Log in

Scheffing · 1 can someone check this out?,invited by the Amp on Fri Jun 18, 2010 5:29 pm

Scheffing

Member
Member

Scan saved at 2:34:14 PM, on 6/15/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\AVG\AVG9\avgfws9.exe
C:\Program Files\Lexmark 2600 Series\lxdnmon.exe
C:\Documents and Settings\All Users\Application Data\BarQuery\barquery145.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Lexmark 2600 Series\lxdnMsdMon.exe
C:\Program Files\IObit\IObit Security 360\IS360tray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\IObit\IObit Security 360\IS360srv.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdnserv.exe
C:\WINDOWS\system32\lxdncoms.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\BarQuery\barquery.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Save Tube Video Company\SaveTubeVideo\downloader.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com?o=13170&l=dis
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: XBTBPos00 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - (no file)
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: ShopAtHome Toolbar - {98279C38-DE4B-4bcf-93C9-8EC26069D6F4} - (no file)
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Save Tube Video - {F334C7B0-8774-4d5b-BD7A-4F448D03A1AE} - C:\Program Files\Save Tube Video Company\SaveTubeVideo\SaveTubeVideo.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [lxdnmon.exe] "C:\Program Files\Lexmark 2600 Series\lxdnmon.exe"
O4 - HKLM\..\Run: [lxdnamon] "C:\Program Files\Lexmark 2600 Series\lxdnamon.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [IObit Security 360] "C:\Program Files\IObit\IObit Security 360\IS360tray.exe" /autostart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file)
O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.ca.com/us/securityadvisor/pestscan/pestscan.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1228917667968
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AVG E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: AVG Firewall (avgfws9) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgfws9.exe
O23 - Service: AVG9IDSAgent (AVGIDSAgent) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: BarQuery Service - Unknown owner - C:\Documents and Settings\All Users\Application Data\BarQuery\barquery145.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IS360service - IObit - C:\Program Files\IObit\IObit Security 360\IS360srv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: lxdnCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdnserv.exe
O23 - Service: lxdn_device - - C:\WINDOWS\system32\lxdncoms.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 10608 bytes

Crush · 2 Re: can someone check this out?,invited by the Amp on Fri Jun 18, 2010 7:04 pm

Crush

Expert

Hello, and welcome to The Ultimate Geek TaskForce!

Please note the following information about the malware forum:

Only Trained Advisors, Moderators and Administrators are allowed to give advice on removing malware from your computer.
From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by the staff I noted above.
Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
If you have already asked for help somewhere, please post the link to the topic you were helped.
We try our best to reply quickly, but for any reason we do not reply in two days, do this:

Reply to this topic with the word BUMP.
Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.

Now that we have that out of the way:

Download OTL to your Desktop

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Under the Custom Scan box paste this in

Code:
netsvcs msconfig safebootminimal safebootnetwork activex drivers32 %SYSTEMDRIVE%\*.exe %systemroot%\*. /mp /s c:\$recycle.bin\*.* /s HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs /md5start eventlog.dll scecli.dll netlogon.dll cngaudit.dll sceclt.dll ntelogon.dll logevent.dll iaStor.sys nvstor.sys nvstor32.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll explorer.exe svchost.exe userinit.exe qmgr.dll ws2_32.dll proquota.exe imm32.dll kernel32.dll ndis.sys autochk.exe spoolsv.exe xmlprov.dll ntmssvc.dll mswsock.dll Beep.SYS ntfs.sys termsrv.dll sfcfiles.dll st3shark.sys ahcix86.sys srsvc.dll nvrd32.sys /md5stop %systemroot%\system32\*.dll /lockedfiles %systemroot%\Tasks\*.job /lockedfiles

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time

Scheffing

Scheffing

Member
Member

i can not send,says message to big?

Crush · 4 Re: can someone check this out?,invited by the Amp on Sat Jun 19, 2010 1:15 pm

Crush

Expert

Try attaching the log or just split it up into several posts Smile

Scheffing

Scheffing

Member
Member

OTL logfile created on: 7/28/2010 7:34:22 PM - Run 5
OTL by OldTimer - Version 3.2.6.0 Folder = C:\Documents and Settings\carl.NETVISTA1\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 60.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1280 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 10.74 Gb Free Space | 28.84% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: NETVISTA1
Current User Name: carl
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/07/21 08:06:11 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe
PRC - [2010/07/17 10:11:56 | 002,065,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/07/16 13:41:34 | 000,620,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/07/16 13:41:34 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/07/16 13:41:31 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/07/16 13:41:22 | 002,331,032 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgfws9.exe
PRC - [2010/07/16 13:41:20 | 000,723,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/07/16 13:41:19 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/06/19 10:28:08 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\carl.NETVISTA1\Desktop\OTL.exe
PRC - [2010/06/11 18:14:24 | 001,280,344 | ---- | M] (IObit) -- C:\Program Files\IObit\IObit Security 360\is360tray.exe
PRC - [2010/06/11 18:14:22 | 000,312,152 | ---- | M] (IObit) -- C:\Program Files\IObit\IObit Security 360\is360srv.exe
PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2002/07/15 16:36:54 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

========== Modules (SafeList) ==========

MOD - [2010/06/19 10:28:08 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\carl.NETVISTA1\Desktop\OTL.exe
MOD - [2010/06/11 16:21:40 | 000,232,960 | ---- | M] (IObit) -- C:\Program Files\IObit\IObit Security 360\is360mon.dll
MOD - [2008/04/14 05:40:22 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx

========== Win32 Services (SafeList) ==========

SRV - [2010/07/25 17:51:09 | 000,065,792 | ---- | M] () [Auto | Stopped] -- C:\Documents and Settings\All Users\Application Data\BarQuery\barquery147.exe -- (BarQuery Service)
SRV - [2010/07/21 08:06:11 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2010/07/16 13:41:31 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/07/16 13:41:25 | 005,897,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2010/07/16 13:41:22 | 002,331,032 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgfws9.exe -- (avgfws9)
SRV - [2010/06/11 18:14:22 | 000,312,152 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files\IObit\IObit Security 360\is360srv.exe -- (IS360service)
SRV - [2010/04/19 10:25:38 | 000,430,152 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2009/07/02 18:36:52 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2006/10/23 08:50:35 | 000,046,640 | ---- | M] (AOL LLC) [On_Demand | Stopped] -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS)
SRV - [2002/07/15 16:36:54 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))

========== Driver Services (SafeList) ==========

DRV - [2010/07/16 13:41:37 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/07/16 13:41:27 | 000,122,448 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys -- (AVGIDSDriverxpx)
DRV - [2010/07/16 13:41:27 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys -- (AVGIDSFilterxpx)
DRV - [2010/07/16 13:41:27 | 000,026,192 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys -- (AVGIDSShimxpx)
DRV - [2010/07/16 13:41:27 | 000,025,168 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\AVGIDSxx.sys -- (AVGIDSErHrxpx)
DRV - [2010/07/16 13:41:21 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/06/01 08:49:50 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/05/28 10:30:21 | 000,015,271 | ---- | M] (MediaTek Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\FIDE.SYS -- (MTK)
DRV - [2010/05/22 12:16:20 | 000,721,904 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010/05/17 19:58:38 | 000,052,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\System32\Drivers\avgrkx86.sys -- (AvgRkx86)
DRV - [2010/05/17 19:54:47 | 000,030,104 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avgfwdx.sys -- (Avgfwfd)
DRV - [2010/05/17 19:54:47 | 000,030,104 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avgfwdx.sys -- (Avgfwdx)
DRV - [2009/11/12 10:11:40 | 000,027,192 | ---- | M] (Resplendence Software Projects Sp.) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rspSanity32.sys -- (rspSanity)
DRV - [2009/06/18 19:48:04 | 000,142,832 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\MpFilter.sys -- (MpFilter)
DRV - [2009/03/02 15:00:46 | 000,095,592 | ---- | M] (Rocket Division Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\StarPortLite.sys -- (StarPortLite) StarPort Storage Controller (Lite)
DRV - [2008/04/14 01:15:14 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2005/04/12 19:21:32 | 000,022,240 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmFilter.sys -- (WmFilter)
DRV - [2005/04/12 19:21:28 | 000,010,144 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmBEnum.sys -- (WmBEnum)
DRV - [2005/04/12 19:21:28 | 000,005,600 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmVirHid.sys -- (WmVirHid)
DRV - [2005/04/12 19:21:26 | 000,045,504 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmXlCore.sys -- (WmXlCore)
DRV - [2005/02/23 14:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2003/08/29 05:59:24 | 001,101,696 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMSM.sys -- (BCMModem)
DRV - [2003/07/28 14:19:00 | 001,341,339 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2003/01/10 17:13:04 | 000,033,588 | R--- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2001/08/17 14:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA)
DRV - [2001/08/17 13:51:32 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\irsir.sys -- (irsir)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr9/*http://www.yahoo.com/ext/search/search.html

