Computer Resetting

My Computer has been randomly resetting itself throughout the day.

OTL logfile created on: 12/19/2011 12:40:08 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\HP_Owner.YOUR-86339EB2BF.000\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

503.48 Mb Total Physical Memory | 76.49 Mb Available Physical Memory | 15.19% Memory free
1.20 Gb Paging File | 0.71 Gb Available in Paging File | 58.73% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 31.67 Gb Total Space | 19.11 Gb Free Space | 60.32% Space Free | Partition Type: NTFS
Drive D: | 5.58 Gb Total Space | 0.94 Gb Free Space | 16.94% Space Free | Partition Type: FAT32

Computer Name: YOUR-86339EB2BF | User Name: HP_Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/19 12:36:35 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Owner.YOUR-86339EB2BF.000\Desktop\OTL.com
PRC - [2011/12/16 21:51:35 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/12/12 16:01:09 | 000,619,352 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe
PRC - [2011/09/23 18:08:19 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/09/23 18:01:09 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/09/23 11:38:21 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011/09/16 02:34:43 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2011/12/16 21:51:35 | 002,124,760 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/11/27 00:59:29 | 008,527,008 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2011/09/16 02:05:58 | 000,398,288 | ---- | M] () -- C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2011/04/21 16:54:40 | 000,347,024 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 5\madexcept_.bpl
MOD - [2011/04/21 16:54:40 | 000,179,088 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 5\madbasic_.bpl
MOD - [2011/04/21 16:54:40 | 000,046,480 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 5\maddisAsm_.bpl


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (ccProxy)
SRV - [2011/12/12 16:01:09 | 000,494,424 | ---- | M] (IObit) [Disabled | Stopped] -- C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe -- (AdvancedSystemCareService5)
SRV - [2011/09/23 18:08:19 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/09/23 18:01:09 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)


========== Driver Services (SafeList) ==========

DRV - [2011/12/09 01:56:13 | 000,134,856 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/09/15 23:55:04 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011/09/15 23:55:03 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/06/17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2004/10/01 10:24:02 | 002,279,424 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2004/06/29 17:07:18 | 001,268,204 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2003/12/12 06:54:14 | 000,391,424 | ---- | M] (Sensaura Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS -- (ALCXSENS)
DRV - [2003/12/04 17:09:44 | 000,263,296 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2003/12/04 17:09:42 | 000,016,288 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2003/07/02 11:42:00 | 000,027,904 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\viaagp1.sys -- (viaagp1)
DRV - [2002/10/04 17:04:10 | 000,046,976 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\R8139n51.sys -- (rtl8139)
DRV - [2001/06/04 14:00:00 | 000,014,112 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q404&bd=pavilion&pf=desktop

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com"

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\HP_Owner.YOUR-86339EB2BF.000\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\HP_Owner.YOUR-86339EB2BF.000\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/12/19 02:38:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011/11/26 20:35:26 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Owner.YOUR-86339EB2BF.000\Application Data\Mozilla\Extensions
[2011/12/19 01:24:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Owner.YOUR-86339EB2BF.000\Application Data\Mozilla\Firefox\Profiles\fqxnn2e4.default\extensions
[2011/11/12 02:48:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
() (No name found) -- C:\DOCUMENTS AND SETTINGS\HP_OWNER.YOUR-86339EB2BF.000\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\FQXNN2E4.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\HP_OWNER.YOUR-86339EB2BF.000\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\FQXNN2E4.DEFAULT\EXTENSIONS\{D40F5E7B-D2CF-4856-B441-CC613EEFFBE3}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\HP_OWNER.YOUR-86339EB2BF.000\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\FQXNN2E4.DEFAULT\EXTENSIONS\ADBLOCKPOPUPS@JESSEHAKANEN.NET.XPI
[2011/12/16 21:51:36 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/12/16 18:20:10 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/12/16 18:20:10 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\HP_Owner.YOUR-86339EB2BF.000\Local Settings\Application Data\Google\Chrome\Application\16.0.912.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\HP_Owner.YOUR-86339EB2BF.000\Local Settings\Application Data\Google\Chrome\Application\16.0.912.63\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\HP_Owner.YOUR-86339EB2BF.000\Local Settings\Application Data\Google\Chrome\Application\16.0.912.63\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\HP_Owner.YOUR-86339EB2BF.000\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Documents and Settings\HP_Owner.YOUR-86339EB2BF.000\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_1\
CHR - Extension: Google Search = C:\Documents and Settings\HP_Owner.YOUR-86339EB2BF.000\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: Premiumplay Codec-C = C:\Documents and Settings\HP_Owner.YOUR-86339EB2BF.000\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jpnbdefcbnoefmmcpelplabbkfmfhlho\1.8.18_0\
CHR - Extension: Gmail = C:\Documents and Settings\HP_Owner.YOUR-86339EB2BF.000\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\

O1 HOSTS File: ([2011/12/19 11:44:41 | 000,439,153 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 15105 more lines...
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [VTTimer] VTTimer.exe File not found
O4 - HKCU..\Run: [Advanced SystemCare 5] C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe (IObit)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 File not found
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Reg Error: Value error. File not found
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1322365351843 (WUWebControl Class)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://go.divx.com/plugin/DivXBrowserPlugin.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{72D43FCA-2635-4918-9C4C-A1572A3EA065}: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{72D43FCA-2635-4918-9C4C-A1572A3EA065}: NameServer = 8.8.8.8,8.8.4.4
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\HP_Owner.YOUR-86339EB2BF.000\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\HP_Owner.YOUR-86339EB2BF.000\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 18:12:53 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 06:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - Services: "SNDSrvc"
MsConfig - Services: "ccSetMgr"
MsConfig - Services: "ccPwdSvc"
MsConfig - Services: "ccProxy"
MsConfig - Services: "ccEvtMgr"
MsConfig - StartUpReg: Advanced SystemCare 5 - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: AGRSMMSG - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: ccApp - hkey= - key= - File not found
MsConfig - StartUpReg: IgfxTray - hkey= - key= - File not found
MsConfig - StartUpReg: SSC_UserPrompt - hkey= - key= - File not found
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 2
MsConfig - State: "startup" - 2

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4b218e3e-bc98-4770-93d3-2731b9329278} - %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - %SystemRoot%\system32\ie4uinit.exe
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.UnInstall.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - rundll32.exe C:\WINDOWS\system32\Setup\FxsOcm.dll,XP_UninstallProvider
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: {EFCE7BE0-510E-4932-9475-F44CD90DE16A} - Microsoft .NET Framework 1.1 Security Update (KB2572067)
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\INF\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: Microsoft Base Smart Card Crypto Provider Package -

