29 | 000,032,596 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< %systemroot%\*. /mp /s >

< c:\$recycle.bin\*.* /s >
[2010/03/30 22:32:48 | 000,000,129 | -HS- | M] () -- c:\$recycle.bin\S-1-5-21-371945664-4036494631-2048450281-1000\desktop.ini
[2010/06/20 18:53:11 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-371945664-4036494631-2048450281-500\$I2A1E2V.JPG
[2010/03/23 19:46:50 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-371945664-4036494631-2048450281-500\$I33AH7Y.exe
[2010/03/23 19:47:48 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-371945664-4036494631-2048450281-500\$I34QU8R.asd
[2010/06/20 18:52:38 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-371945664-4036494631-2048450281-500\$I5AZ9DM.JPG
[2010/06/20 18:51:55 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-371945664-4036494631-2048450281-500\$I9PBK4G.JPG
[2010/05/27 20:49:19 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-371945664-4036494631-2048450281-500\$IDE3RJN.JPG
[2010/05/04 21:57:00 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-371945664-4036494631-2048450281-500\$IFSLMMZ.JPG
[2010/06/24 08:11:38 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-371945664-4036494631-2048450281-500\$IICRLLW.ipsw
[2010/06/20 18:51:31 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-371945664-4036494631-2048450281-500\$ILCA9CE.JPG
[2010/05/04 21:57:03 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-371945664-4036494631-2048450281-500\$IMUOIMH.JPG
[2010/03/23 19:57:55 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-371945664-4036494631-2048450281-500\$IQK971X.exe
[2010/04/05 08:09:14 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-371945664-4036494631-2048450281-500\$ISEVTOJ.m4v
[2010/06/12 09:52:57 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-371945664-4036494631-2048450281-500\$IT6MDIP.jpg
[2010/03/23 19:57:52 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-371945664-4036494631-2048450281-500\$IVIMIA7.exe
[2010/03/23 19:46:37 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-371945664-4036494631-2048450281-500\$IVRC9ET.exe
[2010/05/04 21:56:57 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-371945664-4036494631-2048450281-500\$IX7D4HN.JPG
[2010/06/19 20:26:21 | 000,825,215 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-371945664-4036494631-2048450281-500\$R2A1E2V.JPG
[2010/03/03 08:27:15 | 005,061,512 | ---- | M] (Malwarebytes Corporation ) -- c:\$recycle.bin\S-1-5-21-371945664-4036494631-2048450281-500\$R33AH7Y.exe
[2010/03/13 10:40:11 | 000,026,112 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-371945664-4036494631-2048450281-500\$R34QU8R.asd
[2010/06/19 20:26:16 | 000,799,404 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-371945664-4036494631-2048450281-500\$R5AZ9DM.JPG
[2010/06/19 20:25:46 | 001,141,570 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-371945664-4036494631-2048450281-500\$R9PBK4G.JPG
[2010/05/22 01:50:11 | 000,746,195 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-371945664-4036494631-2048450281-500\$RDE3RJN.JPG
[2010/05/01 12:56:39 | 000,780,573 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-371945664-4036494631-2048450281-500\$RFSLMMZ.JPG
[2010/02/28 11:42:46 | 295,870,806 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-371945664-4036494631-2048450281-500\$RICRLLW.ipsw
[2010/05/22 01:50:11 | 000,746,195 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-371945664-4036494631-2048450281-500\$RLCA9CE.JPG
[2010/05/01 12:56:46 | 000,584,786 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-371945664-4036494631-2048450281-500\$RMUOIMH.JPG
[2010/03/03 08:32:57 | 000,348,600 | ---- | M] (Honlyn (Macao Commercia) -- c:\$recycle.bin\S-1-5-21-371945664-4036494631-2048450281-500\$RQK971X.exe
[2010/04/05 08:09:00 | 004,500,352 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-371945664-4036494631-2048450281-500\$RSEVTOJ.m4v
[2009/09/10 18:58:33 | 000,019,109 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-371945664-4036494631-2048450281-500\$RT6MDIP.jpg
[2010/03/02 09:19:06 | 001,936,640 | ---- | M] (ParetoLogic Inc.) -- c:\$recycle.bin\S-1-5-21-371945664-4036494631-2048450281-500\$RVIMIA7.exe
[2010/03/01 21:28:25 | 000,000,000 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-371945664-4036494631-2048450281-500\$RVRC9ET.exe
[2010/05/01 10:35:04 | 000,557,341 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-371945664-4036494631-2048450281-500\$RX7D4HN.JPG
[2010/03/23 17:41:00 | 000,000,129 | -HS- | M] () -- c:\$recycle.bin\S-1-5-21-371945664-4036494631-2048450281-500\desktop.ini

