OTL log
\thanks Broni,
The OTLE didn't load exactly as described but it ran and produced this result log:
OTL logfile created on: 2/4/2012 5:56:54 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 92.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 127.99 Gb Total Space | 47.11 Gb Free Space | 36.81% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
========== Win32 Services (SafeList) ==========
SRV - File not found [Disabled] -- -- (HidServ)
SRV - [2012/01/27 05:06:07 | 003,342,112 | -H-- | M] () [Auto] -- C:\program files\common files\akamai/netsession_win_e286960.dll -- (Akamai)
SRV - [2012/01/16 18:29:57 | 003,045,688 | -H-- | M] (Emsi Software GmbH) [Auto] -- C:\Program Files\Emsisoft Anti-Malware\a2service.exe -- (a2AntiMalware)
SRV - [2011/07/03 03:36:35 | 000,269,480 | -H-- | M] (Avira GmbH) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/05/01 04:26:16 | 000,136,360 | -H-- | M] (Avira GmbH) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/09/29 22:06:46 | 000,169,408 | -H-- | M] (Adobe Systems Incorporated) [Auto] -- C:\Program Files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor9.0)
SRV - [2009/11/22 17:15:58 | 001,245,064 | ---- | M] () [On_Demand] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2008/10/17 10:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (LiveUpdate Notice)
SRV - [2008/10/17 10:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService)
SRV - [2008/10/17 10:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2008/10/17 10:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2008/09/05 06:52:32 | 003,220,856 | ---- | M] (Symantec Corporation) [On_Demand] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE -- (LiveUpdate)
SRV - [2008/02/09 12:06:00 | 000,238,968 | ---- | M] (Symantec Corporation) [Auto] -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2007/08/21 20:21:00 | 000,055,640 | ---- | M] (Symantec Corporation) [On_Demand] -- C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe -- (comHost)
SRV - [2006/11/03 13:19:58 | 000,013,592 | -H-- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand] -- -- (PciCon)
DRV - File not found [Kernel | On_Demand] -- -- (ldiskl)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - [2012/01/16 18:31:04 | 000,051,632 | -H-- | M] (Emsi Software GmbH) [File_System | On_Demand] -- C:\Program Files\Emsisoft Anti-Malware\a2accx86.sys -- (a2acc)
DRV - [2011/07/03 03:36:36 | 000,138,192 | -H-- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/07/03 03:36:36 | 000,066,616 | -H-- | M] (Avira GmbH) [File_System | Auto] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/08/24 12:31:14 | 000,079,568 | -H-- | M] (Logitech, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2010/08/24 12:30:18 | 000,010,448 | -H-- | M] (Logitech, Inc.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE)
DRV - [2010/08/24 12:30:06 | 000,063,312 | -H-- | M] (Logitech, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\L8042mou.Sys -- (L8042mou)
DRV - [2010/08/24 12:30:06 | 000,020,304 | -H-- | M] (Logitech, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2010/06/17 10:27:22 | 000,028,520 | -H-- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/06/17 10:27:12 | 000,011,608 | -H-- | M] (Avira GmbH) [Kernel | System] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2010/03/07 10:40:52 | 000,279,712 | -H-- | M] () [Kernel | Auto] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)
DRV - [2010/03/07 10:40:52 | 000,025,888 | -H-- | M] () [Kernel | Auto] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2010/02/03 04:00:00 | 001,324,720 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100219.040\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/02/03 04:00:00 | 000,084,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100219.040\NAVENG.SYS -- (NAVENG)
DRV - [2009/11/22 17:29:58 | 000,124,464 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2009/11/19 22:02:58 | 000,268,664 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Program Files\Common Files\Symantec Shared\SymcData\ipsdefs\20100210.001\SymIDSCo.sys -- (SYMIDSCO)
DRV - [2009/11/16 05:11:36 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2009/11/16 05:11:36 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2009/03/17 07:56:58 | 000,447,024 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2009/02/19 08:31:42 | 000,031,280 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIMMP)
DRV - [2009/02/19 08:31:42 | 000,031,280 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIM)
DRV - [2009/02/19 08:31:16 | 000,184,496 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2009/02/19 08:31:16 | 000,096,560 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\WINDOWS\System32\Drivers\SYMFW.SYS -- (SYMFW)
DRV - [2009/02/19 08:31:16 | 000,038,576 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\WINDOWS\System32\Drivers\SYMIDS.SYS -- (SYMIDS)
DRV - [2009/02/19 08:31:16 | 000,037,424 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\WINDOWS\System32\Drivers\SYMNDIS.SYS -- (SYMNDIS)
DRV - [2009/02/19 08:31:16 | 000,022,320 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2009/02/19 08:31:16 | 000,013,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\WINDOWS\System32\Drivers\SYMDNS.SYS -- (SYMDNS)
DRV - [2008/11/25 03:37:50 | 004,952,576 | -H-- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/09/23 20:15:00 | 000,038,400 | RH-- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\l1e51x86.sys -- (L1e)
DRV - [2008/07/30 12:42:12 | 000,023,888 | -H-- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\COH_Mon.sys -- (COH_Mon)
DRV - [2008/06/30 22:02:24 | 000,079,448 | RH-- | M] (JMicron Technology Corp.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\jraid.sys -- (JRAID)
DRV - [2008/01/31 13:51:00 | 000,317,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2008/01/31 13:51:00 | 000,279,088 | ---- | M] (Symantec Corporation) [File_System | System] -- C:\WINDOWS\system32\drivers\srtsp.sys -- (SRTSP)
DRV - [2008/01/31 13:51:00 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2007/12/17 04:14:06 | 000,012,400 | RH-- | M] () [Kernel | System] -- C:\WINDOWS\system32\drivers\AsIO.sys -- (AsIO)
DRV - [2007/08/08 12:39:00 | 000,036,056 | ---- | M] (Symantec Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\CO_Mon.sys -- (CO_Mon)
DRV - [2004/08/13 13:56:20 | 000,005,810 | RH-- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Andrew_Gregory_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\Andrew_Gregory_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\LocalService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\NetworkService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\systemprofile_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems:
jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.0
FF - prefs.js..extensions.enabledItems:
DeviceDetection@logitech.com:1.23.0.5
FF - prefs.js..extensions.enabledItems:
plugin@yontoo.com:1.20.00
FF - prefs.js..network.proxy.type: 0
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.599: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.599: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.599: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.599: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Documents and Settings\Andrew Gregory\Application Data\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Andrew Gregory\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Andrew Gregory\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/10/29 16:14:50 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/12/24 20:32:10 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/12/24 20:32:10 | 000,000,000 | -H-D | M]
[2010/07/05 10:01:50 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\Andrew Gregory\Application Data\Mozilla\Extensions
[2012/01/29 03:58:07 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\Andrew Gregory\Application Data\Mozilla\Firefox\Profiles\jou8aea6.default\extensions
[2010/07/06 08:32:49 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Andrew Gregory\Application Data\Mozilla\Firefox\Profiles\jou8aea6.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/08/09 09:24:27 | 000,000,000 | -H-D | M] (Разпознаване на устройство Logitech) -- C:\Documents and Settings\Andrew Gregory\Application Data\Mozilla\Firefox\Profiles\jou8aea6.default\extensions\DeviceDetection@logitech.com
[2011/12/05 08:54:05 | 000,000,000 | -H-D | M] (Yontoo Layers) -- C:\Documents and Settings\Andrew Gregory\Application Data\Mozilla\Firefox\Profiles\jou8aea6.default\extensions\plugin@yontoo.com
[2012/01/29 03:58:07 | 000,000,000 | -H-D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/08/31 17:35:05 | 000,000,000 | -H-D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/10/29 16:14:50 | 000,000,000 | -H-D | M] (RealPlayer Browser Record Plugin) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2010/08/31 17:34:57 | 000,000,000 | -H-D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010/08/31 17:34:57 | 000,411,368 | -H-- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/07/22 11:01:52 | 000,001,538 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2010/07/22 11:01:52 | 000,000,947 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2010/07/22 11:01:52 | 000,000,769 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2010/07/22 11:01:52 | 000,001,135 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml
O1 HOSTS File: ([2001/08/23 07:00:00 | 000,000,734 | -H-- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Common Files\Symantec Shared\IDS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - File not found
O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll (Symantec Corporation)
O3 - HKU\Andrew_Gregory_ON_C\..\Toolbar\WebBrowser: (Show Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [36X Raid Configurer] C:\WINDOWS\System32\xRaidSetup.exe (JMicron Technology Corp.)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [KodakShareButtonApp] C:\Program Files\Kodak\KODAK Share Button App\Listener.exe (Eastman Kodak Company)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [osCheck] C:\Program Files\Norton Internet Security\osCheck.exe (Symantec Corporation)
O4 - HKLM..\Run: [RUMrAHicILvex.exe] C:\Documents and Settings\All Users\Application Data\RUMrAHicILvex.exe (Microsoft Corp)