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/12/19 12:36:43 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Documents and Settings\HP_Owner.YOUR-86339EB2BF.000\Desktop\aswMBR.exe
[2011/12/19 12:36:30 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\HP_Owner.YOUR-86339EB2BF.000\Desktop\OTL.com
[2011/12/19 11:26:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2011/12/19 11:26:03 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/12/19 04:46:27 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\HP_Owner.YOUR-86339EB2BF.000\Recent
[2011/12/19 01:02:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner.YOUR-86339EB2BF.000\Local Settings\Application Data\Google
[2011/12/19 00:45:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\CodecCheck
[2011/12/19 00:42:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Premium
[2011/12/19 00:42:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\InstallMate
[2011/12/17 14:50:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner.YOUR-86339EB2BF.000\Application Data\MumboJumbo
[2011/12/17 14:43:45 | 000,000,000 | ---D | C] -- C:\Program Files\Games
[2011/12/15 00:53:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner.YOUR-86339EB2BF.000\Local Settings\Application Data\Chromium
[2011/12/12 00:23:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner.YOUR-86339EB2BF.000\Application Data\Foxit Software
[2011/12/06 22:08:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner.YOUR-86339EB2BF.000\Application Data\JaiboGames
[2011/12/06 21:24:34 | 000,163,840 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxres.dll
[2011/12/06 21:19:38 | 000,061,440 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\iAlmCoIn_v4342.dll
[2011/12/06 20:52:39 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\crypt32.dll
[2011/12/06 20:50:59 | 000,692,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcomm.dll
[2011/12/06 20:49:10 | 000,532,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstime.dll
[2011/12/06 20:49:10 | 000,449,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtmled.dll
[2011/12/06 20:49:10 | 000,251,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iepeers.dll
[2011/12/06 20:49:09 | 000,667,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wininet.dll
[2011/12/06 20:49:09 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\url.dll
[2011/12/06 20:49:08 | 001,510,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shdocvw.dll
[2011/12/06 20:49:08 | 001,025,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\browseui.dll
[2011/12/06 20:49:08 | 000,633,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\urlmon.dll
[2011/12/06 20:49:07 | 003,086,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2011/12/06 20:41:20 | 001,858,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\win32k.sys
[2011/12/06 20:37:42 | 000,456,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2011/12/06 20:36:04 | 000,139,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdpwd.sys
[2011/12/06 20:33:07 | 000,010,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndistapi.sys
[2011/12/06 20:29:23 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winsrv.dll
[2011/12/06 20:29:23 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\csrsrv.dll
[2011/12/06 20:22:42 | 000,852,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vgx.dll
[2011/12/06 20:21:03 | 000,551,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oleaut32.dll
[2011/12/06 20:19:33 | 000,105,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mup.sys
[2011/12/06 20:17:52 | 000,361,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tcpip.sys
[2011/12/06 20:17:52 | 000,225,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tcpip6.sys
[2011/12/06 20:17:52 | 000,138,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\afd.sys
[2011/12/06 20:17:51 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mswsock.dll
[2011/12/06 20:17:51 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dnsapi.dll
[2011/12/06 20:17:51 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dnsrslvr.dll
[2011/12/06 20:09:53 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscover.exe
[2011/12/06 20:03:29 | 002,067,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lhmstscx.dll
[2011/12/06 20:03:29 | 000,677,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lhmstsc.exe
[2011/12/06 20:00:20 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shsvcs.dll
[2011/12/06 19:58:27 | 002,192,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2011/12/06 19:58:27 | 002,148,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2011/12/06 19:58:26 | 002,069,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlpa.exe
[2011/12/06 19:58:26 | 002,027,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2011/12/06 19:56:50 | 000,730,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lsasrv.dll
[2011/12/06 19:55:13 | 000,439,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shimgvw.dll
[2011/12/06 19:55:12 | 008,462,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shell32.dll
[2011/12/06 19:53:29 | 000,301,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kerberos.dll
[2011/12/06 19:51:49 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\odbc32.dll
[2011/12/06 19:51:48 | 000,180,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadomd.dll
[2011/12/06 19:51:48 | 000,143,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadco.dll
[2011/12/06 19:51:48 | 000,102,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msjro.dll
[2011/12/06 19:51:48 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msado21.tlb
[2011/12/06 19:51:48 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msado20.tlb
[2011/12/06 19:51:47 | 000,536,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msado15.dll
[2011/12/06 19:51:47 | 000,200,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadox.dll
[2011/12/06 19:51:47 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msado27.tlb
[2011/12/06 19:51:47 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msado26.tlb
[2011/12/06 19:51:47 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msado25.tlb
[2011/12/06 19:50:23 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndproxy.sys
[2011/12/06 19:48:47 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isign32.dll
[2011/12/06 19:47:23 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wab.exe
[2011/12/06 19:42:56 | 000,590,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcrt4.dll
[2011/12/06 19:41:15 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\t2embed.dll
[2011/12/06 19:39:29 | 000,978,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc42.dll
[2011/12/06 19:39:29 | 000,953,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40u.dll
[2011/12/06 19:37:15 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srvsvc.dll
[2011/12/06 19:37:14 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srv.sys
[2011/12/06 19:35:40 | 000,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comctl32.dll
[2011/12/06 19:34:10 | 001,288,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ole32.dll
[2011/12/06 19:32:15 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\spoolsv.exe
[2011/12/06 19:30:31 | 000,406,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usp10.dll
[2011/12/06 19:28:45 | 000,151,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\schannel.dll
[2011/12/06 19:13:27 | 000,512,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jscript.dll
[2011/12/06 19:13:27 | 000,180,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scrobj.dll
[2011/12/06 19:13:27 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scrrun.dll
[2011/12/06 19:13:27 | 000,090,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wshext.dll
[2011/12/06 19:13:26 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vbscript.dll
[2011/12/06 19:13:26 | 000,155,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wscript.exe
[2011/12/06 19:13:26 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cscript.exe
[2011/12/06 13:12:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\AlawarWrapper
[2011/12/06 13:12:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AlawarWrapper
[2011/12/06 01:54:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner.YOUR-86339EB2BF.000\Application Data\Avira
[2011/12/06 01:54:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Avira
[2011/12/06 01:53:40 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avkmgr.sys
[2011/12/06 01:50:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2011/12/06 01:32:56 | 001,307,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6.dll
[2011/12/06 01:32:56 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml6r.dll
[2011/12/06 01:32:56 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6r.dll
[2011/12/06 01:32:51 | 000,086,016 | ---- | C] (Sipro Lab Telecom Inc.) -- C:\WINDOWS\System32\dllcache\sl_anet.acm
[2011/12/06 01:32:50 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msaud32.acm
[2011/12/06 01:32:50 | 000,290,816 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\WINDOWS\System32\dllcache\l3codeca.acm
[2011/12/06 01:32:41 | 000,870,784 | ---- | C] (ATI Technologies Inc. ) -- C:\WINDOWS\System32\ati3d1ag.dll
[2011/12/06 01:32:41 | 000,377,984 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ati2dvaa.dll
[2011/12/06 01:32:41 | 000,229,376 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ati2cqag.dll
[2011/12/06 01:32:41 | 000,201,728 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ati2dvag.dll
[2011/12/06 01:32:41 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\aaclient.dll
[2011/12/06 01:32:40 | 001,888,992 | ---- | C] (ATI Technologies Inc. ) -- C:\WINDOWS\System32\ati3duag.dll
[2011/12/06 01:32:40 | 000,516,768 | ---- | C] (ATI Technologies Inc. ) -- C:\WINDOWS\System32\ativvaxx.dll
[2011/12/06 01:32:40 | 000,233,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\azroles.dll
[2011/12/06 01:32:40 | 000,032,768 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ativtmxx.dll
[2011/12/06 01:32:40 | 000,023,040 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ativmvxx.ax
[2011/12/06 01:32:40 | 000,009,728 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ativdaxx.ax
[2011/12/06 01:32:40 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx4.dll
[2011/12/06 01:32:38 | 000,650,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3ui.dll
[2011/12/06 01:32:38 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3cfg.dll
[2011/12/06 01:32:38 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3msm.dll
[2011/12/06 01:32:38 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dhcpqec.dll
[2011/12/06 01:32:38 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3gpclnt.dll
[2011/12/06 01:32:38 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dimsroam.dll
[2011/12/06 01:32:37 | 000,184,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapp3hst.dll
[2011/12/06 01:32:37 | 000,180,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapphost.dll
[2011/12/06 01:32:37 | 000,094,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappgnui.dll
[2011/12/06 01:32:37 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapqec.dll
[2011/12/06 01:32:36 | 000,032,285 | ---- | C] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\hsfcisp2.dll
[2011/12/06 01:32:35 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdbhc.dll
[2011/12/06 01:32:34 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\l2gpstore.dll
[2011/12/06 01:32:34 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdpash.dll
[2011/12/06 01:32:34 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdnepr.dll
[2011/12/06 01:32:34 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdiultn.dll
[2011/12/06 01:32:33 | 000,397,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcex.dll
[2011/12/06 01:32:33 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\microsoft.managementconsole.dll
[2011/12/06 01:32:33 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcfxcommon.dll
[2011/12/06 01:32:33 | 000,086,016 | ---- | C] (Conexant) -- C:\WINDOWS\System32\mdmxsdk.dll
[2011/12/06 01:32:33 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcperf.exe
[2011/12/06 01:32:32 | 000,155,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mssha.dll
[2011/12/06 01:32:32 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msshavmsg.dll
[2011/12/06 01:32:31 | 004,274,816 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nv4_disp.dll
[2011/12/06 01:32:31 | 001,737,856 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\mtxparhd.dll
[2011/12/06 01:32:31 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napmontr.dll
[2011/12/06 01:32:31 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napstat.exe
[2011/12/06 01:32:31 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napipsec.dll
[2011/12/06 01:32:30 | 000,412,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\photometadatahandler.dll
[2011/12/06 01:32:30 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qagent.dll
[2011/12/06 01:32:29 | 000,397,056 | ---- | C] (S3 Graphics, Inc.) -- C:\WINDOWS\System32\s3gnb.dll
[2011/12/06 01:32:29 | 000,290,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rhttpaa.dll
[2011/12/06 01:32:29 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qcliprov.dll
[2011/12/06 01:32:29 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\setupn.exe
[2011/12/06 01:32:28 | 000,286,792 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slextspk.dll
[2011/12/06 01:32:28 | 000,188,508 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slgen.dll
[2011/12/06 01:32:28 | 000,073,832 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slcoinst.dll
[2011/12/06 01:32:28 | 000,073,796 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slserv.exe
[2011/12/06 01:32:28 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tsgqec.dll
[2011/12/06 01:32:28 | 000,032,866 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slrundll.exe
[2011/12/06 01:32:28 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vidcap.ax
[2011/12/06 01:32:28 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\verclsid.exe
[2011/12/06 01:32:27 | 000,346,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\windowscodecsext.dll
[2011/12/06 01:32:26 | 000,276,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wmphoto.dll
[2011/12/06 01:32:26 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wlanapi.dll
[2011/12/06 01:32:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-us
[2011/12/06 01:32:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2011/12/06 01:32:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2011/12/06 01:31:55 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dlimport.exe
[2011/12/06 01:29:29 | 000,004,255 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\adv01nt5.dll
[2011/12/06 01:29:29 | 000,003,967 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\adv02nt5.dll
[2011/12/06 01:29:29 | 000,003,775 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\adv11nt5.dll
[2011/12/06 01:29:29 | 000,003,711 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\adv09nt5.dll
[2011/12/06 01:29:29 | 000,003,647 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\adv07nt5.dll
[2011/12/06 01:29:29 | 000,003,615 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\adv05nt5.dll
[2011/12/06 01:29:29 | 000,003,135 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\adv08nt5.dll
[2011/12/06 01:29:28 | 000,701,440 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati2mtag.sys
[2011/12/06 01:29:28 | 000,327,040 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati2mtaa.sys
[2011/12/06 01:29:28 | 000,063,663 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1rvxx.sys
[2011/12/06 01:29:28 | 000,056,623 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1btxx.sys
[2011/12/06 01:29:28 | 000,036,463 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1tuxx.sys
[2011/12/06 01:29:28 | 000,034,735 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1xsxx.sys