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-06-25 07:04:05

< MD5 for: AGP440.SYS >
[2007/02/18 12:01:10 | 011,678,589 | ---- | M] () .cab file -- C:\Windows.old\Windows\Driver Cache\amd64\sp2.cab:AGP440.sys
[2007/02/18 12:01:10 | 011,678,589 | ---- | M] () .cab file -- C:\Windows.old\Windows\ServicePackFiles\amd64\sp2.cab:AGP440.sys
[2008/01/20 22:21:09 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\ERDNT\cache\agp440.sys
[2008/01/20 22:21:09 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\agp440.sys
[2008/01/20 22:21:09 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008/01/20 22:21:09 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/20 22:21:09 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/20 22:21:09 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2007/02/17 01:03:12 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=3373905E7DED6168676707F318C612FA -- C:\Windows.old\Windows\ServicePackFiles\amd64\agp440.sys
[2006/11/02 05:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2007/02/18 12:01:10 | 011,678,589 | ---- | M] () .cab file -- C:\Windows.old\Windows\Driver Cache\amd64\sp2.cab:atapi.sys
[2007/02/18 12:01:10 | 011,678,589 | ---- | M] () .cab file -- C:\Windows.old\Windows\ServicePackFiles\amd64\sp2.cab:atapi.sys
[2009/04/11 02:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\ERDNT\cache\atapi.sys
[2009/04/11 02:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009/04/11 02:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009/04/11 02:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/20 22:21:09 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/20 22:21:09 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 05:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2005/03/24 18:12:00 | 000,148,480 | ---- | M] (Microsoft Corporation) MD5=72C77044943340964FA513B92D6D6874 -- C:\Windows.old\Windows\$NtServicePackUninstall$\atapi.sys
[2005/03/25 08:00:00 | 000,148,480 | ---- | M] (Microsoft Corporation) MD5=72C77044943340964FA513B92D6D6874 -- C:\Windows.old\Windows\system32\ReinstallBackups\0006\DriverFiles\amd64\atapi.sys
[2005/03/24 18:12:00 | 000,148,480 | ---- | M] (Microsoft Corporation) MD5=72C77044943340964FA513B92D6D6874 -- C:\Windows.old\Windows\system32\ReinstallBackups\0007\DriverFiles\amd64\atapi.sys
[2007/02/17 01:03:34 | 000,150,016 | ---- | M] (Microsoft Corporation) MD5=7A1814D0D112F50F828E25557A1ED29F -- C:\Windows.old\Windows\ServicePackFiles\amd64\atapi.sys
[2007/02/17 01:03:34 | 000,150,016 | ---- | M] (Microsoft Corporation) MD5=7A1814D0D112F50F828E25557A1ED29F -- C:\Windows.old\Windows\system32\drivers\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2009/04/11 02:27:20 | 000,643,072 | ---- | M] (Microsoft Corporation) MD5=10761177A6EBE45843F443E99509F5E7 -- C:\Windows\System32\autochk.exe
[2009/04/11 02:27:20 | 000,643,072 | ---- | M] (Microsoft Corporation) MD5=10761177A6EBE45843F443E99509F5E7 -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.0.6002.18005_none_e3df6655bee2ee3b\autochk.exe
[2007/02/18 11:50:18 | 000,817,664 | ---- | M] (Microsoft Corporation) MD5=2C40794C5094E7D49D8597D7B0C617FC -- C:\Windows.old\Windows\ServicePackFiles\amd64\autochk.exe
[2007/02/18 11:50:18 | 000,817,664 | ---- | M] (Microsoft Corporation) MD5=2C40794C5094E7D49D8597D7B0C617FC -- C:\Windows.old\Windows\system32\autochk.exe
[2008/01/20 22:22:54 | 000,642,560 | ---- | M] (Microsoft Corporation) MD5=2FC5BE79B51714B479809358E4908FC3 -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.0.6001.18000_none_e1f3ed49c1c122ef\autochk.exe
[2007/02/18 12:05:20 | 000,594,944 | ---- | M] (Microsoft Corporation) MD5=39ECC326D3F5531A13A1C0F0B43A8EDD -- C:\Windows.old\Windows\SysWOW64\autochk.exe
[2005/03/25 08:00:00 | 000,817,664 | ---- | M] (Microsoft Corporation) MD5=B2825C5030B3B77B149D6EB48D24DD0C -- C:\Windows.old\Windows\$NtServicePackUninstall$\autochk.exe

< MD5 for: BEEP.SYS >
[2008/01/20 22:21:53 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=67E506B75BD5326A3EC7B70BD014DFB6 -- C:\Windows\ERDNT\cache\beep.sys
[2008/01/20 22:21:53 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=67E506B75BD5326A3EC7B70BD014DFB6 -- C:\Windows\System32\drivers\beep.sys
[2008/01/20 22:21:53 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=67E506B75BD5326A3EC7B70BD014DFB6 -- C:\Windows\winsxs\x86_microsoft-windows-beepsys_31bf3856ad364e35_6.0.6001.18000_none_c420a153079d485b\beep.sys
[2005/03/25 08:00:00 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=8BA2E5CDFDE406DC4646AFB894804844 -- C:\Windows.old\Windows\system32\dllcache\beep.sys
[2005/03/25 08:00:00 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=8BA2E5CDFDE406DC4646AFB894804844 -- C:\Windows.old\Windows\system32\drivers\beep.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 05:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\ERDNT\cache\cngaudit.dll
[2006/11/02 05:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 05:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: EVENTLOG.DLL >
[2005/03/25 08:00:00 | 000,130,048 | ---- | M] (Microsoft Corporation) MD5=2C1641EFCDA764DCC29E01A528F227A1 -- C:\Windows.old\Windows\$NtServicePackUninstall$\eventlog.dll
[2007/02/17 01:20:32 | 000,130,560 | ---- | M] (Microsoft Corporation) MD5=589B15B2B3254E2745CB205243EB8588 -- C:\Windows.old\Windows\ServicePackFiles\amd64\eventlog.dll
[2007/02/17 01:20:32 | 000,130,560 | ---- | M] (Microsoft Corporation) MD5=589B15B2B3254E2745CB205243EB8588 -- C:\Windows.old\Windows\system32\eventlog.dll