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://us.mc500.mail.yahoo.com/mc/welcome?.gx=1&.tm=1277855676&.rand=av6e9uno1nir8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
FF - prefs.js..browser.search.order.1: "Yahoo"
FF - prefs.js..browser.search.order.2: ""
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://us.ard.yahoo.com/SIG=15o1nkuih/M=650008.12754586.13809198.9860696/D=mail/S=398301041:HEAD/_ylt=An5F39lyWlpn.PaD4Oj2TERxl70X/Y=YAHOO/EXP=1275166479/L=0MJ2TEWTZ5LIuQndTAFi0QF_S4_xMEwBYu8ADctT/B=ipY4kWKImiE-/J=1275159279997132/K=9d02iDI3jG97gZMsEmZX9A/A=5851009/R=19/SIG=1107gluf6/*http://mail.yahoo.com?.intl=us"
FF - prefs.js..extensions.enabledItems: autofillForms@blueimp.net:0.9.5.2
FF - prefs.js..extensions.enabledItems: {962e0d4d-6b89-4b73-aa72-df03360da12e}:0.3.8
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8
FF - prefs.js..extensions.enabledItems: {5546F97E-11A5-46b0-9082-32AD74AAA920}:0.5.5.9
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {BFF829B6-B433-42CE-9A19-E459D3E4E483}:3.6.3
FF - prefs.js..extensions.enabledItems: {24cea704-946d-11da-a72b-0800200c9a66}:1.1.2
FF - prefs.js..extensions.enabledItems: restart@restart.org:0.3
FF - prefs.js..extensions.enabledItems: {5835466c-49af-4cbe-b102-a8c8b6313749}:1.0.6
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.64
FF - prefs.js..extensions.enabledItems: foxmarks@kei.com:3.7.8
FF - prefs.js..extensions.enabledItems: yetanothersmoothscrolling@kataho:3.0.13
FF - prefs.js..extensions.enabledItems: {66871bd1-5ba2-4739-b485-2a15f5969bd8}:2.20100123
FF - prefs.js..extensions.netassistant.keyword.url: "http://click.w3i.com/?Programid=132&Elementname=Keyword&Applicationid=#netassistant_id#&Version=#netassistant_version#&Vintage=20100625&Defaultbrowserid=15&Productid=1704&Vendorid=5345&Offerid=6680&searchterm="
FF - prefs.js..keyword.URL: "http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avgb&type=yahoo_avg_hs2-tb-web_us&p="

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/07/21 09:09:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared [2010/06/21 00:06:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/07/20 19:49:03 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/26 17:45:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/26 17:45:35 | 000,000,000 | ---D | M]

[2008/12/27 21:34:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\carl.NETVISTA1\Application Data\Mozilla\Extensions
[2008/12/27 21:34:49 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\carl.NETVISTA1\Application Data\Mozilla\Extensions\{6334D996-EA3E-4a0e-AA8D-15BA56B37241}
[2009/09/21 13:01:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\carl.NETVISTA1\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2010/07/28 18:34:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\carl.NETVISTA1\Application Data\Mozilla\Firefox\Profiles\30wmoy7d.default\extensions
[2010/05/17 20:21:44 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\carl.NETVISTA1\Application Data\Mozilla\Firefox\Profiles\30wmoy7d.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/04/29 10:30:40 | 000,000,000 | ---D | M] (Panic Button) -- C:\Documents and Settings\carl.NETVISTA1\Application Data\Mozilla\Firefox\Profiles\30wmoy7d.default\extensions\{24cea704-946d-11da-a72b-0800200c9a66}
[2010/06/13 11:11:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\carl.NETVISTA1\Application Data\Mozilla\Firefox\Profiles\30wmoy7d.default\extensions\{300B27DF-97E5-4219-AB2B-03AA67D5D557}
[2010/05/27 18:02:04 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\carl.NETVISTA1\Application Data\Mozilla\Firefox\Profiles\30wmoy7d.default\extensions\{31c7d459-9cc3-44f2-9dca-fc11795309b4}
[2010/05/27 18:02:04 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\carl.NETVISTA1\Application Data\Mozilla\Firefox\Profiles\30wmoy7d.default\extensions\{31c7d459-9cc3-44f2-9dca-fc11795309b4}-trash
[2010/04/26 13:49:44 | 000,000,000 | ---D | M] (Hemperor) -- C:\Documents and Settings\carl.NETVISTA1\Application Data\Mozilla\Firefox\Profiles\30wmoy7d.default\extensions\{3780b850-ba40-11db-8314-0800200c9a66}
[2010/07/26 16:30:44 | 000,000,000 | ---D | M] (InFormEnter) -- C:\Documents and Settings\carl.NETVISTA1\Application Data\Mozilla\Firefox\Profiles\30wmoy7d.default\extensions\{5546F97E-11A5-46b0-9082-32AD74AAA920}
[2010/06/13 11:03:50 | 000,000,000 | ---D | M] (Shop to Win) -- C:\Documents and Settings\carl.NETVISTA1\Application Data\Mozilla\Firefox\Profiles\30wmoy7d.default\extensions\{5835466c-49af-4cbe-b102-a8c8b6313749}
[2010/04/26 13:45:50 | 000,000,000 | ---D | M] (MidnightFox) -- C:\Documents and Settings\carl.NETVISTA1\Application Data\Mozilla\Firefox\Profiles\30wmoy7d.default\extensions\{66871bd1-5ba2-4739-b485-2a15f5969bd8}
[2010/04/29 10:30:37 | 000,000,000 | ---D | M] (Close Button) -- C:\Documents and Settings\carl.NETVISTA1\Application Data\Mozilla\Firefox\Profiles\30wmoy7d.default\extensions\{962e0d4d-6b89-4b73-aa72-df03360da12e}
[2010/04/29 10:30:34 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\carl.NETVISTA1\Application Data\Mozilla\Firefox\Profiles\30wmoy7d.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2010/07/26 16:24:40 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\carl.NETVISTA1\Application Data\Mozilla\Firefox\Profiles\30wmoy7d.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/04/29 10:30:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\carl.NETVISTA1\Application Data\Mozilla\Firefox\Profiles\30wmoy7d.default\extensions\autofillForms@blueimp.net
[2010/07/06 13:03:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\carl.NETVISTA1\Application Data\Mozilla\Firefox\Profiles\30wmoy7d.default\extensions\foxmarks@kei.com
[2010/04/27 13:14:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\carl.NETVISTA1\Application Data\Mozilla\Firefox\Profiles\30wmoy7d.default\extensions\redshift_V2@shift-themes.com
[2010/04/29 10:30:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\carl.NETVISTA1\Application Data\Mozilla\Firefox\Profiles\30wmoy7d.default\extensions\restart@restart.org
[2010/05/25 18:10:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\carl.NETVISTA1\Application Data\Mozilla\Firefox\Profiles\30wmoy7d.default\extensions\yetanothersmoothscrolling@kataho
[2010/04/26 13:45:51 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\carl.NETVISTA1\Application Data\Mozilla\Firefox\Profiles\30wmoy7d.default\extensions\{66871bd1-5ba2-4739-b485-2a15f5969bd8}\chrome\mozapps\extensions
[2010/04/26 13:45:51 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\carl.NETVISTA1\Application Data\Mozilla\Firefox\Profiles\30wmoy7d.default\extensions\{66871bd1-5ba2-4739-b485-2a15f5969bd8}\chrome\mozapps\extensions\CVS
[2010/06/06 23:44:53 | 000,002,179 | ---- | M] () -- C:\Documents and Settings\carl.NETVISTA1\Application Data\Mozilla\Firefox\Profiles\30wmoy7d.default\searchplugins\inbox-search.xml
[2010/07/28 09:25:35 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/18 09:41:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2009/11/19 17:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2010/07/18 09:40:42 | 000,423,656 | ---- | M] (Oracle) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/07/18 09:42:26 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
[2009/11/19 17:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll

O1 HOSTS File: ([2010/05/17 13:08:31 | 000,395,194 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 13648 more lines...
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (no name) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - No CLSID value found.
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (ShopAtHome Toolbar) - {98279C38-DE4B-4bcf-93C9-8EC26069D6F4} - Reg Error: Value error. File not found
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [IObit Security 360] C:\Program Files\IObit\IObit Security 360\IS360tray.exe (IObit)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - Startup: C:\Documents and Settings\carl.NETVISTA1\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 01 00 00 00 [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} Reg Error: Value error. (Reg Error: Value error.)
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} http://www.ca.com/us/securityadvisor/pestscan/pestscan.cab (PSFormX Control)
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1228917667968 (MUWebControl Class)
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab (WScanCtl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\carl.NETVISTA1\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\carl.NETVISTA1\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/10/27 14:21:20 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{450534f5-d2ef-11dd-b5f8-00096b55e3fb}\Shell\AutoRun\command - "" = E:\PortableApps\PortableAppsMenu\PortableAppsMenu.exe -- File not found
O33 - MountPoints2\{bf304810-05dc-11de-b147-00038a000015}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{bf304810-05dc-11de-b147-00038a000015}\Shell\AutoRun\command - "" = E:\autorun.exe -- File not found
O33 - MountPoints2\{bf304810-05dc-11de-b147-00038a000015}\Shell\phone\command - "" = E:\autorun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2008/10/27 14:20:35 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 0

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: MsMpSvc - c:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: MsMpSvc - c:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {00F0EE7F-2C61-4EBD-A209-00281BDC869C} - Yahoo! Toolbar
ActiveX: {0291E591-EA41-4c82-8106-3DC6CE7F7664} -
ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {270C7F22-6D59-4041-B865-76C48D190D91} - Yahoo! Search Settings Update
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} -
ActiveX: {347B0667-C7ED-429B-BDE3-CC8D3BACAA31} -
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8FD9D712-A285-4834-9F46-705AD5146A6B} - NoIETour
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\advpack.dll,LaunchINFSectionEx C:\Program Files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CAAFB8F9-F8D1-3D27-9AAA-6301A4429440} - .NET Framework
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{19FB76C6-DBEF-44B5-A053-ECDF5F855A07} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: Microsoft Base Smart Card Crypto Provider Package -

Drivers32: MIDI1 - C:\WINDOWS\System32\Syncor11.dll (SoundMAX)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: wave1 - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)

========== Files/Folders - Created Within 90 Days ==========

[2010/07/25 17:51:10 | 000,000,000 | ---D | C] -- C:\Program Files\save tube video company
[2010/07/25 17:51:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\carl.NETVISTA1\Application Data\ShopperReports3
[2010/07/25 17:51:09 | 000,000,000 | ---D | C] -- C:\Program Files\BarQuery
[2010/07/25 17:51:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\BarQuery
[2010/07/25 17:51:08 | 000,000,000 | ---D | C] -- C:\Program Files\ShopperReports3
[2010/07/19 18:00:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HP Product Assistant
[2010/07/19 17:57:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\HP
[2010/07/18 17:50:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\carl.NETVISTA1\Application Data\Malwarebytes
[2010/07/18 17:50:09 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/07/18 17:50:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/07/18 17:50:05 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/07/18 17:50:05 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/07/18 10:58:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Foxit Software
[2010/07/18 09:44:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\carl.NETVISTA1\Application Data\Foxit Software
[2010/07/18 09:41:14 | 000,153,376 | ---- | C] (Oracle) -- C:\WINDOWS\System32\javaws.exe
[2010/07/18 09:41:14 | 000,145,184 | ---- | C] (Oracle) -- C:\WINDOWS\System32\javaw.exe
[2010/07/18 09:41:14 | 000,145,184 | ---- | C] (Oracle) -- C:\WINDOWS\System32\java.exe
[2010/07/18 09:41:14 | 000,073,728 | ---- | C] (Oracle) -- C:\WINDOWS\System32\javacpl.cpl
[2010/07/18 09:31:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\RegCure
[2010/07/18 09:31:02 | 000,000,000 | ---D | C] -- C:\Program Files\RegCure
[2010/07/16 21:14:57 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\carl.NETVISTA1\Recent
[2010/07/16 20:50:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\carl.NETVISTA1\Application Data\Digiarty
[2010/07/16 13:41:34 | 000,012,536 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/07/03 19:48:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\carl.NETVISTA1\Application Data\HpUpdate
[2010/06/25 19:16:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\Hewlett-Packard
[2010/06/25 16:17:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\carl.NETVISTA1\Application Data\HPAppData
[2010/06/24 18:09:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WEBREG
[2010/06/24 18:00:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\carl.NETVISTA1\Local Settings\Application Data\HP
[2010/06/24 17:59:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\carl.NETVISTA1\Application Data\HP
[2010/06/24 17:44:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Hewlett-Packard
[2010/06/24 17:44:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HP
[2010/06/24 17:41:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2010/06/24 17:31:43 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2010/06/24 08:43:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\carl.NETVISTA1\Local Settings\Application Data\AVG Security Toolbar
[2010/06/21 00:06:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2010/06/19 10:28:04 | 000,572,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\carl.NETVISTA1\Desktop\OTL.exe
[2010/06/18 10:06:04 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/06/17 10:58:17 | 000,000,000 | ---D | C] -- C:\Program Files\NT Registry Optimizer
[2010/06/13 11:18:01 | 000,000,000 | ---D | C] -- C:\Program Files\K-Lite Codec Pack
[2010/06/13 11:04:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\carl.NETVISTA1\Application Data\My.Freeze.com NetAssistant
[2010/06/07 11:19:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\carl.NETVISTA1\Local Settings\Application Data\Cyberlink
[2010/06/05 14:13:27 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/06/02 12:01:11 | 000,000,000 | -H-D | C] -- C:\$AVG
[2010/05/31 11:57:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\carl.NETVISTA1\Desktop\Autoruns
[2010/05/28 16:35:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\credit score amanda_files
[2010/05/28 15:03:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\carl.NETVISTA1\Application Data\GlarySoft
[2010/05/28 15:03:52 | 000,000,000 | ---D | C] -- C:\Program Files\Glary Registry Repair
[2010/05/28 10:30:22 | 000,015,271 | ---- | C] (MediaTek Corporation) -- C:\WINDOWS\System32\drivers\FIDE.SYS
[2010/05/28 08:54:58 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live SkyDrive
[2010/05/28 08:51:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2010/05/27 18:11:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Registry Patrol
[2010/05/26 11:11:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\carl.NETVISTA1\Desktop\OpenOffice.org 3.2 (en-US) Installation Files
[2010/05/22 12:19:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\carl.NETVISTA1\My Documents\StarBurn
[2010/05/22 12:19:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\carl.NETVISTA1\Application Data\StarBurn
[2010/05/22 12:17:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\carl.NETVISTA1\My Documents\SaveTubeVideo
[2010/05/22 12:15:52 | 000,095,592 | ---- | C] (Rocket Division Software) -- C:\WINDOWS\System32\drivers\StarPortLite.sys
[2010/05/20 17:04:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\carl.NETVISTA1\Application Data\AVG9
[2010/05/17 19:58:38 | 000,052,872 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgrkx86.sys
[2010/05/17 19:58:38 | 000,025,168 | ---- | C] (AVG Technologies CZ, s.r.o. ) -- C:\WINDOWS\System32\drivers\AVGIDSxx.sys
[2010/05/17 19:58:33 | 000,243,024 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/05/17 19:58:22 | 000,216,400 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/05/17 19:58:18 | 000,029,584 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/05/17 19:58:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
[2010/05/17 19:54:47 | 000,050,968 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgfwdx.dll
[2010/05/17 19:54:47 | 000,030,104 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgfwdx.sys
[2010/05/17 19:51:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/05/17 16:26:16 | 000,000,000 | ---D | C] -- C:\a635a89b3258ee8f753c57ad167bf4
[2010/05/17 16:11:21 | 000,000,000 | ---D | C] -- C:\85370995588475076f43459c2a83
[2010/05/17 15:48:00 | 000,000,000 | ---D | C] -- C:\71f84858ea728ef0bccb
[2010/05/17 15:24:05 | 000,000,000 | ---D | C] -- C:\43a415f0f3f5277840cd7b5c
[2010/05/14 19:24:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2010/05/10 10:54:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\carl.NETVISTA1\Application Data\MozillaControl
[2010/05/10 10:49:35 | 000,000,000 | ---D | C] -- C:\WINDOWS'Full Speed' Internet Booster + Performance Tests
[2010/05/10 10:49:35 | 000,000,000 | ---D | C] -- C:\Program Files'Full Speed' Internet Booster + Performance Tests
[2010/05/06 15:55:31 | 000,000,000 | ---D | C] -- C:\Program Files\jv16 PowerTools
[2010/04/30 21:26:40 | 000,077,824 | ---- | C] (org) -- C:\WINDOWS\System32\fsb.exe
[2010/04/30 15:21:52 | 000,169,416 | ---- | C] (Active Data Security Solutions) -- C:\WINDOWS\System32\EraserDemo.dll