[2011/12/06 01:29:28 | 000,030,671 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1raxx.sys
[2011/12/06 01:29:28 | 000,029,455 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1xbxx.sys
[2011/12/06 01:29:28 | 000,026,367 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1snxx.sys
[2011/12/06 01:29:28 | 000,021,343 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1ttxx.sys
[2011/12/06 01:29:28 | 000,012,047 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1pdxx.sys
[2011/12/06 01:29:28 | 000,011,615 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1mdxx.sys
[2011/12/06 01:29:27 | 000,104,960 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinrvxx.sys
[2011/12/06 01:29:27 | 000,073,216 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atintuxx.sys
[2011/12/06 01:29:27 | 000,063,488 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinxsxx.sys
[2011/12/06 01:29:27 | 000,057,856 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinbtxx.sys
[2011/12/06 01:29:27 | 000,052,224 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinraxx.sys
[2011/12/06 01:29:27 | 000,031,744 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinxbxx.sys
[2011/12/06 01:29:27 | 000,028,672 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinsnxx.sys
[2011/12/06 01:29:27 | 000,025,471 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\atv04nt5.dll
[2011/12/06 01:29:27 | 000,021,183 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\atv01nt5.dll
[2011/12/06 01:29:27 | 000,017,279 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\atv10nt5.dll
[2011/12/06 01:29:27 | 000,014,336 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinpdxx.sys
[2011/12/06 01:29:27 | 000,014,143 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\atv06nt5.dll
[2011/12/06 01:29:27 | 000,013,824 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinttxx.sys
[2011/12/06 01:29:27 | 000,013,824 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinmdxx.sys
[2011/12/06 01:29:27 | 000,011,359 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\atv02nt5.dll
[2011/12/06 01:29:25 | 000,036,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthprint.sys
[2011/12/06 01:29:25 | 000,015,423 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\ch7xxnt5.dll
[2011/12/06 01:29:24 | 001,309,184 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\mtlstrm.sys
[2011/12/06 01:29:24 | 000,452,736 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\drivers\mtxparhm.sys
[2011/12/06 01:29:24 | 000,126,686 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\mtlmnt5.sys
[2011/12/06 01:29:24 | 000,012,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mutohpen.sys
[2011/12/06 01:29:23 | 000,180,360 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\ntmtlfax.sys
[2011/12/06 01:29:23 | 000,166,912 | ---- | C] (S3 Graphics, Inc.) -- C:\WINDOWS\System32\drivers\s3gnbm.sys
[2011/12/06 01:29:23 | 000,030,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rndismpx.sys
[2011/12/06 01:29:23 | 000,013,776 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\recagent.sys
[2011/12/06 01:29:22 | 000,404,990 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slntamr.sys
[2011/12/06 01:29:22 | 000,129,535 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slnt7554.sys
[2011/12/06 01:29:22 | 000,095,424 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slnthal.sys
[2011/12/06 01:29:22 | 000,013,240 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slwdmsup.sys
[2011/12/06 01:29:22 | 000,003,901 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\siint5.dll
[2011/12/06 01:29:21 | 000,025,471 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\watv10nt.sys
[2011/12/06 01:29:21 | 000,022,271 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\watv06nt.sys
[2011/12/06 01:29:21 | 000,011,935 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\wadv11nt.sys
[2011/12/06 01:29:21 | 000,011,871 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\wadv09nt.sys
[2011/12/06 01:29:21 | 000,011,807 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\wadv07nt.sys
[2011/12/06 01:29:21 | 000,011,325 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\vchnt5.dll
[2011/12/06 01:29:21 | 000,011,295 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\wadv08nt.sys
[2011/12/06 01:29:21 | 000,005,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\smbali.sys
[2011/12/06 01:27:01 | 000,017,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2011/12/06 00:44:43 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2011/12/06 00:44:39 | 000,134,856 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2011/12/06 00:44:39 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2011/12/06 00:44:38 | 000,074,640 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2011/12/06 00:44:38 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2011/12/06 00:44:37 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2011/12/06 00:44:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2011/12/02 20:59:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo
[2011/11/29 16:48:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner.YOUR-86339EB2BF.000\Application Data\SampleView
[2011/11/29 16:05:55 | 001,698,408 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RtlExUpd.dll
[2011/11/29 02:24:54 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/11/29 02:19:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/11/29 01:42:20 | 000,222,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2011/11/29 01:39:06 | 000,274,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll
[2011/11/29 01:39:06 | 000,016,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll.mui
[2011/11/29 01:02:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/11/29 00:26:56 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Connect 2
[2011/11/29 00:24:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF
[2011/11/29 00:24:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
[2011/11/28 01:27:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe
[2011/11/27 03:18:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner.YOUR-86339EB2BF.000\Application Data\vlc
[2011/11/27 01:31:28 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsbyuv.dll
[2011/11/27 00:59:29 | 000,414,368 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/11/26 23:03:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\7-Zip
[2011/11/26 23:03:15 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2011/11/26 22:57:21 | 000,101,720 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2011/11/26 22:52:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2011/11/26 22:49:35 | 000,000,000 | ---D | C] -- C:\Program Files\Foxit Software
[2011/11/26 22:48:44 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/11/26 20:54:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner.YOUR-86339EB2BF.000\Application Data\IObit
[2011/11/26 20:53:58 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/11/26 20:49:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
[2011/11/26 20:49:00 | 000,026,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spupdsvc.exe
[2011/11/26 20:43:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner.YOUR-86339EB2BF.000\Local Settings\Application Data\Adobe
[2011/11/26 20:43:20 | 000,044,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wups2.dll
[2011/11/26 20:43:20 | 000,021,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wucltui.dll.mui
[2011/11/26 20:43:18 | 000,015,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll.mui
[2011/11/26 20:43:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2011/11/26 20:42:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner.YOUR-86339EB2BF.000\Application Data\Adobe
[2011/11/26 20:42:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2011/11/26 20:41:41 | 000,000,000 | --SD | C] -- C:\Documents and Settings\HP_Owner.YOUR-86339EB2BF.000\UserData
[2011/11/26 20:35:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner.YOUR-86339EB2BF.000\Local Settings\Application Data\Mozilla
[2011/11/26 20:35:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner.YOUR-86339EB2BF.000\Application Data\Mozilla
[2011/11/26 20:34:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner.YOUR-86339EB2BF.000\Application Data\Macromedia
[2011/11/26 20:31:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner.YOUR-86339EB2BF.000\Application Data\Identities
[2011/11/26 20:31:32 | 000,000,000 | --SD | C] -- C:\Documents and Settings\HP_Owner.YOUR-86339EB2BF.000\Application Data\Microsoft
[2011/11/26 20:31:32 | 000,000,000 | --SD | C] -- C:\Documents and Settings\HP_Owner.YOUR-86339EB2BF.000\Cookies
[2011/11/26 20:31:32 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\HP_Owner.YOUR-86339EB2BF.000\Application Data
[2011/11/26 20:31:32 | 000,000,000 | R--D | C] -- C:\Documents and Settings\HP_Owner.YOUR-86339EB2BF.000\Favorites
[2011/11/26 20:31:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner.YOUR-86339EB2BF.000\Application Data\Sun
[2011/11/26 20:31:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner.YOUR-86339EB2BF.000\Local Settings\Application Data\Microsoft
[2011/11/26 20:31:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner.YOUR-86339EB2BF.000\Desktop
[2011/11/26 20:31:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner.YOUR-86339EB2BF.000\Local Settings\Application Data\ApplicationHistory
[2011/11/26 20:31:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner.YOUR-86339EB2BF.000\Local Settings\Application Data\Apple Computer
[2011/11/26 20:31:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner.YOUR-86339EB2BF.000\Local Settings\Application Data\{7148F0A6-6813-11D6-A77B-00B0D0142030}
[2011/11/26 20:31:31 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\HP_Owner.YOUR-86339EB2BF.000\SendTo
[2011/11/26 20:31:31 | 000,000,000 | R--D | C] -- C:\Documents and Settings\HP_Owner.YOUR-86339EB2BF.000\Start Menu\Programs\Startup
[2011/11/26 20:31:31 | 000,000,000 | R--D | C] -- C:\Documents and Settings\HP_Owner.YOUR-86339EB2BF.000\Start Menu
[2011/11/26 20:31:31 | 000,000,000 | R--D | C] -- C:\Documents and Settings\HP_Owner.YOUR-86339EB2BF.000\My Documents\My Videos
[2011/11/26 20:31:31 | 000,000,000 | R--D | C] -- C:\Documents and Settings\HP_Owner.YOUR-86339EB2BF.000\My Documents\My Pictures
[2011/11/26 20:31:31 | 000,000,000 | R--D | C] -- C:\Documents and Settings\HP_Owner.YOUR-86339EB2BF.000\My Documents\My Music
[2011/11/26 20:31:31 | 000,000,000 | R--D | C] -- C:\Documents and Settings\HP_Owner.YOUR-86339EB2BF.000\My Documents
[2011/11/26 20:31:31 | 000,000,000 | R--D | C] -- C:\Documents and Settings\HP_Owner.YOUR-86339EB2BF.000\Start Menu\Programs\Accessories
[2011/11/26 20:31:31 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\HP_Owner.YOUR-86339EB2BF.000\Templates
[2011/11/26 20:31:31 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\HP_Owner.YOUR-86339EB2BF.000\PrintHood
[2011/11/26 20:31:31 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\HP_Owner.YOUR-86339EB2BF.000\NetHood
[2011/11/26 20:31:31 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\HP_Owner.YOUR-86339EB2BF.000\Local Settings
[2011/11/26 20:31:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner.YOUR-86339EB2BF.000\WINDOWS
[2011/11/26 20:31:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner.YOUR-86339EB2BF.000\Start Menu\Programs\Games
[2011/11/26 20:25:00 | 000,172,032 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\NVUninst.exe
[2011/11/26 20:20:33 | 000,129,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksproxy.ax
[2011/11/26 20:20:33 | 000,060,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\drmk.sys
[2011/11/26 20:20:33 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksuser.dll
[2011/11/26 19:48:27 | 000,000,000 | RHSD | C] -- C:\WINDOWS\System32\dllcache
[2011/11/26 11:50:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Advanced SystemCare 5
[34 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/12/19 12:37:42 | 000,879,668 | ---- | M] () -- C:\Documents and Settings\HP_Owner.YOUR-86339EB2BF.000\Desktop\SecurityCheck.exe
[2011/12/19 12:36:54 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Documents and Settings\HP_Owner.YOUR-86339EB2BF.000\Desktop\aswMBR.exe
[2011/12/19 12:36:35 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Owner.YOUR-86339EB2BF.000\Desktop\OTL.com
[2011/12/19 12:30:29 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\SmartDefrag_Startup.job
[2011/12/19 12:30:21 | 000,000,247 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.dat
[2011/12/19 12:30:15 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/12/19 12:30:13 | 528,011,264 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/19 11:44:41 | 000,439,153 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/12/19 11:26:31 | 000,000,944 | ---- | M] () -- C:\Documents and Settings\HP_Owner.YOUR-86339EB2BF.000\Desktop\Spybot - Search & Destroy.lnk
[2011/12/19 02:38:56 | 000,000,735 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/12/19 01:18:29 | 000,001,689 | ---- | M] () -- C:\WINDOWS\WININIT.INI
[2011/12/18 19:00:00 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\RMSchedule.job
[2011/12/18 17:00:02 | 000,000,294 | ---- | M] () -- C:\WINDOWS\tasks\ASC5_AutoCare.job
[2011/12/17 14:45:50 | 000,001,846 | ---- | M] () -- C:\Documents and Settings\HP_Owner.YOUR-86339EB2BF.000\Desktop\Pickers - Adventures in Rust.lnk
[2011/12/17 02:23:00 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/12/09 01:56:13 | 000,134,856 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2011/12/08 03:00:57 | 000,003,584 | ---- | M] () -- C:\Documents and Settings\HP_Owner.YOUR-86339EB2BF.000\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/07 14:29:00 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\HP_Owner.YOUR-86339EB2BF.000\tasklist
[2011/12/06 21:40:22 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2011/12/06 21:24:02 | 000,140,440 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/12/06 01:52:03 | 000,381,692 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/12/06 01:52:02 | 000,053,436 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/12/06 01:51:08 | 000,000,790 | ---- | M] () -- C:\Documents and Settings\HP_Owner.YOUR-86339EB2BF.000\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/12/06 01:50:44 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/12/06 01:28:58 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2011/11/29 02:15:49 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2011/11/29 01:20:55 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/11/29 00:38:42 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2011/11/29 00:38:42 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2011/11/29 00:32:44 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\Msft_User_WpdMtpDr_01_00_00.Wdf
[2011/11/29 00:25:34 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2011/11/29 00:24:28 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2011/11/27 02:45:39 | 000,000,057 | ---- | M] () -- C:\WINDOWS\System32\mapisvc.inf
[2011/11/27 00:59:29 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/11/26 22:53:50 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/11/26 22:53:50 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat
[2011/11/26 20:57:43 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2011/11/26 20:41:18 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2011/11/26 20:32:30 | 000,004,172 | RHS- | M] () -- C:\WINDOWS\System32\drivers\HP_PJ562AA-ABA a705w_YC_Pavi_QCNC441_E44NAheBLW1_4_IGamila Giovani Neon series_SMICRO-STAR INTERNATIONAL CO., LTD_V030_B3.15_T040805_WXH2_L409_M504_J40_7Intel_8Celeron_92.93_1_N10EC8139_P_Z11C1048C_K_A808624C5_U808624C2.MRK
[2011/11/26 20:29:26 | 000,000,993 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2011/11/26 20:28:14 | 000,000,213 | RHS- | M] () -- C:\BOOT.BAK
[2011/11/26 19:28:40 | 000,000,012 | ---- | M] () -- C:\WINDOWS\bthservsdp.dat
[34 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