O4 - HKLM..\Run: [Six Engine] C:\Program Files\ASUS\Six Engine\SixEngine.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\Andrew_Gregory_ON_C..\Run: [Akamai NetSession Interface] C:\Documents and Settings\Andrew Gregory\Local Settings\Application Data\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKU\Andrew_Gregory_ON_C..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\.DEFAULT..\RunOnce: [] File not found
O4 - HKU\LocalService_ON_C..\RunOnce: [] File not found
O4 - HKU\NetworkService_ON_C..\RunOnce: [] File not found
O4 - HKU\systemprofile_ON_C..\RunOnce: [] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O7 - HKU\Andrew_Gregory_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\Andrew_Gregory_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O7 - HKU\Andrew_Gregory_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 1
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O7 - HKU\systemprofile_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\systemprofile_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C}
http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1258926311984 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000}
http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/11/22 13:52:16 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2012/02/03 18:32:54 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Andrew Gregory\Recent
[2012/02/03 18:02:50 | 000,000,000 | -H-D | C] -- C:\WINDOWS\CSC
[2012/02/01 17:24:49 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth
[2012/01/30 18:17:40 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Andrew Gregory\Start Menu\Programs\System Check
[2012/01/30 18:17:22 | 000,362,496 | -H-- | C] (Microsoft Corp) -- C:\Documents and Settings\All Users\Application Data\Gzgj67AvMeHjkl.exe
[2012/01/30 18:14:48 | 000,449,536 | -H-- | C] (Microsoft Corp) -- C:\Documents and Settings\All Users\Application Data\RUMrAHicILvex.exe
[2012/01/22 17:41:33 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Black Isle
[2012/01/22 16:56:05 | 000,000,000 | -H-D | C] -- C:\Program Files\Black Isle
[2004/11/24 14:25:52 | 000,335,872 | -H-- | C] ( ) -- C:\WINDOWS\System32\drvc.dll
[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[14 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\Andrew Gregory\My Documents\*.tmp files -> C:\Documents and Settings\Andrew Gregory\My Documents\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012/02/03 18:36:43 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/02/03 18:30:36 | 000,000,245 | RHS- | M] () -- C:\boot.ini
[2012/02/03 18:27:49 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2012/02/03 18:09:00 | 000,002,206 | -H-- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/02/03 18:07:44 | 000,000,296 | -H-- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-117609710-1960408961-839522115-1003.job
[2012/02/03 17:59:04 | 000,001,014 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-117609710-1960408961-839522115-1003UA.job
[2012/01/30 18:25:07 | 000,000,853 | -H-- | M] () -- C:\Documents and Settings\Andrew Gregory\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
[2012/01/30 18:17:40 | 000,000,835 | -H-- | M] () -- C:\Documents and Settings\Andrew Gregory\Desktop\System Check.lnk
[2012/01/30 18:17:34 | 000,000,344 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\Gzgj67AvMeHjkl
[2012/01/30 18:17:22 | 000,362,496 | -H-- | M] (Microsoft Corp) -- C:\Documents and Settings\All Users\Application Data\Gzgj67AvMeHjkl.exe
[2012/01/30 18:17:11 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinZip
[2012/01/30 18:17:11 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinRAR
[2012/01/30 18:17:11 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\VideoLAN
[2012/01/30 18:17:10 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup
[2012/01/30 18:17:10 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Vampire - The Masquerade Bloodlines
[2012/01/30 18:17:10 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\The Witcher Enhanced Edition
[2012/01/30 18:17:10 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2012/01/30 18:17:10 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Real
[2012/01/30 18:17:10 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Pax Imperia
[2012/01/30 18:17:10 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\NVIDIA Corporation
[2012/01/30 18:17:09 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Norton Internet Security
[2012/01/30 18:17:08 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox
[2012/01/30 18:17:08 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
[2012/01/30 18:17:08 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office
[2012/01/30 18:17:08 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Mass Effect 2
[2012/01/30 18:17:07 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\JMicron Technology Corp
[2012/01/30 18:17:07 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Ground Control II
[2012/01/30 18:17:04 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Games
[2012/01/30 18:17:03 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Emsisoft Anti-Malware
[2012/01/30 18:17:03 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Age of Wonders
[2012/01/30 18:17:02 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools
[2012/01/30 18:17:02 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Accessories
