WiredWX Hobby Weather ToolsLog in

 


Searching blocked by Google

2 posters

descriptionSearching blocked by Google EmptySearching blocked by Google3rd May 2012, 1:02 pm

more_horiz
Over the last week I have been getting repeated requests from Google for captchas to verify I am not a robot. Today, for the first time Google blocked me, with this message:
We're sorry...but your computer or network may be sending automated queries. To protect our users, we can't process your request right now.
Yesterday I downloaded the new version of Malwarebytes, updated and scanned my entire computer. It found nothing. I regularly update daily my Avira. I am stumped and I have no idea what to do next. Any suggestions?

descriptionSearching blocked by Google EmptyRe: Searching blocked by Google3rd May 2012, 2:17 pm

more_horiz
Please visit this webpage for a tutorial on downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

See the area: Using ComboFix, and when done, post the log back here.

descriptionSearching blocked by Google EmptyRe: Searching blocked by Google4th May 2012, 12:24 pm

more_horiz
Thanks so much. After I posted here, I installed and ran SpywareBlaster, then Emsisoft anti malware and Immunet. Between them all about 7 trojans and over 100 problems were identified which I cleaned. Then today, when I booted up and went online, I am still blocked by Google. I was able to use Bing. I kept getting a stream of messages from Emsisoft that my computer was making calls out to various websites and trying to download software, some of those sites having a .ru extension. This after extensive cleaning yesterday. When I tried to download Combofix, Emsisoft and both Immunet identified it as a malicious program and quarantined it. I had to uninstall them both to accomplish the download and execution of combofix. I am still blocked by Google. Thank you so much for this.
Here is my log file:

ComboFix 12-05-03.03 - Carolyn Blake 05/04/2012 14:36:16.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3037.2436 [GMT 3:00]
Running from: c:\documents and settings\Carolyn Blake\Desktop\ComboFix.exe
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Carolyn Blake\g2mdlhlpx.exe
c:\documents and settings\Carolyn Blake\new.txt
c:\windows\~INSX362.EXE
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\roboot.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-04-04 to 2012-05-04 )))))))))))))))))))))))))))))))
.
.
2012-05-03 21:32 . 2012-05-03 21:32 -------- d-----w- c:\documents and settings\Carolyn Blake\Application Data\Immunet
2012-05-03 16:50 . 2012-05-03 16:50 -------- d-----w- c:\documents and settings\Carolyn Blake\Application Data\Meridian93
2012-05-03 15:51 . 2012-05-03 15:51 -------- d-----w- c:\program files\Emsisoft HiJackFree
2012-05-03 13:13 . 2012-05-03 13:13 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-05-03 13:13 . 2012-05-03 13:13 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2012-05-01 13:23 . 2012-05-01 13:23 -------- d-----w- c:\program files\HMA! Pro VPN
2012-04-28 08:06 . 2012-05-03 16:47 -------- d-----w- c:\documents and settings\Carolyn Blake\Application Data\LegacyInteractive
2012-04-27 20:56 . 2012-04-27 20:59 -------- d-----w- c:\documents and settings\Carolyn Blake\Application Data\ImgBurn
2012-04-27 20:52 . 2012-04-27 20:52 -------- d-----w- c:\program files\ImgBurn
2012-04-27 18:06 . 2012-04-27 18:06 -------- d-----w- c:\documents and settings\All Users\Application Data\DailyMagic
2012-04-27 17:41 . 2012-04-27 17:42 -------- d-----w- c:\program files\Vampire Saga - Break Out
2012-04-27 15:15 . 2012-04-27 15:49 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-27 15:14 . 2012-05-03 21:15 -------- d-----w- c:\windows\system32\logs
2012-04-23 16:12 . 2012-04-27 10:27 -------- d-----w- c:\documents and settings\Carolyn Blake\Local Settings\Application Data\Roozz
2012-04-21 09:47 . 2012-04-21 09:47 -------- d-----w- C:\AirTies
2012-04-21 09:47 . 2012-04-21 09:47 -------- d-----w- c:\documents and settings\Carolyn Blake\Local Settings\Application Data\AirTies
2012-04-20 15:40 . 2012-04-26 13:19 -------- d-----w- c:\program files\AirTies
2012-04-20 15:40 . 2012-04-20 15:40 -------- d-----w- c:\documents and settings\All Users\Application Data\AirTies
2012-04-12 10:13 . 2012-04-12 16:38 -------- d-----w- c:\documents and settings\Carolyn Blake\Application Data\calibre
2012-04-12 10:12 . 2012-04-30 17:48 -------- d-----w- c:\program files\Calibre2
2012-04-04 21:05 . 2011-05-12 12:05 18816 ------w- c:\windows\system32\SAVRKBootTasks.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-27 15:49 . 2011-05-13 04:33 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-04 12:56 . 2012-01-18 12:29 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-20 12:24 . 2010-01-18 06:30 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-03-20 12:24 . 2010-01-18 06:30 499712 ----a-w- c:\windows\system32\msvcp71.dll
2012-02-22 14:05 . 2012-02-22 14:05 7680 ----a-w- c:\windows\~INSX462.EXE
2011-09-29 06:53 . 2011-10-05 14:10 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-01 15:08 143360 ----a-w- c:\program files\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-10-13 17351304]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-05-01 3905920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ACMON"="c:\program files\ASUS\Splendid\ACMON.exe" [2009-07-23 544768]
"HDAudDeck"="c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe" [2009-03-23 33599488]
"ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2009-03-30 418816]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Aspwdflt]
2009-02-10 18:33 1556480 ----a-w- c:\program files\ASUS\ASUS Data Security Manager\ASPWDFLT.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli c:\program files\ASUS\ASUS Data Security Manager\ASPWDFLT
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AirTies Utility.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AirTies Utility.lnk
backup=c:\windows\pss\AirTies Utility.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoUpdate Monitor.lnk]
backup=c:\windows\pss\AutoUpdate Monitor.lnkCommon Startup
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AutoUpdate Monitor.lnk
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^FancyStart daemon.lnk]
backup=c:\windows\pss\FancyStart daemon.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^OnlyWire.LNK]
backup=c:\windows\pss\OnlyWire.LNKCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Ralink Wireless Utility.lnk]
backup=c:\windows\pss\Ralink Wireless Utility.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Carolyn Blake^Start Menu^Programs^Startup^K-Meleon Loader.lnk]
backup=c:\windows\pss\K-Meleon Loader.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACMON]
2009-07-23 08:30 544768 ----a-w- c:\program files\ASUS\Splendid\ACMON.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ADSMTray]
2008-03-31 21:09 266240 -c--a-w- c:\program files\ASUS\ASUS Data Security Manager\ADSMTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AmIcoSinglun]
2009-04-02 18:28 237568 -c--a-w- c:\program files\AmIcoSingLun\AmIcoSinglun.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Camera ScreenSaver]
2010-02-15 21:14 47672 ----a-w- c:\windows\AsScrProlog.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Live Update]
2007-11-30 09:20 51768 -c--a-w- c:\program files\ASUS\ASUS Live Update\ALU.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Screen Saver Protector]
2010-02-15 21:14 3054136 ----a-w- c:\windows\AsScrPro.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATKHOTKEY]
2009-08-12 12:20 178816 ----a-w- c:\program files\ASUS\ATK Hotkey\HControl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATKMEDIA]
2009-04-07 07:34 159744 -c--a-w- c:\program files\ASUS\ATK Media\DMedia.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATKOSD2]
2009-03-04 08:26 8392704 -c--a-w- c:\program files\ASUS\ATKOSD2\ATKOSD2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 12:00 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-07-28 23:08 1259376 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ETDWare]
2009-03-30 09:04 418816 ----a-r- c:\program files\Elantech\ETDCtrl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-07-29 19:28 136176 ----atw- c:\documents and settings\Carolyn Blake\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HControlUser]
2009-06-19 08:29 105016 ----a-w- c:\program files\ASUS\ATK Hotkey\HControlUser.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HDAudDeck]
2009-03-23 13:06 33599488 ----a-w- c:\program files\VIA\VIAudioi\HDADeck\HDECK.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2009-02-26 05:37 173592 ----a-w- c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2009-11-18 13:13 54576 -c--a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2009-02-26 05:37 141336 ----a-w- c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
2008-04-14 12:00 208952 -c--a-w- c:\windows\ime\imjp8_1\imjpmig.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
2008-04-14 12:00 59392 -c--a-w- c:\windows\system32\IME\PINTLGNT\IMSCINST.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Net4Switch]
2007-11-20 11:44 1145400 ------w- c:\program files\ASUS\Net4Switch\Net4Switch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2009-02-26 05:37 142360 ----a-w- c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
2008-04-14 12:00 455168 -c--a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
2008-04-14 12:00 455168 -c--a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 12:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2011-10-13 07:27 17351304 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2011-08-18 15:43 1242448 ----a-w- c:\program files\Steam\Steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-06-09 11:06 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2010-09-17 08:28 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2012-03-20 12:24 296056 ----a-w- c:\program files\real\realplayer\Update\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VivoxHDN]
2011-07-12 15:21 8378728 ----a-w- c:\documents and settings\All Users\Application Data\Vivox\HDN\Current\Vivox.HDN.Up.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wireless Console 3]
2009-02-06 14:13 1593344 -c--a-w- c:\program files\ASUS\Wireless Console 3\wcourier.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\Carolyn Blake\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\Carolyn Blake\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"c:\\Program Files\\oDC\\oDC.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Micro Niche Finder 5.0\\MicroNicheFinder.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Vivox\\VVS\\Current\\VivoxVoiceService.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\hammerfight\\Hammerfight.exe"=
"c:\\Program Files\\BitTorrent\\BitTorrent.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\cogs\\cogs.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\crayon physics deluxe\\launcher.exe"=
"c:\\Program Files\\Steam\\steamapps\\rx7chick\\half-life source\\hl2.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\OnlyWire\\OnlyWireWindows.exe"=
"c:\\Program Files\\Sophos\\Sophos Anti-Rootkit\\sargui.exe"=
"c:\\Program Files\\Steam\\steamapps\\rx7chick\\half-life\\hl.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1319:TCP"= 1319:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [9/6/2010 6:27 PM 436792]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 7:27 PM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/13/2011 12:55 AM 67664]
R1 SAVRKBootTasks;Boot Tasks Driver;c:\windows\system32\SAVRKBootTasks.sys [4/5/2012 12:05 AM 18816]
R1 vcdrom;Virtual CD-ROM Device Driver;c:\windows\system32\drivers\VCdRom.sys [9/6/2010 4:09 PM 8576]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/12/2011 2:38 AM 116608]
R3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\drivers\ETD.sys [2/16/2010 12:15 AM 129024]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2/15/2010 11:56 PM 1057280]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/16/2010 12:36 AM 135664]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/27/2012 6:15 PM 253088]
S3 ASUSProcObsrv;ASUS Process Creation/Termination Observer;\??\e:\i386\AsProcOb.sys --> e:\i386\AsProcOb.sys [?]
S3 CRFILTER;USB Mass Storage Filter;c:\windows\system32\drivers\CRFILTER.sys [4/7/2008 9:00 AM 6656]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [9/24/2011 10:08 PM 13192]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [9/24/2011 10:08 PM 8456]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/16/2010 12:36 AM 135664]
S3 ipswuio;ipswuio;c:\windows\system32\drivers\ipswuio.sys [2/16/2010 12:02 AM 41656]
S3 L6TPortGX;Service - Line 6 TonePort GX;c:\windows\system32\Drivers\L6TPortGX.sys --> c:\windows\system32\Drivers\L6TPortGX.sys [?]
S3 L6UX2;Service - Line 6 UX2;c:\windows\system32\Drivers\L6UX2.sys --> c:\windows\system32\Drivers\L6UX2.sys [?]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\76.tmp --> c:\windows\system32\76.tmp [?]
S3 SRS_AE_Service;SRS Audio Essentials;c:\windows\system32\drivers\SRS_AE_i386.sys [9/14/2011 4:55 PM 404256]
S3 SRS_PremiumSound_Service;SRS Labs Premium Sound;c:\windows\system32\drivers\SRS_PremiumSound_i386.sys [2/16/2010 12:03 AM 233128]
S3 usbvm328;A4 TECH USB2.0 PC Camera G;c:\windows\system32\Drivers\vmcam326av.sys --> c:\windows\system32\Drivers\vmcam326av.sys [?]
S3 vvftav326_a4;VC0326 Camera Filter Service A4 TECH;c:\windows\system32\drivers\vvftav326.sys --> c:\windows\system32\drivers\vvftav326.sys [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-27 15:49]
.
2012-04-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 14:57]
.
2012-05-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-15 21:36]
.
2012-05-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-15 21:36]
.
2012-05-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-823518204-606747145-1177238915-1003Core.job
- c:\documents and settings\Carolyn Blake\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-29 19:28]
.
2012-05-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-823518204-606747145-1177238915-1003UA.job
- c:\documents and settings\Carolyn Blake\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-29 19:28]
.
2012-05-04 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-823518204-606747145-1177238915-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-01-30 15:45]
.
2012-05-03 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-823518204-606747145-1177238915-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-01-30 15:45]
.
2012-05-03 c:\windows\Tasks\User_Feed_Synchronization-{AD86CA84-E512-4EF7-9AEF-BA4F952FD154}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride =
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
Trusted Zone: google.com\mail
Trusted Zone: line6.net
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\documents and settings\Carolyn Blake\Application Data\Mozilla\Firefox\Profiles\du4iocr7.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://google.com/ncr
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?AF=111434&babsrc=adbartrp&mntrId=503c68bf00000000000000ffc0613c78&q=
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.sessionstore.resume_from_crash - false
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
FF - user.js: extensions.BabylonToolbar_i.id - 503c68bf00000000000000ffc0613c78
FF - user.js: extensions.BabylonToolbar_i.hardId - 503c68bf00000000000000ffc0613c78
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15414
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1714:11
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=111434
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
MSConfigStartUp-APSDaemon - c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
MSConfigStartUp-Mobile Partner - c:\program files\VINN\VINN.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-04 14:44
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HDAudDeck = c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe 1????????????????????????????????????????????????
.
scanning hidden files ...
.
.
C:\ADSM_PData_0150
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\76.tmp"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1016)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\program files\ASUS\ASUS Data Security Manager\ASPWDFLT.dll
.
- - - - - - - > 'lsass.exe'(1072)
c:\program files\ASUS\ASUS Data Security Manager\ASPWDFLT.dll
.
Completion time: 2012-05-04 14:47:01
ComboFix-quarantined-files.txt 2012-05-04 11:46
ComboFix2.txt 2011-12-27 20:15
.
Pre-Run: 9,190,551,552 bytes free
Post-Run: 9,829,380,096 bytes free
.
- - End Of File - - 6E3D8306B36B94B86919D2C3A3CED9B7

descriptionSearching blocked by Google EmptyRe: Searching blocked by Google4th May 2012, 2:48 pm

more_horiz
Please download 7-Zip and install it. If you already have it, no need to reinstall.

Then, download RootkitUnhooker and save the setup to your Desktop.

  • Right-click on the RootkitUnhooker setup and mouse-over 7-Zip then click Extract to "RKU***"
  • Once that is done, enter the folder, and double-click on the setup file. Navigate through setup and finish.
  • Once that is done, you will see another folder that was created inside the RKU folder. Enter that folder, and double-click on the randomly named file. (It will be alpha-numeric and have an EXE extension on it.)
  • It will initialize itself and load the scanner. It will also install its driver. Please wait for the interface to begin.
  • Once inside the interface, do not fix anything. Click on the Report tab.
  • Next, click on the Scan button and a popup will show. Make sure all are checked, then click on OK. It will begin scanning. When it gets to the Files tab, it will ask you what drives to scan. Just select C:\ and hit OK.
  • It will finish in about 5 minutes or a little longer depending on how badly infected the system is, or if your security software is enabled.
  • When finished, it will show the report in the Report tab. Please copy all of it, and post it in your next reply. Depending on how large the log is, you may have to use two or three posts to get all the information in.

descriptionSearching blocked by Google EmptyRe: Searching blocked by Google4th May 2012, 7:02 pm

more_horiz
I followed your instructions. Here is the report.