Last edited by Paperhouse on 19th December 2011, 10:07 pm; edited 1 time in total

========== Files Created - No Company Name ==========

[2011/12/19 12:37:41 | 000,879,668 | ---- | C] () -- C:\Documents and Settings\HP_Owner.YOUR-86339EB2BF.000\Desktop\SecurityCheck.exe
[2011/12/19 11:26:31 | 000,000,944 | ---- | C] () -- C:\Documents and Settings\HP_Owner.YOUR-86339EB2BF.000\Desktop\Spybot - Search & Destroy.lnk
[2011/12/18 03:28:26 | 000,000,294 | ---- | C] () -- C:\WINDOWS\tasks\ASC5_AutoCare.job
[2011/12/17 14:45:49 | 000,001,846 | ---- | C] () -- C:\Documents and Settings\HP_Owner.YOUR-86339EB2BF.000\Desktop\Pickers - Adventures in Rust.lnk
[2011/12/08 03:00:57 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\HP_Owner.YOUR-86339EB2BF.000\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/07 14:29:00 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\HP_Owner.YOUR-86339EB2BF.000\tasklist
[2011/12/06 20:01:58 | 000,270,848 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sbe.dll
[2011/12/06 20:01:58 | 000,186,880 | ---- | C] () -- C:\WINDOWS\System32\dllcache\encdec.dll
[2011/12/06 01:51:04 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\HP_Owner.YOUR-86339EB2BF.000\Start Menu\Programs\Windows Media Player.lnk
[2011/12/06 01:32:54 | 000,613,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.chm
[2011/12/06 01:32:54 | 000,067,374 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.adm
[2011/12/06 01:32:54 | 000,023,195 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplay.chm
[2011/12/06 01:32:54 | 000,010,457 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.hta
[2011/12/06 01:32:54 | 000,001,771 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.css
[2011/12/06 01:32:54 | 000,000,855 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpocm.inf
[2011/12/06 01:32:54 | 000,000,420 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmploc.js
[2011/12/06 01:32:53 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud9.wav
[2011/12/06 01:32:53 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud8.wav
[2011/12/06 01:32:52 | 000,354,468 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud1.wav
[2011/12/06 01:32:52 | 000,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud7.wav
[2011/12/06 01:32:52 | 000,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud6.wav
[2011/12/06 01:32:52 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud3.wav
[2011/12/06 01:32:52 | 000,086,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud5.wav
[2011/12/06 01:32:52 | 000,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud4.wav
[2011/12/06 01:32:52 | 000,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud2.wav
[2011/12/06 01:32:52 | 000,029,070 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmp.inf
[2011/12/06 01:32:52 | 000,017,272 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmdm.inf
[2011/12/06 01:32:52 | 000,008,677 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm7.gif
[2011/12/06 01:32:52 | 000,007,892 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm9.gif
[2011/12/06 01:32:52 | 000,007,369 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm4.gif
[2011/12/06 01:32:52 | 000,006,769 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmfsdk.inf
[2011/12/06 01:32:52 | 000,006,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm6.gif
[2011/12/06 01:32:52 | 000,004,193 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm8.gif
[2011/12/06 01:32:52 | 000,002,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm5.gif
[2011/12/06 01:32:51 | 000,572,557 | ---- | C] () -- C:\WINDOWS\System32\dllcache\rtuner.wmv
[2011/12/06 01:32:51 | 000,375,519 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nuskin.wmv
[2011/12/06 01:32:51 | 000,300,969 | ---- | C] () -- C:\WINDOWS\System32\dllcache\viz.wmv
[2011/12/06 01:32:51 | 000,077,307 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plyr_err.chm
[2011/12/06 01:32:51 | 000,066,725 | ---- | C] () -- C:\WINDOWS\System32\dllcache\revert.wmz
[2011/12/06 01:32:51 | 000,023,829 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tourbg.gif
[2011/12/06 01:32:51 | 000,022,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npds.zip
[2011/12/06 01:32:51 | 000,017,489 | ---- | C] () -- C:\WINDOWS\System32\dllcache\videobg.gif
[2011/12/06 01:32:51 | 000,007,636 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm2.gif
[2011/12/06 01:32:51 | 000,006,241 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm3.gif
[2011/12/06 01:32:51 | 000,005,789 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm1.gif
[2011/12/06 01:32:51 | 000,005,290 | ---- | C] () -- C:\WINDOWS\System32\dllcache\vidsamp.gif
[2011/12/06 01:32:51 | 000,003,187 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tour.js
[2011/12/06 01:32:51 | 000,002,469 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplay.gif
[2011/12/06 01:32:51 | 000,002,450 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpause.gif
[2011/12/06 01:32:51 | 000,002,375 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplayh.gif
[2011/12/06 01:32:51 | 000,002,371 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpauseh.gif
[2011/12/06 01:32:51 | 000,001,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst6.wpl
[2011/12/06 01:32:51 | 000,001,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst5.wpl
[2011/12/06 01:32:51 | 000,001,474 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst3.wpl
[2011/12/06 01:32:51 | 000,001,451 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst12.wpl
[2011/12/06 01:32:51 | 000,001,448 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst4.wpl
[2011/12/06 01:32:51 | 000,001,398 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taon.gif
[2011/12/06 01:32:51 | 000,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taonh.gif
[2011/12/06 01:32:51 | 000,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoff.gif
[2011/12/06 01:32:51 | 000,001,367 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoffh.gif
[2011/12/06 01:32:51 | 000,001,250 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst1.wpl
[2011/12/06 01:32:51 | 000,001,148 | ---- | C] () -- C:\WINDOWS\System32\dllcache\snd.htm
[2011/12/06 01:32:51 | 000,001,049 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst2.wpl
[2011/12/06 01:32:51 | 000,001,046 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst7.wpl
[2011/12/06 01:32:51 | 000,001,036 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst8.wpl
[2011/12/06 01:32:51 | 000,000,908 | ---- | C] () -- C:\WINDOWS\System32\dllcache\skins.inf
[2011/12/06 01:32:51 | 000,000,789 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst11.wpl
[2011/12/06 01:32:51 | 000,000,787 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst10.wpl
[2011/12/06 01:32:51 | 000,000,784 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst9.wpl
[2011/12/06 01:32:51 | 000,000,783 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst13.wpl
[2011/12/06 01:32:51 | 000,000,775 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst14.wpl
[2011/12/06 01:32:51 | 000,000,733 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst15.wpl
[2011/12/06 01:32:51 | 000,000,403 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npdrmv2.zip
[2011/12/06 01:32:50 | 000,457,607 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mdlib.wmv
[2011/12/06 01:32:50 | 000,018,286 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.inf
[2011/12/06 01:32:50 | 000,005,971 | ---- | C] () -- C:\WINDOWS\System32\dllcache\events.js
[2011/12/06 01:32:50 | 000,002,778 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogoh.gif
[2011/12/06 01:32:50 | 000,002,545 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogo.gif
[2011/12/06 01:32:49 | 000,381,425 | ---- | C] () -- C:\WINDOWS\System32\dllcache\copycd.wmv
[2011/12/06 01:32:49 | 000,184,959 | ---- | C] () -- C:\WINDOWS\System32\dllcache\compact.wmz
[2011/12/06 01:32:49 | 000,009,585 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.css
[2011/12/06 01:32:49 | 000,008,298 | ---- | C] () -- C:\WINDOWS\System32\dllcache\contents.htm
[2011/12/06 01:32:49 | 000,006,878 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.js
[2011/12/06 01:32:49 | 000,000,999 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bktrh.gif
[2011/12/06 01:32:49 | 000,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnth.gif
[2011/12/06 01:32:49 | 000,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnt.gif
[2011/12/06 01:32:49 | 000,000,772 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cntd.gif
[2011/12/06 01:32:49 | 000,000,760 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapph.gif
[2011/12/06 01:32:49 | 000,000,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapp.gif
[2011/12/06 01:29:27 | 000,064,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmc20.cod
[2011/12/06 01:29:25 | 000,129,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\cxthsfs2.cty
[2011/12/06 01:29:23 | 000,067,866 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwlan5.img
[2011/11/29 01:33:57 | 000,001,945 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2011/11/29 00:38:42 | 000,023,392 | ---- | C] () -- C:\WINDOWS\System32\nscompat.tlb
[2011/11/29 00:38:42 | 000,016,832 | ---- | C] () -- C:\WINDOWS\System32\amcompat.tlb
[2011/11/29 00:32:44 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\Msft_User_WpdMtpDr_01_00_00.Wdf
[2011/11/29 00:24:28 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2011/11/26 23:40:06 | 000,020,312 | ---- | C] () -- C:\WINDOWS\System32\RegistryDefragBootTime.exe
[2011/11/26 22:56:09 | 000,007,221 | ---- | C] () -- C:\Documents and Settings\HP_Owner.YOUR-86339EB2BF.000\My Documents\Resume Edit.htm
[2011/11/26 22:56:09 | 000,003,166 | ---- | C] () -- C:\Documents and Settings\HP_Owner.YOUR-86339EB2BF.000\My Documents\Resume.htm
[2011/11/26 22:53:50 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/11/26 22:53:50 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2011/11/26 20:41:18 | 000,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2011/11/26 20:41:18 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2011/11/26 20:32:30 | 000,004,172 | RHS- | C] () -- C:\WINDOWS\System32\drivers\HP_PJ562AA-ABA a705w_YC_Pavi_QCNC441_E44NAheBLW1_4_IGamila Giovani Neon series_SMICRO-STAR INTERNATIONAL CO., LTD_V030_B3.15_T040805_WXH2_L409_M504_J40_7Intel_8Celeron_92.93_1_N10EC8139_P_Z11C1048C_K_A808624C5_U808624C2.MRK
[2011/11/26 20:32:20 | 528,011,264 | -HS- | C] () -- C:\hiberfil.sys
[2011/11/26 20:31:38 | 000,000,790 | ---- | C] () -- C:\Documents and Settings\HP_Owner.YOUR-86339EB2BF.000\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/11/26 20:31:38 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\HP_Owner.YOUR-86339EB2BF.000\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2011/11/26 20:31:37 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\HP_Owner.YOUR-86339EB2BF.000\Local Settings\Application Data\fusioncache.dat
[2011/11/26 20:31:33 | 000,001,599 | ---- | C] () -- C:\Documents and Settings\HP_Owner.YOUR-86339EB2BF.000\Start Menu\Programs\Remote Assistance.lnk
[2011/11/26 20:31:33 | 000,000,778 | ---- | C] () -- C:\Documents and Settings\HP_Owner.YOUR-86339EB2BF.000\Start Menu\Programs\Internet Explorer.lnk
[2011/09/20 00:47:11 | 000,000,028 | ---- | C] () -- C:\WINDOWS\v2d.INI
[2011/09/16 00:48:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\WB.ini
[2011/02/18 15:41:04 | 000,000,169 | ---- | C] () -- C:\WINDOWS\RtlRack.ini
[2011/02/18 15:07:40 | 000,000,012 | ---- | C] () -- C:\WINDOWS\bthservsdp.dat
[2010/11/08 17:03:38 | 000,000,036 | ---- | C] () -- C:\WINDOWS\hdd.ini
[2010/11/08 04:47:37 | 000,019,500 | ---- | C] () -- C:\WINDOWS\hpqins13.dat
[2010/09/07 19:37:41 | 008,892,928 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\atscie.msi
[2010/08/08 16:23:45 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/08/08 16:23:45 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/08/08 16:23:45 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/07/27 00:44:45 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/07/27 00:44:45 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/07/12 16:14:18 | 000,000,014 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2010/05/11 16:08:04 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2009/12/31 19:49:34 | 000,000,169 | ---- | C] () -- C:\WINDOWS\settings.ini
[2009/09/18 14:23:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ResortingToDanger.INI
[2009/07/01 18:56:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\popcreg.dat
[2009/06/20 17:19:41 | 000,000,042 | ---- | C] () -- C:\WINDOWS\popcinfot.dat
[2009/03/23 01:48:12 | 000,000,039 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2009/01/24 04:30:37 | 000,002,560 | ---- | C] () -- C:\WINDOWS\_MSRSTRT.EXE
[2009/01/04 21:45:41 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2008/09/17 19:04:34 | 000,000,340 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2008/04/04 02:02:01 | 000,001,423 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2008/04/03 21:35:08 | 000,000,195 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2008/03/01 19:51:06 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/07/16 12:07:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\UNIVMGR.INI
[2005/12/30 15:33:03 | 000,000,026 | ---- | C] () -- C:\WINDOWS\UP9ASP.INI
[2005/12/05 23:00:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MSDraw.ini
[2005/06/11 10:08:24 | 000,001,689 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2005/05/10 10:04:45 | 000,000,093 | ---- | C] () -- C:\WINDOWS\upst.ini
[2005/05/10 10:04:45 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2005/04/05 09:31:31 | 000,002,710 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2005/02/07 12:47:49 | 000,000,078 | ---- | C] () -- C:\WINDOWS\qwimp.ini
[2005/02/07 12:47:48 | 000,000,520 | ---- | C] () -- C:\WINDOWS\intuprof.ini
[2005/02/04 00:03:34 | 000,000,048 | ---- | C] () -- C:\WINDOWS\PerWin.ini
[2004/12/29 19:25:56 | 000,000,997 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2004/12/29 15:06:26 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2004/09/19 19:19:20 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/09/19 19:19:20 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/09/19 19:19:17 | 000,004,490 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/09/19 19:19:12 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/09/19 19:19:06 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/09/19 19:18:40 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/09/19 19:18:40 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/09/19 19:18:07 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/09/19 19:17:38 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/11 23:30:03 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/08/11 21:21:02 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\PCDrJNI_1_1.dll
[2004/08/11 21:14:51 | 000,026,941 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2004/08/11 21:14:13 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2004/08/11 21:05:12 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/08/11 20:41:26 | 000,094,339 | ---- | C] () -- C:\WINDOWS\HPHins03.dat
[2004/08/11 20:41:26 | 000,002,655 | ---- | C] () -- C:\WINDOWS\hphmdl03.dat
[2004/08/11 20:20:19 | 000,016,306 | ---- | C] () -- C:\WINDOWS\hpqins01.dat
[2004/08/11 20:20:19 | 000,002,673 | ---- | C] () -- C:\WINDOWS\hpimdl01.dat
[2004/08/11 20:14:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/11 19:25:38 | 000,299,073 | ---- | C] () -- C:\WINDOWS\System32\PythonCOM22.dll
[2004/08/11 19:25:38 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes22.dll
[2004/08/11 19:25:16 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2004/08/11 18:16:20 | 000,000,802 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/11 18:14:54 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/11 18:10:51 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/11 18:00:08 | 000,000,549 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/08/11 17:59:42 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/11 17:59:40 | 000,381,692 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/11 17:59:40 | 000,053,436 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/11 11:06:40 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/11 11:05:53 | 000,140,440 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