< MD5 for: EXPLORER.EXE >
[2008/10/29 02:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2005/03/25 08:00:00 | 001,050,624 | ---- | M] (Microsoft Corporation) MD5=4B93BB34AF478A0FD9765D9B73356DC9 -- C:\Windows.old\Windows\$NtServicePackUninstall$\explorer.exe
[2008/10/29 02:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/29 23:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2007/02/18 12:05:28 | 001,053,184 | ---- | M] (Microsoft Corporation) MD5=A26C39540F8BE3729846E360E2C57344 -- C:\Windows.old\Windows\SysWOW64\explorer.exe
[2007/02/17 01:20:36 | 001,364,480 | ---- | M] (Microsoft Corporation) MD5=AE7A08C05F72A9242734C03230A5CD7F -- C:\Windows.old\Windows\explorer.exe
[2007/02/17 01:20:36 | 001,364,480 | ---- | M] (Microsoft Corporation) MD5=AE7A08C05F72A9242734C03230A5CD7F -- C:\Windows.old\Windows\ServicePackFiles\amd64\explorer.exe
[2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\ERDNT\cache\explorer.exe
[2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008/10/27 22:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008/01/20 22:22:34 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: IASTORV.SYS >
[2008/01/20 22:21:31 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008/01/20 22:21:31 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008/01/20 22:21:31 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 05:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: IMM32.DLL >
[2007/02/18 12:05:32 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=27046C93A8DAE93A784989C2C283AF67 -- C:\Windows.old\Windows\SysWOW64\imm32.dll
[2007/02/17 01:30:36 | 000,212,992 | ---- | M] (Microsoft Corporation) MD5=7B9E669EA7D780F50E1918C65D9A625D -- C:\Windows.old\Windows\ServicePackFiles\amd64\imm32.dll
[2007/02/17 01:30:36 | 000,212,992 | ---- | M] (Microsoft Corporation) MD5=7B9E669EA7D780F50E1918C65D9A625D -- C:\Windows.old\Windows\system32\imm32.dll
[2005/03/25 08:00:00 | 000,212,992 | ---- | M] (Microsoft Corporation) MD5=9B3C3CAF26C4EEA4450833EAE4E92ED5 -- C:\Windows.old\Windows\$NtServicePackUninstall$\imm32.dll
[2009/04/11 02:28:20 | 000,114,688 | ---- | M] (Microsoft Corporation) MD5=C8BDCECEE082B54F0BAC838BF0A34597 -- C:\Windows\ERDNT\cache\imm32.dll
[2009/04/11 02:28:20 | 000,114,688 | ---- | M] (Microsoft Corporation) MD5=C8BDCECEE082B54F0BAC838BF0A34597 -- C:\Windows\System32\imm32.dll
[2009/04/11 02:28:20 | 000,114,688 | ---- | M] (Microsoft Corporation) MD5=C8BDCECEE082B54F0BAC838BF0A34597 -- C:\Windows\winsxs\x86_microsoft-windows-imm32_31bf3856ad364e35_6.0.6002.18005_none_5e419722778cc84e\imm32.dll
[2008/01/20 22:22:34 | 000,114,688 | ---- | M] (Microsoft Corporation) MD5=EC17194A193CD8E90D27CFB93DFA9A2E -- C:\Windows\winsxs\x86_microsoft-windows-imm32_31bf3856ad364e35_6.0.6001.18000_none_5c561e167a6afd02\imm32.dll

< MD5 for: KERNEL32.DLL >
[2009/02/13 04:21:09 | 000,890,880 | ---- | M] (Microsoft Corporation) MD5=1987D817D08F5EAF0B7F334026FDDB79 -- C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6001.22376_none_9401d8206f9c7e67\kernel32.dll
[2007/04/18 11:27:08 | 001,009,664 | ---- | M] (Microsoft Corporation) MD5=6BE19D6D9DAEE20CD590FE87AA533F20 -- C:\Windows.old\Windows\SysWOW64\kernel32.dll
[2007/02/17 01:34:12 | 001,503,232 | ---- | M] (Microsoft Corporation) MD5=761E392BF121D4AFC3A8E616D6835FC8 -- C:\Windows.old\Windows\$NtUninstallKB935839$\kernel32.dll
[2007/02/17 01:34:12 | 001,503,232 | ---- | M] (Microsoft Corporation) MD5=761E392BF121D4AFC3A8E616D6835FC8 -- C:\Windows.old\Windows\ServicePackFiles\amd64\kernel32.dll
[2009/02/13 03:26:37 | 000,875,520 | ---- | M] (Microsoft Corporation) MD5=B82C7AC1D559F0FD088792171D64C7F3 -- C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6000.16820_none_91c20a8f593529ed\kernel32.dll
[2009/02/13 03:13:01 | 000,875,520 | ---- | M] (Microsoft Corporation) MD5=BB792054BD990EC05D9E260D50FEAD39 -- C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6000.21010_none_92564f68724ae108\kernel32.dll
[2009/04/11 02:28:20 | 000,891,392 | ---- | M] (Microsoft Corporation) MD5=BB8509089E7DF514310814E1B2593FFC -- C:\Windows\ERDNT\cache\kernel32.dll
[2009/04/11 02:28:20 | 000,891,392 | ---- | M] (Microsoft Corporation) MD5=BB8509089E7DF514310814E1B2593FFC -- C:\Windows\System32\kernel32.dll
[2009/04/11 02:28:20 | 000,891,392 | ---- | M] (Microsoft Corporation) MD5=BB8509089E7DF514310814E1B2593FFC -- C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6002.18005_none_95a95e4d536d53fa\kernel32.dll
[2005/03/25 08:00:00 | 001,500,160 | ---- | M] (Microsoft Corporation) MD5=D3CBC6E982BDC19E52917A989BA9C63E -- C:\Windows.old\Windows\$NtServicePackUninstall$\kernel32.dll
[2009/02/13 04:49:05 | 000,888,832 | ---- | M] (Microsoft Corporation) MD5=DB6E3731E6F5C8AE2843F80B5787F7C6 -- C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6001.18215_none_93b81a93564f1da0\kernel32.dll
[2008/01/20 22:22:21 | 000,888,320 | ---- | M] (Microsoft Corporation) MD5=DC2338093F91BA4E0512208E60206DDD -- C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6001.18000_none_93bde541564b88ae\kernel32.dll
[2007/04/18 11:25:04 | 001,504,256 | ---- | M] (Microsoft Corporation) MD5=F231BAB7C8816A0C41180796E32C1A55 -- C:\Windows.old\Windows\$hf_mig$\KB935839\SP2QFE\kernel32.dll
[2007/04/18 11:27:06 | 001,503,744 | ---- | M] (Microsoft Corporation) MD5=F3F1C3C6DFA9266E9B3C1656F8C9BB29 -- C:\Windows.old\Windows\system32\dllcache\kernel32.dll
[2007/04/18 11:27:06 | 001,503,744 | ---- | M] (Microsoft Corporation) MD5=F3F1C3C6DFA9266E9B3C1656F8C9BB29 -- C:\Windows.old\Windows\system32\kernel32.dll

