virus
OTL logfile created on: 9/5/2011 6:56:26 PM - Run 1
OTL by OldTimer - Version 3.2.27.0 Folder = C:\Documents and Settings\Owner.HOME-5NR1RMGI5L\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
766.00 Mb Total Physical Memory | 271.61 Mb Available Physical Memory | 35.46% Memory free
2.96 Gb Paging File | 2.55 Gb Available in Paging File | 86.28% Paging File free
Paging file location(s): C:\pagefile.sys 2304 2304 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files
Drive C: | 37.24 Gb Total Space | 13.99 Gb Free Space | 37.58% Space Free | Partition Type: NTFS
Computer Name: BLACKIE | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2011/09/05 18:51:35 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner.HOME-5NR1RMGI5L\Desktop\OTL.exe
PRC - [2011/08/06 21:34:47 | 000,140,952 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.21.65\GoogleCrashHandler.exe
PRC - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/07/04 07:43:54 | 003,493,720 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/07/04 07:43:51 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2010/08/23 21:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2010/05/20 15:27:24 | 000,139,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe
PRC - [2010/04/05 15:55:01 | 000,116,104 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe
PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINNT\explorer.exe
========== Modules (No Company Name) ==========
MOD - [2011/09/05 05:08:25 | 001,384,960 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\11090500\algo.dll
MOD - [2011/09/05 04:17:50 | 000,208,544 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\11090500\aswRep.dll
MOD - [2011/08/11 18:01:19 | 000,212,992 | ---- | M] () -- C:\WINNT\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\70a1400affdc775d7c7398e036359286\System.ServiceProcess.ni.dll
MOD - [2011/08/10 18:34:46 | 007,950,848 | ---- | M] () -- C:\WINNT\assembly\NativeImages_v2.0.50727_32\System\e6c79e1d71b0c9000afd7e5e439b5c54\System.ni.dll
MOD - [2011/08/10 18:32:36 | 002,048,000 | ---- | M] () -- C:\WINNT\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll
MOD - [2011/08/10 18:32:33 | 003,182,592 | ---- | M] () -- C:\WINNT\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
MOD - [2011/08/10 18:32:26 | 002,933,248 | ---- | M] () -- C:\WINNT\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2011/08/10 18:32:25 | 000,425,984 | ---- | M] () -- C:\WINNT\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll
MOD - [2011/08/10 18:31:58 | 000,626,688 | ---- | M] () -- C:\WINNT\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
MOD - [2011/08/10 18:31:56 | 000,303,104 | ---- | M] () -- C:\WINNT\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2011/08/10 18:31:49 | 000,258,048 | ---- | M] () -- C:\WINNT\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
MOD - [2011/08/10 18:31:45 | 000,261,632 | ---- | M] () -- C:\WINNT\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2011/08/10 18:31:31 | 000,114,688 | ---- | M] () -- C:\WINNT\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
MOD - [2011/08/10 18:30:59 | 005,025,792 | ---- | M] () -- C:\WINNT\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
MOD - [2011/06/26 18:14:38 | 011,490,816 | ---- | M] () -- C:\WINNT\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll
MOD - [2011/02/26 16:49:16 | 000,854,016 | ---- | M] () -- C:\WINNT\assembly\GAC_32\System.Data.SQLite\1.0.61.0__db937bc2d44ff139\System.Data.SQLite.dll
MOD - [2011/02/26 16:49:11 | 000,270,336 | ---- | M] () -- C:\WINNT\assembly\GAC_MSIL\log4net\1.2.10.0__1b44e1d426115821\log4net.dll
MOD - [2011/02/26 16:49:09 | 000,409,960 | ---- | M] () -- C:\WINNT\assembly\GAC_MSIL\Intuit.Spc.Map.WindowsFirewallUtilities\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.WindowsFirewallUtilities.dll
MOD - [2011/02/26 16:49:07 | 000,476,520 | ---- | M] () -- C:\WINNT\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll
MOD - [2011/02/26 16:48:55 | 000,046,952 | ---- | M] () -- C:\WINNT\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin.dll
MOD - [2011/02/26 16:48:54 | 000,023,912 | ---- | M] () -- C:\WINNT\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateService\1.0.0.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateService.dll
MOD - [2011/02/26 16:48:54 | 000,018,792 | ---- | M] () -- C:\WINNT\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker.dll