========== Custom Scans ==========


< %APPDATA%\Microsoft\*.* >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %USERPROFILE%\Desktop\*.exe >
[2011/12/19 12:36:54 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Documents and Settings\HP_Owner.YOUR-86339EB2BF.000\Desktop\aswMBR.exe
[2011/12/19 12:37:42 | 000,879,668 | ---- | M] () -- C:\Documents and Settings\HP_Owner.YOUR-86339EB2BF.000\Desktop\SecurityCheck.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\winn32\*.* >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.exe >
[2011/12/16 21:51:35 | 000,125,912 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\crashreporter.exe
[2011/12/16 21:51:35 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
[2011/12/16 21:51:35 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
[2011/12/16 21:51:35 | 000,269,272 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\updater.exe

< %ProgramFiles%\TinyProxy. >

< %systemroot%\system32\*.* /lockedfiles >
[34 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.* /lockedfiles >

< %PROGRAMFILES%\*. >
[2011/03/10 00:24:33 | 000,000,000 | ---D | M] -- C:\Program Files\32bit
[2011/11/26 23:03:21 | 000,000,000 | ---D | M] -- C:\Program Files\7-Zip
[2011/12/06 00:44:37 | 000,000,000 | ---D | M] -- C:\Program Files\Avira
[2011/12/07 00:07:04 | 000,000,000 | ---D | M] -- C:\Program Files\CCleaner
[2011/12/19 01:18:12 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2009/11/03 20:45:22 | 000,000,000 | ---D | M] -- C:\Program Files\DIFX
[2005/02/04 00:03:37 | 000,000,000 | ---D | M] -- C:\Program Files\DlInst
[2011/11/26 22:49:35 | 000,000,000 | ---D | M] -- C:\Program Files\Foxit Software
[2011/12/17 14:43:45 | 000,000,000 | ---D | M] -- C:\Program Files\Games
[2011/11/27 02:38:48 | 000,000,000 | ---D | M] -- C:\Program Files\Help and Support Additions
[2011/11/29 16:06:10 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2011/12/06 01:32:23 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2011/11/29 02:05:57 | 000,000,000 | ---D | M] -- C:\Program Files\IObit
[2010/06/08 02:28:54 | 000,000,000 | ---D | M] -- C:\Program Files\LSI SoftModem
[2004/08/11 18:13:03 | 000,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2004/08/11 21:03:33 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio
[2011/12/06 19:28:36 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2011/12/19 04:44:31 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2004/08/11 18:09:57 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2011/12/06 01:32:06 | 000,000,000 | ---D | M] -- C:\Program Files\netmeeting
[2011/12/06 19:48:38 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2011/11/29 16:06:11 | 000,000,000 | ---D | M] -- C:\Program Files\Realtek
[2011/11/12 01:01:11 | 000,000,000 | ---D | M] -- C:\Program Files\Realtek AC97
[2009/08/14 15:35:23 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2011/12/19 11:37:54 | 000,000,000 | ---D | M] -- C:\Program Files\Spybot - Search & Destroy
[2011/11/12 00:42:23 | 000,000,000 | ---D | M] -- C:\Program Files\SystemRequirementsLab
[2004/08/11 18:16:01 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2011/10/06 01:25:12 | 000,000,000 | ---D | M] -- C:\Program Files\VideoLAN
[2011/11/29 00:26:57 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Connect 2
[2011/12/06 01:32:56 | 000,000,000 | ---D | M] -- C:\Program Files\windows media player
[2011/12/06 01:32:00 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2004/08/11 18:11:22 | 000,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate
[2004/08/11 18:13:03 | 000,000,000 | ---D | M] -- C:\Program Files\xerox


< MD5 for: AGP440.SYS >
[2011/02/16 20:41:46 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\$NtServicePackUninstall$\sp3.cab:AGP440.sys
[2004/08/04 12:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2004/08/04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:AGP440.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2011/02/16 20:41:46 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\sp3.cab:AGP440.sys
[2008/04/13 11:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 11:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\agp440.sys
[2008/04/14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2011/02/16 20:41:46 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\$NtServicePackUninstall$\sp3.cab:atapi.sys
[2004/08/04 12:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004/08/04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:atapi.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2011/02/16 20:41:46 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\sp3.cab:atapi.sys
[2008/04/13 11:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 11:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\atapi.sys
[2008/04/14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 05:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: DISK.SYS >
[2011/02/16 20:41:46 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\$NtServicePackUninstall$\sp3.cab:disk.sys
[2004/08/04 12:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:disk.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:disk.sys
[2004/08/04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:disk.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:disk.sys
[2011/02/16 20:41:46 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\sp3.cab:disk.sys
[2004/08/04 05:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDOWS\$NtServicePackUninstall$\disk.sys
[2008/04/13 11:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\ServicePackFiles\i386\disk.sys
[2008/04/13 11:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\disk.sys
[2008/04/14 00:10:48 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\system32\drivers\disk.sys

< MD5 for: NETLOGON.DLL >
[2008/04/13 17:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 17:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\netlogon.dll
[2008/04/14 05:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2009/02/06 11:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009/02/06 11:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[2009/02/06 11:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\SoftwareDistribution\Download\78cf8552430e25a8f24bc1e4dfb1970e\sp2qfe\netlogon.dll
[2009/02/06 11:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\SoftwareDistribution\Download\de81b460c3abcfc5b8494c785a5f3944\sp2qfe\netlogon.dll
[2004/08/04 05:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-11-29 19:10:32

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/12/16 21:51:36 | 000,715,176 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/12/16 21:51:36 | 000,715,176 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/12/16 21:51:36 | 000,715,176 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/12/16 21:51:35 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/12/16 21:51:35 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/12/16 21:51:35 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: %systemroot%\system32\shmgrate.exe OCInstallReinstallIE [2008/04/14 05:42:36 | 000,045,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: %systemroot%\system32\shmgrate.exe OCInstallHideIE [2008/04/14 05:42:36 | 000,045,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: %systemroot%\system32\shmgrate.exe OCInstallShowIE [2008/04/14 05:42:36 | 000,045,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "%programfiles%\Internet Explorer\iexplore.exe" [2008/04/14 05:42:24 | 000,093,184 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/12/16 21:51:36 | 000,715,176 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/12/16 21:51:36 | 000,715,176 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/12/16 21:51:36 | 000,715,176 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/12/16 21:51:35 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/12/16 21:51:35 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/12/16 21:51:35 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: %systemroot%\system32\shmgrate.exe OCInstallReinstallIE [2008/04/14 05:42:36 | 000,045,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: %systemroot%\system32\shmgrate.exe OCInstallHideIE [2008/04/14 05:42:36 | 000,045,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: %systemroot%\system32\shmgrate.exe OCInstallShowIE [2008/04/14 05:42:36 | 000,045,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "%programfiles%\Internet Explorer\iexplore.exe" [2008/04/14 05:42:24 | 000,093,184 | ---- | M] (Microsoft Corporation)

========== Alternate Data Streams ==========

@Alternate Data Stream - 180 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4CD3F344
@Alternate Data Stream - 163 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E965A533
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B38BEEEE
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E0888117
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EE5A1867
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B0456F0C
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4EC7F009
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:587F3582
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6A0A47E7
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:639BB5E9
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ED0B32CA
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F5E8CAE0
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F7401CCF
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2B856118
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F89F2593
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1B389835
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:160ADF0B
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:553CA6CA
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E690114B

< End of report >

aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-12-19 14:55:07
-----------------------------
14:55:07.000 OS Version: Windows 5.1.2600 Service Pack 3
14:55:07.000 Number of processors: 1 586 0x304
14:55:07.000 ComputerName: YOUR-86339EB2BF UserName: HP_Owner
14:55:08.062 Initialize success
14:55:13.312 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
14:55:13.312 Disk 0 Vendor: ST340015A 3.15 Size: 38166MB BusType: 3
14:55:15.343 Disk 0 MBR read successfully
14:55:15.343 Disk 0 MBR scan
14:55:15.343 Disk 0 unknown MBR code
14:55:15.343 Disk 0 scanning sectors +78140160
14:55:15.437 Disk 0 scanning C:\WINDOWS\system32\drivers
14:55:25.500 Service scanning
14:55:26.546 Modules scanning
14:55:48.406 Disk 0 trace - called modules:
14:55:48.437 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys intelide.sys PCIIDEX.SYS
14:55:48.437 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x82389030]
14:55:48.453 3 CLASSPNP.SYS[f8581fd7] -> nt!IofCallDriver -> \Device\00000057[0x823cdf18]
14:55:48.453 5 ACPI.sys[f84f8620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x823cf5d8]
14:55:48.984 Scan finished successfully
14:56:26.656 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\HP_Owner.YOUR-86339EB2BF.000\Desktop\MBR.dat"
14:56:26.671 The log file has been saved successfully to "C:\Documents and Settings\HP_Owner.YOUR-86339EB2BF.000\Desktop\aswMBR.txt"