[color=#E5671

Scheffing

Scheffing

Member
Member

========== Files/Folders - Created Within 90 Days ==========

[2010/07/25 17:51:10 | 000,000,000 | ---D | C] -- C:\Program Files\save tube video company
[2010/07/25 17:51:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\carl.NETVISTA1\Application Data\ShopperReports3
[2010/07/25 17:51:09 | 000,000,000 | ---D | C] -- C:\Program Files\BarQuery
[2010/07/25 17:51:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\BarQuery
[2010/07/25 17:51:08 | 000,000,000 | ---D | C] -- C:\Program Files\ShopperReports3
[2010/07/19 18:00:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HP Product Assistant
[2010/07/19 17:57:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\HP
[2010/07/18 17:50:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\carl.NETVISTA1\Application Data\Malwarebytes
[2010/07/18 17:50:09 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/07/18 17:50:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/07/18 17:50:05 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/07/18 17:50:05 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/07/18 10:58:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Foxit Software
[2010/07/18 09:44:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\carl.NETVISTA1\Application Data\Foxit Software
[2010/07/18 09:41:14 | 000,153,376 | ---- | C] (Oracle) -- C:\WINDOWS\System32\javaws.exe
[2010/07/18 09:41:14 | 000,145,184 | ---- | C] (Oracle) -- C:\WINDOWS\System32\javaw.exe
[2010/07/18 09:41:14 | 000,145,184 | ---- | C] (Oracle) -- C:\WINDOWS\System32\java.exe
[2010/07/18 09:41:14 | 000,073,728 | ---- | C] (Oracle) -- C:\WINDOWS\System32\javacpl.cpl
[2010/07/18 09:31:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\RegCure
[2010/07/18 09:31:02 | 000,000,000 | ---D | C] -- C:\Program Files\RegCure
[2010/07/16 21:14:57 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\carl.NETVISTA1\Recent
[2010/07/16 20:50:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\carl.NETVISTA1\Application Data\Digiarty
[2010/07/16 13:41:34 | 000,012,536 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/07/03 19:48:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\carl.NETVISTA1\Application Data\HpUpdate
[2010/06/25 19:16:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\Hewlett-Packard
[2010/06/25 16:17:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\carl.NETVISTA1\Application Data\HPAppData
[2010/06/24 18:09:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WEBREG
[2010/06/24 18:00:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\carl.NETVISTA1\Local Settings\Application Data\HP
[2010/06/24 17:59:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\carl.NETVISTA1\Application Data\HP
[2010/06/24 17:44:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Hewlett-Packard
[2010/06/24 17:44:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HP
[2010/06/24 17:41:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2010/06/24 17:31:43 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2010/06/24 08:43:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\carl.NETVISTA1\Local Settings\Application Data\AVG Security Toolbar
[2010/06/21 00:06:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2010/06/19 10:28:04 | 000,572,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\carl.NETVISTA1\Desktop\OTL.exe
[2010/06/18 10:06:04 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/06/17 10:58:17 | 000,000,000 | ---D | C] -- C:\Program Files\NT Registry Optimizer
[2010/06/13 11:18:01 | 000,000,000 | ---D | C] -- C:\Program Files\K-Lite Codec Pack
[2010/06/13 11:04:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\carl.NETVISTA1\Application Data\My.Freeze.com NetAssistant
[2010/06/07 11:19:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\carl.NETVISTA1\Local Settings\Application Data\Cyberlink
[2010/06/05 14:13:27 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/06/02 12:01:11 | 000,000,000 | -H-D | C] -- C:\$AVG
[2010/05/31 11:57:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\carl.NETVISTA1\Desktop\Autoruns
[2010/05/28 16:35:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\credit score amanda_files
[2010/05/28 15:03:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\carl.NETVISTA1\Application Data\GlarySoft
[2010/05/28 15:03:52 | 000,000,000 | ---D | C] -- C:\Program Files\Glary Registry Repair
[2010/05/28 10:30:22 | 000,015,271 | ---- | C] (MediaTek Corporation) -- C:\WINDOWS\System32\drivers\FIDE.SYS
[2010/05/28 08:54:58 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live SkyDrive
[2010/05/28 08:51:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2010/05/27 18:11:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Registry Patrol
[2010/05/26 11:11:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\carl.NETVISTA1\Desktop\OpenOffice.org 3.2 (en-US) Installation Files
[2010/05/22 12:19:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\carl.NETVISTA1\My Documents\StarBurn
[2010/05/22 12:19:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\carl.NETVISTA1\Application Data\StarBurn
[2010/05/22 12:17:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\carl.NETVISTA1\My Documents\SaveTubeVideo
[2010/05/22 12:15:52 | 000,095,592 | ---- | C] (Rocket Division Software) -- C:\WINDOWS\System32\drivers\StarPortLite.sys
[2010/05/20 17:04:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\carl.NETVISTA1\Application Data\AVG9
[2010/05/17 19:58:38 | 000,052,872 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgrkx86.sys
[2010/05/17 19:58:38 | 000,025,168 | ---- | C] (AVG Technologies CZ, s.r.o. ) -- C:\WINDOWS\System32\drivers\AVGIDSxx.sys
[2010/05/17 19:58:33 | 000,243,024 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/05/17 19:58:22 | 000,216,400 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/05/17 19:58:18 | 000,029,584 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/05/17 19:58:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
[2010/05/17 19:54:47 | 000,050,968 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgfwdx.dll
[2010/05/17 19:54:47 | 000,030,104 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgfwdx.sys
[2010/05/17 19:51:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/05/17 16:26:16 | 000,000,000 | ---D | C] -- C:\a635a89b3258ee8f753c57ad167bf4
[2010/05/17 16:11:21 | 000,000,000 | ---D | C] -- C:\85370995588475076f43459c2a83
[2010/05/17 15:48:00 | 000,000,000 | ---D | C] -- C:\71f84858ea728ef0bccb
[2010/05/17 15:24:05 | 000,000,000 | ---D | C] -- C:\43a415f0f3f5277840cd7b5c
[2010/05/14 19:24:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2010/05/10 10:54:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\carl.NETVISTA1\Application Data\MozillaControl
[2010/05/10 10:49:35 | 000,000,000 | ---D | C] -- C:\WINDOWS'Full Speed' Internet Booster + Performance Tests
[2010/05/10 10:49:35 | 000,000,000 | ---D | C] -- C:\Program Files'Full Speed' Internet Booster + Performance Tests
[2010/05/06 15:55:31 | 000,000,000 | ---D | C] -- C:\Program Files\jv16 PowerTools
[2010/04/30 21:26:40 | 000,077,824 | ---- | C] (org) -- C:\WINDOWS\System32\fsb.exe
[2010/04/30 15:21:52 | 000,169,416 | ---- | C] (Active Data Security Solutions) -- C:\WINDOWS\System32\EraserDemo.dll

========== Files - Modified Within 90 Days ==========

[2010/07/28 19:39:01 | 000,000,374 | -H-- | M] () -- C:\WINDOWS\tasks\MpIdleTask.job
[2010/07/28 19:34:41 | 011,010,048 | ---- | M] () -- C:\Documents and Settings\carl.NETVISTA1\ntuser.dat
[2010/07/28 19:29:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/07/28 19:29:00 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/07/28 19:01:00 | 000,000,232 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2010/07/28 18:49:42 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{E6A87836-220A-4C17-BB62-129C775CCE2F}.job
[2010/07/28 18:46:02 | 000,019,456 | ---- | M] () -- C:\Documents and Settings\carl.NETVISTA1\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/28 18:45:44 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/07/28 18:28:26 | 000,605,902 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavifw.avm
[2010/07/28 18:28:25 | 062,698,084 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/07/28 18:23:26 | 000,000,436 | ---- | M] () -- C:\WINDOWS\tasks\RegCure Program Check.job
[2010/07/28 18:23:26 | 000,000,376 | ---- | M] () -- C:\WINDOWS\tasks\Registry Reviver-carl-Startup.job
[2010/07/28 18:23:26 | 000,000,376 | ---- | M] () -- C:\WINDOWS\tasks\RegCure Startup.job
[2010/07/28 18:00:00 | 000,000,442 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Registration3.job
[2010/07/28 18:00:00 | 000,000,440 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Registration.job
[2010/07/28 14:37:10 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/07/28 09:12:53 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/28 09:12:45 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/07/28 09:05:38 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\carl.NETVISTA1\Local Settings\Application Data\prvlcl.dat
[2010/07/27 19:55:02 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\carl.NETVISTA1\ntuser.ini
[2010/07/27 19:54:50 | 010,217,036 | -H-- | M] () -- C:\Documents and Settings\carl.NETVISTA1\Local Settings\Application Data\IconCache.db
[2010/07/27 18:29:17 | 011,010,048 | ---- | M] () -- C:\Documents and Settings\carl.NETVISTA1\ntuser.bak
[2010/07/27 18:22:47 | 000,566,540 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/07/27 18:22:47 | 000,472,366 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/07/27 18:22:47 | 000,084,050 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/07/27 00:33:00 | 000,000,414 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Update Version2.job
[2010/07/26 17:45:37 | 000,001,608 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/07/26 05:15:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Update Version3.job
[2010/07/25 22:00:00 | 000,000,382 | ---- | M] () -- C:\WINDOWS\tasks\SmartDefrag.job
[2010/07/25 03:06:00 | 000,000,370 | ---- | M] () -- C:\WINDOWS\tasks\RegCure.job
[2010/07/25 01:32:03 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/07/24 16:32:49 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/07/21 11:14:24 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/07/20 19:55:57 | 000,023,123 | ---- | M] () -- C:\WINDOWS\hpqins15.dat
[2010/07/20 17:44:01 | 000,195,368 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/07/20 17:40:44 | 000,000,707 | ---- | M] () -- C:\Documents and Settings\carl.NETVISTA1\Desktop\NTREGOPT.lnk
[2010/07/19 18:07:10 | 000,201,501 | ---- | M] () -- C:\WINDOWS\hpoins40.dat
[2010/07/19 18:04:50 | 000,042,968 | ---- | M] () -- C:\Documents and Settings\carl.NETVISTA1\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/07/19 18:04:21 | 000,000,729 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/07/19 18:00:32 | 000,001,024 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HP Solution Center.lnk
[2010/07/19 18:00:08 | 000,000,888 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Shop for HP Supplies.lnk
[2010/07/19 17:58:19 | 000,001,814 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2010/07/19 17:57:18 | 000,001,991 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Windows Live Photo Gallery.lnk
[2010/07/19 10:10:20 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/07/18 17:50:11 | 000,000,714 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/18 10:54:10 | 000,751,397 | R--- | M] () -- C:\Documents and Settings\carl.NETVISTA1\Desktop\LG 300G_User 2.pdf
[2010/07/18 09:55:14 | 000,025,992 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\WINDOWS\System32\pgdfgsvc.exe
[2010/07/18 09:44:08 | 000,000,897 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Foxit Reader.lnk
[2010/07/18 09:40:41 | 000,423,656 | ---- | M] (Oracle) -- C:\WINDOWS\System32\deployJava1.dll
[2010/07/18 09:40:41 | 000,153,376 | ---- | M] (Oracle) -- C:\WINDOWS\System32\javaws.exe
[2010/07/18 09:40:41 | 000,145,184 | ---- | M] (Oracle) -- C:\WINDOWS\System32\javaw.exe
[2010/07/18 09:40:41 | 000,145,184 | ---- | M] (Oracle) -- C:\WINDOWS\System32\java.exe
[2010/07/18 09:40:41 | 000,073,728 | ---- | M] (Oracle) -- C:\WINDOWS\System32\javacpl.cpl
[2010/07/18 09:28:52 | 000,000,654 | ---- | M] () -- C:\Documents and Settings\carl.NETVISTA1\Desktop\Speccy.lnk
[2010/07/18 09:20:54 | 000,000,935 | ---- | M] () -- C:\Documents and Settings\carl.NETVISTA1\Desktop\Revo Uninstaller.lnk
[2010/07/17 20:48:41 | 000,004,696 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/07/16 21:14:10 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\carl.NETVISTA1\Desktop\CCleaner.lnk
[2010/07/16 21:04:50 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/07/16 21:04:50 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/07/16 13:41:37 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/07/16 13:41:34 | 000,012,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/07/16 13:41:27 | 000,025,168 | ---- | M] (AVG Technologies CZ, s.r.o. ) -- C:\WINDOWS\System32\drivers\AVGIDSxx.sys
[2010/07/16 13:41:21 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/07/10 15:08:53 | 000,004,712 | ---- | M] () -- C:\Documents and Settings\carl.NETVISTA1\My Documents\cc_20100710_150841.reg
[2010/06/25 19:27:55 | 000,023,110 | ---- | M] () -- C:\WINDOWS\hpqins15.dat.temp
[2010/06/23 19:31:58 | 000,000,743 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\IObit Security 360.lnk
[2010/06/23 15:56:41 | 000,000,000 | ---- | M] () -- C:\us
[2010/06/19 10:28:08 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\carl.NETVISTA1\Desktop\OTL.exe
[2010/06/18 10:07:09 | 000,000,767 | ---- | M] () -- C:\Documents and Settings\carl.NETVISTA1\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/06/18 10:06:07 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\carl.NETVISTA1\Desktop\ERUNT.lnk
[2010/06/17 13:16:57 | 000,001,921 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/06/17 12:17:58 | 000,000,818 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Yahoo! Messenger.lnk
[2010/06/17 12:11:51 | 000,000,885 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\OpenOffice.org 3.2.lnk
[2010/06/17 11:47:17 | 000,000,675 | ---- | M] () -- C:\Documents and Settings\carl.NETVISTA1\Desktop\Shortcut to ntregopt-setup.lnk
[2010/06/17 11:46:43 | 000,000,608 | ---- | M] () -- C:\Documents and Settings\carl.NETVISTA1\Desktop\Shortcut to TFC.lnk
[2010/06/15 14:29:56 | 000,002,471 | ---- | M] () -- C:\Documents and Settings\carl.NETVISTA1\Desktop\HiJackThis.lnk
[2010/06/13 10:30:08 | 000,000,125 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2010/06/09 18:10:03 | 000,000,759 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Picasa 3.lnk
[2010/06/01 08:49:50 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/05/31 13:38:01 | 000,000,010 | ---- | M] () -- C:\WINDOWS\popcinfo.dat
[2010/05/28 16:35:43 | 000,151,781 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\credit score amanda.htm
[2010/05/28 16:26:48 | 000,385,523 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\cridet report.xps
[2010/05/28 15:03:55 | 000,000,171 | ---- | M] () -- C:\Documents and Settings\carl.NETVISTA1\Desktop\Glary Utilities Freeware.url
[2010/05/28 15:01:39 | 000,002,041 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Age of Empires III - The WarChiefs Trial.lnk
[2010/05/28 10:30:21 | 000,015,271 | ---- | M] (MediaTek Corporation) -- C:\WINDOWS\System32\drivers\FIDE.SYS
[2010/05/28 08:47:42 | 000,000,692 | ---- | M] () -- C:\Documents and Settings\carl.NETVISTA1\Desktop\WinRAR.lnk
[2010/05/27 18:28:45 | 002,105,344 | ---- | M] () -- C:\WINDOWS\System32\secsetup.sdb
[2010/05/27 18:20:47 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\carl.NETVISTA1\Desktop\Clean disk with 1 click.lnk
[2010/05/26 14:23:18 | 000,002,003 | ---- | M] () -- C:\Documents and Settings\carl.NETVISTA1\Desktop\LimeWire 5.6.1.lnk
[2010/05/25 09:41:06 | 000,000,416 | ---- | M] () -- C:\Documents and Settings\carl.NETVISTA1\Desktop\Shortcut to Downloads.lnk
[2010/05/22 12:16:20 | 000,721,904 | ---- | M] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2010/05/18 16:28:36 | 000,276,835 | ---- | M] () -- C:\Documents and Settings\carl.NETVISTA1\My Documents\FullManual.pdf
[2010/05/18 11:52:24 | 000,254,873 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\map.xps
[2010/05/17 19:58:43 | 000,001,507 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 9.0.lnk
[2010/05/17 19:58:38 | 000,052,872 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgrkx86.sys
[2010/05/17 19:58:18 | 000,113,461 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2010/05/17 19:54:47 | 000,050,968 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgfwdx.dll
[2010/05/17 19:54:47 | 000,030,104 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgfwdx.sys
[2010/05/17 13:08:31 | 000,395,194 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/05/12 20:58:16 | 000,055,328 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\amanda6.jpg
[2010/05/12 20:55:52 | 000,054,302 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\qamanda5.jpg
[2010/05/10 19:06:35 | 000,013,888 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\amanda 4.jpg
[2010/05/10 19:05:59 | 000,038,291 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\amanda4.jpg
[2010/05/10 19:05:17 | 000,055,836 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\amanda 3.jpg
[2010/05/10 19:05:06 | 000,055,432 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\amanda 2.jpg
[2010/05/10 19:04:51 | 000,003,857 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\amanda 1.jpg
[2010/05/10 19:03:51 | 000,047,103 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\david 4.jpg
[2010/05/10 19:03:38 | 000,042,622 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\david 3.jpg
[2010/05/10 19:03:23 | 000,045,891 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\david 2.jpg
[2010/05/10 19:02:59 | 000,053,757 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\david 1.jpg
[2010/05/10 19:02:01 | 000,060,709 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\mahase 7.jpg
[2010/05/10 19:01:38 | 000,060,298 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\mahase 6.jpg
[2010/05/10 19:01:23 | 000,076,831 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\mahase 5.jpg
[2010/05/10 19:00:55 | 000,053,052 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\mahase 4.jpg
[2010/05/10 19:00:33 | 000,044,304 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\mahase 3.jpg
[2010/05/10 19:00:13 | 000,050,931 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\mahase 2.jpg
[2010/05/10 18:54:57 | 000,064,061 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\mahase.jpg
[2010/05/06 15:55:34 | 000,000,712 | ---- | M] () -- C:\Documents and Settings\carl.NETVISTA1\Desktop\jv16 PowerTools.lnk
[2010/05/05 13:35:40 | 000,077,824 | ---- | M] (org) -- C:\WINDOWS\System32\fsb.exe
[2010/05/02 17:47:50 | 000,019,732 | ---- | M] () -- C:\Documents and Settings\carl.NETVISTA1\My Documents\cindy.pdf
[2010/05/02 15:31:52 | 000,000,228 | ---- | M] () -- C:\WINDOWS\System32\edacded0.dat
[2010/05/02 15:31:52 | 000,000,228 | ---- | M] () -- C:\WINDOWS\System32\bcdadac7.xml
[2010/05/01 17:18:45 | 000,226,728 | R--- | M] (Coupons, Inc.) -- C:\WINDOWS\System32\cpnprt2.cid