MOD - [2011/02/26 16:48:54 | 000,012,136 | ---- | M] () -- C:\WINNT\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateService.PluginContract\1.0.0.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateService.PluginContract.dll
MOD - [2011/02/26 16:48:53 | 000,421,224 | ---- | M] () -- C:\WINNT\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Api.Net\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Api.Net.dll
MOD - [2011/02/26 16:48:52 | 000,269,672 | ---- | M] () -- C:\WINNT\assembly\GAC_MSIL\Intuit.Spc.Esd.Core\3.1.26.0__540d4816ead86321\Intuit.Spc.Esd.Core.dll
MOD - [2011/02/26 16:48:51 | 000,120,168 | ---- | M] () -- C:\WINNT\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.DataAccess\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.Client.DataAccess.dll
MOD - [2011/02/26 16:48:51 | 000,070,504 | ---- | M] () -- C:\WINNT\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.Common\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.Client.Common.dll
MOD - [2011/02/26 16:48:50 | 000,121,704 | ---- | M] () -- C:\WINNT\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.BusinessLogic\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.Client.BusinessLogic.dll
MOD - [2010/04/05 15:55:01 | 000,116,104 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe
MOD - [2008/04/13 20:11:59 | 000,014,336 | ---- | M] () -- C:\WINNT\system32\msdmo.dll
MOD - [2008/04/13 20:11:51 | 000,059,904 | ---- | M] () -- C:\WINNT\system32\devenum.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [Auto | Stopped] -- -- (wuauserv)
SRV - File not found [Disabled | Stopped] -- -- (AppMgmt)
SRV - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/07/04 07:43:51 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/08/23 21:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2010/05/20 15:27:24 | 000,139,632 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2010/04/05 15:55:01 | 000,116,104 | ---- | M] () [Auto | Running] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
DRV - [2011/07/06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINNT\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/07/04 07:36:43 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Stopped] -- C:\WINNT\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/07/04 07:36:32 | 000,309,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINNT\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/07/04 07:35:23 | 000,043,608 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINNT\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/07/04 07:35:12 | 000,102,616 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINNT\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/07/04 07:32:32 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINNT\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/07/04 07:32:13 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINNT\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/07/04 07:32:12 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINNT\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/05/20 15:27:24 | 000,030,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\nx6000.sys -- (MSHUSBVideo)
DRV - [2009/04/30 23:55:58 | 002,687,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\LV302V32.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
DRV - [2003/08/29 05:59:24 | 001,101,696 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\BCMSM.sys -- (BCMModem)
DRV - [2003/06/30 19:11:52 | 000,043,136 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2001/08/22 09:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINNT\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-823518204-2025429265-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm
IE - HKU\S-1-5-21-823518204-2025429265-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKU\S-1-5-21-823518204-2025429265-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.aol.com/?icid=acm50mtmhpunauthgreeting#
IE - HKU\S-1-5-21-823518204-2025429265-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-823518204-2025429265-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINNT\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINNT\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Owner.HOME-5NR1RMGI5L\Application Data\Move Networks\plugins\npqmp071706000001.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Owner.HOME-5NR1RMGI5L\Application Data\Move Networks\plugins\npqmp071706000001.dll (Move Networks)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files\MyWebSearch\bar\1.bin
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\
O1 HOSTS File: ([2011/09/05 14:24:46 | 000,000,027 | ---- | M]) - C:\WINNT\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKU\S-1-5-21-823518204-2025429265-839522115-1003\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-21-823518204-2025429265-839522115-1003..\Run: [Aim] C:\Program Files\AIM\aim.exe (AOL Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-823518204-2025429265-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-823518204-2025429265-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-823518204-2025429265-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-823518204-2025429265-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-823518204-2025429265-839522115-1003\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKU\S-1-5-21-823518204-2025429265-839522115-1003\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-823518204-2025429265-839522115-1003\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000}
http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700}
http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2}
https://lowes.2020.net/Core/Player/2020PlayerAX_Win32.cab (20-20 3D Viewer)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C}
http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1236304913634 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3}
http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1236305120181 (MUWebControl Class)
O16 - DPF: {74E4A24D-5224-4F05-8A41-99445E0FC22B}
http://www.gamehouse.com/games/gamehouse/ghplayer.cab (GameHouse Games Player)
O16 - DPF: {775879E2-7309-4619-BB02-AADE41F4B690}
http://webgames.d.tmsrv.com/c=51ebb...ronicles/dreamchronicles/dreamweb.1.0.0.9.cab (CPlayFirstdreamControl Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
http://dl8-cdn-01.sun.com/s/ESD7/JS...5/&filename=jinstall-6u12-windows-i586-jc.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: PackageCab
http://ak.imgag.com/imgag/cp/install/AxCtp2.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FC6DEB69-355C-480C-9408-580DCD42E9C3}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINNT\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINNT\system32\userinit.exe) - C:\WINNT\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINNT\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner.HOME-5NR1RMGI5L\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner.HOME-5NR1RMGI5L\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/02/25 13:57:44 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: wuauserv - File not found
Drivers32: msacm.iac2 - C:\WINNT\System32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINNT\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINNT\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINNT\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo - C:\WINNT\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\WINNT\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINNT\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\WINNT\System32\ff_vfw.dll ()
Drivers32: vidc.iv31 - C:\WINNT\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINNT\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINNT\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINNT\System32\ir50_32.dll (Intel Corporation)
Drivers32: wave - C:\WINNT\System32\serwvdrv.dll (Microsoft Corporation)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ==========
[2011/09/05 18:51:19 | 000,581,120 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner.HOME-5NR1RMGI5L\Desktop\OTL.exe
[2011/09/05 15:59:07 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/09/05 14:49:51 | 000,019,544 | ---- | C] (AVAST Software) -- C:\WINNT\System32\drivers\aswFsBlk.sys
[2011/09/05 14:49:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINNT\Start Menu\Programs\avast! Free Antivirus
[2011/09/05 14:49:50 | 000,309,848 | ---- | C] (AVAST Software) -- C:\WINNT\System32\drivers\aswSP.sys
[2011/09/05 14:49:45 | 000,025,432 | ---- | C] (AVAST Software) -- C:\WINNT\System32\drivers\aswRdr.sys
[2011/09/05 14:49:44 | 000,441,176 | ---- | C] (AVAST Software) -- C:\WINNT\System32\drivers\aswSnx.sys
[2011/09/05 14:49:44 | 000,043,608 | ---- | C] (AVAST Software) -- C:\WINNT\System32\drivers\aswTdi.sys
[2011/09/05 14:49:42 | 000,102,616 | ---- | C] (AVAST Software) -- C:\WINNT\System32\drivers\aswmon2.sys
[2011/09/05 14:49:42 | 000,096,344 | ---- | C] (AVAST Software) -- C:\WINNT\System32\drivers\aswmon.sys
[2011/09/05 14:49:41 | 000,030,808 | ---- | C] (AVAST Software) -- C:\WINNT\System32\drivers\aavmker4.sys
[2011/09/05 14:48:02 | 000,040,112 | ---- | C] (AVAST Software) -- C:\WINNT\avastSS.scr
[2011/09/05 14:48:00 | 000,199,304 | ---- | C] (AVAST Software) -- C:\WINNT\System32\aswBoot.exe
[2011/09/05 14:47:11 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/09/05 14:47:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINNT\Application Data\AVAST Software
[2011/09/05 14:00:47 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/09/05 13:57:53 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINNT\SWREG.exe
[2011/09/05 13:57:53 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINNT\SWSC.exe
[2011/09/05 13:57:53 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINNT\SWXCACLS.exe
[2011/09/05 13:57:53 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINNT\NIRCMD.exe
[2011/09/05 13:56:48 | 000,000,000 | ---D | C] -- C:\WINNT\ERDNT
[2011/09/05 13:56:40 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/09/05 13:40:36 | 004,195,245 | R--- | C] (Swearware) -- C:\Documents and Settings\Owner.HOME-5NR1RMGI5L\Desktop\ComboFix.exe
[2011/09/05 13:03:08 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Owner.HOME-5NR1RMGI5L\Desktop\aswMBR.exe
[2011/09/05 11:07:26 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner.HOME-5NR1RMGI5L\Recent
[2011/09/04 21:31:23 | 001,249,696 | ---- | C] (Alactro LLC) -- C:\Documents and Settings\Owner.HOME-5NR1RMGI5L\Desktop\BestVideoDownloaderSetup.exe
[2011/09/04 09:48:43 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users.WINNT\Application Data\CanonIJEPPEX
[2011/09/04 09:48:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.HOME-5NR1RMGI5L\Local Settings\Application Data\Canon Easy-PhotoPrint EX
[2011/08/31 16:24:20 | 001,406,768 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Owner.HOME-5NR1RMGI5L\Desktop\tdsskiller.exe
[2011/08/29 15:18:28 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Owner.HOME-5NR1RMGI5L\Desktop\dds.scr
[2011/08/29 13:34:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.HOME-5NR1RMGI5L\Application Data\Malwarebytes
[2011/08/29 13:33:59 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\WINNT\System32\drivers\mbamswissarmy.sys
[2011/08/29 13:33:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINNT\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/08/29 13:33:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINNT\Application Data\Malwarebytes
[2011/08/29 13:33:55 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINNT\System32\drivers\mbam.sys
[2011/08/29 13:33:55 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/08/29 13:32:09 | 009,466,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner.HOME-5NR1RMGI5L\Desktop\mbam-setup-1.51.1.1800.exe
[2011/08/25 09:29:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.HOME-5NR1RMGI5L\.frostwire5
[2011/08/25 09:28:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.HOME-5NR1RMGI5L\Start Menu\Programs\FrostWire 5
[2011/08/25 09:27:37 | 000,000,000 | ---D | C] -- C:\Program Files\FrostWire 5
[2011/08/09 16:11:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.HOME-5NR1RMGI5L\Application Data\BigFish
[2011/08/09 16:11:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINNT\Application Data\BigFish
[2011/08/09 16:09:39 | 000,000,000 | ---D | C] -- C:\Program Files\Jewel Quest Mysteries - The Seventh Gate
[2011/08/09 16:09:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINNT\Start Menu\Programs\Jewel Quest Mysteries - The Seventh Gate
[2009/03/27 08:59:52 | 013,440,584 | ---- | C] (AOL LLC.) -- C:\Program Files\Install_AIM.exe
[5 C:\WINNT\*.tmp files -> C:\WINNT\*.tmp -> ]
[3 C:\WINNT\System32\*.tmp files -> C:\WINNT\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2011/09/05 18:51:35 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner.HOME-5NR1RMGI5L\Desktop\OTL.exe
[2011/09/05 18:40:00 | 000,000,886 | ---- | M] () -- C:\WINNT\tasks\GoogleUpdateTaskMachineUA.job
[2011/09/05 18:27:44 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Owner.HOME-5NR1RMGI5L\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/09/05 15:47:10 | 000,000,418 | -H-- | M] () -- C:\WINNT\tasks\User_Feed_Synchronization-{54D4DDA0-6D57-415C-9F9D-F0DA38B79C92}.job
[2011/09/05 14:49:52 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users.WINNT\Desktop\avast! Free Antivirus.lnk
[2011/09/05 14:49:42 | 000,002,625 | ---- | M] () -- C:\WINNT\System32\CONFIG.NT
[2011/09/05 14:45:34 | 056,167,608 | ---- | M] () -- C:\Documents and Settings\Owner.HOME-5NR1RMGI5L\Desktop\setup_av_free.exe
[2011/09/05 14:24:55 | 000,000,868 | ---- | M] () -- C:\WINNT\tasks\Google Software Updater.job
[2011/09/05 14:24:46 | 000,000,027 | ---- | M] () -- C:\WINNT\System32\drivers\etc\hosts
[2011/09/05 14:24:31 | 000,000,882 | ---- | M] () -- C:\WINNT\tasks\GoogleUpdateTaskMachineCore.job
[2011/09/05 14:24:23 | 000,002,048 | --S- | M] () -- C:\WINNT\bootstat.dat
[2011/09/05 14:00:57 | 000,000,323 | RHS- | M] () -- C:\boot.ini
[2011/09/05 13:57:09 | 004,195,245 | R--- | M] (Swearware) -- C:\Documents and Settings\Owner.HOME-5NR1RMGI5L\Desktop\ComboFix.exe
[2011/09/05 13:39:06 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Owner.HOME-5NR1RMGI5L\Desktop\MBR.dat
[2011/09/05 13:03:27 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Owner.HOME-5NR1RMGI5L\Desktop\aswMBR.exe
[2011/09/04 21:31:30 | 001,249,696 | ---- | M] (Alactro LLC) -- C:\Documents and Settings\Owner.HOME-5NR1RMGI5L\Desktop\BestVideoDownloaderSetup.exe
[2011/09/02 18:45:37 | 000,002,206 | ---- | M] () -- C:\WINNT\System32\wpa.dbl
[2011/09/01 18:35:00 | 000,158,653 | ---- | M] () -- C:\WINNT\System32\drivers\AVG\iavichjg.avm
[2011/08/31 16:24:25 | 001,406,768 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Owner.HOME-5NR1RMGI5L\Desktop\tdsskiller.exe
[2011/08/29 15:18:29 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Owner.HOME-5NR1RMGI5L\Desktop\dds.scr
[2011/08/29 14:00:56 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Owner.HOME-5NR1RMGI5L\Desktop\bdoinouq.exe
[2011/08/29 13:33:59 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users.WINNT\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/08/29 13:32:11 | 009,466,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner.HOME-5NR1RMGI5L\Desktop\mbam-setup-1.51.1.1800.exe
[2011/08/29 09:49:00 | 000,006,122 | ---- | M] () -- C:\Documents and Settings\Owner.HOME-5NR1RMGI5L\My Documents\rootkitscan.csv
[2011/08/25 11:34:59 | 000,126,112 | ---- | M] () -- C:\Documents and Settings\Owner.HOME-5NR1RMGI5L\My Documents\cc_20110825_113451.reg
[2011/08/25 09:37:26 | 000,000,000 | ---- | M] () -- C:\WINNT\2936415324
[2011/08/25 09:28:49 | 000,000,902 | ---- | M] () -- C:\Documents and Settings\Owner.HOME-5NR1RMGI5L\Desktop\FrostWire 5.1.4.lnk
[2011/08/19 17:06:03 | 000,001,070 | ---- | M] () -- C:\Documents and Settings\Owner.HOME-5NR1RMGI5L\Desktop\magicJack.lnk
[2011/08/17 10:38:03 | 000,000,284 | ---- | M] () -- C:\WINNT\tasks\AppleSoftwareUpdate.job
[2011/08/10 18:33:05 | 000,441,546 | ---- | M] () -- C:\WINNT\System32\perfh009.dat
[2011/08/10 18:33:05 | 000,071,482 | ---- | M] () -- C:\WINNT\System32\perfc009.dat
[2011/08/09 16:10:50 | 000,001,870 | ---- | M] () -- C:\Documents and Settings\All Users.WINNT\Desktop\Play Jewel Quest Mysteries - The Seventh Gate.lnk
[2011/08/09 16:10:50 | 000,001,246 | ---- | M] () -- C:\Documents and Settings\All Users.WINNT\Desktop\More Great Games.lnk
[5 C:\WINNT\*.tmp files -> C:\WINNT\*.tmp -> ]
[3 C:\WINNT\System32\*.tmp files -> C:\WINNT\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011/09/05 14:49:52 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\All Users.WINNT\Desktop\avast! Free Antivirus.lnk
[2011/09/05 14:45:09 | 056,167,608 | ---- | C] () -- C:\Documents and Settings\Owner.HOME-5NR1RMGI5L\Desktop\setup_av_free.exe
[2011/09/05 14:00:57 | 000,000,206 | ---- | C] () -- C:\Boot.bak
[2011/09/05 14:00:52 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/09/05 13:57:53 | 000,256,000 | ---- | C] () -- C:\WINNT\PEV.exe
[2011/09/05 13:57:53 | 000,208,896 | ---- | C] () -- C:\WINNT\MBR.exe
[2011/09/05 13:57:53 | 000,098,816 | ---- | C] () -- C:\WINNT\sed.exe
[2011/09/05 13:57:53 | 000,080,412 | ---- | C] () -- C:\WINNT\grep.exe
[2011/09/05 13:57:53 | 000,068,096 | ---- | C] () -- C:\WINNT\zip.exe
[2011/09/05 13:39:06 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Owner.HOME-5NR1RMGI5L\Desktop\MBR.dat
[2011/08/29 14:00:54 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Owner.HOME-5NR1RMGI5L\Desktop\bdoinouq.exe
[2011/08/29 13:33:59 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users.WINNT\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/08/25 15:54:28 | 000,006,122 | ---- | C] () -- C:\Documents and Settings\Owner.HOME-5NR1RMGI5L\My Documents\rootkitscan.csv
[2011/08/25 11:34:55 | 000,126,112 | ---- | C] () -- C:\Documents and Settings\Owner.HOME-5NR1RMGI5L\My Documents\cc_20110825_113451.reg
[2011/08/25 09:37:26 | 000,000,000 | ---- | C] () -- C:\WINNT\2936415324
[2011/08/25 09:28:46 | 000,000,902 | ---- | C] () -- C:\Documents and Settings\Owner.HOME-5NR1RMGI5L\Desktop\FrostWire 5.1.4.lnk
[2011/08/09 16:10:50 | 000,001,870 | ---- | C] () -- C:\Documents and Settings\All Users.WINNT\Desktop\Play Jewel Quest Mysteries - The Seventh Gate.lnk
[2011/08/09 16:10:50 | 000,001,246 | ---- | C] () -- C:\Documents and Settings\All Users.WINNT\Desktop\More Great Games.lnk
[2011/02/22 17:41:16 | 000,007,168 | ---- | C] () -- C:\Documents and Settings\Owner.HOME-5NR1RMGI5L\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/15 20:55:50 | 000,000,000 | ---- | C] () -- C:\WINNT\pcfriend.INI
[2010/12/08 23:22:44 | 000,000,000 | ---- | C] () -- C:\WINNT\Curses.INI
[2010/06/17 11:36:24 | 000,015,420 | -H-- | C] () -- C:\WINNT\System32\mlfcache.dat
[2010/03/29 14:36:06 | 000,085,504 | ---- | C] () -- C:\WINNT\System32\ff_vfw.dll
[2009/12/25 15:16:05 | 000,000,478 | ---- | C] () -- C:\Program Files\Shortcut to FrostWire.lnk
[2009/12/02 19:23:43 | 000,004,096 | ---- | C] () -- C:\WINNT\d3dx.dat
[2009/09/25 11:21:35 | 000,000,049 | ---- | C] () -- C:\WINNT\lexstat.ini
[2009/04/30 23:39:36 | 000,082,289 | ---- | C] () -- C:\WINNT\System32\lvcoinst.ini
[2009/04/13 13:25:51 | 000,000,138 | ---- | C] () -- C:\WINNT\wininit.ini
[2009/03/29 20:21:23 | 000,000,021 | ---- | C] () -- C:\WINNT\atid.ini
[2009/03/08 19:21:35 | 000,000,445 | ---- | C] () -- C:\WINNT\dellstat.ini
[2009/03/06 08:12:36 | 000,004,569 | ---- | C] () -- C:\WINNT\System32\secupd.dat
[2009/03/05 20:44:04 | 000,002,048 | --S- | C] () -- C:\WINNT\bootstat.dat
[2009/03/05 20:32:42 | 000,021,640 | ---- | C] () -- C:\WINNT\System32\emptyregdb.dat
[2009/03/05 15:00:01 | 000,004,073 | ---- | C] () -- C:\WINNT\ODBCINST.INI
[2009/03/05 14:58:33 | 000,110,192 | ---- | C] () -- C:\WINNT\System32\FNTCACHE.DAT
[2008/03/25 13:59:04 | 000,021,249 | ---- | C] () -- C:\Documents and Settings\Owner.HOME-5NR1RMGI5L\Application Data\Outlook.NK2
[2008/02/25 18:03:48 | 000,193,742 | ---- | C] () -- C:\Documents and Settings\Owner.HOME-5NR1RMGI5L\Application Data\Owner.wab~
[2008/02/25 17:56:25 | 000,213,882 | ---- | C] () -- C:\Documents and Settings\Owner.HOME-5NR1RMGI5L\Application Data\Owner.wab
[2003/11/20 17:39:58 | 000,000,000 | ---- | C] () -- C:\WINNT\System32\px.ini
[2003/07/16 16:54:55 | 000,004,594 | ---- | C] () -- C:\WINNT\System32\oembios.dat
[2003/07/16 16:54:54 | 013,107,200 | ---- | C] () -- C:\WINNT\System32\oembios.bin
[2003/07/16 16:41:25 | 000,441,546 | ---- | C] () -- C:\WINNT\System32\perfh009.dat
[2003/07/16 16:41:25 | 000,272,128 | ---- | C] () -- C:\WINNT\System32\perfi009.dat
[2003/07/16 16:41:23 | 000,028,626 | ---- | C] () -- C:\WINNT\System32\perfd009.dat
[2003/07/16 16:41:21 | 000,071,482 | ---- | C] () -- C:\WINNT\System32\perfc009.dat
[2003/07/16 16:39:07 | 000,000,741 | ---- | C] () -- C:\WINNT\System32\noise.dat
[2003/07/16 16:33:50 | 000,673,088 | ---- | C] () -- C:\WINNT\System32\mlang.dat
[2003/07/16 16:33:39 | 000,046,258 | ---- | C] () -- C:\WINNT\System32\mib.bin
[2003/07/16 16:27:41 | 000,218,003 | ---- | C] () -- C:\WINNT\System32\dssec.dat
[2003/07/16 16:26:37 | 000,001,804 | ---- | C] () -- C:\WINNT\System32\dcache.bin
========== LOP Check ==========
[2009/03/29 20:20:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINNT\Application Data\acccore
[2010/05/11 19:58:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINNT\Application Data\AIM
[2011/09/05 14:47:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINNT\Application Data\AVAST Software
[2010/11/22 15:28:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINNT\Application Data\avg9
[2011/08/09 16:02:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINNT\Application Data\Big Fish Games
[2011/03/02 15:20:54 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users.WINNT\Application Data\CanonBJ
[2011/03/02 15:59:52 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users.WINNT\Application Data\CanonEPP
[2011/04/15 11:20:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINNT\Application Data\CanonIJ
[2011/03/02 18:55:28 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users.WINNT\Application Data\CanonIJEGV
[2011/09/04 09:48:44 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users.WINNT\Application Data\CanonIJEPPEX
[2011/03/02 15:59:52 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users.WINNT\Application Data\CanonIJEPPEX2
[2011/03/02 15:25:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINNT\Application Data\CanonIJMSetup
[2011/03/15 14:41:51 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users.WINNT\Application Data\CanonIJMyPrinter
[2011/09/04 10:19:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINNT\Application Data\CanonIJPLM
[2011/04/15 11:19:30 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users.WINNT\Application Data\CanonIJScan
[2011/03/02 15:59:53 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users.WINNT\Application Data\CanonIJSolutionMenuEX
[2011/03/02 15:25:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINNT\Application Data\CanonIJWSpt
[2009/12/07 20:05:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINNT\Application Data\Christmasville
[2010/07/15 15:17:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINNT\Application Data\com.comcast.access
[2010/11/22 15:39:19 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users.WINNT\Application Data\Common Files
[2011/04/21 20:50:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINNT\Application Data\Exorcist DS 1
[2011/04/20 20:14:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINNT\Application Data\GameHouse
[2009/11/13 16:32:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINNT\Application Data\Gogii
[2010/12/25 10:54:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINNT\Application Data\magicJack
[2009/10/27 18:45:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINNT\Application Data\Merscom
[2011/04/13 20:43:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINNT\Application Data\MumboJumbo
[2011/03/31 20:10:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINNT\Application Data\NeoEdge Networks
[2011/09/04 22:22:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINNT\Application Data\TEMP
[2011/03/31 20:12:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINNT\Application Data\TERMINAL Studio
[2011/09/05 18:46:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINNT\Application Data\Viewpoint
[2011/04/20 20:14:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINNT\Application Data\Zylom
[2010/06/17 11:29:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINNT\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/03/30 21:33:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.HOME-5NR1RMGI5L\Application Data\acccore
[2009/12/02 19:24:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.HOME-5NR1RMGI5L\Application Data\Aisle 5 Games, Inc
[2011/07/22 21:35:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.HOME-5NR1RMGI5L\Application Data\Artogon
[2011/01/29 20:18:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.HOME-5NR1RMGI5L\Application Data\Big Fish Games
[2011/09/04 10:12:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.HOME-5NR1RMGI5L\Application Data\Canon
[2011/04/30 09:55:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.HOME-5NR1RMGI5L\Application Data\Canon Easy-WebPrint EX
[2009/12/06 20:30:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.HOME-5NR1RMGI5L\Application Data\cerasus.media
[2010/07/15 15:43:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.HOME-5NR1RMGI5L\Application Data\com.comcast.access.13A1FA90F0FC9DC009FB0956ADD0F13F8608561B.1
[2011/05/31 20:57:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.HOME-5NR1RMGI5L\Application Data\EnchantedCavern
[2011/01/31 22:02:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.HOME-5NR1RMGI5L\Application Data\ERS Game Studios
[2009/09/20 08:17:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.HOME-5NR1RMGI5L\Application Data\FoxPlayerAIR.01F2E49DE175CC541F416F2DF78BDD5E63AD0096.1
[2011/06/29 19:45:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.HOME-5NR1RMGI5L\Application Data\Friday's games
[2011/08/25 09:54:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.HOME-5NR1RMGI5L\Application Data\FrostWire
[2011/01/06 20:09:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.HOME-5NR1RMGI5L\Application Data\GameHousev1002
[2010/01/04 16:29:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.HOME-5NR1RMGI5L\Application Data\GhostFleet
[2011/07/17 18:48:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.HOME-5NR1RMGI5L\Application Data\Jewel Match 3
[2010/11/26 20:49:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.HOME-5NR1RMGI5L\Application Data\Lazy Turtle Games
[2009/04/14 19:04:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.HOME-5NR1RMGI5L\Application Data\Leadertech
[2009/07/25 21:47:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.HOME-5NR1RMGI5L\Application Data\Magic Academy
[2009/10/27 18:45:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.HOME-5NR1RMGI5L\Application Data\Merscom
[2011/08/19 17:06:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.HOME-5NR1RMGI5L\Application Data\mjusbsp
[2010/02/07 17:01:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.HOME-5NR1RMGI5L\Application Data\uniblue
[2011/06/29 20:12:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.HOME-5NR1RMGI5L\Application Data\URSE Games
[2010/03/29 14:36:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.HOME-5NR1RMGI5L\Application Data\WeatherBug
[2011/09/05 15:47:10 | 000,000,418 | -H-- | M] () -- C:\WINNT\Tasks\User_Feed_Synchronization-{54D4DDA0-6D57-415C-9F9D-F0DA38B79C92}.job
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.* >
[2008/02/25 13:57:44 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2009/03/06 17:05:50 | 000,000,206 | ---- | M] () -- C:\Boot.bak
[2011/09/05 14:00:57 | 000,000,323 | RHS- | M] () -- C:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2011/09/05 14:34:15 | 000,019,675 | ---- | M] () -- C:\ComboFix.txt
[2008/02/25 13:57:44 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2008/02/25 13:57:44 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2011/02/13 09:38:13 | 000,002,658 | -H-- | M] () -- C:\IPH.PH
[2008/03/27 19:10:43 | 000,000,064 | ---- | M] () -- C:\jetscan.log
[2008/07/30 17:28:15 | 000,006,769 | ---- | M] () -- C:\lvcoinst.log
[2008/04/11 19:57:45 | 000,000,200 | ---- | M] () -- C:\lxbm.log
[2008/02/25 13:57:44 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008/07/09 18:51:37 | 000,000,999 | ---- | M] () -- C:\net_save.dna
[2011/01/19 14:06:23 | 000,000,439 | ---- | M] () -- C:\nsinst.log
[2009/03/06 08:21:44 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2009/03/06 14:03:22 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2011/09/05 14:24:13 | 2415,919,104 | -HS- | M] () -- C:\pagefile.sys
[2010/04/25 10:38:10 | 000,006,179 | ---- | M] () -- C:\plaxo.log
[2010/02/10 12:08:31 | 000,001,292 | ---- | M] () -- C:\Player Loader_log.txt
[2009/02/16 21:11:23 | 000,000,959 | ---- | M] () -- C:\rollback.ini
[2008/02/25 17:18:19 | 000,000,168 | ---- | M] () -- C:\setupfax.log
[2011/08/31 16:29:52 | 000,041,878 | ---- | M] () -- C:\TDSSKiller.2.5.17.0_31.08.2011_16.25.09_log.txt
< %systemroot%\Fonts\*.com >
[2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINNT\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINNT\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINNT\Fonts\GlobalSerif.CompositeFont
[2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINNT\Fonts\GlobalUserInterface.CompositeFont
< %systemroot%\Fonts\*.dll >
< %systemroot%\Fonts\*.ini >
[2009/03/05 20:35:44 | 000,000,067 | -HS- | M] () -- C:\WINNT\Fonts\desktop.ini
< %systemroot%\Fonts\*.ini2 >
< %systemroot%\Fonts\*.exe >
< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2010/04/07 06:00:00 | 000,027,648 | ---- | M] (CANON INC.) -- C:\WINNT\system32\spool\prtprocs\w32x86\CNMPDAE.DLL
[2010/04/07 06:00:00 | 000,073,216 | ---- | M] (CANON INC.) -- C:\WINNT\system32\spool\prtprocs\w32x86\CNMPPAE.DLL
[2008/07/06 08:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2008/07/06 06:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
< %systemroot%\REPAIR\*.bak1 >
< %systemroot%\REPAIR\*.ini >
< %systemroot%\system32\*.jpg >
< %systemroot%\*.jpg >
< %systemroot%\*.png >
< %systemroot%\*.scr >
[2011/07/04 07:43:53 | 000,040,112 | ---- | M] (AVAST Software) -- C:\WINNT\avastSS.scr
[5 C:\WINNT\*.tmp files -> C:\WINNT\*.tmp -> ]
< %systemroot%\*._sy >
< %APPDATA%\Adobe\Update\*.* >
< %ALLUSERSPROFILE%\Favorites\*.* >
< %APPDATA%\Microsoft\*.* >
[2009/03/09 14:03:46 | 000,001,738 | -H-- | M] () -- C:\Documents and Settings\Owner.HOME-5NR1RMGI5L\Application Data\Microsoft\LastFlashConfig.WFC
< %PROGRAMFILES%\*.* >
[2009/03/27 09:00:22 | 013,440,584 | ---- | M] (AOL LLC.) -- C:\Program Files\Install_AIM.exe
[2009/12/25 15:16:05 | 000,000,478 | ---- | M] () -- C:\Program Files\Shortcut to FrostWire.lnk
< %APPDATA%\Update\*.* >
< %systemroot%\*. /mp /s >
< %systemroot%\System32\config\*.sav >
[2009/03/05