Results of screen317's Security Check version 0.99.29
Windows XP Service Pack 3 x86
Internet Explorer 6 Out of date!
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
Avira Free Antivirus
Norton Internet Security
Norton Personal Firewall
Avira successfully updated!
```````````````````````````````
Anti-malware/Other Utilities Check:
MVPS Hosts File
Spybot - Search & Destroy
CCleaner
Adobe Flash Player 11.1.102.55
Mozilla Firefox (9.0.)
````````````````````````````````
Process Check:
objlist.exe by Laurent
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
``````````End of Log````````````

Hi,


Download Combofix from any of the links below, and save it to your desktop.

Link 1
Link 2
Link 3

When saving ComboFix rename it to Belahzur.exe to prevent it from being blocked by malware.


Refer to this image:

To prevent your anti-virus application interfering with ComboFix we need to disable it. See here for a tutorial regarding how to do so if you are unsure.

• Close any open windows and double click Belahzur.exe to run it.
  
  You will see the following image:
  

Click I Agree to start the program.

ComboFix will then extract the necessary files and you will see this:



As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. This will not occur in Windows Vista and 7

It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

If you did not have it installed, you will see the prompt below. Choose YES.



Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.

Note: Please Do NOT mouseclick combofix's window while its running because it may call it to stall.

ComboFix 11-12-20.04 - HP_Owner 12/20/2011 23:37:41.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.503.347 [GMT -7:00]
Running from: c:\documents and settings\HP_Owner.YOUR-86339EB2BF.000\Desktop\Belahzur.exe
AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Default User\WINDOWS
c:\documents and settings\HP_Owner.YOUR-86339EB2BF.000\WINDOWS
c:\windows\alcrmv.exe
c:\windows\system32\_000021_.tmp.dll
c:\windows\system32\_000022_.tmp.dll
c:\windows\system32\_000023_.tmp.dll
c:\windows\system32\_000024_.tmp.dll
c:\windows\system32\_000025_.tmp.dll
c:\windows\system32\_000026_.tmp.dll
c:\windows\system32\_000035_.tmp.dll
c:\windows\system32\_000036_.tmp.dll
c:\windows\system32\_000037_.tmp.dll
c:\windows\system32\_000038_.tmp.dll
c:\windows\system32\config\systemprofile\WINDOWS
c:\windows\system32\SET102.tmp
c:\windows\system32\SET10B.tmp
c:\windows\system32\SET123.tmp
c:\windows\system32\SET125.tmp
c:\windows\system32\SET13B.tmp
c:\windows\system32\SET147.tmp
c:\windows\system32\SET152.tmp
c:\windows\system32\SET161.tmp
c:\windows\system32\SET177.tmp
c:\windows\system32\SET183.tmp
c:\windows\system32\SET184.tmp
c:\windows\system32\SET185.tmp
c:\windows\system32\SET186.tmp
c:\windows\system32\SET187.tmp
c:\windows\system32\SET190.tmp
c:\windows\system32\SET199.tmp
c:\windows\system32\SET19A.tmp
c:\windows\system32\SET1A9.tmp
c:\windows\system32\SET1CF.tmp
c:\windows\system32\SET217.tmp
c:\windows\system32\SET225.tmp
c:\windows\system32\SET245.tmp
c:\windows\system32\SET246.tmp
c:\windows\system32\SET248.tmp
c:\windows\system32\SET249.tmp
c:\windows\system32\SET24E.tmp
c:\windows\system32\SET256.tmp
c:\windows\system32\SET258.tmp
c:\windows\system32\SETE2.tmp
c:\windows\system32\SETE3.tmp
c:\windows\system32\SETF1.tmp
c:\windows\system32\SETF4.tmp
c:\windows\system32\SETFA.tmp
.
.
((((((((((((((((((((((((( Files Created from 2011-11-21 to 2011-12-21 )))))))))))))))))))))))))))))))
.
.
2011-12-19 18:26 . 2011-12-19 18:37 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-12-19 07:45 . 2011-12-19 07:45 -------- d-----w- c:\documents and settings\All Users\Application Data\CodecCheck
2011-12-19 07:42 . 2011-12-19 07:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Premium
2011-12-19 07:42 . 2011-12-19 07:45 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallMate
2011-12-17 21:43 . 2011-12-17 21:43 -------- d-----w- c:\program files\Games
2011-12-17 20:17 . 2011-12-17 04:51 43992 ----a-w- c:\program files\Mozilla Firefox\mozutils.dll
2011-12-17 20:17 . 2011-12-17 01:20 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll
2011-12-17 20:17 . 2011-12-17 01:20 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll
2011-12-17 20:17 . 2011-12-17 01:20 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll
2011-12-07 04:24 . 2005-06-21 23:43 163840 ----a-w- c:\windows\system32\igfxres.dll
2011-12-07 04:19 . 2005-06-22 00:04 61440 ----a-w- c:\windows\system32\iAlmCoIn_v4342.dll
2011-12-07 04:19 . 2005-06-21 23:44 126976 ----a-w- c:\windows\system32\hkcmd.exe
2011-12-06 20:12 . 2011-12-06 20:12 -------- d-----w- c:\documents and settings\All Users\Application Data\AlawarWrapper
2011-12-06 08:53 . 2011-09-16 06:55 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2011-12-06 08:29 . 2008-04-14 12:41 4255 ------w- c:\windows\system32\drivers\adv01nt5.dll
2011-12-06 08:26 . 2006-12-29 07:31 19569 ----a-w- c:\windows\005115_.tmp
2011-12-06 07:44 . 2011-12-09 08:56 134856 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-12-06 07:44 . 2010-06-17 21:27 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2011-12-06 07:44 . 2011-09-16 06:55 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-12-06 07:44 . 2010-06-17 21:27 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2011-12-06 07:44 . 2011-12-06 07:44 -------- d-----w- c:\program files\Avira
2011-12-06 07:44 . 2011-12-06 07:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2011-12-03 03:59 . 2011-12-03 03:59 -------- d-----w- c:\documents and settings\All Users\Application Data\MumboJumbo
2011-11-29 23:05 . 2011-09-01 02:12 1698408 ----a-w- c:\windows\RtlExUpd.dll
2011-11-29 23:04 . 2011-11-29 23:04 -------- d-----w- c:\documents and settings\HP_OWN~1~000
2011-11-29 09:24 . 2011-11-29 09:24 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
2011-11-29 09:19 . 2011-12-06 07:52 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2011-11-29 08:42 . 2010-10-19 20:51 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-11-29 08:39 . 2009-08-07 02:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2011-11-29 08:39 . 2009-08-07 02:23 215920 ----a-w- c:\windows\system32\muweb.dll
2011-11-29 08:02 . 2011-11-29 08:21 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2011-11-29 07:26 . 2011-11-29 07:26 -------- d-----w- c:\program files\Windows Media Connect 2
2011-11-29 07:24 . 2011-11-29 07:32 -------- d-----w- c:\windows\system32\drivers\UMDF
2011-11-29 07:24 . 2011-11-29 07:24 -------- d-----w- c:\windows\system32\LogFiles
2011-11-28 08:27 . 2011-11-28 08:27 -------- d-----w- c:\windows\system32\Adobe
2011-11-27 07:59 . 2011-11-27 07:59 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-27 07:08 . 2009-02-09 10:20 473088 ----a-w- c:\windows\system32\wbem\SET128.tmp
2011-11-27 07:08 . 2009-02-09 10:20 453120 ----a-w- c:\windows\system32\wbem\SET127.tmp
2011-11-27 07:08 . 2009-02-06 16:39 227840 ----a-w- c:\windows\system32\wbem\SET126.tmp
2011-11-27 06:47 . 2008-04-14 07:16 273024 ------w- c:\windows\system32\drivers\bthport.sys
2011-11-27 06:40 . 2011-10-20 05:16 20312 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2011-11-27 06:03 . 2011-11-27 06:03 -------- d-----w- c:\program files\7-Zip
2011-11-27 05:57 . 2011-10-29 09:26 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-11-27 05:52 . 2011-11-29 07:49 -------- dc----w- c:\windows\system32\DRVSTORE
2011-11-27 05:49 . 2011-11-27 05:49 -------- d-----w- c:\program files\Foxit Software
2011-11-27 05:48 . 2011-12-07 07:07 -------- d-----w- c:\program files\CCleaner
2011-11-27 03:49 . 2011-08-12 20:51 26488 ----a-w- c:\windows\system32\spupdsvc.exe
2011-11-27 03:43 . 2009-08-07 02:24 21728 ----a-w- c:\windows\system32\wucltui.dll.mui
2011-11-27 03:43 . 2009-08-07 02:24 44768 ----a-w- c:\windows\system32\wups2.dll
2011-11-27 03:43 . 2009-08-07 02:24 17632 ----a-w- c:\windows\system32\wuaueng.dll.mui
2011-11-27 03:43 . 2009-08-07 02:24 15072 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2011-11-27 03:43 . 2009-08-07 02:24 15064 ----a-w- c:\windows\system32\wuapi.dll.mui
2011-11-27 03:42 . 2011-11-27 03:42 -------- d-----w- c:\program files\Common Files\Adobe
2011-11-27 03:41 . 2011-11-27 03:41 1409 ----a-w- c:\windows\QTFont.for
2011-11-27 03:32 . 2004-08-04 12:00 221184 ----a-w- c:\windows\system32\wmpns.dll
2011-11-27 03:31 . 2011-12-21 06:47 -------- d-----w- c:\documents and settings\HP_Owner.YOUR-86339EB2BF.000
2011-11-27 03:25 . 2004-05-01 08:37 172032 ----a-w- c:\windows\system32\NVUninst.exe
2011-11-27 03:21 . 2001-08-17 21:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2011-11-27 03:21 . 2008-04-14 12:41 21504 ----a-w- c:\windows\system32\hidserv.dll
2011-11-27 03:21 . 2008-04-14 07:09 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2011-11-27 03:21 . 2008-04-14 07:15 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
2011-11-27 03:21 . 2008-04-14 07:15 6272 ----a-w- c:\windows\system32\drivers\splitter.sys
2011-11-27 03:21 . 2008-04-14 07:47 83072 ----a-w- c:\windows\system32\drivers\wdmaud.sys
2011-11-27 03:21 . 2008-04-14 07:15 52864 ----a-w- c:\windows\system32\drivers\dmusic.sys
2011-11-27 03:20 . 2008-04-14 07:15 56576 ----a-w- c:\windows\system32\drivers\swmidi.sys
2011-11-27 03:20 . 2008-04-14 05:09 142592 ----a-w- c:\windows\system32\drivers\aec.sys
2011-11-27 03:20 . 2008-04-14 07:15 172416 ----a-w- c:\windows\system32\drivers\kmixer.sys
2011-11-27 03:20 . 2008-04-14 07:15 2944 ----a-w- c:\windows\system32\drivers\drmkaud.sys
2011-11-27 03:20 . 2008-04-14 07:45 60800 ----a-w- c:\windows\system32\drivers\sysaudio.sys
2011-11-27 03:20 . 2008-04-14 07:09 7552 ----a-w- c:\windows\system32\drivers\mskssrv.sys
2011-11-27 03:20 . 2008-04-14 07:09 4992 ----a-w- c:\windows\system32\drivers\mspqm.sys
2011-11-27 03:20 . 2008-04-14 07:09 5376 ----a-w- c:\windows\system32\drivers\mspclock.sys
2011-11-27 03:20 . 2008-04-14 07:15 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2011-11-27 03:20 . 2008-04-14 12:42 129536 ----a-w- c:\windows\system32\ksproxy.ax
2011-11-27 03:20 . 2008-04-14 12:41 4096 ----a-w- c:\windows\system32\ksuser.dll
2011-11-27 03:20 . 2008-04-14 07:15 60160 ----a-w- c:\windows\system32\drivers\drmk.sys
2011-11-27 02:48 . 2011-12-07 04:23 -------- dcsh--r- c:\windows\system32\dllcache
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-06 08:36 . 2011-12-06 08:36 3072 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHWWBF4Duet\plugin\bin\jsharpde\pchealthde.exe
2011-12-06 08:36 . 2011-12-06 08:36 98304 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHWWBF4Duet\plugin\bin\PluginCtrl.dll
2011-12-06 08:36 . 2011-12-06 08:36 139264 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHWWBF4Duet\plugin\bin\ContentUpdater.exe
2011-12-06 08:36 . 2011-12-06 08:36 315392 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHWWBF4Duet\plugin\bin\jsharpde\pchmsxml.dll
2011-12-06 08:36 . 2011-12-06 08:36 282624 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHWWBF4Duet\plugin\bin\jsharpde\clientutil52.dll
2011-12-06 08:36 . 2011-12-06 08:36 69632 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHWWBF4Duet\plugin\bin\msxmlwrapper.dll
2011-12-06 08:36 . 2011-12-06 08:36 5632 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHWWBF4Duet\plugin\bin\jsharpde\GUI.dll
2011-12-06 08:36 . 2011-12-06 08:36 356352 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHWWBF4Duet\plugin\bin\jsharpde\client_motkt.dll
2011-12-06 08:35 . 2011-12-06 08:35 4096 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHWWBF4Duet\plugin\bin\winverifytrustwrapper.dll
2011-12-06 08:35 . 2011-12-06 08:35 307200 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHWWBF4Duet\plugin\bin\pchnotify.exe
2011-12-06 08:35 . 2011-12-06 08:35 114688 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHWWBF4Duet\plugin\bin\jsharpde\asst_ui.dll
2011-12-06 08:35 . 2011-12-06 08:35 77824 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHWWBF4Duet\plugin\bin\WinVerifyTrust.dll
2011-12-06 08:35 . 2011-12-06 08:35 159744 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHWWBF4Duet\plugin\bin\PCHButton.exe
2011-12-06 08:35 . 2011-12-06 08:35 344064 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHWWBF4Duet\plugin\bin\jsharpde\api.dll
2011-12-06 08:35 . 2011-12-06 08:35 114688 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHWWBF4Duet\plugin\bin\jsharpde\ZipLib.dll
2011-12-06 08:35 . 2011-12-06 08:35 212992 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHWWBF4Duet\plugin\bin\jsharpde\jsharpinterp.dll
2011-12-06 08:35 . 2011-12-06 08:35 32768 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHWWBF4Duet\plugin\bin\jsharpde\pchapi.dll
2011-12-06 08:35 . 2011-12-06 08:35 49152 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHWWBF4Duet\plugin\bin\jsharpde\hwinv.dll
2011-12-06 08:35 . 2011-12-06 08:35 126976 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHWWBF4Duet\plugin\bin\SearchCtrl.dll
2011-12-06 08:35 . 2011-12-06 08:35 24576 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHWWBF4Duet\plugin\bin\jsharpde\pcdapi.dll
2011-12-06 08:35 . 2011-12-06 08:35 434176 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHWWBF4Duet\plugin\bin\jsharpde\motivede.dll
2011-12-06 08:35 . 2011-12-06 08:35 77824 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHWWBF4Duet\plugin\bin\FDIWrapper.dll
2011-12-06 08:35 . 2011-12-06 08:35 69632 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHWWBF4Duet\plugin\bin\jsharpde\msxmlwrapper.dll
2011-12-06 08:35 . 2011-12-06 08:35 36864 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHWWBF4Duet\plugin\bin\jsharpde\gnu.dll
2011-12-06 08:35 . 2011-12-06 08:35 307200 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHWWBF4Duet\plugin\bin\pchealthplugin.dll
2011-12-06 08:35 . 2011-12-06 08:35 49152 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHWWBF4Duet\plugin\bin\PCHI18N.dll
2011-12-06 08:35 . 2011-12-06 08:35 45056 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHWWBF4Duet\plugin\bin\jsharpde\util.dll
2011-12-06 08:35 . 2011-12-06 08:35 315392 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHWWBF4Duet\plugin\bin\pchmsxml.dll
2011-12-06 08:35 . 2011-12-06 08:35 28672 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHWWBF4Duet\plugin\bin\InetWrap.dll
2011-12-06 08:35 . 2011-12-06 08:35 26572 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHWWBF4Duet\plugin\bin\jsharpde\INV16.dll
2011-10-10 14:22 . 2004-09-20 02:18 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-09-28 07:06 . 2004-09-20 02:17 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 18:41 . 2009-10-08 21:57 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 18:41 . 2004-09-20 02:19 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 18:41 . 2004-09-20 02:19 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-12-17 04:51 . 2011-10-15 08:56 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 5"="c:\program files\IObit\Advanced SystemCare 5\ASCTray.exe" [2011-12-12 619352]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2004-04-15 233472]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 57344]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-09-23 258512]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 5
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2005-06-21 23:48 155648 ----a-w- c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SNDSrvc"=3 (0x3)
"ccSetMgr"=2 (0x2)
"ccPwdSvc"=3 (0x3)
"ccProxy"=2 (0x2)
"ccEvtMgr"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [12/6/2011 1:53 AM 36000]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [12/6/2011 12:44 AM 86224]
S3 Lavasoft Kernexplorer;Lavasoft helper driver; [x]
S3 PROCEXP150;PROCEXP150; [x]
S4 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\IObit\Advanced SystemCare 5\ASCService.exe [11/26/2011 11:50 AM 494424]
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-21 c:\windows\Tasks\ASC5_AutoCare.job
- c:\program files\IObit\Advanced SystemCare 5\AutoCare.exe [2011-11-26 00:59]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
TCP: Interfaces\{72D43FCA-2635-4918-9C4C-A1572A3EA065}: NameServer = 8.8.8.8,8.8.4.4
FF - ProfilePath - c:\documents and settings\HP_Owner.YOUR-86339EB2BF.000\Application Data\Mozilla\Firefox\Profiles\fqxnn2e4.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-VTTimer - VTTimer.exe
MSConfigStartUp-ccApp - c:\program files\common files\symantec shared\ccapp.exe
MSConfigStartUp-SSC_UserPrompt - c:\program files\common files\symantec shared\security center\usrprmpt.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-20 23:49
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2011-12-20 23:53:53
ComboFix-quarantined-files.txt 2011-12-21 06:53
.
Pre-Run: 20,234,235,904 bytes free
Post-Run: 20,223,512,576 bytes free
.
- - End Of File - - 821EA3EFB1CF5269B568E1AD97B860D4

Run ESET Online Scan
Please do an online scan with ESET Online Scanner. Please use Internet Explorer as it uses ActiveX.

• Check (tick) this box: YES, I accept the Terms of Use.
  
• Click on the Start button next to it.
  
• When prompted to run ActiveX. click Yes.
  
• You will be asked to install an ActiveX. Click Install.
  
• Once installed, the scanner will be initialized.
  
• After the scanner is initialized, click Start.
  
• Check (tick) Remove found threats box.
  
• Check (tick) Scan unwanted applications.
  
• Click on Scan.
  
• It will start scanning. Please be patient.
  
• Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.
  

# iexplore.exe=6.00.2900.5512 (xpsp.080413-2105)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=edc8a42da51a5e49ad1e975cbccd5067
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-12-23 06:52:30
# local_time=2011-12-22 11:52:30 (-0700, US Mountain Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1792 16777175 100 0 539709 539709 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=64907
# found=2
# cleaned=2
# scan_time=4366
C:\Documents and Settings\HP_Owner.YOUR-86339EB2BF\My Documents\Downloads\Driver Genius Pro [v9.0.0.190] [Full] [ELCANGRI][DarksideRG]\1- Setup\Driver.Genius.9.Professional.EXE probably a variant of Win32/Agent.BJSCQS trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP206\A0029740.EXE probably a variant of Win32/Agent.BJSCQS trojan (deleted - quarantined) 00000000000000000000000000000000 C

Please download CKScanner by askey127 from here
Save it to your desktop.

• Doubleclick CKScanner.exe and click Search For Files.
  
• After a very short time, when the cursor hourglass disappears, click Save List To File.
  
• A message box will verify that the file is saved.
  
• Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.
  

CKScanner - Additional Security Risks - These are not necessarily bad
c:\documents and settings\hp_owner.your-86339eb2bf\my documents\downloads\driver genius pro [v9.0.0.190] [full] [elcangri][darksiderg]\3- crack\how to.txt
scanner sequence 3.AP.11.MBNAAH
----- EOF -----

Congratulations!! Your PC is all clean! ;D

To uninstall ComboFix

• Click the Start button. Click Run. For Vista: type in Run in the Start search, and click on Run in the results pane.
  
• In the field, type in ComboFix /uninstall
  

(Note: Make sure there's a space between the word ComboFix and the forward-slash.)

• Then, press Enter, or click OK.
  
• This will uninstall ComboFix, delete its folders and files, hides System files and folders, and resets System Restore.
  

=========



Please run OTL.exe.

• Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  :files
  c:\documents and settings\hp_owner.your-86339eb2bf\my documents\downloads\driver genius pro [v9.0.0.190] [full] [elcangri][darksiderg]
  
  :Commands
  [emptytemp]
  [emptyflash]
  [clearallrestorepoints]
  [reboot]
  
  Return to OTL.exe, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.
  
• Click the red Run Fix button.
  
• A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  
• Close OTL.exe
  

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

======

Remove OTL:

To remove all of the tools we used and the files and folders they created do the following:
Double click OTL.exe.

• Click the CleanUp button.
  
• Select Yes when the "Begin cleanup Process?" prompt appears.
  
• If you are prompted to Reboot during the cleanup, select Yes.
  
• The tool will delete itself once it finishes.
  

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.
=======

Download [URL="http://screen317.changelog.fr/SecurityCheck.exe"]Security Check[/URL] by screen317 and save it to your Desktop.

• Double-click Security Check.exe to start the application
  
• Follow the onscreen instructions inside of the black box.
  
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  

Note: if a security program requests permission from dig.exe to access the Internet, allow it to do so.
=======

In your next reply:
[/U]
Please confirm removal of the tools
Post the SecurityCheck log

All processes killed
========== FILES ==========
c:\documents and settings\hp_owner.your-86339eb2bf\my documents\downloads\Driver Genius Pro [v9.0.0.190] [Full] [ELCANGRI][DarksideRG]\3- Crack folder moved successfully.
c:\documents and settings\hp_owner.your-86339eb2bf\my documents\downloads\Driver Genius Pro [v9.0.0.190] [Full] [ELCANGRI][DarksideRG]\2- Serial folder moved successfully.
c:\documents and settings\hp_owner.your-86339eb2bf\my documents\downloads\Driver Genius Pro [v9.0.0.190] [Full] [ELCANGRI][DarksideRG]\1- Setup folder moved successfully.
c:\documents and settings\hp_owner.your-86339eb2bf\my documents\downloads\Driver Genius Pro [v9.0.0.190] [Full] [ELCANGRI][DarksideRG] folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32768 bytes

User: HP_Owner
->Temp folder emptied: 82368 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->FireFox cache emptied: 32258377 bytes
->Flash cache emptied: 291 bytes

User: HP_Owner.HOEK
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->FireFox cache emptied: 25766969 bytes
->Flash cache emptied: 903 bytes

User: HP_Owner.YOUR-86339EB2BF
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 44956581 bytes
->Flash cache emptied: 1416 bytes

User: HP_Owner.YOUR-86339EB2BF.000
->Temp folder emptied: 6812233 bytes
->Temporary Internet Files folder emptied: 32835 bytes
->FireFox cache emptied: 49591127 bytes
->Google Chrome cache emptied: 6803746 bytes
->Flash cache emptied: 1115 bytes

User: HP_OWN~1~000

User: HP_OWN~1~YOU

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 754560 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 159.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User

User: HP_Owner
->Flash cache emptied: 0 bytes

User: HP_Owner.HOEK
->Flash cache emptied: 0 bytes

User: HP_Owner.YOUR-86339EB2BF
->Flash cache emptied: 0 bytes

User: HP_Owner.YOUR-86339EB2BF.000
->Flash cache emptied: 0 bytes

User: HP_OWN~1~000

User: HP_OWN~1~YOU

User: LocalService

User: NetworkService
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

Restore points cleared and new OTL Restore Point set!

OTL by OldTimer - Version 3.2.31.0 log created on 12292011_221138

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Results of screen317's Security Check version 0.99.24
Windows XP Service Pack 3 x86
Internet Explorer 6 Out of date!
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
Avira Free Antivirus
Norton Internet Security
Norton Personal Firewall
Avira successfully updated!
```````````````````````````````
Anti-malware/Other Utilities Check:
CCleaner
Adobe Flash Player 11.1.102.55
Mozilla Firefox (x86 en-US..)
````````````````````````````````
Process Check:
objlist.exe by Laurent
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
``````````End of Log````````````

How is the machine running now?