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #2
==============================================
>SSDT State
==============================================
ntkrnlpa.exe-->NtCreateKey, Type: Address change 0x806237E2-->B9ECFA50 [sptd.sys]
ntkrnlpa.exe-->NtEnumerateKey, Type: Address change 0x80624022-->B9F03FFE [sptd.sys]
ntkrnlpa.exe-->NtEnumerateValueKey, Type: Address change 0x8062428C-->B9F0438C [sptd.sys]
ntkrnlpa.exe-->NtNotifyChangeKey, Type: Address change 0x806259A8-->A703E004 [C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys]
ntkrnlpa.exe-->NtNotifyChangeMultipleKeys, Type: Address change 0x806245F8-->A703E0D4 [C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys]
ntkrnlpa.exe-->NtOpenKey, Type: Address change 0x80624BB4-->B9ECFA30 [sptd.sys]
ntkrnlpa.exe-->NtOpenProcess, Type: Address change 0x805CB43A-->A703DD76 [C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys]
ntkrnlpa.exe-->NtQueryKey, Type: Address change 0x80624EDA-->B9F04464 [sptd.sys]
ntkrnlpa.exe-->NtQueryValueKey, Type: Address change 0x80621A1A-->B9F042E4 [sptd.sys]
ntkrnlpa.exe-->NtSetValueKey, Type: Address change 0x80621D68-->B9F044F6 [sptd.sys]
ntkrnlpa.exe-->NtTerminateProcess, Type: Address change 0x805D29DC-->A7A5D640 [C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS]
ntkrnlpa.exe-->NtTerminateThread, Type: Address change 0x805D2BD6-->A703DEBA [C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys]
ntkrnlpa.exe-->NtWriteVirtualMemory, Type: Address change 0x805B43C2-->A703DF56 [C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys]
==============================================
>Shadow
==============================================
win32k.sys-->NtUserGetAsyncKeyState, Type: Address change 0xBF849245-->A703E59E [C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys]
win32k.sys-->NtUserGetKeyboardState, Type: Address change 0xBF8526BA-->A703E50A [C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys]
win32k.sys-->NtUserGetKeyState, Type: Address change 0xBF820E4A-->A703E54A [C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys]
win32k.sys-->NtUserSetWindowsHookEx, Type: Address change 0xBF85277A-->A703E49C [C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys]
==============================================
>Processes
==============================================
0x8ADFD660 [4] System
0x86166438 [184] C:\WINDOWS\system32\alg.exe (Microsoft Corporation, Application Layer Gateway Service)
0x863A6DA0 [444] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp., ETD Ware TSR Enhancements)
0x863D33E8 [656] C:\WINDOWS\explorer.exe (Microsoft Corporation, Windows Explorer)
0x863B4B10 [692] C:\Program Files\Google\Update\1.3.21.111\GoogleCrashHandler.exe (Google Inc., Google Crash Handler)
0x863CF950 [904] C:\Program Files\ASUS\Splendid\ACMON.exe (ATK, ACMON )
0x863D1B00 [916] C:\Program Files\VIA\VIAudioi\HDADeck\HDECK.EXE (VIA Technologies, Inc., HDeck MFC Application)
0x8ABB2438 [944] C:\WINDOWS\system32\smss.exe (Microsoft Corporation, Windows NT Session Manager)
0x85E4C020 [952] C:\WINDOWS\system32\spider.exe (Microsoft Corporation, Spider)
0x8634A758 [956] C:\WINDOWS\system32\ACEngSvr.exe (ASUSTeK, ACEngSvr Module)
0x848B7100 [1164] C:\WINDOWS\system32\notepad.exe (Microsoft Corporation, Notepad)
0x8AC52578 [1224] C:\WINDOWS\system32\csrss.exe (Microsoft Corporation, Client Server Runtime Process)
0x8AC42BA8 [1252] C:\WINDOWS\system32\winlogon.exe (Microsoft Corporation, Windows NT Logon Application)
0x85F8D660 [1292] C:\Program Files\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o., AVG Watchdog Service)
0x8ABAC020 [1300] C:\WINDOWS\system32\services.exe (Microsoft Corporation, Services and Controller app)
0x8A5A9188 [1312] C:\WINDOWS\system32\lsass.exe (Microsoft Corporation, LSA Shell (Export Version))
0x8638F430 [1464] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x8AD0B3F0 [1532] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x8AD085E8 [1572] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x8A5B72D8 [1652] C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe (ASUS, HControlUser)
0x86352500 [1664] C:\Program Files\ASUS\ATK Hotkey\HControl.exe (ASUS, HControl)
0x86376020 [1708] C:\Program Files\ASUS\ATK Hotkey\ATKOSD.exe (ASUS, ATKOSD)
0x8AC28D78 [1716] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x8627AB78 [1728] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com, SUPERAntiSpyware Application)
0x863E8DA0 [1744] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x86387358 [1772] C:\Program Files\ASUS\ATK Hotkey\KBFiltr.exe (ASUS, KBFiltr)
0x8640DC28 [1784] C:\Program Files\ASUS\ATK Hotkey\WDC.exe (ASUS, WDC)
0x863E6BA8 [1884] C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A., Skype )
0x86273B78 [1924] C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe (ASUSTek Computer Inc., ADSMSrv)
0x8626C950 [1940] C:\Program Files\ATKGFNEX\GFNEXSrv.exe (-, GFNEXSrv)
0x8642B800 [1996] C:\WINDOWS\system32\spoolsv.exe (Microsoft Corporation, Spooler SubSystem App)
0x8632D500 [2068] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x86227DA0 [2104] C:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com, Core Service)
0x86221758 [2204] C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation, Internet Information Services)
0x8434F7F8 [2224] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation, CTF Loader)
0x8620B728 [2240] C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc., Java(TM) Quick Starter Service)
0x8301E630 [2264] C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org, OpenOffice.org 3.3)
0x861AB4B0 [2304] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x86198728 [2488] C:\Program Files\CDBurnerXP\NMSAccessU.exe
0x86184378 [2500] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x86198B78 [2536] C:\Program Files\Sophos\AutoUpdate\ALsvc.exe (Sophos Plc, Sophos AutoUpdate Service.)
0x8618D950 [2568] C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe (-, spmgr Module)
0x86193718 [2608] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x86175DA0 [2876] C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation, Microsoft® Windows Live ID Service)
0x830D4020 [2924] C:\Program Files\OpenOffice.org 3\program\soffice.bin (OpenOffice.org, OpenOffice.org 3.3)
0x85F93020 [3244] C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation, Firefox)
0x842C7848 [3340] C:\Program Files\Mozilla Firefox\plugin-container.exe (Mozilla Corporation, Plugin Container for Firefox)
0x8A5ADDA0 [3552] C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation, Microsoft® Windows Live ID Service Monitor)
0x85FE5A10 [3628] C:\Program Files\Mozilla Firefox\plugin-container.exe (Mozilla Corporation, Plugin Container for Firefox)
0x85DFE4C8 [3656] C:\Documents and Settings\Carolyn Blake\Desktop\RkU3.8.388.590\MustBeRandomlyNamed\M2b3rc2c4q.exe (UG North, RKULE, SR2 Normandy)
0x84F8EB68 [3664] C:\Program Files\OpenOffice.org 3\program\swriter.exe (OpenOffice.org, OpenOffice.org Writer)
0x8AC93020 [4084] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o., AVG Tray Monitor)
0x8A5DA738 [5860] C:\WINDOWS\system32\wscntfy.exe (Microsoft Corporation, Windows Security Center Notification App)
==============================================
>Drivers
==============================================
0xB89E7000 C:\WINDOWS\system32\DRIVERS\igxpmp32.sys 6316032 bytes (Intel Corporation, Intel Graphics Miniport Driver)
0xBF324000 C:\WINDOWS\System32\igxpdx32.DLL 3518464 bytes (Intel Corporation, DirectDraw(R) Driver for Intel(R) Graphics Technology)
0xBF05F000 C:\WINDOWS\System32\igxpdv32.DLL 2904064 bytes (Intel Corporation, Component GHAL Driver)
0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2150400 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2150400 bytes
0x804D7000 RAW 2150400 bytes
0x804D7000 WMIxWDM 2150400 bytes
0xBF800000 Win32k 1847296 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1847296 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xA7E26000 C:\WINDOWS\system32\DRIVERS\snp2uvc.sys 1753088 bytes (-, UVC Camera Streaming Driver)
0xB8817000 C:\WINDOWS\system32\DRIVERS\athw.sys 1507328 bytes (Atheros Communications, Inc., Driver for Atheros AR5008 Wireless Network Adapter)
0xA803F000 C:\WINDOWS\system32\drivers\monfilt.sys 1392640 bytes (Creative Technology Ltd., Creative WDM Audio Driver (32-bit))
0xB9E94000 PCI_PNP7090 1126400 bytes
0xB9E94000 sptd.sys 1126400 bytes
0xA81B7000 C:\WINDOWS\system32\drivers\viahduaa.sys 1060864 bytes (VIA Technologies, Inc., VIA High Definition Audio Function Driver)
0xB9D0A000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xA7990000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xB86E5000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xA7CFA000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xA6DB6000 C:\WINDOWS\system32\DRIVERS\srv.sys 335872 bytes (Microsoft Corporation, Server driver)
0xA7C67000 C:\WINDOWS\system32\DRIVERS\avgtdix.sys 294912 bytes (AVG Technologies CZ, s.r.o., AVG Network connection watcher)
0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 286720 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xA673C000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xBF024000 C:\WINDOWS\System32\igxpgd32.dll 241664 bytes (Intel Corporation, Intel Graphics 2D Driver)
0xB879B000 C:\WINDOWS\System32\Drivers\ae80khu3.SYS 233472 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
0xA7908000 C:\WINDOWS\system32\DRIVERS\avgldx86.sys 229376 bytes (AVG Technologies CZ, s.r.o., AVG AVI Loader Driver)
0xB8743000 C:\WINDOWS\system32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0xB9E4E000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xA6FC0000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xB9CDD000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xA475E000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xA7A28000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xB8987000 C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 163840 bytes (Windows (R) Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a)
0xA7B9B000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xB9DF8000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver)
0xA7C29000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xA8193000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xB89AF000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xB87D4000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xA6601000 C:\WINDOWS\System32\Drivers\RDPWD.SYS 143360 bytes (Microsoft Corporation, RDP Terminal Stack Driver (US/Canada Only, Not for Export))
0xA7B79000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xA7A53000 C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS 139264 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASKUTIL.SYS)
0xA6A75000 C:\WINDOWS\system32\DRIVERS\avgidsdriverx.sys 135168 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Driver.)
0x806E4000 ACPI_HAL 134400 bytes
0x806E4000 C:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xB87F7000 C:\WINDOWS\system32\DRIVERS\ETD.sys 131072 bytes (ELAN Microelectronic Corp., ETD Ware TSR Enhancements)
0xB9DC0000 fltMgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xB9E1E000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xB9CC3000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xB9DE0000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xB9E7C000 C:\WINDOWS\System32\Drivers\SCSIPORT.SYS 98304 bytes (Microsoft Corporation, SCSI Port Driver)
0xB9D97000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xB8784000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xA744B000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xB89D3000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xA7D53000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xBF012000 C:\WINDOWS\System32\igxprd32.dll 73728 bytes (Intel Corporation, Intel Graphics 2D Rotation Driver)
0xB9DAE000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xB9E3D000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xB8773000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xA7B49000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xB8FED000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xBA288000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xBA1C8000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xA7550000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xBA278000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xBA2B8000 C:\WINDOWS\system32\DRIVERS\avgmfx86.sys 57344 bytes (AVG Technologies CZ, s.r.o., AVG Resident Shield Minifilter Driver)
0xB901D000 C:\WINDOWS\system32\DRIVERS\l1e51x86.sys 57344 bytes (Atheros Communications, Inc., Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller ndis miniport driver)
0xBA1A8000 C:\WINDOWS\System32\Drivers\SCDEmu.SYS 57344 bytes (PowerISO Computing, Inc., PowerISO Virtual Drive)
0xBA0E8000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xB900D000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xBA1D8000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xBA2C8000 C:\WINDOWS\system32\DRIVERS\STREAM.SYS 53248 bytes (Microsoft Corporation, WDM CODEC Class Device Driver 2.0)
0xBA0C8000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xBA1F8000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xBA1B8000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xB8FFD000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xBA0B8000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xBA1E8000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xBA218000 C:\WINDOWS\system32\DRIVERS\tap0901.sys 45056 bytes (The OpenVPN Project, TAP-Win32 Virtual Network Driver)
0xBA0F8000 AsDsm.sys 40960 bytes (ASUSTek Computer Inc, Data Security Manager Driver)
0xBA0A8000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xBA248000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xBA108000 PxHelp20.sys 40960 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xBA228000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xBA0D8000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xBA2E8000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xB902D000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xBA2D8000 C:\WINDOWS\system32\DRIVERS\KMWDFILTER.sys 36864 bytes (Windows (R) Codename Longhorn DDK provider, KMWDFilter Driver from UASSOFT.COM)
0xBA208000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xBA198000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xA5C56000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xA7DD6000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xBA400000 C:\WINDOWS\system32\DRIVERS\ATKACPI.sys 32768 bytes (ATK0100, ATK0100 ACPI Utility)
0xBA388000 C:\WINDOWS\system32\DRIVERS\kbfiltr.sys 32768 bytes ( , Keyboard Filter Driver)
0xBA478000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xBA380000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xBA4A0000 C:\Program Files\ATKGFNEX\ASMMAP.sys 28672 bytes (-, -)
0xBA338000 avgrkx86.sys 28672 bytes (AVG Technologies CZ, s.r.o., AVG Anti-Rootkit Driver)
0xBA460000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xBA328000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xBA448000 C:\WINDOWS\system32\DRIVERS\sncduvc.SYS 28672 bytes (-, USBCAMD for Sonix UVC)
0xBA390000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xBA398000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xBA498000 C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 24576 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASDIFSV.SYS)
0xBA488000 C:\WINDOWS\System32\Drivers\TDTCP.SYS 24576 bytes (Microsoft Corporation, TCP Transport Driver)
0xBA378000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xBA468000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xBA428000 C:\WINDOWS\system32\DRIVERS\avgidsfilterx.sys 20480 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Filter Driver.)
0xBA470000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xBA330000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xBA410000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xBA418000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel(R) mini-port/call-manager driver)
0xBA458000 C:\WINDOWS\system32\SAVRKBootTasks.sys 20480 bytes (Sophos Group, Sophos boot tasks for Windows 2000)
0xBA408000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xA7968000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xBA4C8000 avgidshx.sys 16384 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Helper Driver.)
0xBA4C0000 C:\WINDOWS\system32\DRIVERS\BATTC.SYS 16384 bytes (Microsoft Corporation, Battery Class Driver)
0xB9714000 C:\WINDOWS\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0xBA58C000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xA76BC000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xBA4C4000 ACPIEC.sys 12288 bytes (Microsoft Corporation, ACPI Embedded Controller Driver)
0xA703D000 C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys 12288 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Loader Driver.)
0xBA4B8000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xBA4BC000 compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)
0xA77A8000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xA701D000 C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys 12288 bytes
0xBA56C000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0xB9734000 C:\WINDOWS\system32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xB9710000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xB972C000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xB86E1000 C:\WINDOWS\system32\drivers\VCdRom.sys 12288 bytes (Microsoft Corporation, Driver for Virtual CD-ROMs)
0xBA590000 C:\WINDOWS\System32\drivers\ws2ifsl.sys 12288 bytes (Microsoft Corporation, Winsock2 IFS Layer)
0xBA608000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xBA5AC000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver)
0xBA606000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xBA5A8000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xBA60A000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xBA60C000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xBA5F6000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xBA5FC000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xBA5AA000 C:\WINDOWS\System32\Drivers\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xBA78F000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xBA703000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xBA762000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xBA671000 C:\WINDOWS\system32\DRIVERS\OPRGHDLR.SYS 4096 bytes (Microsoft Corporation, ACPI Operation Registration Driver)
0xBA670000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0x8AE0F1F8 unknown_irp_handler 3592 bytes
0x8AB231F8 unknown_irp_handler 3592 bytes
0x8AB101F8 unknown_irp_handler 3592 bytes
0x8AB681F8 unknown_irp_handler 3592 bytes
0x8642D1F8 unknown_irp_handler 3592 bytes
0x8AC0D1F8 unknown_irp_handler 3592 bytes
0x8641F1F8 unknown_irp_handler 3592 bytes
0x86274430 unknown_irp_handler 3024 bytes
==============================================
>Stealth
==============================================
WARNING: File locked for read access [C:\WINDOWS\system32\drivers\sptd.sys]
==============================================
>Files
==============================================
!-->[Hidden] C:\ADSM_PData_0150\DB\SI.db
!-->[Hidden] C:\ADSM_PData_0150\DB\UL.db
!-->[Hidden] C:\ADSM_PData_0150\DB\VL.db
!-->[Hidden] C:\ADSM_PData_0150\DB\WAL.db
!-->[Hidden] C:\ADSM_PData_0150\DragWait.exe
!-->[Hidden] C:\ADSM_PData_0150\_avt
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\MAGIX\MusicMaker16Premium_Download_Version\UserData\crm.dat
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\MAGIX\MusicMaker16Premium_Download_Version\UserData\MusicMaker
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\MAGIX\MusicMaker16Premium_Download_Version\UserData\MusicMaker.ini
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\MAGIX\MusicMaker16Premium_Download_Version\UserData\News Feed Info\MxNewsfeed.xml
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\MAGIX\MusicMaker16Premium_Download_Version\UserData\VstPlugins.ini
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Real\RealConverter\DeviceProfiles\appletv.xml
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Real\RealConverter\DeviceProfiles\blackberry.xml
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Real\RealConverter\DeviceProfiles\blackberrybold.xml
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Real\RealConverter\DeviceProfiles\blackberrycurve.xml
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Real\RealConverter\DeviceProfiles\blackberrycurve2.xml
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Real\RealConverter\DeviceProfiles\blackberrypearl.xml
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Real\RealConverter\DeviceProfiles\blackberrystorm.xml
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Real\RealConverter\DeviceProfiles\blackberrystorm2.xml
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Real\RealConverter\DeviceProfiles\cellphone.xml
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Real\RealConverter\DeviceProfiles\custom.xml
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Real\RealConverter\DeviceProfiles\format-3gp.xml
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Real\RealConverter\DeviceProfiles\format-aac.xml
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Real\RealConverter\DeviceProfiles\format-h264.xml
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Real\RealConverter\DeviceProfiles\format-h264apple.xml
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Real\RealConverter\DeviceProfiles\format-mp3.xml
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Real\RealConverter\DeviceProfiles\format-mp4.xml
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Real\RealConverter\DeviceProfiles\format-ra10.xml
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Real\RealConverter\DeviceProfiles\format-ral.xml
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Real\RealConverter\DeviceProfiles\format-rv.xml
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Real\RealConverter\DeviceProfiles\format-wav.xml
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Real\RealConverter\DeviceProfiles\format-wma.xml
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Real\RealConverter\DeviceProfiles\format-wmv.xml
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Real\RealConverter\DeviceProfiles\generic.xml
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Real\RealConverter\DeviceProfiles\groups.xml
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Real\RealConverter\DeviceProfiles\htc.xml
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Real\RealConverter\DeviceProfiles\htcevo.xml
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Real\RealConverter\DeviceProfiles\htchero.xml
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Real\RealConverter\DeviceProfiles\htctouchdiamond.xml
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Real\RealConverter\DeviceProfiles\ipad.xml
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Real\RealConverter\DeviceProfiles\iphone.xml
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Real\RealConverter\DeviceProfiles\iphone4.xml
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Real\RealConverter\DeviceProfiles\ipod.xml
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Real\RealConverter\DeviceProfiles\lg.xml
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Real\RealConverter\DeviceProfiles\minidevice_ipad.png
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Real\RealConverter\DeviceProfiles\minidevice_motorolabackflip.png
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Real\RealConverter\DeviceProfiles\motorola.xml
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Real\RealConverter\DeviceProfiles\motorolabackflip.xml
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Real\RealConverter\DeviceProfiles\motorolacliq.xml
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Real\RealConverter\DeviceProfiles\motoroladroid.xml
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Real\RealConverter\DeviceProfiles\mp3player.xml
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Real\RealConverter\DeviceProfiles\nokia5800xpressmusic.xml
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Real\RealConverter\DeviceProfiles\nokiae71x.xml
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Real\RealConverter\DeviceProfiles\nokiae75.xml
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Real\RealConverter\DeviceProfiles\nokian95.xml
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Real\RealConverter\DeviceProfiles\nokian97.xml
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Real\RealConverter\DeviceProfiles\palmcentro.xml
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Real\RealConverter\DeviceProfiles\palmpre.xml
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Real\RealConverter\DeviceProfiles\pcormac.xml
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Real\RealConverter\DeviceProfiles\playstation3.xml
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Real\RealConverter\DeviceProfiles\psp.xml
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Real\RealConverter\DeviceProfiles\samsung.xml
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Real\RealConverter\DeviceProfiles\samsungbeholdii.xml
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Real\RealConverter\DeviceProfiles\samsungeternity.xml
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Real\RealConverter\DeviceProfiles\samsungjack.xml
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Real\RealConverter\DeviceProfiles\samsungmemoir.xml
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Real\RealConverter\DeviceProfiles\samsungmoment.xml
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Real\RealConverter\DeviceProfiles\sidekick.xml
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Real\RealConverter\DeviceProfiles\sonyericssonw760.xml
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Real\RealConverter\DeviceProfiles\t-mobileg1.xml
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Real\RealConverter\DeviceProfiles\xbox360.xml
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Real\RealConverter\DeviceProfiles\zune.xml
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\pnup0.dll
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchrome10browserrecordhelper.dll
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchrome150browserrecordhelper.dll
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Common\rpcommon150browserrecordplugin.dll
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\chrome.manifest
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Chrome\Content\browserrecordloader.js
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Chrome\Content\browserrecordloader.xul
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Chrome\Skin\rp_logo.png
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordlegacyext.dll
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nsirpbrowserrecord.xpt
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\install.rdf
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\cdplayer.ini
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Real\RealUpgrade\RealUpgrade_12_0.xml
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Real\RealUpgrade\RealUpgrade_15_0.xml
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Real\RealUpgrade\RealUpgrade_1_1.xml
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Real\RealUpgrade\upgradeconfiginfo_8500581.xml
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Real\setup\config.ini
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Real\Update\AllInstProds
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Real\Update\LastAUCheck
!-->[Hidden] C:\Documents and Settings\Carolyn Blake\Application Data\Real\Update\UpgradeHelper\RealPlayer\8.01\rnupgagent.exe
!-->[Hidden] C:\Documents and Settings\Carolyn Blake\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin_port
!-->[Hidden] C:\Documents and Settings\Carolyn Blake\Local Settings\Application Data\Mozilla\Firefox\Profiles\du4iocr7.default\Cache\1\86\B8561d01
!-->[Hidden] C:\Documents and Settings\Carolyn Blake\Local Settings\Application Data\Mozilla\Firefox\Profiles\du4iocr7.default\Cache\2\7D\114DAd01
!-->[Hidden] C:\Documents and Settings\Carolyn Blake\Local Settings\Application Data\Mozilla\Firefox\Profiles\du4iocr7.default\Cache\4\79\D35A6d01
!-->[Hidden] C:\Documents and Settings\Carolyn Blake\Local Settings\Application Data\Mozilla\Firefox\Profiles\du4iocr7.default\Cache\4\FD\A6A52d01
!-->[Hidden] C:\Documents and Settings\Carolyn Blake\Local Settings\Application Data\Mozilla\Firefox\Profiles\du4iocr7.default\Cache\5\06\8E1BEd01
!-->[Hidden] C:\Documents and Settings\Carolyn Blake\Local Settings\Application Data\Mozilla\Firefox\Profiles\du4iocr7.default\Cache\8\45\C8D31d01
!-->[Hidden] C:\Documents and Settings\Carolyn Blake\Local Settings\Application Data\Mozilla\Firefox\Profiles\du4iocr7.default\Cache\8\EA\F1A12d01
!-->[Hidden] C:\Documents and Settings\Carolyn Blake\Local Settings\Application Data\Mozilla\Firefox\Profiles\du4iocr7.default\Cache\9\07\06C95d01
!-->[Hidden] C:\Documents and Settings\Carolyn Blake\Local Settings\Application Data\Mozilla\Firefox\Profiles\du4iocr7.default\Cache\9\F7\B8F5Cd01
!-->[Hidden] C:\Documents and Settings\Carolyn Blake\Local Settings\Application Data\Mozilla\Firefox\Profiles\du4iocr7.default\Cache\A\19\4CEC7d01
!-->[Hidden] C:\Documents and Settings\Carolyn Blake\Local Settings\Application Data\Mozilla\Firefox\Profiles\du4iocr7.default\Cache\A\F3\2505Bd01
!-->[Hidden] C:\Documents and Settings\Carolyn Blake\Local Settings\Application Data\Mozilla\Firefox\Profiles\du4iocr7.default\Cache\B\54\4909Cd01
!-->[Hidden] C:\Documents and Settings\Carolyn Blake\Local Settings\Application Data\Mozilla\Firefox\Profiles\du4iocr7.default\Cache\B\D4\23555d01
!-->[Hidden] C:\Documents and Settings\Carolyn Blake\Local Settings\Application Data\Mozilla\Firefox\Profiles\du4iocr7.default\Cache\C\5D\2CDD4d01
!-->[Hidden] C:\Documents and Settings\Carolyn Blake\Local Settings\Application Data\Mozilla\Firefox\Profiles\du4iocr7.default\Cache\E\6B\36264d01
!-->[Hidden] C:\Documents and Settings\Carolyn Blake\Local Settings\temp\svpb0.tmp\svpbm.tmp
!-->[Hidden] C:\Documents and Settings\Carolyn Blake\Local Settings\temp\svpb0.tmp\svpbn.tmp
!-->[Hidden] C:\Qoobox\BackEnv\AppData.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\Cache.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\Cookies.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\Desktop.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\Favorites.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\History.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\LocalAppData.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\LocalSettings.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\Music.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\NetHood.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\Personal.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\Pictures.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\PrintHood.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\Profiles.Folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\Profiles.Folder.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\Programs.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\Recent.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\SendTo.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\SetPath.bat
!-->[Hidden] C:\Qoobox\BackEnv\StartMenu.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\StartUp.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\SysPath.dat
!-->[Hidden] C:\Qoobox\BackEnv\Templates.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\VikPev00
!-->[Hidden] C:\WINDOWS\Prefetch\AVGCSRVX.EXE-05BD2AF6.pf
!-->[Hidden] C:\WINDOWS\Prefetch\AVGEMCX.EXE-2978CB1B.pf
!-->[Hidden] C:\WINDOWS\Prefetch\AVGIDSAGENT.EXE-0EBED5DC.pf
!-->[Hidden] C:\WINDOWS\Prefetch\AVGNSX.EXE-2B919997.pf
!-->[Hidden] C:\WINDOWS\Prefetch\AVGRSX.EXE-2355DDB7.pf
==============================================
>Hooks
==============================================
ntkrnlpa.exe+0x0002D648, Type: Inline - RelativeJump 0x80504648-->8050462B [ntkrnlpa.exe]
ntkrnlpa.exe+0x0006EC8E, Type: Inline - RelativeJump 0x80545C8E-->80545C95 [ntkrnlpa.exe]
[1884]Skype.exe-->kernel32.dll-->GetModuleHandleA, Type: IAT modification 0x014D20A0-->00000000 [unknown_code_page]
[1884]Skype.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x014D20A4-->00000000 [Skype.exe]
[3244]firefox.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [xul.dll]
[3628]plugin-container.exe-->user32.dll-->GetWindowInfo, Type: Inline - RelativeJump 0x7E42C49C-->00000000 [xul.dll]
[3628]plugin-container.exe-->user32.dll-->SetWindowLongA, Type: Inline - RelativeJump 0x7E42C29D-->00000000 [xul.dll]
[3628]plugin-container.exe-->user32.dll-->SetWindowLongW, Type: Inline - RelativeJump 0x7E42C2BB-->00000000 [xul.dll]
[3628]plugin-container.exe-->user32.dll-->TrackPopupMenu, Type: Inline - RelativeJump 0x7E46531E-->00000000 [xul.dll]
[656]explorer.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DD1218-->00000000 [shimeng.dll]
[656]explorer.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77F110B4-->00000000 [shimeng.dll]
[656]explorer.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x01001268-->00000000 [shimeng.dll]
[656]explorer.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7C9C15A4-->00000000 [shimeng.dll]
[656]explorer.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E41133C-->00000000 [shimeng.dll]
[656]explorer.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x3D9314B0-->00000000 [shimeng.dll]
[656]explorer.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71AB109C-->00000000 [shimeng.dll]