[2012/01/30 18:16:55 | 000,000,304 | -H-- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-117609710-1960408961-839522115-1003.job
[2012/01/30 18:11:42 | 000,449,536 | -H-- | M] (Microsoft Corp) -- C:\Documents and Settings\All Users\Application Data\RUMrAHicILvex.exe
[2012/01/30 16:59:00 | 000,000,962 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-117609710-1960408961-839522115-1003Core.job
[2012/01/30 15:15:46 | 000,457,528 | -H-- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/01/30 15:15:46 | 000,076,116 | -H-- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/01/30 15:11:23 | 000,205,437 | -H-- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2012/01/27 21:00:00 | 000,000,360 | -H-- | M] () -- C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-ANDY-Andrew Gregory.job
[2012/01/25 17:51:26 | 000,047,380 | -H-- | M] () -- C:\Documents and Settings\Andrew Gregory\Desktop\amazing.JPG
[2012/01/23 15:12:44 | 000,000,640 | -H-- | M] () -- C:\WINDOWS\tasks\Norton Internet Security - Run Full System Scan - Andrew Gregory.job
[2012/01/22 18:25:13 | 000,057,291 | -H-- | M] () -- C:\Documents and Settings\Andrew Gregory\Desktop\TerrorA.jpg
[2012/01/22 17:45:09 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Black Isle
[2012/01/15 18:13:27 | 000,001,374 | -H-- | M] () -- C:\WINDOWS\imsins.BAK
[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[14 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\Andrew Gregory\My Documents\*.tmp files -> C:\Documents and Settings\Andrew Gregory\My Documents\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012/01/30 18:25:06 | 000,000,853 | -H-- | C] () -- C:\Documents and Settings\Andrew Gregory\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
[2012/01/30 18:17:40 | 000,000,835 | -H-- | C] () -- C:\Documents and Settings\Andrew Gregory\Desktop\System Check.lnk
[2012/01/30 18:17:34 | 000,000,344 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\Gzgj67AvMeHjkl
[2012/01/25 17:51:26 | 000,047,380 | -H-- | C] () -- C:\Documents and Settings\Andrew Gregory\Desktop\amazing.JPG
[2012/01/22 18:25:13 | 000,057,291 | -H-- | C] () -- C:\Documents and Settings\Andrew Gregory\Desktop\TerrorA.jpg
[2011/07/10 16:49:41 | 000,000,292 | -H-- | C] () -- C:\WINDOWS\vtmb.ini
[2011/06/10 08:48:13 | 000,019,038 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\286d533suswx4npd24ql5wd4vtyty8q
[2011/06/10 08:48:12 | 000,019,038 | -HS- | C] () -- C:\Documents and Settings\Andrew Gregory\Local Settings\Application Data\286d533suswx4npd24ql5wd4vtyty8q
[2011/03/02 07:18:14 | 000,004,096 | -H-- | C] () -- C:\WINDOWS\d3dx.dat
[2011/03/02 07:17:17 | 000,021,840 | -H-- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2011/03/02 07:17:17 | 000,017,212 | -H-- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2011/03/02 07:17:17 | 000,012,067 | -H-- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2011/03/02 07:00:02 | 000,000,037 | -H-- | C] () -- C:\WINDOWS\sierra.ini
[2011/02/25 18:07:18 | 000,043,520 | -H-- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2010/07/05 10:01:37 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\nsreg.dat
[2010/06/14 17:43:50 | 000,000,731 | -H-- | C] () -- C:\WINDOWS\Vtw.INI
[2010/06/12 07:55:37 | 000,354,816 | -H-- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2010/06/03 14:31:29 | 000,017,408 | -H-- | C] () -- C:\Documents and Settings\Andrew Gregory\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/07 10:40:52 | 000,279,712 | -H-- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2010/03/07 10:40:52 | 000,025,888 | -H-- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2009/11/22 21:30:19 | 000,004,161 | -H-- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/11/22 21:29:05 | 000,272,576 | -H-- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/11/22 17:09:01 | 000,000,664 | -H-- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/11/22 16:57:34 | 000,004,569 | -H-- | C] () -- C:\WINDOWS\System32\secupd.dat
[2009/11/22 14:21:32 | 000,024,576 | RH-- | C] () -- C:\WINDOWS\System32\AsIO.dll
[2009/11/22 14:21:32 | 000,012,400 | RH-- | C] () -- C:\WINDOWS\System32\drivers\AsIO.sys
[2009/11/22 14:21:31 | 000,011,832 | -H-- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp64.sys
[2009/11/22 14:21:31 | 000,010,216 | -H-- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp32.sys
[2009/11/22 13:56:33 | 000,034,313 | -H-- | C] () -- C:\WINDOWS\Ascd_log.ini
[2009/11/22 13:56:19 | 000,005,810 | RH-- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2009/11/22 13:56:13 | 000,033,880 | -H-- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2009/11/22 13:56:13 | 000,010,296 | -H-- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2009/11/22 13:53:23 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/11/22 13:50:19 | 000,021,640 | -H-- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/08/03 10:07:42 | 000,403,816 | -H-- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 10:07:42 | 000,230,768 | -H-- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/03/08 03:37:00 | 001,724,416 | -H-- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2009/03/08 03:37:00 | 001,657,376 | -H-- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2009/03/08 03:37:00 | 001,503,232 | -H-- | C] () -- C:\WINDOWS\System32\nview.dll