< MD5 for: MSWSOCK.DLL >
[2008/06/21 16:07:46 | 000,233,472 | ---- | M] (Microsoft Corporation) MD5=4EFACAA7671DFB04608CA0076EA35F77 -- C:\Windows.old\Windows\SysWOW64\mswsock.dll
[2005/03/25 08:00:00 | 000,489,472 | ---- | M] (Microsoft Corporation) MD5=50FB63888AE8515FAE0E4367BC16B7A8 -- C:\Windows.old\Windows\$NtServicePackUninstall$\mswsock.dll
[2008/06/21 03:29:34 | 000,493,056 | ---- | M] (Microsoft Corporation) MD5=7522FBD86A6494EFAB98AF49B12F525C -- C:\Windows.old\Windows\$hf_mig$\KB951748\SP2QFE\mswsock.dll
[2007/02/17 01:39:44 | 000,492,032 | ---- | M] (Microsoft Corporation) MD5=7F6F508DAE92E99B62287562F10343B1 -- C:\Windows.old\Windows\$NtUninstallKB951748$\mswsock.dll
[2007/02/17 01:39:44 | 000,492,032 | ---- | M] (Microsoft Corporation) MD5=7F6F508DAE92E99B62287562F10343B1 -- C:\Windows.old\Windows\ServicePackFiles\amd64\mswsock.dll
[2009/04/11 02:28:22 | 000,223,232 | ---- | M] (Microsoft Corporation) MD5=8617350C9B590B63E620881092751BCB -- C:\Windows\ERDNT\cache\mswsock.dll
[2009/04/11 02:28:22 | 000,223,232 | ---- | M] (Microsoft Corporation) MD5=8617350C9B590B63E620881092751BCB -- C:\Windows\System32\mswsock.dll
[2009/04/11 02:28:22 | 000,223,232 | ---- | M] (Microsoft Corporation) MD5=8617350C9B590B63E620881092751BCB -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.0.6002.18005_none_ba3ed0122a6d89da\mswsock.dll
[2008/01/20 22:22:10 | 000,223,232 | ---- | M] (Microsoft Corporation) MD5=89FD0595EEA4E505CABEFCF7008F2612 -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.0.6001.18000_none_b85357062d4bbe8e\mswsock.dll
[2008/06/21 16:07:28 | 000,492,544 | ---- | M] (Microsoft Corporation) MD5=9A143C80CA47FC111FB565B56B2867A9 -- C:\Windows.old\Windows\system32\dllcache\mswsock.dll
[2008/06/21 16:07:28 | 000,492,544 | ---- | M] (Microsoft Corporation) MD5=9A143C80CA47FC111FB565B56B2867A9 -- C:\Windows.old\Windows\system32\mswsock.dll

< MD5 for: NDIS.SYS >
[2005/03/25 08:00:00 | 000,334,336 | ---- | M] (Microsoft Corporation) MD5=0A7F61EA2F78BF940D0ADA7C14D51B68 -- C:\Windows.old\Windows\$NtServicePackUninstall$\ndis.sys
[2009/04/11 02:32:49 | 000,527,848 | ---- | M] (Microsoft Corporation) MD5=1357274D1883F68300AEADD15D7BBB42 -- C:\Windows\ERDNT\cache\ndis.sys
[2009/04/11 02:32:49 | 000,527,848 | ---- | M] (Microsoft Corporation) MD5=1357274D1883F68300AEADD15D7BBB42 -- C:\Windows\System32\drivers\ndis.sys
[2009/04/11 02:32:49 | 000,527,848 | ---- | M] (Microsoft Corporation) MD5=1357274D1883F68300AEADD15D7BBB42 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6002.18005_none_a9b2a4d31930d864\ndis.sys
[2007/02/17 01:39:56 | 000,361,984 | ---- | M] (Microsoft Corporation) MD5=6FE83D05AEBEF7930D7CE91568DC99DF -- C:\Windows.old\Windows\ServicePackFiles\amd64\ndis.sys
[2007/02/17 01:39:56 | 000,361,984 | ---- | M] (Microsoft Corporation) MD5=6FE83D05AEBEF7930D7CE91568DC99DF -- C:\Windows.old\Windows\system32\drivers\ndis.sys
[2008/01/20 22:21:58 | 000,529,464 | ---- | M] (Microsoft Corporation) MD5=9BDC71790FA08F0A0B5F10462B1BD0B1 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6001.18000_none_a7c72bc71c0f0d18\ndis.sys

< MD5 for: NETLOGON.DLL >
[2007/02/18 12:05:42 | 000,430,592 | ---- | M] (Microsoft Corporation) MD5=451564B8F22461D90CF8ED3945637845 -- C:\Windows.old\Windows\SysWOW64\netlogon.dll
[2005/03/25 08:00:00 | 000,681,984 | ---- | M] (Microsoft Corporation) MD5=918FF7D96DE11D01DBA8BFFB3218C5A0 -- C:\Windows.old\Windows\$NtServicePackUninstall$\netlogon.dll
[2009/04/11 02:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\ERDNT\cache\netlogon.dll
[2009/04/11 02:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009/04/11 02:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008/01/20 22:22:13 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
[2007/02/17 01:40:06 | 000,681,472 | ---- | M] (Microsoft Corporation) MD5=BFF99E983A1F35B4E8AA74DEA19D014B -- C:\Windows.old\Windows\ServicePackFiles\amd64\netlogon.dll
[2007/02/17 01:40:06 | 000,681,472 | ---- | M] (Microsoft Corporation) MD5=BFF99E983A1F35B4E8AA74DEA19D014B -- C:\Windows.old\Windows\system32\netlogon.dll

< MD5 for: NTFS.SYS >
[2009/04/11 02:32:49 | 001,083,880 | ---- | M] (Microsoft Corporation) MD5=6A4A98CEE84CF9E99564510DDA4BAA47 -- C:\Windows\ERDNT\cache\ntfs.sys
[2009/04/11 02:32:49 | 001,083,880 | ---- | M] (Microsoft Corporation) MD5=6A4A98CEE84CF9E99564510DDA4BAA47 -- C:\Windows\System32\drivers\ntfs.sys
[2009/04/11 02:32:49 | 001,083,880 | ---- | M] (Microsoft Corporation) MD5=6A4A98CEE84CF9E99564510DDA4BAA47 -- C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.0.6002.18005_none_a85ca2c91a0d64df\ntfs.sys
[2005/03/25 08:00:00 | 001,120,256 | ---- | M] (Microsoft Corporation) MD5=7855BF547765226E996A9A49D763D198 -- C:\Windows.old\Windows\$NtServicePackUninstall$\ntfs.sys
[2008/01/20 22:21:58 | 001,081,912 | ---- | M] (Microsoft Corporation) MD5=B4EFFE29EB4F15538FD8A9681108492D -- C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.0.6001.18000_none_a67129bd1ceb9993\ntfs.sys
[2007/02/18 11:57:50 | 001,041,920 | ---- | M] (Microsoft Corporation) MD5=C8904B5F90AB2236692E83D491C4D426 -- C:\Windows.old\Windows\ServicePackFiles\amd64\ntfs.sys
[2007/02/18 11:57:50 | 001,041,920 | ---- | M] (Microsoft Corporation) MD5=C8904B5F90AB2236692E83D491C4D426 -- C:\Windows.old\Windows\system32\drivers\ntfs.sys

< MD5 for: NTMSSVC.DLL >
[2005/03/25 08:00:00 | 000,794,112 | ---- | M] (Microsoft Corporation) MD5=266D43093AC3C2C28E496220DA802B6D -- C:\Windows.old\Windows\$NtServicePackUninstall$\ntmssvc.dll
[2007/02/17 01:41:30 | 000,794,112 | ---- | M] (Microsoft Corporation) MD5=A398462077F68A41B4DFF9FB7E8FC7B8 -- C:\Windows.old\Windows\ServicePackFiles\amd64\ntmssvc.dll
[2007/02/17 01:41:30 | 000,794,112 | ---- | M] (Microsoft Corporation) MD5=A398462077F68A41B4DFF9FB7E8FC7B8 -- C:\Windows.old\Windows\system32\ntmssvc.dll
[2008/01/20 22:23:39 | 000,460,288 | ---- | M] (Microsoft Corporation) MD5=A7DFF9642D510BE1EEC6664CD0369953 -- C:\Windows\winsxs\x86_microsoft-windows-r..emanagement-service_31bf3856ad364e35_6.0.6001.18000_none_0e3e31f00e12b007\ntmssvc.dll

< MD5 for: NVSTOR.SYS >
[2006/11/02 05:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/20 22:21:29 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008/01/20 22:21:29 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/20 22:21:29 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: PROQUOTA.EXE >
[2007/02/17 01:50:24 | 000,071,680 | ---- | M] (Microsoft Corporation) MD5=086678EC458D5C1F7E787350B00C25F6 -- C:\Windows.old\Windows\ServicePackFiles\amd64\proquota.exe
[2007/02/17 01:50:24 | 000,071,680 | ---- | M] (Microsoft Corporation) MD5=086678EC458D5C1F7E787350B00C25F6 -- C:\Windows.old\Windows\system32\proquota.exe
[2005/03/25 08:00:00 | 000,071,168 | ---- | M] (Microsoft Corporation) MD5=9B54A96C2923A2CB3A39487A14FB2CD7 -- C:\Windows.old\Windows\$NtServicePackUninstall$\proquota.exe
[2006/11/02 05:45:33 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=C31AE90F24870B9A51655C36A9EB4BF3 -- C:\Windows\System32\proquota.exe
[2006/11/02 05:45:33 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=C31AE90F24870B9A51655C36A9EB4BF3 -- C:\Windows\winsxs\x86_microsoft-windows-proquota_31bf3856ad364e35_6.0.6000.16386_none_259035db957a1715\proquota.exe
[2007/02/18 12:05:46 | 000,053,248 | ---- | M] (Microsoft Corporation) MD5=E915E1D41B4C5B3FB28AB8355D4B70A3 -- C:\Windows.old\Windows\SysWOW64\proquota.exe

< MD5 for: QMGR.DLL >
[2008/01/20 22:23:10 | 000,758,272 | ---- | M] (Microsoft Corporation) MD5=02ED7B4DBC2A3232A389106DA7515C3D -- C:\Windows\winsxs\x86_microsoft-windows-bits-client_31bf3856ad364e35_6.0.6001.18000_none_2390c4ecf9720b8c\qmgr.dll
[2005/03/25 08:00:00 | 000,707,072 | ---- | M] (Microsoft Corporation) MD5=049B94073E8BC3EA91D0CE96C9FFC077 -- C:\Windows.old\Windows\$NtServicePackUninstall$\qmgr.dll
[2007/02/17 01:50:54 | 000,706,560 | ---- | M] (Microsoft Corporation) MD5=749C15323919984A6E08BAD427D89936 -- C:\Windows.old\Windows\ServicePackFiles\amd64\qmgr.dll
[2007/02/17 01:50:54 | 000,706,560 | ---- | M] (Microsoft Corporation) MD5=749C15323919984A6E08BAD427D89936 -- C:\Windows.old\Windows\system32\qmgr.dll
[2009/04/11 02:28:23 | 000,758,784 | ---- | M] (Microsoft Corporation) MD5=93952506C6D67330367F7E7934B6A02F -- C:\Windows\ERDNT\cache\qmgr.dll
[2009/04/11 02:28:23 | 000,758,784 | ---- | M] (Microsoft Corporation) MD5=93952506C6D67330367F7E7934B6A02F -- C:\Windows\System32\qmgr.dll
[2009/04/11 02:28:23 | 000,758,784 | ---- | M] (Microsoft Corporation) MD5=93952506C6D67330367F7E7934B6A02F -- C:\Windows\winsxs\x86_microsoft-windows-bits-client_31bf3856ad364e35_6.0.6002.18005_none_257c3df8f693d6d8\qmgr.dll