descriptionSearching blocked by Google EmptyRe: Searching blocked by Google4th May 2012, 9:07 pm

more_horiz
I have reason to believe the previous Rootkit unhooker file is incorrect because my antivirus flagged it. So I turned it off and reran the process. Here is the new report log file. Please disregard the one just previous.

Part 1

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #2
==============================================
>SSDT State
==============================================
ntkrnlpa.exe-->NtCreateKey, Type: Address change 0x806237E2-->B9ECFA50 [sptd.sys]
ntkrnlpa.exe-->NtEnumerateKey, Type: Address change 0x80624022-->B9F03FFE [sptd.sys]
ntkrnlpa.exe-->NtEnumerateValueKey, Type: Address change 0x8062428C-->B9F0438C [sptd.sys]
ntkrnlpa.exe-->NtNotifyChangeKey, Type: Address change 0x806259A8-->A703E004 [C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys]
ntkrnlpa.exe-->NtNotifyChangeMultipleKeys, Type: Address change 0x806245F8-->A703E0D4 [C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys]
ntkrnlpa.exe-->NtOpenKey, Type: Address change 0x80624BB4-->B9ECFA30 [sptd.sys]
ntkrnlpa.exe-->NtOpenProcess, Type: Address change 0x805CB43A-->A703DD76 [C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys]
ntkrnlpa.exe-->NtQueryKey, Type: Address change 0x80624EDA-->B9F04464 [sptd.sys]
ntkrnlpa.exe-->NtQueryValueKey, Type: Address change 0x80621A1A-->B9F042E4 [sptd.sys]
ntkrnlpa.exe-->NtSetValueKey, Type: Address change 0x80621D68-->B9F044F6 [sptd.sys]
ntkrnlpa.exe-->NtTerminateProcess, Type: Address change 0x805D29DC-->A7A5D640 [C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS]
ntkrnlpa.exe-->NtTerminateThread, Type: Address change 0x805D2BD6-->A703DEBA [C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys]
ntkrnlpa.exe-->NtWriteVirtualMemory, Type: Address change 0x805B43C2-->A703DF56 [C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys]
==============================================
>Shadow
==============================================

descriptionSearching blocked by Google EmptyRe: Searching blocked by Google4th May 2012, 9:09 pm

more_horiz
Part 2 of the report log:


win32k.sys-->NtUserGetAsyncKeyState, Type: Address change 0xBF849245-->A703E59E [C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys]
win32k.sys-->NtUserGetKeyboardState, Type: Address change 0xBF8526BA-->A703E50A [C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys]
win32k.sys-->NtUserGetKeyState, Type: Address change 0xBF820E4A-->A703E54A [C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys]
win32k.sys-->NtUserSetWindowsHookEx, Type: Address change 0xBF85277A-->A703E49C [C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys]
==============================================
>Processes
==============================================
0x8ADFD660 [4] System
0x86166438 [184] C:\WINDOWS\system32\alg.exe (Microsoft Corporation, Application Layer Gateway Service)
0x863A6DA0 [444] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp., ETD Ware TSR Enhancements)
0x863D33E8 [656] C:\WINDOWS\explorer.exe (Microsoft Corporation, Windows Explorer)
0x863B4B10 [692] C:\Program Files\Google\Update\1.3.21.111\GoogleCrashHandler.exe (Google Inc., Google Crash Handler)
0x863CF950 [904] C:\Program Files\ASUS\Splendid\ACMON.exe (ATK, ACMON )
0x863D1B00 [916] C:\Program Files\VIA\VIAudioi\HDADeck\HDECK.EXE (VIA Technologies, Inc., HDeck MFC Application)
0x8ABB2438 [944] C:\WINDOWS\system32\smss.exe (Microsoft Corporation, Windows NT Session Manager)
0x85E4C020 [952] C:\WINDOWS\system32\spider.exe (Microsoft Corporation, Spider)
0x8634A758 [956] C:\WINDOWS\system32\ACEngSvr.exe (ASUSTeK, ACEngSvr Module)
0xFF92CDA0 [1028] C:\Program Files\AVG\AVG2012\avgrsx.exe (AVG Technologies CZ, s.r.o., AVG Resident Shield Service)
0x8AC52578 [1224] C:\WINDOWS\system32\csrss.exe (Microsoft Corporation, Client Server Runtime Process)
0x8AC42BA8 [1252] C:\WINDOWS\system32\winlogon.exe (Microsoft Corporation, Windows NT Logon Application)
0x8ABAC020 [1300] C:\WINDOWS\system32\services.exe (Microsoft Corporation, Services and Controller app)
0x8A5A9188 [1312] C:\WINDOWS\system32\lsass.exe (Microsoft Corporation, LSA Shell (Export Version))
0x8638F430 [1464] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x8AD0B3F0 [1532] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x8AD085E8 [1572] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x8A5B72D8 [1652] C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe (ASUS, HControlUser)
0x86352500 [1664] C:\Program Files\ASUS\ATK Hotkey\HControl.exe (ASUS, HControl)
0x86376020 [1708] C:\Program Files\ASUS\ATK Hotkey\ATKOSD.exe (ASUS, ATKOSD)
0x8AC28D78 [1716] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x8627AB78 [1728] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com, SUPERAntiSpyware Application)
0x863E8DA0 [1744] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x86387358 [1772] C:\Program Files\ASUS\ATK Hotkey\KBFiltr.exe (ASUS, KBFiltr)
0x8640DC28 [1784] C:\Program Files\ASUS\ATK Hotkey\WDC.exe (ASUS, WDC)
0x863E6BA8 [1884] C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A., Skype )
0x86273B78 [1924] C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe (ASUSTek Computer Inc., ADSMSrv)
0x8626C950 [1940] C:\Program Files\ATKGFNEX\GFNEXSrv.exe (-, GFNEXSrv)
0x8642B800 [1996] C:\WINDOWS\system32\spoolsv.exe (Microsoft Corporation, Spooler SubSystem App)
0x8632D500 [2068] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x86227DA0 [2104] C:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com, Core Service)
0x86221758 [2204] C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation, Internet Information Services)
0x8434F7F8 [2224] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation, CTF Loader)
0x8620B728 [2240] C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc., Java(TM) Quick Starter Service)
0x861AB4B0 [2304] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x86198728 [2488] C:\Program Files\CDBurnerXP\NMSAccessU.exe
0x86184378 [2500] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x86198B78 [2536] C:\Program Files\Sophos\AutoUpdate\ALsvc.exe (Sophos Plc, Sophos AutoUpdate Service.)
0x8618D950 [2568] C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe (-, spmgr Module)
0x86193718 [2608] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x86175DA0 [2876] C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation, Microsoft® Windows Live ID Service)
0x85F93020 [3244] C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation, Firefox)
0x8A5ADDA0 [3552] C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation, Microsoft® Windows Live ID Service Monitor)
0x85DF3CF8 [3580] C:\Program Files\Mozilla Firefox\plugin-container.exe (Mozilla Corporation, Plugin Container for Firefox)
0x85FE5A10 [3628] C:\Program Files\Mozilla Firefox\plugin-container.exe (Mozilla Corporation, Plugin Container for Firefox)
0xFF98EC00 [4128] C:\Documents and Settings\Carolyn Blake\Desktop\RkU3.8.388.590\MustBeRandomlyNamed\M2b3rc2c4q.exe (UG North, RKULE, SR2 Normandy)
0x84467DA0 [4180] C:\Program Files\AVG\AVG2012\avgemcx.exe (AVG Technologies CZ, s.r.o., AVG E-mail Scanner)
0x82EC4020 [4952] C:\Program Files\AVG\AVG2012\avgnsx.exe (AVG Technologies CZ, s.r.o., AVG Online Shield Service)
0x83796BE8 [5524] C:\Program Files\AVG\AVG2012\avgcsrvx.exe (AVG Technologies CZ, s.r.o., AVG Scanning Core Module - Server Part)
0x85656568 [5540] C:\Documents and Settings\Carolyn Blake\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe (Google, Google Talk Plugin)
0x85F8D660 [1292] C:\Program Files\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o., AVG Watchdog Service)
0x8AC93020 [4084] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o., AVG Tray Monitor)
0x853F9940 [5232] C:\Program Files\AVG\AVG2012\avgidsagent.exe (AVG Technologies CZ, s.r.o., AVG Identity Protection Service)

descriptionSearching blocked by Google EmptyRe: Searching blocked by Google4th May 2012, 9:09 pm

more_horiz
Part 3 of the report log:


==============================================
>Drivers
==============================================
0xB89E7000 C:\WINDOWS\system32\DRIVERS\igxpmp32.sys 6316032 bytes (Intel Corporation, Intel Graphics Miniport Driver)
0xBF324000 C:\WINDOWS\System32\igxpdx32.DLL 3518464 bytes (Intel Corporation, DirectDraw(R) Driver for Intel(R) Graphics Technology)
0xBF05F000 C:\WINDOWS\System32\igxpdv32.DLL 2904064 bytes (Intel Corporation, Component GHAL Driver)
0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2150400 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2150400 bytes
0x804D7000 RAW 2150400 bytes
0x804D7000 WMIxWDM 2150400 bytes
0xBF800000 Win32k 1847296 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1847296 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xA7E26000 C:\WINDOWS\system32\DRIVERS\snp2uvc.sys 1753088 bytes (-, UVC Camera Streaming Driver)
0xB8817000 C:\WINDOWS\system32\DRIVERS\athw.sys 1507328 bytes (Atheros Communications, Inc., Driver for Atheros AR5008 Wireless Network Adapter)
0xA803F000 C:\WINDOWS\system32\drivers\monfilt.sys 1392640 bytes (Creative Technology Ltd., Creative WDM Audio Driver (32-bit))
0xB9E94000 PCI_PNP7090 1126400 bytes
0xB9E94000 sptd.sys 1126400 bytes
0xA81B7000 C:\WINDOWS\system32\drivers\viahduaa.sys 1060864 bytes (VIA Technologies, Inc., VIA High Definition Audio Function Driver)
0xB9D0A000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xA7990000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xB86E5000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xA7CFA000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xA6DB6000 C:\WINDOWS\system32\DRIVERS\srv.sys 335872 bytes (Microsoft Corporation, Server driver)
0xA7C67000 C:\WINDOWS\system32\DRIVERS\avgtdix.sys 294912 bytes (AVG Technologies CZ, s.r.o., AVG Network connection watcher)
0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 286720 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xA673C000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xBF024000 C:\WINDOWS\System32\igxpgd32.dll 241664 bytes (Intel Corporation, Intel Graphics 2D Driver)
0xB879B000 C:\WINDOWS\System32\Drivers\ae80khu3.SYS 233472 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
0xA7908000 C:\WINDOWS\system32\DRIVERS\avgldx86.sys 229376 bytes (AVG Technologies CZ, s.r.o., AVG AVI Loader Driver)
0xB8743000 C:\WINDOWS\system32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0xB9E4E000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xA6FC0000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xB9CDD000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xA3C03000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xA7A28000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xB8987000 C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 163840 bytes (Windows (R) Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a)
0xA7B9B000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xB9DF8000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver)
0xA7C29000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xA8193000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xB89AF000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xB87D4000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xA6601000 C:\WINDOWS\System32\Drivers\RDPWD.SYS 143360 bytes (Microsoft Corporation, RDP Terminal Stack Driver (US/Canada Only, Not for Export))
0xA7B79000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xA7A53000 C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS 139264 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASKUTIL.SYS)
0xA6A75000 C:\WINDOWS\system32\DRIVERS\avgidsdriverx.sys 135168 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Driver.)
0x806E4000 ACPI_HAL 134400 bytes
0x806E4000 C:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xB87F7000 C:\WINDOWS\system32\DRIVERS\ETD.sys 131072 bytes (ELAN Microelectronic Corp., ETD Ware TSR Enhancements)
0xB9DC0000 fltMgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xB9E1E000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xB9CC3000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xB9DE0000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xB9E7C000 C:\WINDOWS\System32\Drivers\SCSIPORT.SYS 98304 bytes (Microsoft Corporation, SCSI Port Driver)
0xB9D97000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xB8784000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xA744B000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xB89D3000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xA7D53000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xBF012000 C:\WINDOWS\System32\igxprd32.dll 73728 bytes (Intel Corporation, Intel Graphics 2D Rotation Driver)
0xB9DAE000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xB9E3D000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xB8773000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xA7B49000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xB8FED000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xBA288000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xBA1C8000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xA7550000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xBA278000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xBA2B8000 C:\WINDOWS\system32\DRIVERS\avgmfx86.sys 57344 bytes (AVG Technologies CZ, s.r.o., AVG Resident Shield Minifilter Driver)
0xB901D000 C:\WINDOWS\system32\DRIVERS\l1e51x86.sys 57344 bytes (Atheros Communications, Inc., Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller ndis miniport driver)
0xBA1A8000 C:\WINDOWS\System32\Drivers\SCDEmu.SYS 57344 bytes (PowerISO Computing, Inc., PowerISO Virtual Drive)
0xBA0E8000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xB900D000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xBA1D8000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xBA2C8000 C:\WINDOWS\system32\DRIVERS\STREAM.SYS 53248 bytes (Microsoft Corporation, WDM CODEC Class Device Driver 2.0)
0xBA0C8000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xBA1F8000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xBA1B8000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xB8FFD000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xBA0B8000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xBA1E8000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xBA218000 C:\WINDOWS\system32\DRIVERS\tap0901.sys 45056 bytes (The OpenVPN Project, TAP-Win32 Virtual Network Driver)
0xBA0F8000 AsDsm.sys 40960 bytes (ASUSTek Computer Inc, Data Security Manager Driver)
0xBA0A8000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xBA248000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xBA108000 PxHelp20.sys 40960 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xBA228000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xBA0D8000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xBA2E8000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xB902D000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xBA2D8000 C:\WINDOWS\system32\DRIVERS\KMWDFILTER.sys 36864 bytes (Windows (R) Codename Longhorn DDK provider, KMWDFilter Driver from UASSOFT.COM)
0xBA208000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xBA198000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xA5C56000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xA7DD6000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xBA400000 C:\WINDOWS\system32\DRIVERS\ATKACPI.sys 32768 bytes (ATK0100, ATK0100 ACPI Utility)
0xBA388000 C:\WINDOWS\system32\DRIVERS\kbfiltr.sys 32768 bytes ( , Keyboard Filter Driver)
0xBA478000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xBA380000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xBA4A0000 C:\Program Files\ATKGFNEX\ASMMAP.sys 28672 bytes (-, -)
0xBA338000 avgrkx86.sys 28672 bytes (AVG Technologies CZ, s.r.o., AVG Anti-Rootkit Driver)
0xBA460000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xBA328000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xBA448000 C:\WINDOWS\system32\DRIVERS\sncduvc.SYS 28672 bytes (-, USBCAMD for Sonix UVC)
0xBA390000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xBA398000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xBA498000 C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 24576 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASDIFSV.SYS)
0xBA488000 C:\WINDOWS\System32\Drivers\TDTCP.SYS 24576 bytes (Microsoft Corporation, TCP Transport Driver)
0xBA378000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xBA468000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xBA428000 C:\WINDOWS\system32\DRIVERS\avgidsfilterx.sys 20480 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Filter Driver.)
0xBA470000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xBA330000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xBA410000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xBA418000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel(R) mini-port/call-manager driver)
0xBA458000 C:\WINDOWS\system32\SAVRKBootTasks.sys 20480 bytes (Sophos Group, Sophos boot tasks for Windows 2000)
0xBA408000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xA7968000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xBA4C8000 avgidshx.sys 16384 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Helper Driver.)
0xBA4C0000 C:\WINDOWS\system32\DRIVERS\BATTC.SYS 16384 bytes (Microsoft Corporation, Battery Class Driver)
0xB9714000 C:\WINDOWS\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0xBA58C000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xA76BC000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xBA4C4000 ACPIEC.sys 12288 bytes (Microsoft Corporation, ACPI Embedded Controller Driver)
0xA703D000 C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys 12288 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Loader Driver.)
0xBA4B8000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xBA4BC000 compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)
0xA77A8000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xA701D000 C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys 12288 bytes
0xBA56C000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0xB9734000 C:\WINDOWS\system32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xB9710000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xB972C000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xB86E1000 C:\WINDOWS\system32\drivers\VCdRom.sys 12288 bytes (Microsoft Corporation, Driver for Virtual CD-ROMs)
0xBA590000 C:\WINDOWS\System32\drivers\ws2ifsl.sys 12288 bytes (Microsoft Corporation, Winsock2 IFS Layer)
0xBA608000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xBA5AC000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver)
0xBA606000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xBA5A8000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xBA60A000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xBA60C000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xBA5F6000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xBA5FC000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xBA5AA000 C:\WINDOWS\System32\Drivers\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xBA78F000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xBA703000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xBA762000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xBA671000 C:\WINDOWS\system32\DRIVERS\OPRGHDLR.SYS 4096 bytes (Microsoft Corporation, ACPI Operation Registration Driver)
0xBA670000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0x8AE0F1F8 unknown_irp_handler 3592 bytes
0x8AB231F8 unknown_irp_handler 3592 bytes
0x8AB101F8 unknown_irp_handler 3592 bytes
0x8AB681F8 unknown_irp_handler 3592 bytes
0x8642D1F8 unknown_irp_handler 3592 bytes
0x8AC0D1F8 unknown_irp_handler 3592 bytes
0x8641F1F8 unknown_irp_handler 3592 bytes
0x86274430 unknown_irp_handler 3024 bytes
==============================================
>Stealth
==============================================
==============================================
>Files
==============================================
==============================================
>Hooks
==============================================
ntkrnlpa.exe+0x0002D648, Type: Inline - RelativeJump 0x80504648-->8050462B [ntkrnlpa.exe]
ntkrnlpa.exe+0x0006EC8E, Type: Inline - RelativeJump 0x80545C8E-->80545C95 [ntkrnlpa.exe]
[1884]Skype.exe-->kernel32.dll-->GetModuleHandleA, Type: IAT modification 0x014D20A0-->00000000 [unknown_code_page]
[1884]Skype.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x014D20A4-->00000000 [Skype.exe]
[3244]firefox.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [xul.dll]
[3628]plugin-container.exe-->user32.dll-->GetWindowInfo, Type: Inline - RelativeJump 0x7E42C49C-->00000000 [xul.dll]
[3628]plugin-container.exe-->user32.dll-->SetWindowLongA, Type: Inline - RelativeJump 0x7E42C29D-->00000000 [xul.dll]
[3628]plugin-container.exe-->user32.dll-->SetWindowLongW, Type: Inline - RelativeJump 0x7E42C2BB-->00000000 [xul.dll]
[3628]plugin-container.exe-->user32.dll-->TrackPopupMenu, Type: Inline - RelativeJump 0x7E46531E-->00000000 [xul.dll]
[656]explorer.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DD1218-->00000000 [shimeng.dll]
[656]explorer.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77F110B4-->00000000 [shimeng.dll]
[656]explorer.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x01001268-->00000000 [shimeng.dll]
[656]explorer.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7C9C15A4-->00000000 [shimeng.dll]
[656]explorer.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E41133C-->00000000 [shimeng.dll]
[656]explorer.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x3D9314B0-->00000000 [shimeng.dll]
[656]explorer.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71AB109C-->00000000 [shimeng.dll]


!!POSSIBLE ROOTKIT ACTIVITY DETECTED!! =)

descriptionSearching blocked by Google EmptyRe: Searching blocked by Google5th May 2012, 8:18 pm

more_horiz
Download OTL.exe by OldTimer to your Desktop.
  • Close all windows and double click OTL.exe.
  • Click Run Scan and let the program run uninterrupted.
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.

descriptionSearching blocked by Google EmptyRe: Searching blocked by Google6th May 2012, 9:45 am

more_horiz
Thanks! Here are the 2 report logs from OTL:
OTL.txt part 1
OTL logfile created on: 5/6/2012 12:25:39 PM - Run 5
OTL by OldTimer - Version 3.2.42.2 Folder = C:\Documents and Settings\Carolyn Blake\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.97 Gb Total Physical Memory | 2.46 Gb Available Physical Memory | 82.92% Memory free
4.81 Gb Paging File | 4.20 Gb Available in Paging File | 87.32% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 48.83 Gb Total Space | 7.72 Gb Free Space | 15.80% Space Free | Partition Type: NTFS
Drive D: | 184.05 Gb Total Space | 12.15 Gb Free Space | 6.60% Space Free | Partition Type: NTFS

Computer Name: PRISS | User Name: Carolyn Blake | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 360 Days

========== Processes (SafeList) ==========

PRC - [2012/05/06 12:04:47 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Carolyn Blake\Desktop\OTL.exe
PRC - [2012/05/01 19:48:04 | 003,905,920 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2012/04/05 05:12:34 | 002,587,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2012/03/23 11:39:39 | 000,180,648 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.21.111\GoogleCrashHandler.exe
PRC - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2011/08/12 02:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2009/11/12 14:48:56 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2009/08/12 15:20:46 | 000,178,816 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATK Hotkey\HControl.exe
PRC - [2009/07/23 11:30:06 | 000,544,768 | ---- | M] (ATK) -- C:\Program Files\ASUS\Splendid\ACMON.exe
PRC - [2009/06/19 11:29:42 | 000,105,016 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe
PRC - [2009/06/19 11:29:26 | 002,488,888 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATK Hotkey\ATKOSD.exe
PRC - [2009/03/30 12:04:16 | 000,418,816 | R--- | M] (ELAN Microelectronic Corp.) -- C:\Program Files\Elantech\ETDCtrl.exe
PRC - [2008/12/22 18:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATK Hotkey\WDC.exe
PRC - [2008/08/13 22:00:08 | 000,113,208 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATK Hotkey\KBFiltr.exe
PRC - [2008/06/26 18:00:39 | 000,172,032 | ---- | M] (Sophos Plc) -- c:\Program Files\Sophos\AutoUpdate\ALsvc.exe
PRC - [2008/04/14 15:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/14 15:00:00 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe
PRC - [2008/03/31 03:55:48 | 000,225,280 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
PRC - [2007/08/08 01:08:40 | 000,094,208 | ---- | M] () -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe
PRC - [2007/08/03 13:24:54 | 000,125,496 | ---- | M] () -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
PRC - [2005/07/06 16:43:42 | 000,155,648 | ---- | M] (ASUSTeK) -- C:\WINDOWS\system32\ACEngSvr.exe


========== Modules (No Company Name) ==========

MOD - [2012/05/06 11:47:46 | 000,052,736 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll
MOD - [2012/05/06 11:47:45 | 000,065,024 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
MOD - [2012/05/03 16:14:07 | 000,117,760 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
MOD - [2012/05/03 16:14:07 | 000,052,224 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
MOD - [2012/01/08 16:41:12 | 000,093,696 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll
MOD - [2011/05/28 22:04:56 | 000,140,288 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2009/11/12 14:48:56 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
MOD - [2008/10/01 00:02:44 | 000,009,216 | ---- | M] () -- C:\Program Files\ASUS\Splendid\GLCDdll.dll
MOD - [2007/09/14 11:00:52 | 000,147,456 | ---- | M] () -- C:\Program Files\ASUS\NB Probe\SPM\SPDISKEX.dll
MOD - [2007/08/08 01:08:40 | 000,094,208 | ---- | M] () -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe
MOD - [2007/08/03 13:24:54 | 000,125,496 | ---- | M] () -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
MOD - [2007/06/15 11:28:36 | 000,147,456 | ---- | M] () -- C:\Program Files\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt.dll
MOD - [2007/06/01 18:08:18 | 000,143,360 | ---- | M] () -- C:\Program Files\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll
MOD - [2006/04/04 11:24:24 | 000,036,864 | ---- | M] () -- C:\Program Files\ASUS\NB Probe\SPM\ghadmi.dll
MOD - [2005/08/29 16:24:22 | 000,081,920 | ---- | M] () -- C:\Program Files\ASUS\NB Probe\SPM\spnbacpi.dll
MOD - [2005/04/07 20:25:46 | 000,077,824 | ---- | M] () -- C:\Program Files\ASUS\NB Probe\SPM\spmemory.dll
MOD - [2003/11/28 03:11:04 | 000,135,168 | ---- | M] () -- C:\Program Files\ASUS\NB Probe\SPM\spos.dll
MOD - [2003/09/09 17:08:00 | 000,049,152 | ---- | M] () -- C:\Program Files\ASUS\NB Probe\SPM\spdmi.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\system32\97891B4D.exe -- (97891B4D)
SRV - [2012/05/05 13:49:10 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/04/30 09:44:38 | 005,106,744 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/02/29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/08/12 02:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2011/07/13 17:00:16 | 000,036,352 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\HMA! Pro VPN\bin\openvpnserv.exe -- (OpenVPNService)
SRV - [2009/11/12 14:48:56 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2008/06/26 18:00:39 | 000,172,032 | ---- | M] (Sophos Plc) [Auto | Running] -- c:\Program Files\Sophos\AutoUpdate\ALsvc.exe -- (Sophos AutoUpdate Service)
SRV - [2008/04/14 15:00:00 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (MSFtpsvc)
SRV - [2008/04/14 15:00:00 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN)
SRV - [2008/03/31 03:55:48 | 000,225,280 | ---- | M] (ASUSTek Computer Inc.) [Auto | Running] -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe -- (ADSMService)
SRV - [2007/08/08 01:08:40 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2007/08/03 13:24:54 | 000,125,496 | ---- | M] () [Auto | Running] -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe -- (spmgr)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\vvftav326.sys -- (vvftav326_a4)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\vmcam326av.sys -- (usbvm328)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\rt73.sys -- (RT73)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\76.tmp -- (MEMSWEEP2)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys -- (Lavasoft Kernexplorer)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\L6UX2.sys -- (L6UX2)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\L6TPortGX.sys -- (L6TPortGX)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbmdm.sys -- (hwdatacard)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\FreshDevices\FreshDiagnose\FreshIO.sys -- (FreshIO)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\CAROLY~1\LOCALS~1\Temp\cpuz132\cpuz132_x32.sys -- (cpuz132)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\CAROLY~1\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Stopped] -- E:\I386\AsProcOb.sys -- (ASUSProcObsrv)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (a6cinb9o)
DRV - [2012/04/19 04:50:26 | 000,024,896 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2012/03/19 05:17:28 | 000,301,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2012/02/22 05:25:32 | 000,235,216 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2012/01/31 04:46:50 | 000,031,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/12/23 13:32:14 | 000,041,040 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/12/23 13:32:08 | 000,017,232 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2011/12/23 13:32:06 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avgidsfilterx.sys -- (AVGIDSFilter)
DRV - [2011/12/23 13:32:00 | 000,139,856 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2011/08/01 12:44:26 | 000,404,256 | R--- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SRS_AE_i386.sys -- (SRS_AE_Service)
DRV - [2011/07/29 13:54:56 | 000,013,192 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\epmntdrv.sys -- (epmntdrv)
DRV - [2011/07/29 13:54:56 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2011/07/22 19:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/13 17:00:14 | 000,026,112 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tap0901.sys -- (tap0901)
DRV - [2011/07/13 00:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/05/12 15:05:32 | 000,018,816 | ---- | M] (Sophos Group) [Kernel | System | Running] -- C:\WINDOWS\system32\SAVRKBootTasks.sys -- (SAVRKBootTasks)
DRV - [2010/10/18 20:34:13 | 000,436,792 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2010/04/12 11:44:34 | 000,059,388 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2010/03/19 18:15:49 | 000,046,632 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l1e51x86.sys -- (L1e)
DRV - [2010/02/16 00:00:37 | 000,030,264 | ---- | M] (ASUSTek Computer Inc) [File_System | Boot | Running] -- C:\WINDOWS\System32\drivers\AsDsm.sys -- (AsDsm)
DRV - [2009/11/12 14:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009/04/01 15:12:48 | 000,233,128 | R--- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SRS_PremiumSound_i386.sys -- (SRS_PremiumSound_Service)
DRV - [2009/03/20 15:21:28 | 001,057,280 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV - [2009/02/13 19:00:02 | 001,503,840 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\athw.sys -- (AR5416)
DRV - [2008/11/03 10:03:28 | 000,013,880 | R--- | M] ( ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\kbfiltr.sys -- (kbfiltr)
DRV - [2008/10/09 16:42:42 | 000,017,408 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\KMWDFILTER.sys -- (KMWDFILTER)
DRV - [2008/08/11 10:14:12 | 001,752,704 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2008/04/07 09:00:46 | 000,006,656 | ---- | M] (Generic) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CRFILTER.sys -- (CRFILTER)
DRV - [2008/02/14 15:12:00 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\monfilt.sys -- (monfilt)
DRV - [2007/08/03 07:26:22 | 000,020,936 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys -- (ghaio)
DRV - [2007/08/01 15:51:42 | 000,041,656 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ipswuio.sys -- (ipswuio)
DRV - [2007/07/24 12:09:04 | 000,013,880 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ATKGFNEX\ASMMAP.sys -- (ASMMAP)
DRV - [2006/12/17 18:11:58 | 000,007,680 | R--- | M] (ATK0100) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ATKACPI.sys -- (MTsensor)
DRV - [2004/05/27 19:13:04 | 000,016,269 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\ASUS\ATK Hotkey\ASNDIS5.SYS -- (ASNDIS5)
DRV - [2001/12/19 11:45:00 | 000,008,576 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\VCdRom.sys -- (vcdrom)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?ocid=OIE8HP&PC=B8MC
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKCU\..\SearchScopes\{551C878C-D8EA-4EBA-9EB7-33BCCDDB10D7}: "URL" = http://www.bing.com/search?q={searchTerms}&form=B8MCDF&pc=B8MC&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" =
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={4CE89C16-1289-4F7D-A3A8-08C4C1A09883}&mid=61c0d6be8be347d085d4d16c955bba9b-f0ee5c2c432d536e1e2062fd6b4998d2a3e1cbc1&lang=en&ds=AVG&pr=fr&d=2012-05-04 15:08:01&v=11.0.0.9&sap=dsp&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com"