[2009/03/08 03:37:00 | 001,346,080 | -H-- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2009/03/08 03:37:00 | 001,101,824 | -H-- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2009/03/08 03:37:00 | 000,466,944 | -H-- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2009/03/08 03:37:00 | 000,449,056 | -H-- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2009/03/08 03:37:00 | 000,436,768 | -H-- | C] () -- C:\WINDOWS\System32\keystone.exe
[2008/12/19 10:15:58 | 004,338,246 | -H-- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2008/12/17 12:41:18 | 000,884,237 | -H-- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2008/12/17 12:22:58 | 000,093,184 | -H-- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2008/12/17 12:22:48 | 000,057,344 | -H-- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008/12/17 12:17:34 | 000,239,247 | -H-- | C] () -- C:\WINDOWS\System32\ff_theora.dll
[2008/12/17 11:59:54 | 000,560,802 | -H-- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2008/10/07 04:13:30 | 000,197,912 | -H-- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008/10/07 04:13:22 | 000,058,648 | -H-- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 04:13:20 | 000,058,648 | -H-- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/10/07 04:13:20 | 000,058,648 | -H-- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/10/07 04:13:20 | 000,058,648 | -H-- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 04:13:20 | 000,058,648 | -H-- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/10/07 04:13:20 | 000,058,648 | -H-- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008/10/07 04:13:20 | 000,058,648 | -H-- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/10/07 04:13:20 | 000,058,648 | -H-- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008/10/07 04:13:20 | 000,058,648 | -H-- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008/05/26 16:59:42 | 000,018,904 | -H-- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 16:59:40 | 000,106,605 | -H-- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2007/09/27 05:51:02 | 000,020,698 | -H-- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 05:48:48 | 000,030,628 | -H-- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 05:48:28 | 000,031,698 | -H-- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2006/11/02 11:10:16 | 000,080,912 | -H-- | C] () -- C:\WINDOWS\System32\sherlock2.exe
[2004/10/03 12:50:54 | 000,129,024 | -H-- | C] () -- C:\WINDOWS\System32\ff_mpeg2enc.dll
[2001/08/23 07:00:00 | 013,107,200 | -H-- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 07:00:00 | 000,673,088 | -H-- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/08/23 07:00:00 | 000,457,528 | -H-- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/08/23 07:00:00 | 000,272,128 | -H-- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/23 07:00:00 | 000,218,003 | -H-- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/23 07:00:00 | 000,076,116 | -H-- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/08/23 07:00:00 | 000,046,258 | -H-- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/23 07:00:00 | 000,028,626 | -H-- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/23 07:00:00 | 000,004,463 | -H-- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/08/23 07:00:00 | 000,001,804 | -H-- | C] () -- C:\WINDOWS\System32\dcache.bin
[2001/08/23 07:00:00 | 000,000,741 | -H-- | C] () -- C:\WINDOWS\System32\noise.dat
========== LOP Check ==========
[2011/08/13 13:35:28 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\NetworkService\Application Data\Remote
[2011/10/26 04:20:59 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Andrew Gregory\Application Data\Evreb
[2010/05/03 10:06:56 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Andrew Gregory\Application Data\Facebook
[2010/12/29 15:39:38 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Andrew Gregory\Application Data\Leadertech
[2011/12/13 09:50:01 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Andrew Gregory\Application Data\PriceGong
[2011/10/26 12:03:09 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Andrew Gregory\Application Data\Qoaxad
[2011/08/23 08:34:34 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Andrew Gregory\Application Data\Remote
[2011/04/07 03:28:43 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Andrew Gregory\Application Data\start
[2009/11/30 20:00:03 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Andrew Gregory\Application Data\Windows Desktop Search
[2009/12/01 08:46:29 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Andrew Gregory\Application Data\Windows Search
[2011/08/13 13:33:31 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\LocalService\Application Data\Remote
[2010/12/09 12:20:58 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\espionServerData
[2010/12/09 12:21:47 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2011/12/05 08:54:04 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer
[2009/11/23 15:38:06 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2010/12/02 10:44:19 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{49FC035F-4D1B-4459-B8B7-1EF5D11C6BAC}
[2012/02/03 18:27:49 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
========== Purity Check ==========
< End of report >