========== Files Created - No Company Name ==========

[2010/07/25 18:48:32 | 000,000,382 | ---- | C] () -- C:\WINDOWS\tasks\SmartDefrag.job
[2010/07/20 19:45:43 | 000,023,110 | ---- | C] () -- C:\WINDOWS\hpqins15.dat.temp
[2010/07/19 18:00:32 | 000,001,024 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HP Solution Center.lnk
[2010/07/19 18:00:08 | 000,000,888 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Shop for HP Supplies.lnk
[2010/07/19 17:58:19 | 000,001,814 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2010/07/19 17:57:18 | 000,001,991 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Windows Live Photo Gallery.lnk
[2010/07/19 17:40:22 | 000,201,501 | ---- | C] () -- C:\WINDOWS\hpoins40.dat
[2010/07/19 17:40:21 | 000,000,992 | ---- | C] () -- C:\WINDOWS\hpomdl40.dat
[2010/07/18 17:50:11 | 000,000,714 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/18 11:51:30 | 000,751,397 | R--- | C] () -- C:\Documents and Settings\carl.NETVISTA1\Desktop\LG 300G_User 2.pdf
[2010/07/18 09:57:09 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\carl.NETVISTA1\ntuser.tmp.LOG
[2010/07/18 09:31:13 | 000,000,436 | ---- | C] () -- C:\WINDOWS\tasks\RegCure Program Check.job
[2010/07/18 09:31:12 | 000,000,376 | ---- | C] () -- C:\WINDOWS\tasks\RegCure Startup.job
[2010/07/18 09:31:11 | 000,000,370 | ---- | C] () -- C:\WINDOWS\tasks\RegCure.job
[2010/07/18 09:20:54 | 000,000,935 | ---- | C] () -- C:\Documents and Settings\carl.NETVISTA1\Desktop\Revo Uninstaller.lnk
[2010/07/17 20:48:32 | 000,004,696 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2010/07/10 15:08:48 | 000,004,712 | ---- | C] () -- C:\Documents and Settings\carl.NETVISTA1\My Documents\cc_20100710_150841.reg
[2010/06/25 19:18:40 | 000,023,123 | ---- | C] () -- C:\WINDOWS\hpqins15.dat
[2010/06/24 18:18:17 | 000,000,992 | ---- | C] () -- C:\WINDOWS\hpomdl40.dat.temp
[2010/06/24 17:27:15 | 000,011,475 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2010/06/23 15:56:41 | 000,000,000 | ---- | C] () -- C:\us
[2010/06/18 10:07:09 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\carl.NETVISTA1\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/06/18 10:06:07 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\carl.NETVISTA1\Desktop\ERUNT.lnk
[2010/06/17 13:16:57 | 000,001,921 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/06/17 12:59:27 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\UpdaterLog.txt
[2010/06/17 12:17:58 | 000,000,818 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Yahoo! Messenger.lnk
[2010/06/17 12:11:51 | 000,000,885 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\OpenOffice.org 3.2.lnk
[2010/06/17 11:47:17 | 000,000,675 | ---- | C] () -- C:\Documents and Settings\carl.NETVISTA1\Desktop\Shortcut to ntregopt-setup.lnk
[2010/06/17 11:46:43 | 000,000,608 | ---- | C] () -- C:\Documents and Settings\carl.NETVISTA1\Desktop\Shortcut to TFC.lnk
[2010/06/17 10:58:18 | 000,000,707 | ---- | C] () -- C:\Documents and Settings\carl.NETVISTA1\Desktop\NTREGOPT.lnk
[2010/06/13 11:18:06 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010/06/09 18:10:03 | 000,000,759 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Picasa 3.lnk
[2010/06/05 14:13:27 | 000,002,471 | ---- | C] () -- C:\Documents and Settings\carl.NETVISTA1\Desktop\HiJackThis.lnk
[2010/05/28 16:35:41 | 000,151,781 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\credit score amanda.htm
[2010/05/28 16:26:41 | 000,385,523 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\cridet report.xps
[2010/05/28 15:03:55 | 000,000,171 | ---- | C] () -- C:\Documents and Settings\carl.NETVISTA1\Desktop\Glary Utilities Freeware.url
[2010/05/28 15:01:38 | 000,002,041 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Age of Empires III - The WarChiefs Trial.lnk
[2010/05/27 19:30:19 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/05/26 14:23:18 | 000,002,003 | ---- | C] () -- C:\Documents and Settings\carl.NETVISTA1\Desktop\LimeWire 5.6.1.lnk
[2010/05/25 09:43:54 | 000,000,743 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\IObit Security 360.lnk
[2010/05/25 09:41:06 | 000,000,416 | ---- | C] () -- C:\Documents and Settings\carl.NETVISTA1\Desktop\Shortcut to Downloads.lnk
[2010/05/22 12:16:19 | 000,721,904 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2010/05/18 16:46:08 | 000,000,172 | R--- | C] () -- C:\Documents and Settings\All Users\Desktop\Router Login.url
[2010/05/18 16:28:36 | 000,276,835 | ---- | C] () -- C:\Documents and Settings\carl.NETVISTA1\My Documents\FullManual.pdf
[2010/05/18 11:52:20 | 000,254,873 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\map.xps
[2010/05/17 19:58:43 | 000,001,507 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 9.0.lnk
[2010/05/17 19:58:18 | 000,605,902 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\iavifw.avm
[2010/05/17 19:58:18 | 000,113,461 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2010/05/17 19:58:12 | 062,698,084 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/05/17 16:44:19 | 011,010,048 | ---- | C] () -- C:\Documents and Settings\carl.NETVISTA1\ntuser.dat
[2010/05/17 16:44:19 | 011,010,048 | ---- | C] () -- C:\Documents and Settings\carl.NETVISTA1\ntuser.bak
[2010/05/12 20:58:16 | 000,055,328 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\amanda6.jpg
[2010/05/12 20:55:51 | 000,054,302 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\qamanda5.jpg
[2010/05/10 19:06:35 | 000,013,888 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\amanda 4.jpg
[2010/05/10 19:05:59 | 000,038,291 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\amanda4.jpg
[2010/05/10 19:05:17 | 000,055,836 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\amanda 3.jpg
[2010/05/10 19:05:06 | 000,055,432 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\amanda 2.jpg
[2010/05/10 19:04:50 | 000,003,857 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\amanda 1.jpg
[2010/05/10 19:03:50 | 000,047,103 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\david 4.jpg
[2010/05/10 19:03:37 | 000,042,622 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\david 3.jpg
[2010/05/10 19:03:22 | 000,045,891 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\david 2.jpg
[2010/05/10 19:02:58 | 000,053,757 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\david 1.jpg
[2010/05/10 19:02:00 | 000,060,709 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\mahase 7.jpg
[2010/05/10 19:01:37 | 000,060,298 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\mahase 6.jpg
[2010/05/10 19:01:22 | 000,076,831 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\mahase 5.jpg
[2010/05/10 19:00:54 | 000,053,052 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\mahase 4.jpg
[2010/05/10 19:00:32 | 000,044,304 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\mahase 3.jpg
[2010/05/10 19:00:12 | 000,050,931 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\mahase 2.jpg
[2010/05/10 18:54:56 | 000,064,061 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\mahase.jpg
[2010/05/06 15:55:34 | 000,000,712 | ---- | C] () -- C:\Documents and Settings\carl.NETVISTA1\Desktop\jv16 PowerTools.lnk
[2010/05/02 17:47:49 | 000,019,732 | ---- | C] () -- C:\Documents and Settings\carl.NETVISTA1\My Documents\cindy.pdf
[2010/05/02 16:16:14 | 000,000,771 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\Copy of Picasa 3.lnk
[2009/12/30 13:47:58 | 000,307,200 | ---- | C] () -- C:\WINDOWS\System32\AscSQLite.dll
[2009/08/31 14:00:22 | 000,021,504 | ---- | C] () -- C:\WINDOWS\System32\WBCustomizer.dll
[2009/08/31 14:00:21 | 000,185,344 | ---- | C] () -- C:\WINDOWS\System32\MemWarp.dll
[2009/07/20 16:45:29 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\LXF3PMRC.DLL
[2009/04/24 14:58:21 | 000,021,504 | ---- | C] () -- C:\WINDOWS\jestertb.dll
[2009/01/18 20:00:07 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll
[2008/12/10 12:04:29 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/11/21 18:42:41 | 000,000,008 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2008/10/27 15:21:17 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\msssc.dll
[2006/10/22 12:22:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/10/22 12:22:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/10/22 12:22:00 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/10/22 12:22:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/10/22 12:22:00 | 000,212,992 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[1996/04/03 15:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