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60129.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.2.72: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.2.72: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.2.72: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.2.72: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.2.72: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@xmlauthor.com/downloads: C:\WINDOWS\system32\npmirage.dll (XMLAuthor Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: File not found
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\Carolyn Blake\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\Carolyn Blake\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Carolyn Blake\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Carolyn Blake\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2011/05/09 17:57:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/03/20 15:25:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/02/08 13:38:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012/05/04 15:08:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack\ [2012/05/04 15:06:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\K-Meleon\Extensions\\Plugins: C:\Program Files\K-Meleon\Plugins [2012/03/20 15:26:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\K-Meleon\Extensions\\Components: C:\Program Files\K-Meleon\Components [2012/04/01 19:56:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/23 13:39:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/03/20 15:26:29 | 000,000,000 | ---D | M]

[2011/12/29 22:47:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Carolyn Blake\Application Data\Mozilla\Extensions
[2011/12/29 22:47:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Carolyn Blake\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012/04/28 19:24:17 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Carolyn Blake\Application Data\Mozilla\Firefox\Profiles\du4iocr7.default\extensions
[2011/12/10 11:15:00 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Documents and Settings\Carolyn Blake\Application Data\Mozilla\Firefox\Profiles\du4iocr7.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2011/07/20 21:35:10 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Carolyn Blake\Application Data\Mozilla\Firefox\Profiles\du4iocr7.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2012/04/10 22:12:44 | 000,000,000 | ---D | M] (SeoQuake) -- C:\Documents and Settings\Carolyn Blake\Application Data\Mozilla\Firefox\Profiles\du4iocr7.default\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}
[2012/04/25 20:48:32 | 000,000,000 | ---D | M] ("Usage Stat") -- C:\Documents and Settings\Carolyn Blake\Application Data\Mozilla\Firefox\Profiles\du4iocr7.default\extensions\{6236BA26-C117-4007-928C-DE0716C7FA96}
[2010/03/21 04:29:38 | 000,000,000 | ---D | M] (U Flv) -- C:\Documents and Settings\Carolyn Blake\Application Data\Mozilla\Firefox\Profiles\du4iocr7.default\extensions\{7645f4b1-1f19-13dd-2d6b-0200600c2a56}
[2011/03/15 21:20:41 | 000,000,000 | ---D | M] (KFD Flv) -- C:\Documents and Settings\Carolyn Blake\Application Data\Mozilla\Firefox\Profiles\du4iocr7.default\extensions\{8675f4b3-2f19-11ed-2d6b-0800600c0a16}
[2011/06/11 08:06:37 | 000,000,000 | ---D | M] (VFD Flv) -- C:\Documents and Settings\Carolyn Blake\Application Data\Mozilla\Firefox\Profiles\du4iocr7.default\extensions\{8675f4b3-2f19-11ed-2d6b-0800600c0a17}
[2011/11/04 14:24:31 | 000,000,000 | ---D | M] (VFD Flv) -- C:\Documents and Settings\Carolyn Blake\Application Data\Mozilla\Firefox\Profiles\du4iocr7.default\extensions\{8675f4b3-2f19-11ed-2d6b-0800600c0a18}
[2011/11/05 18:50:31 | 000,000,000 | ---D | M] (Feedback module) -- C:\Documents and Settings\Carolyn Blake\Application Data\Mozilla\Firefox\Profiles\du4iocr7.default\extensions\{8675f4b3-2f19-11ed-2d6b-0800600c0a19}
[2012/04/21 21:04:34 | 000,000,000 | ---D | M] ("VFT Flv") -- C:\Documents and Settings\Carolyn Blake\Application Data\Mozilla\Firefox\Profiles\du4iocr7.default\extensions\{8675f4b3-2f19-11ed-2d6b-1823600c0a19}
[2012/04/05 16:19:27 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Carolyn Blake\Application Data\Mozilla\Firefox\Profiles\du4iocr7.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012/03/02 15:20:12 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\Carolyn Blake\Application Data\Mozilla\Firefox\Profiles\du4iocr7.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011/07/18 16:34:14 | 000,000,000 | ---D | M] (United States English Spellchecker) -- C:\Documents and Settings\Carolyn Blake\Application Data\Mozilla\Firefox\Profiles\du4iocr7.default\extensions\en-US@dictionaries.addons.mozilla.org
[2012/05/05 12:48:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/05/05 12:48:43 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2010/11/13 11:34:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/05/12 23:42:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
[2011/07/07 22:37:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/12/07 02:26:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2011/09/29 09:53:40 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2009/11/06 18:37:19 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2011/10/03 06:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/08/10 20:08:00 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
[2009/11/06 18:37:20 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[2012/05/04 15:07:56 | 000,003,747 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/03/15 15:11:22 | 000,002,310 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2011/09/29 03:26:50 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms},
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Carolyn Blake\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.168\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Carolyn Blake\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.168\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Carolyn Blake\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.168\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\Carolyn Blake\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Documents and Settings\Carolyn Blake\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hokdglbhghcebcopdbanieangmcamaak\1.0_0\np-mswmp.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Documents and Settings\Carolyn Blake\Application Data\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Documents and Settings\Carolyn Blake\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Carolyn Blake\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.60129.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: XMLAuthor Inc. npmirage (Enabled) = C:\WINDOWS\system32\npmirage.dll
CHR - Extension: Google Translate = C:\Documents and Settings\Carolyn Blake\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\1.2.3.1_0\
CHR - Extension: Entanglement = C:\Documents and Settings\Carolyn Blake\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\
CHR - Extension: Bejeweled = C:\Documents and Settings\Carolyn Blake\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\adpkifcfcacgmnggcbpbjbkdijciiigm\2_0\
CHR - Extension: SEOquake = C:\Documents and Settings\Carolyn Blake\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\akdgnmcogleenhbclghghlkkdndkjdjc\1.0.0_0\
CHR - Extension: YouTube = C:\Documents and Settings\Carolyn Blake\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: The Treasures Of Mystery Island = C:\Documents and Settings\Carolyn Blake\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cakimmoclemogopdpkmnhnhlbdbhople\0.0.0.3_0\
CHR - Extension: Google Search = C:\Documents and Settings\Carolyn Blake\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Mystery Land of Aksharit Hindi = C:\Documents and Settings\Carolyn Blake\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ecdlniallajbcgfeaognaemffnmnimhl\1.12.3.16_0\
CHR - Extension: Stylish = C:\Documents and Settings\Carolyn Blake\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjnbnpbmkenffdnngjfgmeleoegfcffe\0.10_0\
CHR - Extension: AdBlock = C:\Documents and Settings\Carolyn Blake\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.32_0\
CHR - Extension: Windows Media Player Extension for HTML5 = C:\Documents and Settings\Carolyn Blake\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hokdglbhghcebcopdbanieangmcamaak\1.0_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Documents and Settings\Carolyn Blake\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: Natalie Brooks - Secrets of Treasure House = C:\Documents and Settings\Carolyn Blake\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kbkkcfaophahlafjdkefklddeciahohm\0.0.0.4_0\
CHR - Extension: Shareaholic for Google Chrome\u2122 = C:\Documents and Settings\Carolyn Blake\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kbmipnjdeifmobkhgogdnomkihhgojep\5.3.0_0\
CHR - Extension: Jacko In Hell = C:\Documents and Settings\Carolyn Blake\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kiccfhlkfcabmpkfbfkghbcddbnbioej\1.0.1_0\
CHR - Extension: Go Button (Toolbar) = C:\Documents and Settings\Carolyn Blake\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\koinaeomacgddcepgblmbelbejidpmbn\1.0.3_0\
CHR - Extension: The Secret of Grisly Manor = C:\Documents and Settings\Carolyn Blake\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kpaadcbfeeiehmjlfbgpafdjbeikhgff\1.0_0\
CHR - Extension: Sprocket Rocket = C:\Documents and Settings\Carolyn Blake\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lpdichmkdadfihhbgllepglgbkonlehe\1.0_0\
CHR - Extension: Word\u00B2 = C:\Documents and Settings\Carolyn Blake\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lpibnckjjeaabeepofhfmmpjmnomohee\2.5_0\
CHR - Extension: Poppit = C:\Documents and Settings\Carolyn Blake\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\
CHR - Extension: RSS Subscription Extension (by Google) = C:\Documents and Settings\Carolyn Blake\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nlbjncdgjeocebhnmkbbbdekmmmcbfjd\2.1.3_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Documents and Settings\Carolyn Blake\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Gmail = C:\Documents and Settings\Carolyn Blake\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: The Treasures Of Montezuma 2 = C:\Documents and Settings\Carolyn Blake\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pnkbgfbadepkchobgohbkhfcgackdejf\0.0.0.3_0\






descriptionSearching blocked by Google EmptyRe: Searching blocked by Google6th May 2012, 9:46 am

more_horiz
otl.txt part 2

O1 HOSTS File: ([2012/05/04 14:44:52 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (no name) - {73E71843-3A3D-4B26-AB6E-0ADCEE4B5FA7} - No CLSID value found.
O3 - HKLM\..\Toolbar: (SeoQuake) - {9C590067-8A6A-4db6-B052-069283790B04} - C:\Program Files\SeoQuake\SeoQuake.dll ()
O4 - HKLM..\Run: [ACMON] C:\Program Files\ASUS\Splendid\ACMON.exe (ATK)
O4 - HKLM..\Run: [ATKHOTKEY] C:\Program Files\ASUS\ATK Hotkey\HControl.exe (ASUS)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.)
O4 - HKLM..\Run: [HControlUser] C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O15 - HKCU\..Trusted Domains: google.com ([mail] https in Trusted sites)
O15 - HKCU\..Trusted Domains: line6.net ([]* in Trusted sites)
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus.com/common/asusTek_sys_ctrl.cab (asusTek_sysctrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6C1DE315-5661-4764-8FB9-ED7F722BD42A}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\Aspwdflt: DllName - (C:\Program Files\ASUS\ASUS Data Security Manager\ASPWDFLT.dll) - C:\Program Files\ASUS\ASUS Data Security Manager\ASPWDFLT.dll (ASUSTek Computer Inc.)
O24 - Desktop Components:1 () - http://weathersticker.wunderground.com/cgi-bin/banner/ban/wxBanner?bannertype=wu_bluestripes&airportcode=LRBC&ForcedCity=Birlad&ForcedState=
O24 - Desktop WallPaper: C:\Documents and Settings\Carolyn Blake\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Carolyn Blake\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/02/15 23:31:01 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 360 Days ==========