< MD5 for: SCECLI.DLL >
[2008/01/20 22:22:59 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2007/02/17 01:54:00 | 000,315,392 | ---- | M] (Microsoft Corporation) MD5=40453F57AAC02F32F785642F5C2E211E -- C:\Windows.old\Windows\ServicePackFiles\amd64\scecli.dll
[2007/02/17 01:54:00 | 000,315,392 | ---- | M] (Microsoft Corporation) MD5=40453F57AAC02F32F785642F5C2E211E -- C:\Windows.old\Windows\system32\scecli.dll
[2009/04/11 02:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\ERDNT\cache\scecli.dll
[2009/04/11 02:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009/04/11 02:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
[2005/03/25 08:00:00 | 000,315,392 | ---- | M] (Microsoft Corporation) MD5=A832D97D4113E28DB89C33219D9E7D20 -- C:\Windows.old\Windows\$NtServicePackUninstall$\scecli.dll
[2007/02/18 12:05:48 | 000,188,928 | ---- | M] (Microsoft Corporation) MD5=E7B7FD7D8907DADED4928E922608887F -- C:\Windows.old\Windows\SysWOW64\scecli.dll

< MD5 for: SFCFILES.DLL >
[2005/03/25 08:00:00 | 002,277,376 | ---- | M] (Microsoft Corporation) MD5=169CEF2B1C7FA6E5B5C2EA0CCC126D6D -- C:\Windows.old\Windows\$NtServicePackUninstall$\sfcfiles.dll
[2007/02/18 12:05:50 | 002,374,656 | ---- | M] (Microsoft Corporation) MD5=67BE14F048F09F0D197AC4D2459AD1EE -- C:\Windows.old\Windows\SysWOW64\sfcfiles.dll
[2007/02/17 01:54:48 | 002,323,968 | ---- | M] (Microsoft Corporation) MD5=6AA02E6A7115DEAC6483FD1E332F32AA -- C:\Windows.old\Windows\ServicePackFiles\amd64\sfcfiles.dll
[2007/02/17 01:54:48 | 002,323,968 | ---- | M] (Microsoft Corporation) MD5=6AA02E6A7115DEAC6483FD1E332F32AA -- C:\Windows.old\Windows\system32\sfcfiles.dll

< MD5 for: SPOOLSV.EXE >
[2009/04/11 02:28:05 | 000,127,488 | ---- | M] (Microsoft Corporation) MD5=524BFBEA40E6E404737CCBC754647A2E -- C:\Windows\ERDNT\cache\spoolsv.exe
[2009/04/11 02:28:05 | 000,127,488 | ---- | M] (Microsoft Corporation) MD5=524BFBEA40E6E404737CCBC754647A2E -- C:\Windows\System32\spoolsv.exe
[2009/04/11 02:28:05 | 000,127,488 | ---- | M] (Microsoft Corporation) MD5=524BFBEA40E6E404737CCBC754647A2E -- C:\Windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.0.6002.18005_none_d8371c2dbeaa9062\spoolsv.exe
[2007/02/17 01:55:54 | 000,110,080 | ---- | M] (Microsoft Corporation) MD5=5918677301E62A935A837EC22BA7088C -- C:\Windows.old\Windows\ServicePackFiles\amd64\spoolsv.exe
[2007/02/17 01:55:54 | 000,110,080 | ---- | M] (Microsoft Corporation) MD5=5918677301E62A935A837EC22BA7088C -- C:\Windows.old\Windows\system32\spoolsv.exe
[2008/01/20 22:22:54 | 000,125,952 | ---- | M] (Microsoft Corporation) MD5=846CDF9A3CF4DA9B306ADFB7D55EE4C2 -- C:\Windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.0.6001.18000_none_d64ba321c188c516\spoolsv.exe
[2005/03/25 08:00:00 | 000,109,568 | ---- | M] (Microsoft Corporation) MD5=91B7BD2B38884601E54ED5CED837459A -- C:\Windows.old\Windows\$NtServicePackUninstall$\spoolsv.exe

< MD5 for: SRSVC.DLL >
[2005/03/25 08:00:00 | 000,231,424 | ---- | M] (Microsoft Corporation) MD5=10E36DCEC537563E1EB0CAABD2E6C16B -- C:\Windows.old\Windows\$NtServicePackUninstall$\srsvc.dll
[2007/02/17 01:56:32 | 000,231,424 | ---- | M] (Microsoft Corporation) MD5=7B6DA719973755BD091131E53AD6EC23 -- C:\Windows.old\Windows\ServicePackFiles\amd64\srsvc.dll
[2007/02/17 01:56:32 | 000,231,424 | ---- | M] (Microsoft Corporation) MD5=7B6DA719973755BD091131E53AD6EC23 -- C:\Windows.old\Windows\system32\srsvc.dll

< MD5 for: SVCHOST.EXE >
[2008/01/20 22:21:53 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\ERDNT\cache\svchost.exe
[2008/01/20 22:21:53 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008/01/20 22:21:53 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe
[2007/02/17 01:59:04 | 000,025,600 | ---- | M] (Microsoft Corporation) MD5=46300880A5062A41C16DF5E3E836A6C9 -- C:\Windows.old\Windows\ServicePackFiles\amd64\svchost.exe
[2007/02/17 01:59:04 | 000,025,600 | ---- | M] (Microsoft Corporation) MD5=46300880A5062A41C16DF5E3E836A6C9 -- C:\Windows.old\Windows\system32\svchost.exe
[2005/03/25 08:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=BDDFEB952617080316692951215793E9 -- C:\Windows.old\Windows\$NtServicePackUninstall$\svchost.exe
[2007/02/18 12:05:52 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=C09CCFE81DEC9B162533D7184D705682 -- C:\Windows.old\Windows\SysWOW64\svchost.exe