========== LOP Check ==========

[2010/06/21 00:06:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2010/05/17 19:51:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/07/25 17:51:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BarQuery
[2009/09/26 18:24:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverCure
[2010/03/20 17:34:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Evonsoft
[2010/02/13 11:55:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\f-secure
[2010/02/23 14:21:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FileCure
[2010/04/07 09:26:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Free Ride Games
[2010/04/25 11:12:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FreeApp
[2010/04/07 09:47:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\fssg
[2009/06/29 07:34:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fugazo
[2010/05/25 09:43:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2010/06/24 16:54:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lexmark 2600 Series
[2010/01/23 18:04:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NFS Underground
[2010/01/31 21:07:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2010/02/23 14:44:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2010/07/18 09:34:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RegCure
[2010/06/07 00:00:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SlySoft
[2009/07/04 10:59:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Softland
[2010/05/29 09:20:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/04/27 11:00:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ThumbnailCache4R
[2008/12/08 18:20:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/05/18 20:21:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Winferno
[2009/04/22 15:41:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2010/05/20 17:04:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\carl.NETVISTA1\Application Data\AVG9
[2009/01/01 13:22:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\carl.NETVISTA1\Application Data\BID
[2009/04/19 15:19:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\carl.NETVISTA1\Application Data\CrypTool
[2010/07/16 20:50:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\carl.NETVISTA1\Application Data\Digiarty
[2009/09/20 12:13:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\carl.NETVISTA1\Application Data\DriverCure
[2010/02/22 17:03:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\carl.NETVISTA1\Application Data\Foxit
[2010/07/18 09:44:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\carl.NETVISTA1\Application Data\Foxit Software
[2010/05/28 15:07:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\carl.NETVISTA1\Application Data\GlarySoft
[2009/11/07 11:46:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\carl.NETVISTA1\Application Data\gtk-2.0
[2010/05/18 08:59:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\carl.NETVISTA1\Application Data\IObit
[2009/07/21 08:13:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\carl.NETVISTA1\Application Data\Lexmark Productivity Studio
[2009/06/23 22:20:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\carl.NETVISTA1\Application Data\licenses
[2010/05/31 11:19:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\carl.NETVISTA1\Application Data\LimeWire
[2009/08/30 11:41:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\carl.NETVISTA1\Application Data\mjusbsp
[2010/05/17 10:58:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\carl.NETVISTA1\Application Data\MSNInstaller
[2010/06/13 11:04:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\carl.NETVISTA1\Application Data\My.Freeze.com NetAssistant
[2009/04/08 18:24:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\carl.NETVISTA1\Application Data\OpenCandy
[2009/01/01 13:51:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\carl.NETVISTA1\Application Data\OpenOffice.org
[2009/04/08 18:24:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\carl.NETVISTA1\Application Data\Participatory Culture Foundation
[2010/06/10 12:00:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\carl.NETVISTA1\Application Data\PCF-VLC
[2009/04/28 18:10:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\carl.NETVISTA1\Application Data\Playrix Entertainment
[2009/04/23 16:13:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\carl.NETVISTA1\Application Data\Safer Networking
[2010/07/25 17:51:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\carl.NETVISTA1\Application Data\ShopperReports3
[2009/07/04 10:58:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\carl.NETVISTA1\Application Data\Softland
[2010/05/22 12:19:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\carl.NETVISTA1\Application Data\StarBurn
[2010/04/25 17:52:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\carl.NETVISTA1\Application Data\StumbleUpon
[2009/06/28 15:28:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\carl.NETVISTA1\Application Data\Titanium Gears
[2009/01/02 16:33:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\carl.NETVISTA1\Application Data\Viewpoint
[2009/04/24 14:42:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\carl.NETVISTA1\Application Data\Windows Search
[2009/12/27 12:48:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\carl.NETVISTA1\Application Data\wsInspector
[2010/01/24 21:15:00 | 000,000,362 | ---- | M] () -- C:\WINDOWS\Tasks\Install_NSS.job
[2010/07/25 01:32:03 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2010/07/28 19:39:01 | 000,000,374 | -H-- | M] () -- C:\WINDOWS\Tasks\MpIdleTask.job
[2010/07/28 18:00:00 | 000,000,440 | ---- | M] () -- C:\WINDOWS\Tasks\ParetoLogic Registration.job
[2010/07/28 18:00:00 | 000,000,442 | ---- | M] () -- C:\WINDOWS\Tasks\ParetoLogic Registration3.job
[2010/07/27 00:33:00 | 000,000,414 | ---- | M] () -- C:\WINDOWS\Tasks\ParetoLogic Update Version2.job
[2010/07/26 05:15:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\ParetoLogic Update Version3.job
[2010/07/28 18:23:26 | 000,000,436 | ---- | M] () -- C:\WINDOWS\Tasks\RegCure Program Check.job
[2010/07/28 18:23:26 | 000,000,376 | ---- | M] () -- C:\WINDOWS\Tasks\RegCure Startup.job
[2010/07/25 03:06:00 | 000,000,370 | ---- | M] () -- C:\WINDOWS\Tasks\RegCure.job
[2010/07/28 18:23:26 | 000,000,376 | ---- | M] () -- C:\WINDOWS\Tasks\Registry Reviver-carl-Startup.job
[2010/07/28 19:01:00 | 000,000,232 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
[2010/07/25 22:00:00 | 000,000,382 | ---- | M] () -- C:\WINDOWS\Tasks\SmartDefrag.job
[2010/07/28 18:49:42 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{E6A87836-220A-4C17-BB62-129C775CCE2F}.job
[2009/12/24 11:18:34 | 000,000,430 | ---- | M] () -- C:\WINDOWS\Tasks\Wise Disk Cleaner 4.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< %systemroot%\*. /mp /s >

< c:\$recycle.bin\*.* /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-07-14 13:33:30

< MD5 for: AGP440.SYS >
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/04/14 01:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\dllcache\agp440.sys
[2008/04/14 01:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\AGP440.SYS

< MD5 for: ATAPI.SYS >
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/04/14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2008/04/14 05:42:14 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=23043C91A0F9DFB4B9E9F87B680863B4 -- C:\WINDOWS\system32\autochk.exe
[2008/04/14 05:42:14 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=23043C91A0F9DFB4B9E9F87B680863B4 -- C:\WINDOWS\system32\dllcache\autochk.exe

< MD5 for: BEEP.SYS >
[2003/03/31 08:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\dllcache\beep.sys
[2003/03/31 08:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\drivers\beep.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/14 05:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2008/04/14 05:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: EXPLORER.EXE >
[2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\system32\dllcache\explorer.exe

< MD5 for: IMM32.DLL >
[2008/04/14 05:41:56 | 000,110,080 | ---- | M] (Microsoft Corporation) MD5=0DA85218E92526972A821587E6A8BF8F -- C:\WINDOWS\system32\dllcache\imm32.dll
[2008/04/14 05:41:56 | 000,110,080 | ---- | M] (Microsoft Corporation) MD5=0DA85218E92526972A821587E6A8BF8F -- C:\WINDOWS\system32\imm32.dll

< MD5 for: KERNEL32.DLL >
[2009/03/21 10:06:58 | 000,989,696 | ---- | M] (Microsoft Corporation) MD5=B921FB870C9AC0D509B2CCABBBBE95F3 -- C:\WINDOWS\system32\dllcache\kernel32.dll
[2009/03/21 10:06:58 | 000,989,696 | ---- | M] (Microsoft Corporation) MD5=B921FB870C9AC0D509B2CCABBBBE95F3 -- C:\WINDOWS\system32\kernel32.dll
[2009/03/21 09:59:23 | 000,991,744 | ---- | M] (Microsoft Corporation) MD5=DA11D9D6ECBDF0F93436A4B7C13F7BEC -- C:\WINDOWS\$hf_mig$\KB959426\SP3QFE\kernel32.dll