[2012/05/06 12:19:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn Blake\Desktop\test files
[2012/05/06 12:04:20 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Carolyn Blake\Desktop\OTL.exe
[2012/05/05 13:17:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012/05/05 13:17:22 | 000,000,000 | ---D | C] -- C:\Program Files\Secrets of the Dark - Eclipse Mountain Collector's Edition
[2012/05/05 13:17:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Secrets of the Dark - Eclipse Mountain Collector's Edition
[2012/05/05 12:48:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2012/05/05 12:48:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[2012/05/04 20:42:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Rootkit Unhooker LE
[2012/05/04 20:41:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn Blake\Desktop\RkU3.8.388.590
[2012/05/04 20:35:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\7-Zip
[2012/05/04 15:09:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn Blake\Application Data\AVG2012
[2012/05/04 15:08:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG
[2012/05/04 15:06:51 | 000,000,000 | -H-D | C] -- C:\$AVG
[2012/05/04 15:06:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2012/05/04 15:06:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\AVG
[2012/05/04 15:06:17 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2012/05/04 15:03:46 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2012/05/04 15:03:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2012/05/04 15:03:28 | 003,878,264 | ---- | C] (AVG Technologies) -- C:\Documents and Settings\Carolyn Blake\Desktop\avg_free_stb_all_2012_2169_cnet.exe
[2012/05/04 14:48:43 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/05/04 13:13:52 | 004,483,323 | R--- | C] (Swearware) -- C:\Documents and Settings\Carolyn Blake\Desktop\ComboFix.exe
[2012/05/04 12:54:01 | 018,376,624 | ---- | C] (Mooii) -- C:\Documents and Settings\Carolyn Blake\Desktop\PhotoScape_V3.6.2.exe
[2012/05/04 00:32:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn Blake\Application Data\Immunet
[2012/05/03 19:50:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn Blake\Application Data\Meridian93
[2012/05/03 18:52:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn Blake\My Documents\Anti-Malware
[2012/05/03 18:51:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Emsisoft HiJackFree
[2012/05/03 18:51:34 | 000,000,000 | ---D | C] -- C:\Program Files\Emsisoft HiJackFree
[2012/05/03 16:13:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2012/05/03 16:13:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2012/05/03 16:13:20 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/05/02 16:46:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn Blake\My Documents\cc cleaner reg bkups
[2012/05/02 16:41:03 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Carolyn Blake\Recent
[2012/05/02 13:51:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn Blake\Start Menu\Programs\Google Chrome
[2012/05/01 16:23:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\HMA! Pro VPN
[2012/05/01 16:23:02 | 000,000,000 | ---D | C] -- C:\Program Files\HMA! Pro VPN
[2012/04/28 11:06:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn Blake\Application Data\LegacyInteractive
[2012/04/27 23:56:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn Blake\Application Data\ImgBurn
[2012/04/27 23:52:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ImgBurn
[2012/04/27 23:52:02 | 000,000,000 | ---D | C] -- C:\Program Files\ImgBurn
[2012/04/27 21:06:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DailyMagic
[2012/04/27 20:41:51 | 000,000,000 | ---D | C] -- C:\Program Files\Vampire Saga - Break Out
[2012/04/27 20:41:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Vampire Saga - Break Out
[2012/04/27 18:15:35 | 000,419,488 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/04/27 18:14:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\logs
[2012/04/26 16:19:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AirTies
[2012/04/23 19:12:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn Blake\Local Settings\Application Data\Roozz
[2012/04/21 16:32:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn Blake\Desktop\critters
[2012/04/21 12:47:41 | 000,000,000 | ---D | C] -- C:\AirTies
[2012/04/21 12:47:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn Blake\Local Settings\Application Data\AirTies
[2012/04/20 18:40:31 | 000,000,000 | ---D | C] -- C:\Program Files\AirTies
[2012/04/20 18:40:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AirTies
[2012/04/19 04:50:26 | 000,024,896 | ---- | C] (AVG Technologies CZ, s.r.o. ) -- C:\WINDOWS\System32\drivers\avgidshx.sys
[2012/04/15 20:19:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn Blake\Desktop\a84632f1fa0167a7f7aeceb41a5c45ff02455954
[2012/04/12 13:13:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn Blake\My Documents\Calibre Library
[2012/04/12 13:13:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn Blake\Application Data\calibre
[2012/04/12 13:12:38 | 000,000,000 | ---D | C] -- C:\Program Files\Calibre2
[2012/04/12 13:12:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\calibre - E-book Management
[2012/04/05 13:18:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\The Net Results
[2012/04/05 00:05:37 | 000,018,816 | ---- | C] (Sophos Group) -- C:\WINDOWS\System32\SAVRKBootTasks.sys
[2012/04/04 21:47:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn Blake\Desktop\Unused Desktop Shortcuts
[2012/04/03 18:52:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn Blake\Application Data\4 Friends Games
[2012/04/03 18:42:35 | 000,000,000 | ---D | C] -- C:\games
[2012/04/03 16:07:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Micro Niche Finder 5.0
[2012/04/03 15:15:51 | 000,051,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vbame.dll
[2012/03/31 11:57:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\DAEMON Tools Images
[2012/03/20 15:26:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2012/03/20 15:16:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn Blake\Application Data\RealNetworks
[2012/03/19 05:17:28 | 000,301,248 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2012/03/16 12:43:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn Blake\Application Data\EbookNicheExplorer
[2012/03/16 12:43:19 | 000,000,000 | ---D | C] -- C:\Program Files\The Net Results
[2012/03/15 15:41:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn Blake\Desktop\energizer
[2012/03/15 15:11:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn Blake\Local Settings\Application Data\Babylon
[2012/03/15 15:11:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn Blake\Application Data\Babylon
[2012/03/15 15:11:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Babylon
[2012/03/15 15:01:15 | 000,000,000 | ---D | C] -- C:\Program Files\Market Samurai
[2012/03/09 02:16:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn Blake\Desktop\John
[2012/03/08 22:21:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn Blake\Local Settings\Application Data\Sophos
[2012/03/08 21:50:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sophos
[2012/03/08 21:48:27 | 000,000,000 | ---D | C] -- C:\stdtsa
[2012/03/08 20:42:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Sophos
[2012/03/08 20:42:02 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos
[2012/03/03 12:56:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn Blake\Desktop\ted
[2012/03/03 01:05:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn Blake\Desktop\spun articles
[2012/02/28 13:54:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn Blake\Application Data\JonathanLeger.com
[2012/02/28 13:54:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn Blake\Local Settings\Application Data\IsolatedStorage
[2012/02/28 13:53:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn Blake\Local Settings\Application Data\JonathanLeger.com
[2012/02/28 13:52:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn Blake\Start Menu\Programs\TheBestSpinner3
[2012/02/28 13:52:19 | 000,000,000 | ---D | C] -- C:\Program Files\TheBestSpinner3
[2012/02/25 18:24:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Article Marketing Robot
[2012/02/25 18:23:50 | 000,000,000 | ---D | C] -- C:\Program Files\Article Marketing Robot
[2012/02/25 18:23:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn Blake\Application Data\Article Marketing Robot
[2012/02/24 17:30:19 | 000,000,000 | ---D | C] -- C:\Program Files\The Agency of Anomalies - Cinderstone Orphanage Collector's Edition
[2012/02/24 17:30:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\The Agency of Anomalies - Cinderstone Orphanage Collector's Edition
[2012/02/22 05:25:32 | 000,235,216 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2012/02/19 16:29:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn Blake\Desktop\produkey
[2012/02/14 00:47:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn Blake\My Documents\2012-02-13
[2012/02/11 22:59:03 | 000,000,000 | ---D | C] -- C:\Program Files\Standard8-in-Right
[2012/02/11 22:58:27 | 000,000,000 | ---D | C] -- C:\Program Files\8in1
[2012/02/09 12:09:27 | 000,000,000 | ---D | C] -- C:\Program Files\Sticky-Notes
[2012/02/09 12:02:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn Blake\Application Data\Conceptworld
[2012/02/09 12:02:45 | 001,060,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc71.dll
[2012/02/09 12:02:42 | 000,000,000 | ---D | C] -- C:\Program Files\Conceptworld
[2012/01/31 04:46:50 | 000,031,952 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgrkx86.sys
[2012/01/30 16:24:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\sun
[2012/01/29 21:22:01 | 000,000,000 | --SD | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\OpenOffice.org 3.3
[2012/01/29 21:16:17 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2012/01/29 21:16:17 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2012/01/29 21:16:17 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2012/01/20 20:31:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn Blake\.linkassistant
[2012/01/18 15:29:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/01/18 15:29:06 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/01/18 15:29:06 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/01/17 14:35:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn Blake\Local Settings\Application Data\Mirillis
[2012/01/17 14:35:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn Blake\Application Data\Mirillis
[2012/01/17 14:35:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Mirillis
[2012/01/13 17:18:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn Blake\Local Settings\Application Data\APN
[2012/01/12 22:19:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn Blake\.ranktracker
[2012/01/12 22:17:13 | 000,000,000 | ---D | C] -- C:\Program Files\SEO PowerSuite
[2012/01/10 11:41:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn Blake\My Documents\2012-01-10
[2012/01/08 04:27:34 | 000,000,000 | ---D | C] -- C:\Program Files\Grim Tales - The Bride Collector's Edition
[2012/01/08 04:27:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Grim Tales - The Bride Collector's Edition
[2012/01/06 18:48:55 | 000,000,000 | ---D | C] -- C:\Program Files\Canon
[2012/01/06 18:24:47 | 000,000,000 | ---D | C] -- C:\spoolerlogs
[2012/01/04 03:48:42 | 000,354,176 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\DivXControlPanelApplet.cpl
[2011/12/29 22:47:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn Blake\Local Settings\Application Data\Thunderbird
[2011/12/29 22:47:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn Blake\Application Data\Thunderbird
[2011/12/29 22:47:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Eudora OSE
[2011/12/29 00:08:08 | 000,000,000 | ---D | C] -- C:\Program Files\Micro Niche Finder 5.0
[2011/12/27 23:02:32 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/12/27 23:00:17 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/12/27 23:00:17 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/12/27 23:00:17 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/12/27 23:00:17 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/12/27 22:46:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/12/27 22:46:32 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/12/27 21:52:52 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/12/27 14:35:35 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools
[2011/12/27 14:27:58 | 000,185,560 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTSD.sys
[2011/12/27 14:27:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2011/12/27 14:27:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn Blake\Application Data\TestApp
[2011/12/27 14:27:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2011/12/23 13:32:14 | 000,041,040 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2011/12/23 13:32:08 | 000,017,232 | ---- | C] (AVG Technologies CZ, s.r.o. ) -- C:\WINDOWS\System32\drivers\avgidsshimx.sys
[2011/12/23 13:32:06 | 000,024,144 | ---- | C] (AVG Technologies CZ, s.r.o. ) -- C:\WINDOWS\System32\drivers\avgidsfilterx.sys
[2011/12/23 13:32:00 | 000,139,856 | ---- | C] (AVG Technologies CZ, s.r.o. ) -- C:\WINDOWS\System32\drivers\avgidsdriverx.sys
[2011/12/21 13:09:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn Blake\Application Data\Turkcell Teknoloji
[2011/12/19 01:41:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn Blake\Local Settings\Application Data\Ilivid Player
[2011/12/19 01:13:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn Blake\Local Settings\Application Data\PackageAware
[2011/12/11 17:39:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SpywareBlaster
[2011/12/11 17:39:31 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSSTDFMT.DLL
[2011/12/11 17:39:30 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2011/12/07 02:26:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/12/06 20:23:04 | 000,000,000 | ---D | C] -- C:\Program Files\Ashampoo
[2011/12/05 20:18:29 | 000,000,000 | ---D | C] -- C:\Program Files\TextPad 5
[2011/12/05 15:13:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn Blake\Start Menu\Programs\Notepad++
[2011/12/05 15:13:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Notepad++
[2011/12/05 15:13:43 | 000,000,000 | ---D | C] -- C:\Program Files\Notepad++
[2011/11/26 13:10:57 | 000,372,736 | R--- | C] (Hewlett-Packard) -- C:\WINDOWS\System32\hppldcoi.dll
[2011/11/26 13:10:57 | 000,309,760 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\difxapi.dll
[2011/11/26 01:55:30 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Carolyn Blake\Start Menu\Programs\Administrative Tools
[2011/11/26 01:13:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn Blake\Start Menu\Programs\Revo Uninstaller
[2011/11/25 15:03:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn Blake\Start Menu\Programs\XHeader
[2011/11/25 15:03:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Thraex Software
[2011/11/25 11:58:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2011/11/25 11:58:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2011/11/23 13:40:47 | 000,198,832 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll
[2011/11/23 13:40:24 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll
[2011/11/23 13:40:24 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll
[2011/11/23 13:40:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Real
[2011/11/22 17:42:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Driver Tool
[2011/11/22 14:25:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn Blake\Start Menu\Programs\Turkcell
[2011/11/22 14:25:03 | 000,000,000 | ---D | C] -- C:\Program Files\DriverInstall
[2011/11/22 14:25:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn Blake\Local Settings\Application Data\Turkcell_Teknoloji
[2011/11/22 14:25:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn Blake\My Documents\VINN
[2011/11/22 14:24:52 | 000,000,000 | ---D | C] -- C:\Program Files\Turkcell
[2011/11/20 13:38:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn Blake\Application Data\Fuzzy Bug Interactive
[2011/11/20 02:42:24 | 000,000,000 | ---D | C] -- C:\Program Files\RMVB Player
[2011/11/19 00:03:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn Blake\Application Data\SMIGames
[2011/11/17 17:51:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn Blake\Application Data\VendelGAMES
[2011/11/17 02:21:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn Blake\Application Data\BlamGames
[2011/11/14 00:08:50 | 000,000,000 | ---D | C] -- C:\Program Files\MKV Player
[2011/11/07 21:46:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn Blake\Application Data\IronCode
[2011/11/07 04:31:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn Blake\Application Data\Monkey Barrel Games
[2011/11/06 18:48:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2011/11/05 23:26:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn Blake\Application Data\DieselPuppet
[2011/11/04 14:34:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn Blake\Application Data\SpinTop Games
[2011/10/30 15:02:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\K-Lite Codec Pack
[2011/10/28 15:35:34 | 000,000,000 | ---D | C] -- C:\Program Files\Hidden Mysteries - Notre Dame - Secrets of Paris
[2011/10/28 15:35:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Hidden Mysteries - Notre Dame - Secrets of Paris
[2011/10/27 20:53:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Far Mills
[2011/10/24 15:29:02 | 000,094,208 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\QuickTimeVR.qtx
[2011/10/24 15:29:02 | 000,069,632 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\QuickTime.qts
[2011/10/23 19:37:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn Blake\Start Menu\Programs\Broderbund Software
[2011/10/23 19:37:43 | 000,000,000 | ---D | C] -- C:\Program Files\Myst
[2011/10/23 14:22:48 | 000,306,688 | ---- | C] (InstallShield Software Corporation) -- C:\WINDOWS\IsUninst.exe
[2011/10/23 01:34:48 | 000,000,000 | ---D | C] -- C:\Program Files\Eidos Interactive
[2011/10/22 17:02:04 | 000,000,000 | ---D | C] -- C:\Program Files\Blood Oath
[2011/10/20 18:40:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn Blake\Local Settings\Application Data\AV Technologies
[2011/10/16 18:53:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn Blake\My Documents\SystemUpdate13604USB
[2011/10/16 15:20:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn Blake\Start Menu\Programs\LIMBO
[2011/10/16 15:20:34 | 000,000,000 | ---D | C] -- C:\Program Files\LIMBO
[2011/10/09 02:08:22 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_43.dll
[2011/10/08 17:21:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn Blake\Application Data\Chayowo Games
[2011/10/05 20:41:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn Blake\Application Data\MediaArt
[2011/10/05 20:41:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MediaArt
[2011/10/04 19:50:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn Blake\Local Settings\Application Data\XboxMB
[2011/10/04 19:10:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn Blake\Application Data\Datel
[2011/10/04 02:26:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn Blake\Local Settings\Application Data\Team_Horizon
[2011/10/04 02:26:04 | 000,000,000 | ---D | C] -- C:\Program Files\Xenocode
[2011/10/04 02:26:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn Blake\Local Settings\Application Data\Xenocode
[2011/10/02 15:22:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn Blake\Application Data\URSE Games
[2011/10/01 23:59:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn Blake\Application Data\Enlightenus2SE_BFG
[2011/10/01 22:48:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Cursed House
[2011/09/29 23:37:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn Blake\Local Settings\Application Data\uTorrentBar
[2011/09/29 17:23:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn Blake\My Documents\usb xtaf
[2011/09/29 17:19:50 | 000,000,000 | ---D | C] -- C:\Program Files\JDownloader
[2011/09/28 13:17:03 | 000,000,000 | ---D | C] -- C:\Program Files\Ergo Romanian
[2011/09/28 13:17:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Ergo Romanian
[2011/09/28 13:16:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2011/09/24 22:08:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\EASEUS Partition Master 9.1.0 Home Edition
[2011/09/24 22:08:18 | 000,000,000 | ---D | C] -- C:\Program Files\EASEUS
[2011/09/24 15:55:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn Blake\Application Data\RenPy
[2011/09/24 15:54:43 | 000,000,000 | ---D | C] -- C:\Program Files\Always Remember Me
[2011/09/22 21:40:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn Blake\Desktop\HSA
[2011/09/20 12:23:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn Blake\Desktop\rank&pillage
[2011/09/19 18:07:26 | 000,000,000 | ---D | C] -- C:\Program Files\Urban Legends - The Maze
[2011/09/19 18:07:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Urban Legends - The Maze
[2011/09/18 22:56:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn Blake\Application Data\md studio
[2011/09/17 20:48:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn Blake\Application Data\BitTorrent
[2011/09/15 02:40:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn Blake\Application Data\GreenSauceGames
[2011/09/14 16:56:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\FLEXnet
[2011/09/12 16:10:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn Blake\Desktop\Sant Mat
[2011/09/10 00:26:14 | 000,000,000 | ---D | C] -- C:\new fonts
[2011/09/05 01:58:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn Blake\Application Data\HdO Adventure
[2011/09/01 15:12:28 | 004,528,854 | ---- | C] (FileZilla Project) -- C:\Documents and Settings\Carolyn Blake\My Documents\FileZilla_3.5.1_win32-setup.exe
[2011/08/31 23:38:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn Blake\Application Data\casualArts
[2011/08/31 23:38:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\casualArts
[2011/08/31 18:46:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn Blake\Application Data\Fenomen Games
[2011/08/19 23:15:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn Blake\Application Data\Alawar Stargaze
[2011/08/18 02:24:51 | 000,000,000 | ---D | C] -- C:\Program Files\Time Mysteries - Inheritance
[2011/08/15 18:33:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn Blake\Application Data\Free PDF to Word Converter
[2011/08/15 18:24:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SBSolutions
[2011/08/15 17:26:04 | 000,000,000 | ---D | C] -- C:\Program Files\gs
[2011/08/15 16:49:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn Blake\Start Menu\Programs\WinRAR
[2011/08/15 16:49:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinRAR
[2011/08/15 16:49:29 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2011/08/15 16:41:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn Blake\.scribus
[2011/08/11 17:41:52 | 000,356,352 | ---- | C] (eSellerate Inc.) -- C:\WINDOWS\eSellerateEngine.dll
[2011/08/11 17:41:52 | 000,040,960 | ---- | C] (DNAML Pty Ltd) -- C:\WINDOWS\dbrmdwb.exe
[2011/08/11 17:41:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn Blake\My Documents\My eBooks
[2011/08/09 20:02:53 | 000,061,440 | ---- | C] (Xaudio Corporation) -- C:\WINDOWS\System32\xa_dsound_output.dll
[2011/08/09 20:02:52 | 000,270,336 | ---- | C] (Xaudio Corporation) -- C:\WINDOWS\System32\xaudio.dll
[2011/08/09 20:02:52 | 000,069,632 | ---- | C] (Xaudio Corporation) -- C:\WINDOWS\System32\xanalyze.dll
[2011/08/08 14:49:59 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Carolyn Blake\My Documents\My Pictures
[2011/08/07 15:40:27 | 000,000,000 | ---D | C] -- C:\Program Files\Solveig Multimedia
[2011/08/07 15:35:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn Blake\Local Settings\Application Data\HandBrake
[2011/08/07 15:35:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn Blake\Application Data\HandBrake
[2011/08/07 15:35:04 | 000,000,000 | ---D | C] -- C:\Program Files\Handbrake
[2011/08/06 11:47:33 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2011/08/01 15:20:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Yahoo! Messenger
[2011/07/31 03:51:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn Blake\My Documents\Abandonware
[2011/07/31 03:49:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn Blake\My Documents\empowerment gifts
[2011/07/30 02:47:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn Blake\My Documents\2011-07-25
[2011/07/29 15:05:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn Blake\Application Data\Broken Rules
[2011/07/29 14:16:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn Blake\My Documents\VVVVVV
[2011/07/29 13:05:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn Blake\My Documents\Crayon Physics Deluxe
[2011/07/29 13:03:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn Blake\Application Data\Crayon Physics Deluxe
[2011/07/29 11:25:46 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2011/07/29 01:22:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn Blake\Application Data\Lazy 8 Studios
[2011/07/29 01:20:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn Blake\Local Settings\Application Data\Lazy 8 Studios
[2011/07/29 01:20:24 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_43.dll
[2011/07/28 01:43:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\McAfee
[2011/07/27 21:26:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\OnlyWire
[2011/07/27 21:26:23 | 000,000,000 | ---D | C] -- C:\Program Files\OnlyWire
[2011/07/26 11:15:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TheFallTrilogyEp3-BF
[2011/07/26 00:46:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2011/07/25 16:48:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn Blake\Local Settings\Application Data\Facebook
[2011/07/22 23:03:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn Blake\Application Data\GameInvest
[2011/07/21 22:22:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn Blake\Application Data\HitPoint Studios
[2011/07/15 12:10:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn Blake\Local Settings\Application Data\Astar Games
[2011/07/13 17:00:14 | 000,026,112 | ---- | C] (The OpenVPN Project) -- C:\WINDOWS\System32\drivers\tap0901.sys
[2011/07/13 16:11:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn Blake\Application Data\Boolat Games
[2011/07/12 20:19:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn Blake\Application Data\VampireSagaHL
[2011/07/12 20:17:40 | 000,000,000 | ---D | C] -- C:\Program Files\Vampire Saga - Welcome To Hell Lock
[2011/07/12 20:17:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Vampire Saga - Welcome To Hell Lock
[2011/07/10 13:07:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn Blake\Application Data\LestaStudio
[2011/07/07 17:14:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn Blake\Application Data\com.focusboosterapp.focusbooster.8E5F79C899747AD22E21DB62AA496926DA6BBC64.1
[2011/07/06 00:12:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\TheFallTrilogy
[2011/07/04 23:48:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Xilisoft
[2011/06/30 18:53:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Deep Shadows
[2011/06/25 13:01:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\YouTube Downloader
[2011/06/22 19:16:15 | 000,000,000 | ---D | C] -- C:\Program Files\AVI to 3GP
[2011/06/21 14:20:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn Blake\My Documents\Ghost in the Sheet
[2011/06/14 16:14:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
[2011/06/14 16:14:44 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/06/14 12:19:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn Blake\Application Data\Dekovir
[2011/06/11 00:09:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn Blake\Application Data\com.socialbox.socialbox
[2011/06/08 23:01:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn Blake\Application Data\DailyMagic
[2011/06/07 18:00:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Skype Extras
[2011/05/31 13:30:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn Blake\Local Settings\Application Data\Vivox
[2011/05/27 11:47:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn Blake\Local Settings\Application Data\Ashampoo Music Studio 3
[2011/05/20 13:04:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Instant Eyedropper
[2011/05/20 13:04:58 | 000,000,000 | ---D | C] -- C:\Program Files\InstantEyedropper
[2011/05/17 00:28:40 | 000,159,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusd.dll
[2011/05/17 00:28:40 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusb.dll
[2011/05/14 14:32:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn Blake\Application Data\Colibri Games
[2011/05/14 14:32:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Colibri Games
[2011/05/14 08:50:34 | 000,000,000 | ---D | C] -- C:\Program Files\1916 - Der Unbekannte Krieg
[2011/05/13 10:05:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carolyn Blake\Application Data\Canon
[2011/05/13 09:47:26 | 000,352,256 | ---- | C] (CANON INC.) -- C:\WINDOWS\System32\CNQL1213.DLL
[2011/05/13 09:47:26 | 000,057,344 | ---- | C] (CANON INC.) -- C:\WINDOWS\System32\CNQU110.DLL
[2011/05/13 09:47:26 | 000,000,000 | ---D | C] -- C:\CanoScan
[2011/05/13 07:33:50 | 000,070,304 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/05/12 23:42:10 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl

descriptionSearching blocked by Google EmptyRe: Searching blocked by Google6th May 2012, 9:46 am

more_horiz
otl.txt part 3

========== Files - Modified Within 360 Days ==========

[2012/05/06 12:04:47 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Carolyn Blake\Desktop\OTL.exe
[2012/05/06 12:04:01 | 000,001,010 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-823518204-606747145-1177238915-1003UA.job
[2012/05/06 11:52:42 | 097,285,812 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2012/05/06 11:51:22 | 000,443,020 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/05/06 11:51:22 | 000,070,812 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/05/06 11:51:08 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{AD86CA84-E512-4EF7-9AEF-BA4F952FD154}.job
[2012/05/06 11:49:15 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/05/06 11:46:48 | 000,000,294 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-823518204-606747145-1177238915-1003.job
[2012/05/06 11:46:46 | 000,000,896 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/05/06 11:46:42 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/05/06 03:44:03 | 000,000,900 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/05/05 22:04:00 | 000,000,958 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-823518204-606747145-1177238915-1003Core.job
[2012/05/05 13:49:10 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/05/05 13:49:10 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/05/05 13:17:41 | 000,002,062 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Play Secrets of the Dark - Eclipse Mountain Collector's Edition.lnk
[2012/05/05 13:17:41 | 000,001,282 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\More Great Games.lnk
[2012/05/05 12:48:31 | 000,001,878 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2012/05/04 20:38:40 | 000,629,057 | ---- | M] () -- C:\Documents and Settings\Carolyn Blake\Desktop\RkU3.8.388.590.rar
[2012/05/04 20:35:46 | 001,110,476 | ---- | M] () -- C:\Documents and Settings\Carolyn Blake\Desktop\7z920.exe
[2012/05/04 18:01:10 | 000,034,142 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2012/05/04 15:08:14 | 000,000,702 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2012.lnk
[2012/05/04 15:03:30 | 003,878,264 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\Carolyn Blake\Desktop\avg_free_stb_all_2012_2169_cnet.exe
[2012/05/04 14:44:52 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/05/04 13:14:35 | 004,483,323 | R--- | M] (Swearware) -- C:\Documents and Settings\Carolyn Blake\Desktop\ComboFix.exe
[2012/05/04 12:59:14 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\Carolyn Blake\Application Data\Microsoft\Internet Explorer\Quick Launch\PhotoScape.lnk
[2012/05/04 12:59:14 | 000,000,706 | ---- | M] () -- C:\Documents and Settings\Carolyn Blake\Desktop\PhotoScape.lnk
[2012/05/04 12:57:43 | 018,376,624 | ---- | M] (Mooii) -- C:\Documents and Settings\Carolyn Blake\Desktop\PhotoScape_V3.6.2.exe
[2012/05/04 12:45:40 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012/05/04 01:16:01 | 000,000,302 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-823518204-606747145-1177238915-1003.job
[2012/05/03 23:27:54 | 000,000,030 | ---- | M] () -- C:\WINDOWS\popcinfo.dat
[2012/05/03 21:51:41 | 000,034,853 | ---- | M] () -- C:\Documents and Settings\Carolyn Blake\Desktop\ascension.jpg
[2012/05/03 18:51:35 | 000,000,705 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Emsisoft HiJackFree.lnk
[2012/05/03 16:52:38 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/05/03 16:13:26 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/05/02 16:39:10 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2012/05/02 13:51:18 | 000,002,346 | ---- | M] () -- C:\Documents and Settings\Carolyn Blake\Desktop\Google Chrome.lnk
[2012/05/02 13:51:18 | 000,002,322 | ---- | M] () -- C:\Documents and Settings\Carolyn Blake\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/05/02 13:33:25 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/01 16:23:04 | 000,000,804 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HMA! Pro VPN.lnk
[2012/04/30 20:48:19 | 000,000,719 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\calibre - E-book management.lnk
[2012/04/30 01:02:14 | 000,024,243 | ---- | M] () -- C:\Documents and Settings\Carolyn Blake\Desktop\img_1640_aliens-vs-predator-birthday-cake-360p.jpg
[2012/04/30 00:53:17 | 000,031,518 | ---- | M] () -- C:\Documents and Settings\Carolyn Blake\Desktop\birthday-alien.jpg
[2012/04/30 00:51:30 | 000,183,878 | ---- | M] () -- C:\Documents and Settings\Carolyn Blake\Desktop\alien cake.jpg
[2012/04/29 21:10:44 | 000,000,237 | ---- | M] () -- C:\Documents and Settings\Carolyn Blake\Desktop\WirelessSecurityPassword.ini
[2012/04/27 23:52:04 | 000,001,546 | ---- | M] () -- C:\Documents and Settings\Carolyn Blake\Application Data\Microsoft\Internet Explorer\Quick Launch\ImgBurn.lnk
[2012/04/27 23:52:03 | 000,001,528 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ImgBurn.lnk
[2012/04/27 23:05:07 | 000,044,544 | ---- | M] () -- C:\Documents and Settings\Carolyn Blake\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/04/27 20:42:37 | 000,001,694 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Play Vampire Saga - Break Out.lnk
[2012/04/27 18:42:58 | 000,007,194 | ---- | M] () -- C:\Documents and Settings\Carolyn Blake\Desktop\rita.jpg
[2012/04/26 16:19:08 | 000,001,533 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AirTies Utility.lnk
[2012/04/25 22:53:27 | 000,012,711 | ---- | M] () -- C:\Documents and Settings\Carolyn Blake\Desktop\Carolyn's Stuff.odt
[2012/04/24 22:10:31 | 000,105,102 | ---- | M] () -- C:\Documents and Settings\Carolyn Blake\Desktop\Van Gogh Cake.jpg
[2012/04/23 00:09:47 | 000,148,824 | ---- | M] () -- C:\Documents and Settings\Carolyn Blake\Desktop\tom_hardy.jpg
[2012/04/21 12:30:26 | 000,000,468 | ---- | M] () -- C:\Documents and Settings\Carolyn Blake\My Documents\spider.sav
[2012/04/19 04:50:26 | 000,024,896 | ---- | M] (AVG Technologies CZ, s.r.o. ) -- C:\WINDOWS\System32\drivers\avgidshx.sys
[2012/04/18 01:49:58 | 000,126,709 | ---- | M] () -- C:\Documents and Settings\Carolyn Blake\.ranktracker.properties
[2012/04/06 19:29:50 | 000,196,551 | ---- | M] () -- C:\Documents and Settings\Carolyn Blake\Desktop\banedarkknightrises.jpg
[2012/04/05 13:18:42 | 000,000,876 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ebook Niche Explorer.lnk
[2012/04/04 17:49:26 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/04/04 17:48:13 | 000,039,280 | ---- | M] () -- C:\Documents and Settings\Carolyn Blake\My Documents\cc_20120404_174754.reg
[2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/04/03 16:07:25 | 000,001,828 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Micro Niche Finder 5.0.lnk
[2012/03/29 00:17:22 | 000,078,585 | ---- | M] () -- C:\Documents and Settings\Carolyn Blake\Desktop\MoneywordMatrix-competition-latest.png
[2012/03/25 22:41:42 | 000,184,124 | ---- | M] () -- C:\Documents and Settings\Carolyn Blake\Desktop\Ray Bradbury - Skeleton.pdf
[2012/03/20 15:25:18 | 000,198,832 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll
[2012/03/20 15:24:32 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll
[2012/03/20 15:24:32 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll
[2012/03/20 15:24:26 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\WINDOWS\System32\pncrt.dll
[2012/03/19 05:17:28 | 000,301,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2012/03/17 13:45:35 | 000,011,813 | ---- | M] () -- C:\Documents and Settings\Carolyn Blake\My Documents\jos kindle stuff et al.dxp
[2012/03/15 15:13:21 | 000,000,844 | ---- | M] () -- C:\Documents and Settings\Carolyn Blake\Application Data\Microsoft\Internet Explorer\Quick Launch\GOM Player.lnk
[2012/03/15 15:11:41 | 000,000,237 | ---- | M] () -- C:\user.js
[2012/03/14 17:36:17 | 000,062,996 | ---- | M] () -- C:\Documents and Settings\Carolyn Blake\My Documents\LiveLinks Report for bj@a-link-for-you.info.html
[2012/03/09 12:16:44 | 000,000,772 | ---- | M] () -- C:\Documents and Settings\Carolyn Blake\Desktop\Shortcut to Article Marketing Robot.exe.lnk
[2012/03/08 21:39:03 | 090,600,384 | ---- | M] () -- C:\Documents and Settings\Carolyn Blake\Desktop\std20sasfx.exe
[2012/02/28 13:55:14 | 000,001,665 | ---- | M] () -- C:\Documents and Settings\Carolyn Blake\Desktop\BestSpinner.lnk
[2012/02/22 17:29:29 | 000,000,919 | ---- | M] () -- C:\Documents and Settings\Carolyn Blake\Desktop\Shortcut to UNINV.EXE.lnk
[2012/02/22 17:05:47 | 000,007,680 | ---- | M] () -- C:\WINDOWS\~INSX462.EXE
[2012/02/22 05:25:32 | 000,235,216 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2012/02/19 16:37:29 | 000,254,650 | ---- | M] () -- C:\Documents and Settings\Carolyn Blake\Local Settings\Application Data\census.cache
[2012/02/19 16:37:27 | 000,222,827 | ---- | M] () -- C:\Documents and Settings\Carolyn Blake\Local Settings\Application Data\ars.cache
[2012/02/14 00:31:58 | 000,136,506 | ---- | M] () -- C:\WINDOWS\hphins33.dat
[2012/02/01 14:32:58 | 000,036,363 | ---- | M] () -- C:\WINDOWS\CSTBox.INI
[2012/01/31 04:46:50 | 000,031,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgrkx86.sys
[2012/01/30 12:19:09 | 000,305,216 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/01/20 21:42:57 | 000,086,062 | ---- | M] () -- C:\Documents and Settings\Carolyn Blake\.linkassistant.properties
[2012/01/12 22:17:31 | 000,001,906 | ---- | M] () -- C:\Documents and Settings\Carolyn Blake\Desktop\Rank Tracker.lnk
[2012/01/10 11:43:35 | 000,022,528 | -H-- | M] () -- C:\Documents and Settings\Carolyn Blake\My Documents\photothumb.db
[2012/01/04 03:48:42 | 000,354,176 | ---- | M] (DivX, Inc.) -- C:\WINDOWS\System32\DivXControlPanelApplet.cpl
[2011/12/28 00:47:31 | 000,542,900 | ---- | M] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2011/12/28 00:34:46 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/12/26 18:42:59 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2011/12/23 13:32:14 | 000,041,040 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2011/12/23 13:32:08 | 000,017,232 | ---- | M] (AVG Technologies CZ, s.r.o. ) -- C:\WINDOWS\System32\drivers\avgidsshimx.sys
[2011/12/23 13:32:06 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) -- C:\WINDOWS\System32\drivers\avgidsfilterx.sys
[2011/12/23 13:32:00 | 000,139,856 | ---- | M] (AVG Technologies CZ, s.r.o. ) -- C:\WINDOWS\System32\drivers\avgidsdriverx.sys
[2011/12/12 22:19:07 | 000,000,536 | ---- | M] () -- C:\Documents and Settings\Carolyn Blake\Desktop\Shortcut to budgetineriordes_ideas.lnk
[2011/12/11 22:49:09 | 000,074,216 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/12/07 12:04:33 | 000,001,576 | ---- | M] () -- C:\Documents and Settings\Carolyn Blake\Desktop\TextPad.lnk
[2011/12/05 18:38:50 | 000,233,819 | ---- | M] () -- C:\Documents and Settings\Carolyn Blake\Desktop\Servant.pdf
[2011/11/26 01:13:10 | 000,000,917 | ---- | M] () -- C:\Documents and Settings\Carolyn Blake\Desktop\Revo Uninstaller.lnk
[2011/11/25 15:03:12 | 000,201,972 | ---- | M] () -- C:\WINDOWS\XHeader Uninstaller.exe
[2011/11/25 15:03:12 | 000,000,666 | ---- | M] () -- C:\Documents and Settings\Carolyn Blake\Desktop\XHeader.lnk
[2011/11/22 20:42:40 | 000,185,560 | ---- | M] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTSD.sys
[2011/10/29 17:33:31 | 000,090,218 | ---- | M] () -- C:\Documents and Settings\Carolyn Blake\My Documents\unclesam.odp
[2011/10/25 15:54:24 | 005,049,658 | ---- | M] () -- C:\Documents and Settings\Carolyn Blake\My Documents\sponsorship.wmv
[2011/10/24 15:48:49 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/10/24 15:29:02 | 000,094,208 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\QuickTimeVR.qtx
[2011/10/24 15:29:02 | 000,069,632 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\QuickTime.qts
[2011/10/17 21:22:54 | 000,000,892 | ---- | M] () -- C:\Documents and Settings\Carolyn Blake\.recently-used.xbel
[2011/10/16 17:34:06 | 000,000,754 | ---- | M] () -- C:\WINDOWS\WORDPAD.INI
[2011/10/16 15:20:40 | 000,000,638 | ---- | M] () -- C:\Documents and Settings\Carolyn Blake\Desktop\LIMBO.lnk
[2011/10/14 19:45:56 | 000,174,356 | ---- | M] () -- C:\Documents and Settings\Carolyn Blake\My Documents\cc_20111014_194550.reg
[2011/10/12 21:14:52 | 000,000,730 | ---- | M] () -- C:\Documents and Settings\Carolyn Blake\Desktop\Mozilla Firefox (2).lnk
[2011/10/07 16:11:51 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\Carolyn Blake\Desktop\Instant Eyedropper (2).lnk
[2011/10/03 06:06:16 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/10/03 06:06:15 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/10/03 06:06:14 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/10/03 06:06:03 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2011/10/03 03:37:52 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2011/09/23 18:33:38 | 000,000,740 | ---- | M] () -- C:\Documents and Settings\Carolyn Blake\Desktop\Eusing Registry Cleaner.lnk
[2011/09/17 20:49:17 | 000,000,668 | ---- | M] () -- C:\Documents and Settings\Carolyn Blake\Application Data\Microsoft\Internet Explorer\Quick Launch\BitTorrent.lnk
[2011/09/17 20:49:17 | 000,000,650 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\BitTorrent.lnk
[2011/09/14 17:08:39 | 000,000,849 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HD ADeck.lnk
[2011/09/12 16:06:50 | 001,982,848 | ---- | M] () -- C:\Documents and Settings\Carolyn Blake\My Documents\spiritualgems.pdf
[2011/09/09 18:23:34 | 002,469,760 | ---- | M] () -- C:\WINDOWS\System32\BootMan.exe
[2011/09/08 17:31:30 | 000,000,439 | ---- | M] () -- C:\Documents and Settings\Carolyn Blake\Desktop\Shortcut to Allen affiliiate sites.lnk
[2011/09/06 02:35:23 | 000,000,369 | ---- | M] () -- C:\Documents and Settings\Carolyn Blake\Desktop\Shortcut to Torrents.lnk
[2011/09/05 13:08:04 | 000,001,475 | ---- | M] () -- C:\Documents and Settings\Carolyn Blake\Desktop\Windows Explorer.lnk
[2011/09/01 15:12:35 | 004,528,854 | ---- | M] (FileZilla Project) -- C:\Documents and Settings\Carolyn Blake\My Documents\FileZilla_3.5.1_win32-setup.exe
[2011/08/11 17:44:42 | 000,040,960 | ---- | M] (DNAML Pty Ltd) -- C:\WINDOWS\dbrmdwb.exe
[2011/08/11 17:41:52 | 000,638,464 | ---- | M] () -- C:\WINDOWS\dbplugin.exe
[2011/08/11 17:41:52 | 000,356,352 | ---- | M] (eSellerate Inc.) -- C:\WINDOWS\eSellerateEngine.dll
[2011/08/11 17:41:51 | 002,416,752 | ---- | M] () -- C:\WINDOWS\dbplugin.ocx
[2011/08/11 17:41:51 | 000,823,296 | ---- | M] () -- C:\WINDOWS\npdbplug.dll
[2011/08/11 17:41:51 | 000,668,160 | ---- | M] () -- C:\WINDOWS\dtaplugin.exe
[2011/08/11 17:41:51 | 000,000,601 | ---- | M] () -- C:\WINDOWS\npdbplug.xpt
[2011/08/10 11:30:36 | 000,001,171 | ---- | M] () -- C:\Documents and Settings\Carolyn Blake\Desktop\Shortcut to kompozer.lnk
[2011/08/08 14:28:34 | 000,000,864 | ---- | M] () -- C:\Documents and Settings\Carolyn Blake\Desktop\Xilisoft.lnk
[2011/08/01 12:44:26 | 000,404,256 | R--- | M] () -- C:\WINDOWS\System32\drivers\SRS_AE_i386.sys
[2011/07/30 02:16:37 | 000,042,472 | ---- | M] () -- C:\Documents and Settings\Carolyn Blake\My Documents\wordlist3-1.rtf
[2011/07/29 13:54:56 | 000,086,408 | ---- | M] () -- C:\WINDOWS\System32\setupempdrv03.exe
[2011/07/29 13:54:56 | 000,013,192 | ---- | M] () -- C:\WINDOWS\System32\epmntdrv.sys
[2011/07/29 13:54:56 | 000,008,456 | ---- | M] () -- C:\WINDOWS\System32\EuGdiDrv.sys
[2011/07/29 13:54:46 | 000,019,840 | ---- | M] () -- C:\WINDOWS\System32\EuEpmGdi.dll
[2011/07/26 10:30:53 | 000,145,732 | ---- | M] () -- C:\Documents and Settings\Carolyn Blake\My Documents\options_managing_repayment.pdf
[2011/07/21 15:12:32 | 000,045,056 | ---- | M] () -- C:\WINDOWS\System32\acovcnt.exe
[2011/07/13 17:00:14 | 000,026,112 | ---- | M] (The OpenVPN Project) -- C:\WINDOWS\System32\drivers\tap0901.sys
[2011/07/12 18:18:52 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Carolyn Blake\Local Settings\Application Data\{B2817EA7-36DE-4109-AA27-C0BCC302C745}
[2011/07/07 12:26:51 | 000,003,595 | ---- | M] () -- C:\Documents and Settings\Carolyn Blake\My Documents\bday.jpg
[2011/07/07 12:25:58 | 000,034,181 | ---- | M] () -- C:\Documents and Settings\Carolyn Blake\My Documents\bday.gif
[2011/07/07 12:24:44 | 000,010,180 | ---- | M] () -- C:\Documents and Settings\Carolyn Blake\My Documents\birrthday.gif
[2011/06/26 09:45:56 | 000,256,000 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2011/06/20 09:58:36 | 001,219,799 | ---- | M] () -- C:\Documents and Settings\Carolyn Blake\My Documents\A_New_Earth.pdf
[2011/06/16 01:31:43 | 000,000,038 | ---- | M] () -- C:\WINDOWS\AviSplitter.INI
[2011/06/15 12:02:31 | 000,000,208 | ---- | M] () -- C:\WINDOWS\cdplayer.ini
[2011/05/24 20:44:08 | 000,001,492 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\ss.ini
[2011/05/24 20:42:47 | 000,006,348 | ---- | M] () -- C:\Documents and Settings\Carolyn Blake\My Documents\cd.dxp
[2011/05/20 09:58:09 | 000,000,190 | ---- | M] () -- C:\WINDOWS\settings.ini
[2011/05/20 09:40:39 | 000,001,417 | ---- | M] () -- C:\Documents and Settings\Carolyn Blake\Application Data\Microsoft\Internet Explorer\Quick Launch\Game Manager.lnk
[2011/05/20 09:40:39 | 000,001,399 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Game Manager.lnk
[2011/05/12 15:05:32 | 000,018,816 | ---- | M] (Sophos Group) -- C:\WINDOWS\System32\SAVRKBootTasks.sys