< MD5 for: TERMSRV.DLL >
[2009/04/11 02:28:24 | 000,449,024 | ---- | M] (Microsoft Corporation) MD5=BB95DA09BEF6E7A131BFF3BA5032090D -- C:\Windows\ERDNT\cache\termsrv.dll
[2009/04/11 02:28:24 | 000,449,024 | ---- | M] (Microsoft Corporation) MD5=BB95DA09BEF6E7A131BFF3BA5032090D -- C:\Windows\System32\termsrv.dll
[2009/04/11 02:28:24 | 000,449,024 | ---- | M] (Microsoft Corporation) MD5=BB95DA09BEF6E7A131BFF3BA5032090D -- C:\Windows\winsxs\x86_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.0.6002.18005_none_908abad45165e2ae\termsrv.dll
[2008/01/20 22:22:20 | 000,448,512 | ---- | M] (Microsoft Corporation) MD5=D605031E225AACCBCEB5B76A4F1603A6 -- C:\Windows\winsxs\x86_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.0.6001.18000_none_8e9f41c854441762\termsrv.dll
[2005/03/25 08:00:00 | 000,363,008 | ---- | M] (Microsoft Corporation) MD5=E99987410B7F2202114C567480271600 -- C:\Windows.old\Windows\$NtServicePackUninstall$\termsrv.dll
[2007/02/17 01:59:44 | 000,364,032 | ---- | M] (Microsoft Corporation) MD5=F4849A4962779132B02CA4BBF696F434 -- C:\Windows.old\Windows\ServicePackFiles\amd64\termsrv.dll
[2007/02/17 01:59:44 | 000,364,032 | ---- | M] (Microsoft Corporation) MD5=F4849A4962779132B02CA4BBF696F434 -- C:\Windows.old\Windows\system32\termsrv.dll

< MD5 for: USERINIT.EXE >
[2008/01/20 22:22:58 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\ERDNT\cache\userinit.exe
[2008/01/20 22:22:58 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008/01/20 22:22:58 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2007/02/17 02:00:56 | 000,039,424 | ---- | M] (Microsoft Corporation) MD5=438393CC0B5122B5D988BD7BA05FE3C9 -- C:\Windows.old\Windows\ServicePackFiles\amd64\userinit.exe
[2007/02/17 02:00:56 | 000,039,424 | ---- | M] (Microsoft Corporation) MD5=438393CC0B5122B5D988BD7BA05FE3C9 -- C:\Windows.old\Windows\system32\userinit.exe
[2005/03/25 08:00:00 | 000,039,424 | ---- | M] (Microsoft Corporation) MD5=5EF907A339CAF229F3CE38909C93F53B -- C:\Windows.old\Windows\$NtServicePackUninstall$\userinit.exe
[2007/02/18 12:05:56 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=B5FEB3B971A8B8C81CE9DE65031A87E5 -- C:\Windows.old\Windows\SysWOW64\userinit.exe

< MD5 for: WS2_32.DLL >
[2005/03/25 08:00:00 | 000,180,736 | ---- | M] (Microsoft Corporation) MD5=30949CC9AD21DCA6E1DC8373CBBE0261 -- C:\Windows.old\Windows\$NtServicePackUninstall$\ws2_32.dll
[2007/02/18 12:06:02 | 000,083,456 | ---- | M] (Microsoft Corporation) MD5=5C34F97D87B2A8C9CB4422E67F2DAB61 -- C:\Windows.old\Windows\SysWOW64\ws2_32.dll
[2007/02/17 02:04:26 | 000,178,688 | ---- | M] (Microsoft Corporation) MD5=9E36B0413B6C3FADAF9E5C61A3F7F888 -- C:\Windows.old\Windows\ServicePackFiles\amd64\ws2_32.dll
[2007/02/17 02:04:26 | 000,178,688 | ---- | M] (Microsoft Corporation) MD5=9E36B0413B6C3FADAF9E5C61A3F7F888 -- C:\Windows.old\Windows\system32\ws2_32.dll
[2008/01/20 22:22:57 | 000,179,200 | ---- | M] (Microsoft Corporation) MD5=B304D47D5744BA20FCB99FB8B2C07B0B -- C:\Windows\ERDNT\cache\ws2_32.dll
[2008/01/20 22:22:57 | 000,179,200 | ---- | M] (Microsoft Corporation) MD5=B304D47D5744BA20FCB99FB8B2C07B0B -- C:\Windows\System32\ws2_32.dll
[2008/01/20 22:22:57 | 000,179,200 | ---- | M] (Microsoft Corporation) MD5=B304D47D5744BA20FCB99FB8B2C07B0B -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.0.6001.18000_none_f2b7b0c2ce5605c4\ws2_32.dll

< MD5 for: XMLPROV.DLL >
[2007/02/17 02:05:28 | 000,326,144 | ---- | M] (Microsoft Corporation) MD5=A1ABA5A0B4F1FF9B83C50F92F8C080A2 -- C:\Windows.old\Windows\ServicePackFiles\amd64\xmlprov.dll
[2007/02/17 02:05:28 | 000,326,144 | ---- | M] (Microsoft Corporation) MD5=A1ABA5A0B4F1FF9B83C50F92F8C080A2 -- C:\Windows.old\Windows\system32\xmlprov.dll
[2005/03/25 08:00:00 | 000,326,144 | ---- | M] (Microsoft Corporation) MD5=BB72B18E7DFB6C348DEAEAF55B771261 -- C:\Windows.old\Windows\$NtServicePackUninstall$\xmlprov.dll
[2007/02/18 12:06:04 | 000,131,584 | ---- | M] (Microsoft Corporation) MD5=C5B83F9A09A3EBFE8A931472F6DA4E38 -- C:\Windows.old\Windows\SysWOW64\xmlprov.dll

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 32892 bytes -> C:\Users\Administrator\Documents\083.AVI:TOC.WMV
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:A8ADE5D8
< End of report >

Re: Antivirus software alert28th June 2010, 7:31 pm

Hi trailblazer250v6, Smile...

Please run OTL.exe.

Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

:OTL
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKCU..\Run: [ivjcyyof] C:\Users\Administrator\AppData\Local\pxcnrwqrg\sobtwyotssd.exe ()
O20 - AppInit_DLLs: (app_dll.dll) - File not found
O20 - AppInit_DLLs: (tugufiki.dll) - File not found
O20 - AppInit_DLLs: (c:\windows\system32\vogakape.dll) - C:\Windows\System32\vogakape.dll File not found

:files
C:\Users\Administrator\AppData\Local\pxcnrwqrg
C:\Windows\System32\dakebiti

:commands
[emptytemp]
[resethosts]
[reboot]
Return to OTL.exe, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.
Click the red Run Fix button.
A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close OTL.exe

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

=======

Please download ComboFix Antivirus software alert Combofix

from BleepingComputer.com

Alternate link: GeeksToGo.com

Alternate link: Forospyware.com

Rename ComboFix.exe to commy.exe before you save it to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
Click Start then copy paste the following command into the search box & hit enter: "%userprofile%\desktop\commy.exe" /stepdel
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. This will not install in Vista. Just continue scanning, and skip the console install.
When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.

Re: Antivirus software alert28th June 2010, 10:16 pm

Well I ran OTL and it restarted my comp, but didn't give me a report.
This is what I got when I ran ComboFix:

User: Administrator
->Temp folder emptied: 147259920 bytes
->Temporary Internet Files folder emptied: 385805072 bytes
->Java cache emptied: 46951509 bytes
->FireFox cache emptied: 51931097 bytes
->Google Chrome cache emptied: 41366779 bytes
->Flash cache emptied: 175709 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 41044 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Temp
->Temp folder emptied: 206012 bytes
->Temporary Internet Files folder emptied: 10505427 bytes
->FireFox cache emptied: 50047904 bytes
->Flash cache emptied: 41986 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 5608270 bytes
RecycleBin emptied: 313944410 bytes

Total Files Cleaned = 1,005.00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.7.0 log created on 06282010_174109

Files\Folders moved on Reboot...
File\Folder C:\Users\Administrator\AppData\Local\Temp\~DF72A4.tmp not found!
File\Folder C:\Users\Administrator\AppData\Local\Temp\~DF72AA.tmp not found!
File\Folder C:\Users\Administrator\AppData\Local\Temp\~DF72F0.tmp not found!
File\Folder C:\Users\Administrator\AppData\Local\Temp\~DF72F5.tmp not found!
File\Folder C:\Users\Administrator\AppData\Local\Temp\~DF731A.tmp not found!
File\Folder C:\Users\Administrator\AppData\Local\Temp\~DF731F.tmp not found!
File\Folder C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GJMHVFPB\antivirus-software-alert-t22369[1].htm not found!
File\Folder C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FR1K8K9X\like[1].htm not found!

Registry entries deleted on Reboot...

Re: Antivirus software alert29th June 2010, 12:06 am

Hi,

Please open Windows Explorer, to do so right click on the Start button and go to Explore.

Once you have Windows Explorer open, please navigate to the 'C' drive and open ComboFix.txt, then copy and paste the contents of that file here in your next reply.

Re: Antivirus software alert29th June 2010, 3:34 am

When I try to open it, it says it is not a valid win32 application. Is there anything I can do?

Re: Antivirus software alert29th June 2010, 5:54 pm

Hi trailblazer250v6, Smile...

Please download SREng

Extract it to Desktop and double click SREngLdr.EXE to run it
Select System Repair from the left pane.
Click on File Association
Select all entries that has an Error status click [Repair]
Refer to this image for an example:
In your case, it would be .EXE
Close SREng now.

=====

After you have completed this, please try and open ComboFix.txt and post it here in your next reply.

Re: Antivirus software alert29th June 2010, 10:27 pm

Still won't let me open it. The exact message I am getting is "C:\commy8704c\ComboFix.txt is not a valid Win32 application." Does this mean there is something wrong w/ the path?

Re: Antivirus software alert29th June 2010, 10:39 pm

Hi,

Please open ComboFix.txt in wordpad, to do this please follow the instructions below.

Please go to Start > All Programs > Accessories > Wordpad

Now that it is opened click the blue button above paste and go to Open.

Now, open ComboFix.txt and copy and paste it here in your next reply.

Antivirus software alert

descriptionAntivirus software alert27th June 2010, 10:32 pm

descriptionRe: Antivirus software alert27th June 2010, 10:53 pm

descriptionRe: Antivirus software alert27th June 2010, 11:42 pm

descriptionRe: Antivirus software alert28th June 2010, 12:12 am

descriptionRe: Antivirus software alert28th June 2010, 1:36 am

descriptionRe: Antivirus software alert28th June 2010, 1:56 am

descriptionRe: Antivirus software alert28th June 2010, 1:57 am

descriptionRe: Antivirus software alert28th June 2010, 1:58 am

descriptionRe: Antivirus software alert28th June 2010, 7:31 pm

descriptionRe: Antivirus software alert28th June 2010, 10:16 pm

descriptionRe: Antivirus software alert29th June 2010, 12:06 am

descriptionRe: Antivirus software alert29th June 2010, 3:34 am

descriptionRe: Antivirus software alert29th June 2010, 5:54 pm

descriptionRe: Antivirus software alert29th June 2010, 10:27 pm

descriptionRe: Antivirus software alert29th June 2010, 10:39 pm

descriptionRe: Antivirus software alert

Antivirus software alert27th June 2010, 10:32 pm

Re: Antivirus software alert27th June 2010, 10:53 pm

Re: Antivirus software alert27th June 2010, 11:42 pm

Re: Antivirus software alert28th June 2010, 12:12 am

Re: Antivirus software alert28th June 2010, 1:36 am

Re: Antivirus software alert28th June 2010, 1:56 am

Re: Antivirus software alert28th June 2010, 1:57 am

Re: Antivirus software alert28th June 2010, 1:58 am

Re: Antivirus software alert28th June 2010, 7:31 pm

Re: Antivirus software alert28th June 2010, 10:16 pm

Re: Antivirus software alert29th June 2010, 12:06 am

Re: Antivirus software alert29th June 2010, 3:34 am

Re: Antivirus software alert29th June 2010, 5:54 pm

Re: Antivirus software alert29th June 2010, 10:27 pm

Re: Antivirus software alert29th June 2010, 10:39 pm

Re: Antivirus software alert