< MD5 for: MSWSOCK.DLL >
[2008/06/20 13:46:57 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=832E4DD8964AB7ACC880B2837CB1ED20 -- C:\WINDOWS\system32\dllcache\mswsock.dll
[2008/06/20 13:46:57 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=832E4DD8964AB7ACC880B2837CB1ED20 -- C:\WINDOWS\system32\mswsock.dll
[2008/06/20 13:43:05 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=FCEE5FCB99F7C724593365C706D28388 -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\mswsock.dll

< MD5 for: NDIS.SYS >
[2008/04/14 00:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\dllcache\ndis.sys
[2008/04/14 00:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys

< MD5 for: NETLOGON.DLL >
[2008/04/14 05:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2008/04/14 05:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: NTFS.SYS >
[2008/04/14 00:45:54 | 000,574,976 | ---- | M] (Microsoft Corporation) MD5=78A08DD6A8D65E697C18E1DB01C5CDCA -- C:\WINDOWS\system32\dllcache\ntfs.sys
[2008/04/14 00:45:54 | 000,574,976 | ---- | M] (Microsoft Corporation) MD5=78A08DD6A8D65E697C18E1DB01C5CDCA -- C:\WINDOWS\system32\drivers\ntfs.sys

< MD5 for: NTMSSVC.DLL >
[2008/04/14 05:42:04 | 000,435,200 | ---- | M] (Microsoft Corporation) MD5=156F64A3345BD23C600655FB4D10BC08 -- C:\WINDOWS\system32\dllcache\ntmssvc.dll
[2008/04/14 05:42:04 | 000,435,200 | ---- | M] (Microsoft Corporation) MD5=156F64A3345BD23C600655FB4D10BC08 -- C:\WINDOWS\system32\ntmssvc.dll

< MD5 for: PROQUOTA.EXE >
[2008/04/14 05:42:34 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=F6465A2EEF75468988A4FCF124148FA8 -- C:\WINDOWS\system32\dllcache\proquota.exe
[2008/04/14 05:42:34 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=F6465A2EEF75468988A4FCF124148FA8 -- C:\WINDOWS\system32\proquota.exe

< MD5 for: QMGR.DLL >
[2008/04/14 05:42:04 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\system32\dllcache\qmgr.dll
[2008/04/14 05:42:04 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\system32\qmgr.dll

< MD5 for: SCECLI.DLL >
[2008/04/14 05:42:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2008/04/14 05:42:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: SFCFILES.DLL >
[2008/10/16 14:01:52 | 001,614,848 | ---- | M] (Microsoft Corporation) MD5=362BC5AF8EAF712832C58CC13AE05750 -- C:\WINDOWS\system32\sfcfiles.dll

< MD5 for: SPOOLSV.EXE >
[2008/04/14 05:42:38 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=D8E14A61ACC1D4A6CD0D38AEBAC7FA3B -- C:\WINDOWS\system32\dllcache\spoolsv.exe
[2008/04/14 05:42:38 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=D8E14A61ACC1D4A6CD0D38AEBAC7FA3B -- C:\WINDOWS\system32\spoolsv.exe

< MD5 for: SRSVC.DLL >
[2008/04/14 05:42:08 | 000,171,008 | ---- | M] (Microsoft Corporation) MD5=3805DF0AC4296A34BA4BF93B346CC378 -- C:\WINDOWS\system32\dllcache\srsvc.dll
[2008/04/14 05:42:08 | 000,171,008 | ---- | M] (Microsoft Corporation) MD5=3805DF0AC4296A34BA4BF93B346CC378 -- C:\WINDOWS\system32\srsvc.dll

< MD5 for: SVCHOST.EXE >
[2008/04/14 05:42:38 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\dllcache\svchost.exe
[2008/04/14 05:42:38 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe

< MD5 for: TERMSRV.DLL >
[2008/04/14 05:42:08 | 000,295,424 | ---- | M] (Microsoft Corporation) MD5=FF3477C03BE7201C294C35F684B3479F -- C:\WINDOWS\system32\dllcache\termsrv.dll
[2008/04/14 05:42:08 | 000,295,424 | ---- | M] (Microsoft Corporation) MD5=FF3477C03BE7201C294C35F684B3479F -- C:\WINDOWS\system32\termsrv.dll

< MD5 for: USERINIT.EXE >
[2008/04/14 05:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008/04/14 05:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WS2_32.DLL >
[2008/04/14 05:42:12 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\system32\dllcache\ws2_32.dll
[2008/04/14 05:42:12 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\system32\ws2_32.dll

< MD5 for: XMLPROV.DLL >
[2008/04/14 05:42:12 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=295D21F14C335B53CB8154E5B1F892B9 -- C:\WINDOWS\system32\dllcache\xmlprov.dll
[2008/04/14 05:42:12 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=295D21F14C335B53CB8154E5B1F892B9 -- C:\WINDOWS\system32\xmlprov.dll

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\All Users\Documents\Carl:SummaryInformation
@Alternate Data Stream - 72 bytes -> C:\WINDOWS:F77B20998B8D3F8E
@Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0CFF5F08
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2F141B68
< End of report >

Scheffing

Scheffing

Member
Member

I think this is correct? Thanks for your time!

Crush · 8 Re: can someone check this out?,invited by the Amp on Thu Jul 29, 2010 4:54 pm

Crush

Expert

Has anything changed in the month since you've posted? Still having the same issues?

Scheffing · 9 Re: can someone check this out?,invited by the Amp on Thu Jul 29, 2010 5:26 pm

Scheffing

Member
Member

I tried malware/Anti-Malware program it showed adware threats x25,moved to vault.After computer was even slower so I replaced all and computer is back the way it was but better than when adware was in vault.

Scheffing · 10 bump on Tue Aug 03, 2010 9:10 pm

Scheffing

Member
Member

[bump
quote="Crush"]Try attaching the log or just split it up into several posts Smile

[/quote]

Scheffing

Scheffing

Member
Member

BUMP, thanks for any help you may be able to give me!

DragonMaster Jay

DragonMaster Jay

Site Owner

Crush is on vacation, but said he may be able to check in. It appears he has not.

What other signs of malware are there?

Scheffing

Scheffing

Member
Member

slower than it used to be & freezes occasionally

DragonMaster Jay

DragonMaster Jay

Site Owner

Please visit this webpage for a tutorial on downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

See the area: Using ComboFix, and when done, post the log back here.

Scheffing

Scheffing

Member
Member

Please wait.
grep: writing output: Bad file descriptor
The system cannot find the file specified.
The handle is invalid.
The handle is invalid.
The handle is invalid.
The handle is invalid.
The handle is invalid.

Ad Bot

Ad Bot

1 can someone check this out?,invited by the Amp on Fri Jun 18, 2010 5:29 pm

Scheffing

2 Re: can someone check this out?,invited by the Amp on Fri Jun 18, 2010 7:04 pm

Crush

3 Re: can someone check this out?,invited by the Amp on Sat Jun 19, 2010 11:09 am

Scheffing

4 Re: can someone check this out?,invited by the Amp on Sat Jun 19, 2010 1:15 pm

Crush

5 Re: can someone check this out?,invited by the Amp on Thu Jul 29, 2010 10:46 am

Scheffing

6 Re: can someone check this out?,invited by the Amp on Thu Jul 29, 2010 10:51 am

Scheffing

7 Re: can someone check this out?,invited by the Amp on Thu Jul 29, 2010 11:44 am

Scheffing

8 Re: can someone check this out?,invited by the Amp on Thu Jul 29, 2010 4:54 pm

Crush

9 Re: can someone check this out?,invited by the Amp on Thu Jul 29, 2010 5:26 pm

Scheffing

10 bump on Tue Aug 03, 2010 9:10 pm

Scheffing

11 Re: can someone check this out?,invited by the Amp on Wed Aug 04, 2010 7:58 pm

Scheffing

12 Re: can someone check this out?,invited by the Amp on Sat Aug 07, 2010 10:35 pm

DragonMaster Jay

13 Re: can someone check this out?,invited by the Amp on Sun Aug 08, 2010 12:08 pm

Scheffing

14 Re: can someone check this out?,invited by the Amp on Sun Aug 08, 2010 3:23 pm

DragonMaster Jay

15 Re: can someone check this out?,invited by the Amp on Tue Aug 10, 2010 12:20 pm

Scheffing

Ad Bot

Log in