========== Files Created - No Company Name ==========

[2012/05/06 11:52:42 | 097,285,812 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2012/05/05 13:17:41 | 000,002,062 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Play Secrets of the Dark - Eclipse Mountain Collector's Edition.lnk
[2012/05/05 13:17:41 | 000,001,282 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\More Great Games.lnk
[2012/05/04 20:38:37 | 000,629,057 | ---- | C] () -- C:\Documents and Settings\Carolyn Blake\Desktop\RkU3.8.388.590.rar
[2012/05/04 20:35:45 | 001,110,476 | ---- | C] () -- C:\Documents and Settings\Carolyn Blake\Desktop\7z920.exe
[2012/05/04 18:01:10 | 000,034,142 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2012/05/04 15:08:14 | 000,000,702 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 2012.lnk
[2012/05/04 12:59:14 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\Carolyn Blake\Application Data\Microsoft\Internet Explorer\Quick Launch\PhotoScape.lnk
[2012/05/03 21:51:39 | 000,034,853 | ---- | C] () -- C:\Documents and Settings\Carolyn Blake\Desktop\ascension.jpg
[2012/05/03 18:51:35 | 000,000,705 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Emsisoft HiJackFree.lnk
[2012/05/03 16:13:26 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/05/02 13:51:18 | 000,002,346 | ---- | C] () -- C:\Documents and Settings\Carolyn Blake\Desktop\Google Chrome.lnk
[2012/05/02 13:51:18 | 000,002,322 | ---- | C] () -- C:\Documents and Settings\Carolyn Blake\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/05/01 16:23:04 | 000,000,804 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HMA! Pro VPN.lnk
[2012/04/30 01:02:16 | 000,024,243 | ---- | C] () -- C:\Documents and Settings\Carolyn Blake\Desktop\img_1640_aliens-vs-predator-birthday-cake-360p.jpg
[2012/04/30 00:53:19 | 000,031,518 | ---- | C] () -- C:\Documents and Settings\Carolyn Blake\Desktop\birthday-alien.jpg
[2012/04/30 00:51:45 | 000,183,878 | ---- | C] () -- C:\Documents and Settings\Carolyn Blake\Desktop\alien cake.jpg
[2012/04/27 23:52:04 | 000,001,546 | ---- | C] () -- C:\Documents and Settings\Carolyn Blake\Application Data\Microsoft\Internet Explorer\Quick Launch\ImgBurn.lnk
[2012/04/27 23:52:03 | 000,001,528 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ImgBurn.lnk
[2012/04/27 20:42:37 | 000,001,694 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Play Vampire Saga - Break Out.lnk
[2012/04/27 18:43:07 | 000,007,194 | ---- | C] () -- C:\Documents and Settings\Carolyn Blake\Desktop\rita.jpg
[2012/04/27 18:15:37 | 000,000,830 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/04/26 16:19:08 | 000,001,533 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AirTies Utility.lnk
[2012/04/25 22:53:33 | 000,012,711 | ---- | C] () -- C:\Documents and Settings\Carolyn Blake\Desktop\Carolyn's Stuff.odt
[2012/04/24 22:10:44 | 000,105,102 | ---- | C] () -- C:\Documents and Settings\Carolyn Blake\Desktop\Van Gogh Cake.jpg
[2012/04/23 00:10:05 | 000,148,824 | ---- | C] () -- C:\Documents and Settings\Carolyn Blake\Desktop\tom_hardy.jpg
[2012/04/21 12:47:41 | 000,000,237 | ---- | C] () -- C:\Documents and Settings\Carolyn Blake\Desktop\WirelessSecurityPassword.ini
[2012/04/12 13:12:57 | 000,000,719 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\calibre - E-book management.lnk
[2012/04/06 19:29:54 | 000,196,551 | ---- | C] () -- C:\Documents and Settings\Carolyn Blake\Desktop\banedarkknightrises.jpg
[2012/04/04 17:48:03 | 000,039,280 | ---- | C] () -- C:\Documents and Settings\Carolyn Blake\My Documents\cc_20120404_174754.reg
[2012/04/03 16:07:25 | 000,001,828 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Micro Niche Finder 5.0.lnk
[2012/03/29 00:17:27 | 000,078,585 | ---- | C] () -- C:\Documents and Settings\Carolyn Blake\Desktop\MoneywordMatrix-competition-latest.png
[2012/03/25 22:40:48 | 000,184,124 | ---- | C] () -- C:\Documents and Settings\Carolyn Blake\Desktop\Ray Bradbury - Skeleton.pdf
[2012/03/17 13:45:35 | 000,011,813 | ---- | C] () -- C:\Documents and Settings\Carolyn Blake\My Documents\jos kindle stuff et al.dxp
[2012/03/16 12:43:24 | 000,000,876 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ebook Niche Explorer.lnk
[2012/03/15 15:11:40 | 000,000,237 | ---- | C] () -- C:\user.js
[2012/03/15 15:01:21 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Market Samurai.lnk
[2012/03/14 17:00:22 | 000,062,996 | ---- | C] () -- C:\Documents and Settings\Carolyn Blake\My Documents\LiveLinks Report for bj@a-link-for-you.info.html
[2012/03/08 21:29:57 | 090,600,384 | ---- | C] () -- C:\Documents and Settings\Carolyn Blake\Desktop\std20sasfx.exe
[2012/03/08 15:18:31 | 000,000,772 | ---- | C] () -- C:\Documents and Settings\Carolyn Blake\Desktop\Shortcut to Article Marketing Robot.exe.lnk
[2012/02/28 13:55:14 | 000,001,665 | ---- | C] () -- C:\Documents and Settings\Carolyn Blake\Desktop\BestSpinner.lnk
[2012/02/22 17:29:29 | 000,000,919 | ---- | C] () -- C:\Documents and Settings\Carolyn Blake\Desktop\Shortcut to UNINV.EXE.lnk
[2012/02/22 17:05:47 | 000,007,680 | ---- | C] () -- C:\WINDOWS\~INSX462.EXE
[2012/02/14 00:24:46 | 000,136,506 | ---- | C] () -- C:\WINDOWS\hphins33.dat
[2012/02/14 00:24:46 | 000,000,512 | ---- | C] () -- C:\WINDOWS\hphmdl33.dat
[2012/01/20 21:42:57 | 000,086,062 | ---- | C] () -- C:\Documents and Settings\Carolyn Blake\.linkassistant.properties
[2012/01/18 15:29:10 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/12 23:24:32 | 000,126,709 | ---- | C] () -- C:\Documents and Settings\Carolyn Blake\.ranktracker.properties
[2012/01/12 22:17:31 | 000,001,906 | ---- | C] () -- C:\Documents and Settings\Carolyn Blake\Desktop\Rank Tracker.lnk
[2012/01/10 11:43:35 | 000,022,528 | -H-- | C] () -- C:\Documents and Settings\Carolyn Blake\My Documents\photothumb.db
[2011/12/29 16:34:20 | 000,254,650 | ---- | C] () -- C:\Documents and Settings\Carolyn Blake\Local Settings\Application Data\census.cache
[2011/12/29 16:34:14 | 000,222,827 | ---- | C] () -- C:\Documents and Settings\Carolyn Blake\Local Settings\Application Data\ars.cache
[2011/12/27 23:02:37 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/12/27 23:02:34 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/12/27 23:00:17 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/12/27 23:00:17 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/12/27 23:00:17 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/12/27 23:00:17 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/12/27 23:00:17 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/12/27 14:28:02 | 000,542,900 | ---- | C] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2011/12/12 22:19:11 | 000,000,536 | ---- | C] () -- C:\Documents and Settings\Carolyn Blake\Desktop\Shortcut to budgetineriordes_ideas.lnk
[2011/12/07 12:04:33 | 000,001,576 | ---- | C] () -- C:\Documents and Settings\Carolyn Blake\Desktop\TextPad.lnk
[2011/12/05 20:18:30 | 000,001,576 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\TextPad.lnk
[2011/12/05 18:38:49 | 000,233,819 | ---- | C] () -- C:\Documents and Settings\Carolyn Blake\Desktop\Servant.pdf
[2011/11/26 15:10:03 | 002,248,101 | ---- | C] () -- C:\Documents and Settings\Carolyn Blake\Desktop\15 0405tbforcarolyn.mp3
[2011/11/26 01:13:10 | 000,000,917 | ---- | C] () -- C:\Documents and Settings\Carolyn Blake\Desktop\Revo Uninstaller.lnk
[2011/11/25 15:03:12 | 000,201,972 | ---- | C] () -- C:\WINDOWS\XHeader Uninstaller.exe
[2011/11/25 15:03:12 | 000,000,666 | ---- | C] () -- C:\Documents and Settings\Carolyn Blake\Desktop\XHeader.lnk
[2011/10/29 17:32:52 | 000,090,218 | ---- | C] () -- C:\Documents and Settings\Carolyn Blake\My Documents\unclesam.odp
[2011/10/25 15:53:26 | 005,049,658 | ---- | C] () -- C:\Documents and Settings\Carolyn Blake\My Documents\sponsorship.wmv
[2011/10/22 13:16:29 | 000,000,030 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2011/10/17 21:22:54 | 000,000,892 | ---- | C] () -- C:\Documents and Settings\Carolyn Blake\.recently-used.xbel
[2011/10/17 14:43:11 | 001,982,848 | ---- | C] () -- C:\Documents and Settings\Carolyn Blake\My Documents\spiritualgems.pdf
[2011/10/16 15:20:40 | 000,000,638 | ---- | C] () -- C:\Documents and Settings\Carolyn Blake\Desktop\LIMBO.lnk
[2011/10/14 19:45:52 | 000,174,356 | ---- | C] () -- C:\Documents and Settings\Carolyn Blake\My Documents\cc_20111014_194550.reg
[2011/10/12 21:14:52 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\Carolyn Blake\Desktop\Mozilla Firefox (2).lnk
[2011/10/07 16:11:51 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\Carolyn Blake\Desktop\Instant Eyedropper (2).lnk
[2011/10/05 17:10:26 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011/09/24 22:08:26 | 000,019,840 | ---- | C] () -- C:\WINDOWS\System32\EuEpmGdi.dll
[2011/09/24 22:08:25 | 002,469,760 | ---- | C] () -- C:\WINDOWS\System32\BootMan.exe
[2011/09/24 22:08:25 | 000,086,408 | ---- | C] () -- C:\WINDOWS\System32\setupempdrv03.exe
[2011/09/24 22:08:25 | 000,013,192 | ---- | C] () -- C:\WINDOWS\System32\epmntdrv.sys
[2011/09/24 22:08:25 | 000,008,456 | ---- | C] () -- C:\WINDOWS\System32\EuGdiDrv.sys
[2011/09/23 18:33:38 | 000,000,740 | ---- | C] () -- C:\Documents and Settings\Carolyn Blake\Desktop\Eusing Registry Cleaner.lnk
[2011/09/17 20:49:17 | 000,000,668 | ---- | C] () -- C:\Documents and Settings\Carolyn Blake\Application Data\Microsoft\Internet Explorer\Quick Launch\BitTorrent.lnk
[2011/09/17 20:49:17 | 000,000,650 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\BitTorrent.lnk
[2011/09/14 17:08:39 | 000,000,849 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HD ADeck.lnk
[2011/09/14 16:55:53 | 000,404,256 | R--- | C] () -- C:\WINDOWS\System32\drivers\SRS_AE_i386.sys
[2011/09/08 17:31:30 | 000,000,439 | ---- | C] () -- C:\Documents and Settings\Carolyn Blake\Desktop\Shortcut to Allen affiliiate sites.lnk
[2011/09/06 02:35:29 | 000,000,369 | ---- | C] () -- C:\Documents and Settings\Carolyn Blake\Desktop\Shortcut to Torrents.lnk
[2011/08/11 17:41:52 | 000,638,464 | ---- | C] () -- C:\WINDOWS\dbplugin.exe
[2011/08/11 17:41:51 | 002,416,752 | ---- | C] () -- C:\WINDOWS\dbplugin.ocx
[2011/08/11 17:41:51 | 000,823,296 | ---- | C] () -- C:\WINDOWS\npdbplug.dll
[2011/08/11 17:41:51 | 000,668,160 | ---- | C] () -- C:\WINDOWS\dtaplugin.exe
[2011/08/11 17:41:51 | 000,000,601 | ---- | C] () -- C:\WINDOWS\npdbplug.xpt
[2011/08/10 11:30:36 | 000,001,171 | ---- | C] () -- C:\Documents and Settings\Carolyn Blake\Desktop\Shortcut to kompozer.lnk
[2011/08/08 14:28:34 | 000,000,864 | ---- | C] () -- C:\Documents and Settings\Carolyn Blake\Desktop\Xilisoft.lnk
[2011/07/31 03:52:42 | 000,003,595 | ---- | C] () -- C:\Documents and Settings\Carolyn Blake\My Documents\bday.jpg
[2011/07/31 03:50:42 | 000,145,732 | ---- | C] () -- C:\Documents and Settings\Carolyn Blake\My Documents\options_managing_repayment.pdf
[2011/07/31 03:48:23 | 001,219,799 | ---- | C] () -- C:\Documents and Settings\Carolyn Blake\My Documents\A_New_Earth.pdf
[2011/07/31 03:43:40 | 000,010,180 | ---- | C] () -- C:\Documents and Settings\Carolyn Blake\My Documents\birrthday.gif
[2011/07/31 03:33:06 | 000,034,181 | ---- | C] () -- C:\Documents and Settings\Carolyn Blake\My Documents\bday.gif
[2011/07/29 20:28:55 | 000,042,472 | ---- | C] () -- C:\Documents and Settings\Carolyn Blake\My Documents\wordlist3-1.rtf
[2011/07/26 00:47:08 | 000,002,347 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2011/07/25 22:25:14 | 000,036,363 | ---- | C] () -- C:\WINDOWS\CSTBox.INI
[2011/07/12 18:18:36 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Carolyn Blake\Local Settings\Application Data\{B2817EA7-36DE-4109-AA27-C0BCC302C745}
[2011/07/09 09:55:10 | 000,001,878 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011/06/14 16:14:46 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/05/24 20:42:46 | 000,006,348 | ---- | C] () -- C:\Documents and Settings\Carolyn Blake\My Documents\cd.dxp
[2011/05/06 01:56:13 | 000,000,208 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2011/05/04 12:45:02 | 000,000,025 | ---- | C] () -- C:\WINDOWS\popcinfot.dat
[2011/03/14 02:37:39 | 000,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2011/02/03 22:12:56 | 000,000,059 | ---- | C] () -- C:\WINDOWS\LTDLG13N.INI
[2010/12/16 13:31:11 | 000,000,057 | ---- | C] () -- C:\WINDOWS\ANTSWLIB.INI
[2010/12/01 16:01:38 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2010/10/19 13:56:45 | 000,168,189 | ---- | C] () -- C:\WINDOWS\hphins33.dat.temp
[2010/10/19 13:56:45 | 000,000,512 | ---- | C] () -- C:\WINDOWS\hphmdl33.dat.temp
[2010/10/18 22:03:20 | 000,000,138 | ---- | C] () -- C:\WINDOWS\trsubreader.INI
[2010/10/04 14:53:43 | 000,004,007 | ---- | C] () -- C:\WINDOWS\hpdj3840.ini
[2010/09/09 15:45:13 | 000,000,033 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\{081230F8-EA50-42A9-983C-D22ABC2EED3B}.ini
[2010/09/09 15:41:05 | 000,001,492 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ss.ini
[2010/08/25 15:55:55 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI
[2010/08/08 20:55:49 | 000,019,521 | ---- | C] () -- C:\WINDOWS\hpqins13.dat
[2010/08/05 21:56:19 | 000,000,190 | ---- | C] () -- C:\WINDOWS\settings.ini
[2010/07/11 16:02:07 | 000,074,216 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/07/10 19:50:50 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/07/05 13:46:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MusicEditor.INI
[2010/06/28 22:28:57 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\acovcnt.exe
[2010/06/12 17:39:52 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2010/05/24 22:08:21 | 000,175,616 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:96372A73

< End of report >

descriptionSearching blocked by Google EmptyRe: Searching blocked by Google6th May 2012, 9:51 am

more_horiz
No extras.txt file was generated by OTL. I even ran a search function on both my C and D drives and it was not found.

descriptionSearching blocked by Google EmptyRe: Searching blocked by Google7th May 2012, 8:16 am

more_horiz
Please go to: VirusTotal


    Searching blocked by Google 79566475

  • Click the Browse button and search for the following file: C:\WINDOWS\system32\97891B4D.exe
  • Click Open
  • Then click Send File
  • Please be patient while the file is scanned.
  • Once the scan results appear, please provide them in your next reply.

If it says already scanned -- click "reanalyze now"

Please post the results in your next reply.

descriptionSearching blocked by Google EmptyRe: Searching blocked by Google7th May 2012, 9:31 am

more_horiz
This file does not exist on my computer. I ran a search function plus I manually searched, making sure to search hidden files and folders. It is not there.

descriptionSearching blocked by Google EmptyRe: Searching blocked by Google

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum