Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Support
Windows Malware Removal Help & Support
ZeroAccess Rootkit
Message
<blockquote data-quote="xephyria" data-source="post: 25188" data-attributes="member: 804"><p>I managed to get it to scan in safe mode. Here are the contents in OTL.txt</p><p></p><p>OTL logfile created on: 2/10/2011 12:28:05 AM - Run 1</p><p>OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\Xephyria\Desktop\New folder</p><p> Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation</p><p>Internet Explorer (Version = 8.0.7601.17514)</p><p>Locale: 00004809 | Country: Singapore | Language: ENE | Date Format: d/M/yyyy</p><p> </p><p>2.99 Gb Total Physical Memory | 2.21 Gb Available Physical Memory | 73.72% Memory free</p><p>5.99 Gb Paging File | 5.25 Gb Available in Paging File | 87.60% Paging File free</p><p>Paging file location(s): ?:\pagefile.sys [binary data]</p><p> </p><p>%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files</p><p>Drive C: | 252.81 Gb Total Space | 100.75 Gb Free Space | 39.85% Space Free | Partition Type: NTFS</p><p>Drive D: | 30.52 Gb Total Space | 16.86 Gb Free Space | 55.23% Space Free | Partition Type: NTFS</p><p> </p><p>Computer Name: XEPHYRIA-PC | User Name: Xephyria | Logged in as Administrator.</p><p>Boot Mode: SafeMode with Networking | Scan Mode: All users</p><p>Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days</p><p> </p><p><span style="color: #E56717">========== Processes (SafeList) ==========</span></p><p> </p><p>PRC - C:\Windows\207992514:1028233971.exe File not found</p><p>PRC - C:\Users\Xephyria\Desktop\New folder\iExplorer.exe (OldTimer Tools)</p><p>PRC - C:\Windows\explorer.exe (Microsoft Corporation)</p><p> </p><p> </p><p><span style="color: #E56717">========== Modules (No Company Name) ==========</span></p><p> </p><p>MOD - C:\Windows\System32\IcnOvrly.dll ()</p><p> </p><p> </p><p><span style="color: #E56717">========== Win32 Services (SafeList) ==========</span></p><p> </p><p>SRV - (WRConsumerService) -- File not found</p><p>SRV - (WebrootSpySweeperService) -- File not found</p><p>SRV - (nvsvc) -- File not found</p><p>SRV - (HitmanPro35CrusaderBoot) Hitman Pro 3.5 Crusader (Boot) -- C:\Users\Xephyria\Downloads\HitmanPro35.exe ()</p><p>SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe ()</p><p>SRV - (nosGetPlusHelper) getPlus(R) -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll (NOS Microsystems Ltd.)</p><p>SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)</p><p>SRV - (SwitchBoard) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)</p><p>SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)</p><p>SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)</p><p>SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)</p><p>SRV - (SBSDWSCService) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)</p><p>SRV - (System_Repair_UpdateMonitor) -- C:\Program Files\Lenovo\OneKey App\System Repair\UpdateMonitor.exe (Lenovo Group Limited)</p><p>SRV - (IGRS) -- C:\Program Files\Lenovo\ReadyComm\common\IGRS.exe (Lenovo Group Limited)</p><p>SRV - (ReadyComm.DirectRouter) -- C:\Windows\System32\IgrsSvcs.exe (Microsoft Corporation)</p><p>SRV - (PS_MDP) -- C:\Windows\System32\IgrsSvcs.exe (Microsoft Corporation)</p><p>SRV - (IncSvc) -- C:\Windows\System32\IgrsSvcs.exe (Microsoft Corporation)</p><p>SRV - (O2FLASH) -- C:\Windows\System32\drivers\o2flash.exe (O2Micro International)</p><p>SRV - (SuperProServer) -- C:\Program Files\Soft Flow\FCAP Array v1.0\Server\WinNT\spnsrvnt.exe ()</p><p> </p><p> </p><p><span style="color: #E56717">========== Driver Services (SafeList) ==========</span></p><p> </p><p>DRV - (Avgmfx86) -- C:\Windows\System32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)</p><p>DRV - (hitmanpro35) -- C:\Windows\System32\drivers\hitmanpro35.sys ()</p><p>DRV - (TrufosAlt) -- C:\Windows\System32\drivers\TrufosAlt.sys (BitDefender S.R.L.)</p><p>DRV - (Avgtdix) -- C:\Windows\System32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)</p><p>DRV - (AVGIDSShim) -- C:\Windows\System32\drivers\AVGIDSShim.sys (AVG Technologies CZ, s.r.o. )</p><p>DRV - (AVGIDSFilter) -- C:\Windows\System32\drivers\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. )</p><p>DRV - (AVGIDSDriver) -- C:\Windows\System32\drivers\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. )</p><p>DRV - (AVGIDSEH) -- C:\Windows\system32\DRIVERS\AVGIDSEH.Sys (AVG Technologies CZ, s.r.o. )</p><p>DRV - (Avgldx86) -- C:\Windows\System32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)</p><p>DRV - (Avgrkx86) -- C:\Windows\system32\DRIVERS\avgrkx86.sys (AVG Technologies CZ, s.r.o.)</p><p>DRV - (ssidrv) -- C:\Windows\system32\DRIVERS\ssidrv.sys (Webroot Software, Inc. (www.webroot.com))</p><p>DRV - (ssfs0bbc) -- C:\Windows\system32\DRIVERS\ssfs0bbc.sys (Webroot Software, Inc. (www.webroot.com))</p><p>DRV - (sshrmd) -- C:\Windows\system32\DRIVERS\sshrmd.sys (Webroot Software, Inc. (www.webroot.com))</p><p>DRV - (PCTCore) -- C:\Windows\system32\drivers\PCTCore.sys (PC Tools)</p><p>DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)</p><p>DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)</p><p>DRV - (pctDS) -- C:\Windows\system32\drivers\pctDS.sys (PC Tools)</p><p>DRV - (PSI) -- C:\Windows\System32\drivers\psi_mf.sys (Secunia)</p><p>DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)</p><p>DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)</p><p>DRV - (NETw5s32) Intel(R) -- C:\Windows\System32\drivers\NETw5s32.sys (Intel Corporation)</p><p>DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation)</p><p>DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)</p><p>DRV - (Cam5607) -- C:\Windows\System32\drivers\BisonC07.sys (Bison Electronics. Inc. )</p><p>DRV - (CnxtHdAudService) -- C:\Windows\System32\drivers\CHDRT32.sys (Conexant Systems Inc.)</p><p>DRV - (ACPIVPC) -- C:\Windows\System32\drivers\AcpiVpc.sys (Lenovo Corporation)</p><p>DRV - (netw5v32) Intel(R) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)</p><p>DRV - (O2SDRDR) -- C:\Windows\System32\drivers\o2sd.sys (O2Micro )</p><p>DRV - (O2MDRDR) -- C:\Windows\System32\drivers\o2media.sys (O2Micro )</p><p>DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys (Duplex Secure Ltd.)</p><p>DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.)</p><p>DRV - (WDC_SAM) -- C:\Windows\System32\drivers\wdcsam.sys (Western Digital Technologies)</p><p>DRV - (enecirhid) -- C:\Windows\System32\drivers\enecirhid.sys (ENE TECHNOLOGY INC.)</p><p>DRV - (enecir) -- C:\Windows\System32\drivers\enecir.sys (ENE TECHNOLOGY INC.)</p><p>DRV - (enecirhidma) -- C:\Windows\System32\drivers\enecirhidma.sys (ENE TECHNOLOGY INC.)</p><p>DRV - (WSVD) -- C:\Windows\System32\drivers\WSVD.sys (CyberLink)</p><p>DRV - (tvtumon) -- C:\Windows\System32\drivers\tvtumon.sys (Lenovo)</p><p>DRV - (EMSC) -- C:\Windows\system32\DRIVERS\EMSC.SYS (Windows (R) Codename Longhorn DDK provider)</p><p>DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)</p><p>DRV - (WimFltr) -- C:\Windows\System32\drivers\WimFltr.sys (Microsoft Corporation)</p><p>DRV - (SNTNLUSB) -- C:\Windows\System32\drivers\SNTNLUSB.SYS (Rainbow Technologies Inc.)</p><p> </p><p> </p><p><span style="color: #E56717">========== Standard Registry (SafeList) ==========</span></p><p> </p><p> </p><p><span style="color: #E56717">========== Internet Explorer ==========</span></p><p> </p><p>IE - HKLM\..\URLSearchHook: {ea0969b3-6e12-4ac0-b6c9-148e81247954} - C:\Program Files\Messenger_Plus_Live_Australia\tbMess.dll (Conduit Ltd.)</p><p> </p><p> </p><p>IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found</p><p>IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0</p><p> </p><p>IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found</p><p>IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0</p><p> </p><p> </p><p> </p><p>IE - HKU\S-1-5-21-3987451672-638147033-4213727604-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/</p><p>IE - HKU\S-1-5-21-3987451672-638147033-4213727604-1004\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1</p><p>IE - HKU\S-1-5-21-3987451672-638147033-4213727604-1004\..\URLSearchHook: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - No CLSID value found</p><p>IE - HKU\S-1-5-21-3987451672-638147033-4213727604-1004\..\URLSearchHook: {1e82937c-f660-4a34-b6f0-b185c8729ea5} - No CLSID value found</p><p>IE - HKU\S-1-5-21-3987451672-638147033-4213727604-1004\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found</p><p>IE - HKU\S-1-5-21-3987451672-638147033-4213727604-1004\..\URLSearchHook: {ea0969b3-6e12-4ac0-b6c9-148e81247954} - C:\Program Files\Messenger_Plus_Live_Australia\tbMess.dll (Conduit Ltd.)</p><p>IE - HKU\S-1-5-21-3987451672-638147033-4213727604-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0</p><p>IE - HKU\S-1-5-21-3987451672-638147033-4213727604-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local</p><p> </p><p><span style="color: #E56717">========== FireFox ==========</span></p><p> </p><p>FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"</p><p>FF - prefs.js..browser.search.defaultthis.engineName: "Fast Browser Search"</p><p>FF - prefs.js..browser.search.defaulturl: "http://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=4&q="</p><p>FF - prefs.js..browser.search.order.1: "Fast Browser Search"</p><p>FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=616163"</p><p>FF - prefs.js..browser.search.selectedEngine: "Google"</p><p>FF - prefs.js..browser.search.useDBForOrder: true</p><p>FF - prefs.js..browser.startup.homepage: "http://www.google.com.sg/"</p><p>FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.9</p><p>FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20</p><p>FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21</p><p>FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22</p><p>FF - prefs.js..extensions.enabledItems: {888d99e7-e8b5-46a3-851e-1ec45da1e644}:6.0.0</p><p>FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23</p><p>FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.99</p><p>FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24</p><p>FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26</p><p>FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:12.0.0.1806</p><p>FF - prefs.js..extensions.enabledItems: redshift_V2@shift-themes.com:3.6</p><p>FF - prefs.js..network.proxy.type: 0</p><p> </p><p>FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()</p><p>FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)</p><p>FF - HKLM\Software\MozillaPlugins\@ahnlab.com/asp/npaosmgr.1: C:\Program Files\AhnLab\ASP\Components\aosmgr\conflict_221\npaosmgr.dll (AhnLab, Inc.)</p><p>FF - HKLM\Software\MozillaPlugins\@ahnlab.com/asp/npmkd25aos: C:\Program Files\AhnLab\ASP\MyKeyDefense 2.5\npmkd25aos.dll (AhnLab, Inc.)</p><p>FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found</p><p>FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()</p><p>FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)</p><p>FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found</p><p>FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)</p><p>FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)</p><p>FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found</p><p>FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)</p><p>FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)</p><p>FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)</p><p>FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)</p><p>FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)</p><p>FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)</p><p>FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found</p><p>FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)</p><p>FF - HKCU\Software\MozillaPlugins\@ahnlab.com/asp/npmkd25aos: C:\Program Files\AhnLab\ASP\MyKeyDefense 2.5\npmkd25aos.dll (AhnLab, Inc.)</p><p>FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.1: C:\Users\Xephyria\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll ( )</p><p>FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Xephyria\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )</p><p>FF - HKCU\Software\MozillaPlugins\@octoshape.com/Octoshape Streaming Services,version=1.0: C:\Users\Xephyria\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1101262-0-npoctoshape.dll (Octoshape ApS)</p><p>FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Xephyria\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)</p><p>FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Xephyria\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()</p><p>FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Xephyria\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)</p><p>FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Xephyria\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)</p><p>FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Xephyria\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)</p><p> </p><p>FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2011/09/27 11:12:58 | 000,000,000 | ---D | M]</p><p>FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.22\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/17 13:23:49 | 000,000,000 | ---D | M]</p><p>FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.22\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/17 13:23:49 | 000,000,000 | ---D | M]</p><p> </p><p>[2010/03/09 09:48:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Xephyria\AppData\Roaming\Mozilla\Extensions</p><p>[2011/10/01 15:03:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Xephyria\AppData\Roaming\Mozilla\Firefox\Profiles\jth42vui.default\extensions</p><p>[2010/04/27 21:16:15 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Xephyria\AppData\Roaming\Mozilla\Firefox\Profiles\jth42vui.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}</p><p>[2011/08/23 20:54:33 | 000,000,000 | ---D | M] (Stylish) -- C:\Users\Xephyria\AppData\Roaming\Mozilla\Firefox\Profiles\jth42vui.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}</p><p>[2010/10/17 12:10:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Xephyria\AppData\Roaming\Mozilla\Firefox\Profiles\jth42vui.default\extensions\{50931610-3d8e-11dd-ae16-0800200c9a66}</p><p>[2011/08/25 11:54:56 | 000,000,000 | ---D | M] (ReloadEvery) -- C:\Users\Xephyria\AppData\Roaming\Mozilla\Firefox\Profiles\jth42vui.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}</p><p>[2011/07/04 09:51:45 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Xephyria\AppData\Roaming\Mozilla\Firefox\Profiles\jth42vui.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}</p><p>[2011/03/18 11:28:34 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\Xephyria\AppData\Roaming\Mozilla\Firefox\Profiles\jth42vui.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}</p><p>[2011/01/17 08:28:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Xephyria\AppData\Roaming\Mozilla\Firefox\Profiles\jth42vui.default\extensions\{ea0969b3-6e12-4ac0-b6c9-148e81247954}-trash</p><p>[2010/10/17 12:09:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Xephyria\AppData\Roaming\Mozilla\Firefox\Profiles\jth42vui.default\extensions\info@djzig.com</p><p>[2010/10/17 12:08:38 | 000,000,000 | ---D | M] (RedShift V3) -- C:\Users\Xephyria\AppData\Roaming\Mozilla\Firefox\Profiles\jth42vui.default\extensions\redshift_V2@shift-themes.com</p><p>[2011/09/27 11:13:43 | 000,003,739 | ---- | M] () -- C:\Users\Xephyria\AppData\Roaming\Mozilla\Firefox\Profiles\jth42vui.default\searchplugins\avg-secure-search.xml</p><p>[2009/12/23 23:40:32 | 000,009,941 | ---- | M] () -- C:\Users\Xephyria\AppData\Roaming\Mozilla\Firefox\Profiles\jth42vui.default\searchplugins\mywebsearch.xml</p><p>[2011/09/27 11:17:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions</p><p>[2010/04/17 23:17:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}</p><p>[2010/08/20 20:55:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}</p><p>[2010/10/14 22:43:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}</p><p>[2011/02/05 10:43:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}</p><p>[2011/04/05 01:37:03 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}</p><p>[2011/07/04 10:03:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}</p><p>[2011/09/27 11:12:58 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG2012\FIREFOX4</p><p>[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll</p><p>[2009/02/21 08:24:52 | 000,660,872 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\npOGAPlugin.dll</p><p>[2011/09/17 13:23:43 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml</p><p>[2011/09/17 13:23:43 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml</p><p>[2011/09/17 13:23:43 | 000,000,769 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml</p><p>[2011/09/17 13:23:43 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml</p><p> </p><p><span style="color: #E56717">========== Chrome ==========</span></p><p> </p><p>CHR - default_search_provider: AVG Secure Search (Enabled)</p><p>CHR - default_search_provider: search_url = http://isearch.avg.com/search?cid={D3939C4A-B65B-4244-A081-B1514F47A099}&mid=58b4285e2b2398758bea4a45a5d97b4f-a645f0db1685d84c007f550ea279318f5e3fa1c3&lang=en&ds=AVG&pr=fr&d=&v=&sap=dsp&q={searchTerms}</p><p>CHR - default_search_provider: suggest_url = http://clients5.google.com/complete/search?hl={language}&q={searchTerms}&client=ie8&inputencoding={inputEncoding}&outputencoding={outputEncoding}</p><p>CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Xephyria\AppData\Local\Google\Chrome\Application\14.0.835.186\gcswf32.dll</p><p>CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll</p><p>CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll</p><p>CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll</p><p>CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll</p><p>CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll</p><p>CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll</p><p>CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll</p><p>CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll</p><p>CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll</p><p>CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll</p><p>CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll</p><p>CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll</p><p>CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll</p><p>CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll</p><p>CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll</p><p>CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL</p><p>CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll</p><p>CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer</p><p>CHR - plugin: Native Client (Enabled) = C:\Users\Xephyria\AppData\Local\Google\Chrome\Application\14.0.835.186\ppGoogleNaClPluginChrome.dll</p><p>CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Xephyria\AppData\Local\Google\Chrome\Application\14.0.835.186\pdf.dll</p><p>CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll</p><p>CHR - plugin: Office Genuine Advantage (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npOGAPlugin.dll</p><p>CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Xephyria\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll</p><p>CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Xephyria\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll</p><p>CHR - plugin: Octoshape Streaming Services (Enabled) = C:\Users\Xephyria\AppData\Roaming\Mozilla\plugins\npoctoshape.dll</p><p>CHR - plugin: Octoshape Streaming Services (Enabled) = C:\Users\Xephyria\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1101262-0-npoctoshape.dll</p><p>CHR - plugin: AhnLab Online Security (Enabled) = C:\Program Files\AhnLab\ASP\Components\aosmgr\conflict_221\npaosmgr.dll</p><p>CHR - plugin: AhnLab MyKeyDefense 2.5 (Enabled) = C:\Program Files\AhnLab\ASP\MyKeyDefense 2.5\npmkd25aos.dll</p><p>CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll</p><p>CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll</p><p>CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll</p><p>CHR - plugin: Unity Player (Enabled) = C:\Users\Xephyria\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll</p><p>CHR - plugin: Google Update (Enabled) = C:\Users\Xephyria\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll</p><p>CHR - plugin: Facebook Plugin (Enabled) = C:\Users\Xephyria\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll</p><p>CHR - plugin: Facebook Plugin (Enabled) = C:\Users\Xephyria\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll</p><p>CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll</p><p>CHR - plugin: Default Plug-in (Enabled) = default_plugin</p><p>CHR - Extension: AVG Safe Search = C:\Users\Xephyria\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1804_0\</p><p> </p><p>Hosts file not found</p><p>O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)</p><p>O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)</p><p>O2 - BHO: (no name) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - No CLSID value found.</p><p>O2 - BHO: (Messenger Plus Live Australia Toolbar) - {ea0969b3-6e12-4ac0-b6c9-148e81247954} - C:\Program Files\Messenger_Plus_Live_Australia\tbMess.dll (Conduit Ltd.)</p><p>O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)</p><p>O3 - HKLM\..\Toolbar: (Messenger Plus Live Australia Toolbar) - {ea0969b3-6e12-4ac0-b6c9-148e81247954} - C:\Program Files\Messenger_Plus_Live_Australia\tbMess.dll (Conduit Ltd.)</p><p>O3 - HKU\S-1-5-21-3987451672-638147033-4213727604-1004\..\Toolbar\WebBrowser: (no name) - {1392B8D2-5C05-419F-A8F6-B9F15A596612} - No CLSID value found.</p><p>O3 - HKU\S-1-5-21-3987451672-638147033-4213727604-1004\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.</p><p>O3 - HKU\S-1-5-21-3987451672-638147033-4213727604-1004\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.</p><p>O3 - HKU\S-1-5-21-3987451672-638147033-4213727604-1004\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found.</p><p>O3 - HKU\S-1-5-21-3987451672-638147033-4213727604-1004\..\Toolbar\WebBrowser: (Messenger Plus Live Australia Toolbar) - {EA0969B3-6E12-4AC0-B6C9-148E81247954} - C:\Program Files\Messenger_Plus_Live_Australia\tbMess.dll (Conduit Ltd.)</p><p>O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)</p><p>O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found</p><p>O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe ()</p><p>O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()</p><p>O4 - HKLM..\Run: [Energy Management] C:\Program Files\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)</p><p>O4 - HKLM..\Run: [EnergyUtility] C:\Program Files\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited)</p><p>O4 - HKLM..\Run: [PlusService] C:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe (Yuna Software)</p><p>O4 - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SMARTAUDIO\SMAUDIO.EXE (Conexant Systems, Inc.)</p><p>O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)</p><p>O4 - HKLM..\Run: [TmlCMode] C:\Program Files\Compal\TmlCMode\TmlCMode.exe (Compal Electronic Inc.)</p><p>O4 - HKLM..\Run: [VeriFaceManager] C:\Program Files\Lenovo\VeriFaceIII\PManage.exe ()</p><p>O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe ()</p><p>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0</p><p>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5</p><p>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3</p><p>O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present</p><p>O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present</p><p>O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present</p><p>O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present</p><p>O7 - HKU\S-1-5-21-3987451672-638147033-4213727604-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present</p><p>O7 - HKU\S-1-5-21-3987451672-638147033-4213727604-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0</p><p>O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)</p><p>O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\System32\winrnr.dll File not found</p><p>O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\System32\winrnr.dll File not found</p><p>O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\System32\winrnr.dll File not found</p><p>O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\System32\winrnr.dll File not found</p><p>O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\System32\winrnr.dll File not found</p><p>O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\System32\winrnr.dll File not found</p><p>O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\System32\winrnr.dll File not found</p><p>O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\System32\winrnr.dll File not found</p><p>O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\System32\winrnr.dll File not found</p><p>O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\System32\winrnr.dll File not found</p><p>O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\System32\winrnr.dll File not found</p><p>O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - %SystemRoot%\System32\winrnr.dll File not found</p><p>O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - %SystemRoot%\System32\winrnr.dll File not found</p><p>O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - %SystemRoot%\System32\winrnr.dll File not found</p><p>O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - %SystemRoot%\System32\winrnr.dll File not found</p><p>O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - %SystemRoot%\System32\winrnr.dll File not found</p><p>O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - %SystemRoot%\System32\winrnr.dll File not found</p><p>O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - %SystemRoot%\System32\winrnr.dll File not found</p><p>O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - %SystemRoot%\System32\winrnr.dll File not found</p><p>O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - %SystemRoot%\System32\winrnr.dll File not found</p><p>O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - %SystemRoot%\System32\winrnr.dll File not found</p><p>O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - %SystemRoot%\System32\winrnr.dll File not found</p><p>O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - %SystemRoot%\System32\winrnr.dll File not found</p><p>O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - %SystemRoot%\System32\winrnr.dll File not found</p><p>O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - %SystemRoot%\System32\winrnr.dll File not found</p><p>O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - %SystemRoot%\System32\winrnr.dll File not found</p><p>O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - %SystemRoot%\System32\winrnr.dll File not found</p><p>O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - %SystemRoot%\System32\winrnr.dll File not found</p><p>O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - %SystemRoot%\System32\winrnr.dll File not found</p><p>O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - %SystemRoot%\System32\winrnr.dll File not found</p><p>O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - %SystemRoot%\System32\winrnr.dll File not found</p><p>O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - %SystemRoot%\System32\winrnr.dll File not found</p><p>O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - %SystemRoot%\System32\winrnr.dll File not found</p><p>O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - %SystemRoot%\System32\winrnr.dll File not found</p><p>O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - %SystemRoot%\System32\winrnr.dll File not found</p><p>O10 - Protocol_Catalog9\Catalog_Entries\000000000036 - %SystemRoot%\System32\winrnr.dll File not found</p><p>O10 - Protocol_Catalog9\Catalog_Entries\000000000037 - %SystemRoot%\System32\winrnr.dll File not found</p><p>O10 - Protocol_Catalog9\Catalog_Entries\000000000038 - %SystemRoot%\System32\winrnr.dll File not found</p><p>O10 - Protocol_Catalog9\Catalog_Entries\000000000039 - %SystemRoot%\System32\winrnr.dll File not found</p><p>O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)</p><p>O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)</p><p>O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)</p><p>O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)</p><p>O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)</p><p>O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab (Minesweeper Flags Class)</p><p>O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.1.1.1</p><p>O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7C60CD6A-A8B0-4CAC-9C11-C4EBF776D116}: DhcpNameServer = 10.1.1.1</p><p>O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9A30652C-DA78-4742-80DC-9F48B0C2DF81}: DhcpNameServer = 10.176.66.71 10.188.66.103</p><p>O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)</p><p>O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)</p><p>O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)</p><p>O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)</p><p>O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found</p><p>O24 - Desktop WallPaper: C:\Users\Xephyria\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg</p><p>O24 - Desktop BackupWallPaper: C:\Users\Xephyria\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg</p><p>O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.</p><p>O32 - HKLM CDRom: AutoRun - 1</p><p>O32 - AutoRun File - [2009/06/11 07:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]</p><p>O33 - MountPoints2\{34d0e4a5-6496-11e0-9e9f-001fe2f7c64c}\Shell - "" = AutoRun</p><p>O33 - MountPoints2\{34d0e4a5-6496-11e0-9e9f-001fe2f7c64c}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a</p><p>O33 - MountPoints2\{3f740a0e-dffd-11e0-8662-001eec67b3a4}\Shell - "" = AutoRun</p><p>O33 - MountPoints2\{3f740a0e-dffd-11e0-8662-001eec67b3a4}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a</p><p>O34 - HKLM BootExecute: (autocheck autochk *)</p><p>O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)</p><p>O34 - HKLM BootExecute: (bootdelete)</p><p>O35 - HKLM\..comfile [open] -- "%1" %*</p><p>O35 - HKLM\..exefile [open] -- "%1" %*</p><p>O37 - HKLM\...com [@ = comfile] -- "%1" %*</p><p>O37 - HKLM\...exe [@ = exefile] -- "%1" %*</p><p> </p><p><span style="color: #E56717">========== Files/Folders - Created Within 30 Days ==========</span></p><p> </p><p>File not found -- C:\Windows\System32\drivers\</p><p>File not found -- C:\Windows\System32\</p><p>[2011/10/01 20:23:51 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\CrashDumps</p><p>[2011/10/01 20:23:40 | 000,040,016 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys_CLN</p><p>[2011/10/01 20:15:55 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\NPE</p><p>[2011/10/01 20:15:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton</p><p>[2011/10/01 14:31:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hitman Pro 3.5</p><p>[2011/10/01 14:31:36 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5</p><p>[2011/10/01 14:07:06 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\Desktop\New folder</p><p>[2011/10/01 13:45:36 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{E2DC0DFD-BB8F-4534-BE96-5B7264E8BFC8}</p><p>[2011/10/01 13:45:23 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{CCC4AC9A-0BA2-4C00-9097-D6821D34677E}</p><p>[2011/10/01 12:58:48 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{F0F5A646-4002-43A3-9A92-E621D0001F00}</p><p>[2011/10/01 03:39:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro</p><p>[2011/10/01 03:23:27 | 000,656,320 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctEFA.sys</p><p>[2011/10/01 03:23:27 | 000,338,880 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctDS.sys</p><p>[2011/10/01 03:23:26 | 000,249,616 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctgntdi.sys</p><p>[2011/10/01 03:23:26 | 000,102,184 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctwfpfilter.sys</p><p>[2011/10/01 03:23:24 | 000,239,168 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTCore.sys</p><p>[2011/10/01 03:23:24 | 000,160,448 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTAppEvent.sys</p><p>[2011/10/01 03:23:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Tools Security</p><p>[2011/10/01 03:23:22 | 000,070,536 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctplsg.sys</p><p>[2011/10/01 03:23:18 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Roaming\PC Tools</p><p>[2011/10/01 03:23:18 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools</p><p>[2011/10/01 03:15:25 | 000,339,600 | ---- | C] (BitDefender S.R.L.) -- C:\Windows\System32\drivers\TrufosAlt.sys</p><p>[2011/10/01 00:58:18 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{59C732E1-AB9D-45C3-93E4-6FB8E14A863A}</p><p>[2011/10/01 00:58:05 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{1C10D30D-989F-4FF4-BEF6-F77B8B3F86CA}</p><p>[2011/10/01 00:55:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy</p><p>[2011/10/01 00:54:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy</p><p>[2011/10/01 00:54:57 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy</p><p>[2011/09/30 12:57:45 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{B1464504-4F9F-4B5F-AF87-0999F348769D}</p><p>[2011/09/30 12:57:42 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{508E5F87-B1FC-412C-AE75-4F9658F2204C}</p><p>[2011/09/29 23:53:34 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{2DDE5CE7-72A0-4B9A-AF13-582700F3DFB4}</p><p>[2011/09/29 23:53:08 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{92955107-18F8-4BFB-90C9-99FA2CC08DCB}</p><p>[2011/09/29 11:52:43 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{800D026F-221C-44AB-BC85-1B8CA4910EA2}</p><p>[2011/09/29 11:52:41 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{5EE3412E-9743-40BA-B565-8A7AD1883A08}</p><p>[2011/09/29 02:30:04 | 000,000,000 | ---D | C] -- C:\Program Files\MSSOAP</p><p>[2011/09/29 02:30:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MSSoap</p><p>[2011/09/29 02:29:49 | 000,000,000 | ---D | C] -- C:\Program Files\Webroot</p><p>[2011/09/29 01:40:41 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools Security</p><p>[2011/09/29 01:40:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools</p><p>[2011/09/28 23:52:09 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{D4380F8F-DF30-4EE3-A7E4-9C3AEA67141C}</p><p>[2011/09/28 23:51:57 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{D8E15083-E743-47EA-9897-62ADC60B496E}</p><p>[2011/09/28 11:09:52 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{B70B1CCC-A74D-4D45-B93F-31277C3387BE}</p><p>[2011/09/28 11:09:51 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{60E85EBC-2C33-4E94-BC56-462DF53A6BF8}</p><p>[2011/09/27 23:09:20 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{424DB085-4FF5-4FAB-9599-C93DC521B577}</p><p>[2011/09/27 23:09:07 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{146449F0-EE85-4F95-8050-602412AC8455}</p><p>[2011/09/27 12:00:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab</p><p>[2011/09/27 11:27:07 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Roaming\AVG</p><p>[2011/09/27 11:14:32 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Roaming\AVG2012</p><p>[2011/09/27 11:12:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2012</p><p>[2011/09/27 11:11:24 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012</p><p>[2011/09/27 11:08:20 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{EE9E42C1-C5CE-4767-BF03-D5E8690822B6}</p><p>[2011/09/27 11:08:01 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{1B661A3C-FF8B-4059-884D-2E6F8343D751}</p><p>[2011/09/26 23:54:47 | 000,000,000 | ---D | C] -- C:\Windows\System32\SPReview</p><p>[2011/09/26 23:52:47 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData</p><p>[2011/09/26 22:53:05 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe</p><p>[2011/09/26 22:53:05 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe</p><p>[2011/09/26 22:53:05 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe</p><p>[2011/09/26 22:52:52 | 000,000,000 | --SD | C] -- C:\ComboFix</p><p>[2011/09/26 22:52:45 | 000,000,000 | ---D | C] -- C:\Qoobox</p><p>[2011/09/26 20:30:49 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{9D18FDD1-23B7-4907-8691-6296D4ED62DA}</p><p>[2011/09/26 20:30:34 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{07C42C93-DEDF-4BCF-9B6C-EDA60582DA62}</p><p>[2011/09/26 11:45:44 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{E28135DA-0D0D-400E-87C5-384991271C15}</p><p>[2011/09/25 23:23:30 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Roaming\PDAppFlex</p><p>[2011/09/25 19:15:51 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{CD3F4BC3-7639-4AAD-8DCC-D06F79CEC305}</p><p>[2011/09/25 19:15:39 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{F173B534-9B7B-45EB-88CF-3148D54174B0}</p><p>[2011/09/25 07:15:51 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{00123D7C-66C3-499E-83B6-4C41CB020252}</p><p>[2011/09/24 19:15:37 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{C1826960-0490-48B2-AB52-7EE94C3D45E9}</p><p>[2011/09/24 19:15:25 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{C2FA8F88-182D-40F8-A7B7-0EF7827DCDE4}</p><p>[2011/09/24 07:14:58 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{053792B8-477F-4EF5-B3F3-05B11B23F099}</p><p>[2011/09/23 19:14:26 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{91433428-79D9-4B1B-9E14-64642C5AABD9}</p><p>[2011/09/23 19:14:10 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{FC7BAF89-5900-446F-A699-BF7D8077E0B2}</p><p>[2011/09/23 10:14:34 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{E545B141-18EE-4DFA-85B8-592613FD467E}</p><p>[2011/09/22 20:43:52 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{0A14CBB7-4E8A-4EC7-859B-1278D3DAE7BE}</p><p>[2011/09/22 20:43:33 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{844BA3F3-79D3-4E73-9784-9E1D880BBB2A}</p><p>[2011/09/22 10:00:25 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{4C7ABF38-F518-4924-8DD2-B9EAF3F419C9}</p><p>[2011/09/21 16:36:20 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{28D23E4F-CD8F-46CA-94C4-D7C73CEB73FB}</p><p>[2011/09/21 16:35:36 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{07D42F86-0AD4-42E1-A067-68CE85C4B381}</p><p>[2011/09/21 12:04:56 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1</p><p>[2011/09/21 10:22:15 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{7AE849AE-44D7-416E-A216-AAD815632D91}</p><p>[2011/09/20 14:00:41 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{40C799D2-35EB-4EF3-BDC8-AB6F40DE78B8}</p><p>[2011/09/19 20:16:30 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{FD689BBB-7CA9-42F4-801E-420799FB10DF}</p><p>[2011/09/19 20:16:17 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{BCC5CD4C-E34E-4899-B13D-5BACCC8AACA7}</p><p>[2011/09/19 16:42:12 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant</p><p>[2011/09/19 16:42:08 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe Download Assistant</p><p>[2011/09/19 11:57:27 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{8A8C72C7-04DC-4A74-B785-E4E070736EDD}</p><p>[2011/09/18 14:55:34 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{FF708B01-0FA9-4D94-85C0-CDE17418105F}</p><p>[2011/09/18 01:24:36 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{3F248BC5-DB61-45BB-B970-47DB9E339068}</p><p>[2011/09/17 13:23:58 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{72B8E1FE-B5A0-42C3-AD62-BCC6FEA29872}</p><p>[2011/09/17 13:23:42 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{763C4A95-99F0-4B3A-9CC1-8E6356BE8011}</p><p>[2011/09/17 05:01:54 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{F7961D84-AA07-4A13-86FC-2B9A24EDC60F}</p><p>[2011/09/16 17:01:36 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{1262316B-C871-4348-9C23-48C4443E89B4}</p><p>[2011/09/16 17:01:18 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{226D39C1-5704-4D7F-BC47-6FA553880AD0}</p><p>[2011/09/16 10:48:01 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{BBAD94B5-CB73-437F-9D86-D032DCC78340}</p><p>[2011/09/15 19:19:02 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{EFB59BDD-CD56-4B2B-A983-480FDFBA72A5}</p><p>[2011/09/15 19:18:46 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{2ECBFD61-C04B-47E2-8E02-CC8F4D250D09}</p><p>[2011/09/15 11:19:11 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{1258DA56-E88E-45C6-97CE-328452CAD500}</p><p>[2011/09/14 21:03:20 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{333180A8-7761-4E6A-81C8-50818D623E09}</p><p>[2011/09/14 21:03:08 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{CE962796-C179-4E95-ADBC-18D793EB040A}</p><p>[2011/09/14 13:07:01 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{62364E6F-D3DB-4CDC-9234-B91D6BE1B2E4}</p><p>[2011/09/13 20:21:08 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{D23E90EC-F711-456C-9C68-993AA4B3F39E}</p><p>[2011/09/13 20:20:55 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{DB2BE91C-23E7-4573-9A44-24DB9C042141}</p><p>[2011/09/13 11:09:45 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{F5BBC159-3EE4-4798-9063-6B8DCAB179ED}</p><p>[2011/09/13 11:01:53 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{CB3754D2-B3A6-4F2D-87A2-D84C6B3EEC40}</p><p>[2011/09/12 20:50:19 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{3D9E3A1F-C1C7-4053-A7DF-8F6A7F3C16E8}</p><p>[2011/09/12 20:50:00 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{1E3F4723-4CA8-4924-957A-18DA75CE06F4}</p><p>[2011/09/12 11:42:09 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{50F0F80A-9C87-442E-AC3C-469747378D25}</p><p>[2011/09/11 18:44:54 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{C1988CBB-CD1A-40F6-A3EC-2A387B42E671}</p><p>[2011/09/11 18:44:39 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{72586E9C-89AC-4740-8DD9-3575AE029555}</p><p>[2011/09/10 22:06:55 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{210ADADF-C21F-4DE8-8FAF-948264DC9279}</p><p>[2011/09/10 22:06:40 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{1DA92F09-C301-4A7F-8C09-42E0731C18F5}</p><p>[2011/09/10 10:06:11 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{750032A0-FEF5-457D-87AD-29B271DFBC8D}</p><p>[2011/09/09 22:05:44 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{4E7BA25C-BAA8-4544-80B5-A9A24AEF2451}</p><p>[2011/09/09 22:05:32 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{644532CB-F1EF-4DB7-8E65-E8ACE61AB1D0}</p><p>[2011/09/09 10:05:16 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{1EA20CF4-8F02-4BED-A7D7-A57C3812F728}</p><p>[2011/09/09 10:05:14 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{0F29B55D-7379-4864-8C29-8054586BFC32}</p><p>[2011/09/08 22:04:46 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{386DA140-11F7-4053-BD93-4612E79F7167}</p><p>[2011/09/08 22:04:33 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{22E78469-0A66-4B29-B070-2AA660F66D07}</p><p>[2011/09/07 21:46:01 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{43A67F2A-D53B-4FD7-96E9-1B236390D5E3}</p><p>[2011/09/07 21:45:48 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{8790CBFD-27EB-47D3-A6C5-342E7D3EB696}</p><p>[2011/09/07 09:45:30 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{C6C8DF46-61DC-4511-B9E6-B7DB7E795228}</p><p>[2011/09/07 09:45:27 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{1B26DF2F-0550-4F8B-A12F-8DBFA6015F21}</p><p>[2011/09/06 20:35:49 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{C498A37C-A4C0-44DC-8B5A-9E8718B4BAD8}</p><p>[2011/09/06 20:35:32 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{404550A1-37D6-45EE-B87C-48EB52A76C43}</p><p>[2011/09/06 07:57:10 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{E9203349-8904-49AA-8D06-11AF68379750}</p><p>[2011/09/05 19:39:42 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{53F1957C-2364-4242-AB45-8E360BBFC08F}</p><p>[2011/09/05 19:39:41 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{EB135E73-9209-42E6-A375-92CB2A91F632}</p><p>[2011/09/05 07:39:06 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{B3B64FBE-2FA2-4A82-AB4D-DDEDAA316185}</p><p>[2011/09/05 07:38:24 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{B85EE0A5-7C50-45ED-AE34-C44A9BE67462}</p><p>[2011/09/04 13:03:31 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{B8AABB06-8963-45B3-A480-ED93EDC4B9D2}</p><p>[2011/09/04 13:03:19 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{F4BEBD93-FCDA-4FD1-A0A2-F9AD1F5FFB0C}</p><p>[2011/09/03 21:29:50 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{0651F868-2850-4E8D-BFC6-F256DE4C363D}</p><p>[2011/09/03 09:29:12 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{DB0E994F-8633-4B6B-A934-77FEA29B4C55}</p><p>[2011/09/02 21:28:38 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{1EA7A2A3-351C-45C8-9CA1-F1EAE2A7AFB9}</p><p>[2011/09/02 21:28:22 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{9DEFD901-C7ED-4835-B5EC-EEFE3EBBADAE}</p><p>[2011/09/02 11:02:36 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{F932588B-EEB2-4F8A-9C02-2FFBACF93EED}</p><p>[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]</p><p> </p><p><span style="color: #E56717">========== Files - Modified Within 30 Days ==========</span></p><p> </p><p>File not found -- C:\Windows\System32\drivers\</p><p>File not found -- C:\Windows\System32\</p><p>[2011/10/02 00:31:22 | 000,714,162 | ---- | M] () -- C:\Windows\System32\perfh009.dat</p><p>[2011/10/02 00:31:22 | 000,152,218 | ---- | M] () -- C:\Windows\System32\perfc009.dat</p><p>[2011/10/02 00:26:13 | 000,000,000 | ---- | M] () -- C:\Windows\207992514</p><p>[2011/10/02 00:25:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat</p><p>[2011/10/02 00:25:58 | 2411,655,168 | -HS- | M] () -- C:\hiberfil.sys</p><p>[2011/10/02 00:22:36 | 000,215,926 | ---- | M] () -- C:\Users\Xephyria\Desktop\task manger.jpg</p><p>[2011/10/01 23:57:01 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3987451672-638147033-4213727604-1004UA.job</p><p>[2011/10/01 21:09:03 | 000,009,728 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0</p><p>[2011/10/01 21:09:03 | 000,009,728 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0</p><p>[2011/10/01 21:01:41 | 000,000,056 | -HS- | M] () -- C:\_PartitionInfo</p><p>[2011/10/01 21:01:37 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\RegCure Startup.job</p><p>[2011/10/01 21:01:24 | 000,048,016 | -HS- | M] () -- C:\Windows\System32\c_41391.nl_</p><p>[2011/10/01 21:00:56 | 000,040,016 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys</p><p>[2011/10/01 20:23:40 | 000,040,016 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys_CLN</p><p>[2011/10/01 16:57:02 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3987451672-638147033-4213727604-1004Core.job</p><p>[2011/10/01 16:46:26 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl</p><p>[2011/10/01 14:31:38 | 000,023,624 | ---- | M] () -- C:\Windows\System32\drivers\hitmanpro35.sys</p><p>[2011/10/01 13:57:55 | 000,646,656 | ---- | M] () -- C:\Users\Xephyria\Desktop\OTS.exe</p><p>[2011/10/01 13:48:26 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys</p><p>[2011/10/01 13:42:03 | 000,007,252 | ---- | M] () -- C:\Windows\System32\.crusader</p><p>[2011/10/01 03:15:26 | 000,339,600 | ---- | M] (BitDefender S.R.L.) -- C:\Windows\System32\drivers\TrufosAlt.sys</p><p>[2011/10/01 02:47:01 | 001,008,092 | ---- | M] () -- C:\Users\Xephyria\Desktop\rkill(2).com</p><p>[2011/10/01 02:16:10 | 001,008,092 | ---- | M] () -- C:\Users\Xephyria\Desktop\iExplore(2).exe</p><p>[2011/10/01 02:12:53 | 000,000,164 | ---- | M] () -- C:\Windows\install.dat</p><p>[2011/10/01 01:33:56 | 000,294,400 | ---- | M] () -- C:\Users\Xephyria\Desktop\exeHelper (2).com</p><p>[2011/10/01 01:10:03 | 001,008,092 | ---- | M] () -- C:\Users\Xephyria\Desktop\rkill.scr</p><p>[2011/10/01 01:09:35 | 001,008,092 | ---- | M] () -- C:\Users\Xephyria\Desktop\rkill.exe</p><p>[2011/09/30 12:53:23 | 473,517,156 | ---- | M] () -- C:\Windows\MEMORY.DMP</p><p>[2011/09/30 11:58:18 | 000,000,103 | -H-- | M] () -- C:\ProgramData\obmlf5</p><p>[2011/09/29 02:27:54 | 001,008,092 | ---- | M] () -- C:\Users\Xephyria\Desktop\rkill.com</p><p>[2011/09/29 01:42:13 | 001,454,782 | ---- | M] () -- C:\Windows\System32\drivers\Cat.DB</p><p>[2011/09/29 00:40:04 | 004,228,720 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT</p><p>[2011/09/28 23:53:52 | 047,369,160 | ---- | M] () -- C:\Windows\System32\MRT.exe</p><p>[2011/09/28 22:38:25 | 000,007,513 | ---- | M] () -- C:\Users\Xephyria\Documents\FlowJo75.prefs</p><p>[2011/09/27 11:15:44 | 105,150,346 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm</p><p>[2011/09/27 00:17:30 | 000,152,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msclmd.dll</p><p>[2011/09/26 22:31:32 | 000,000,837 | ---- | M] () -- C:\Windows\System32\drivers\etc\HOSTS.MVP</p><p>[2011/09/26 20:52:23 | 000,000,000 | ---- | M] () -- C:\Users\Xephyria\AppData\Local\prvlcl.dat</p><p>[2011/09/26 20:42:29 | 000,000,000 | -HS- | M] () -- C:\Windows\{2521BB91-29B1-4d7e-9137-AC9875D77735}</p><p>[2011/09/24 03:00:00 | 000,000,378 | ---- | M] () -- C:\Windows\tasks\RegCure.job</p><p>[2011/09/23 11:34:51 | 000,020,588 | ---- | M] () -- C:\Users\Xephyria\Desktop\VID ethics_2011.pdf</p><p>[2011/09/14 22:26:55 | 000,000,272 | ---- | M] () -- C:\Users\Xephyria\AppData\Roaming\.backup.dm</p><p>[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]</p><p> </p><p><span style="color: #E56717">========== Files Created - No Company Name ==========</span></p><p> </p><p>[2011/10/02 00:22:35 | 000,215,926 | ---- | C] () -- C:\Users\Xephyria\Desktop\task manger.jpg</p><p>[2011/10/01 13:57:40 | 000,646,656 | ---- | C] () -- C:\Users\Xephyria\Desktop\OTS.exe</p><p>[2011/10/01 13:43:58 | 000,000,000 | ---- | C] () -- C:\Windows\207992514</p><p>[2011/10/01 13:43:18 | 000,048,016 | -HS- | C] () -- C:\Windows\System32\c_41391.nl_</p><p>[2011/10/01 13:42:03 | 000,007,252 | ---- | C] () -- C:\Windows\System32\.crusader</p><p>[2011/10/01 03:39:31 | 000,023,624 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro35.sys</p><p>[2011/10/01 02:46:53 | 001,008,092 | ---- | C] () -- C:\Users\Xephyria\Desktop\rkill(2).com</p><p>[2011/10/01 02:15:59 | 001,008,092 | ---- | C] () -- C:\Users\Xephyria\Desktop\iExplore(2).exe</p><p>[2011/10/01 01:33:47 | 000,294,400 | ---- | C] () -- C:\Users\Xephyria\Desktop\exeHelper (2).com</p><p>[2011/10/01 01:09:45 | 001,008,092 | ---- | C] () -- C:\Users\Xephyria\Desktop\rkill.scr</p><p>[2011/10/01 01:09:11 | 001,008,092 | ---- | C] () -- C:\Users\Xephyria\Desktop\rkill.exe</p><p>[2011/09/29 12:06:43 | 473,517,156 | ---- | C] () -- C:\Windows\MEMORY.DMP</p><p>[2011/09/29 02:27:51 | 001,008,092 | ---- | C] () -- C:\Users\Xephyria\Desktop\rkill.com</p><p>[2011/09/29 02:09:08 | 000,000,164 | ---- | C] () -- C:\Windows\install.dat</p><p>[2011/09/29 01:41:47 | 001,454,782 | ---- | C] () -- C:\Windows\System32\drivers\Cat.DB</p><p>[2011/09/26 22:53:05 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe</p><p>[2011/09/26 22:53:05 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe</p><p>[2011/09/26 22:53:05 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe</p><p>[2011/09/26 22:53:05 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe</p><p>[2011/09/26 22:53:05 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe</p><p>[2011/09/26 20:42:29 | 000,000,000 | -HS- | C] () -- C:\Windows\{2521BB91-29B1-4d7e-9137-AC9875D77735}</p><p>[2011/09/26 00:25:25 | 000,001,181 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS5.1.lnk</p><p>[2011/09/26 00:23:25 | 000,001,143 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS5.1.lnk</p><p>[2011/09/26 00:22:43 | 000,001,236 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Device Central CS5.5.lnk</p><p>[2011/09/26 00:21:08 | 000,001,337 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS5.5.lnk</p><p>[2011/09/26 00:20:55 | 000,001,509 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS5.5.lnk</p><p>[2011/09/23 11:34:36 | 000,020,588 | ---- | C] () -- C:\Users\Xephyria\Desktop\VID ethics_2011.pdf</p><p>[2011/09/19 17:09:40 | 000,000,967 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk</p><p>[2011/09/19 16:42:08 | 000,001,013 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Download Assistant.lnk</p><p>[2011/09/14 22:26:55 | 000,000,272 | ---- | C] () -- C:\Users\Xephyria\AppData\Roaming\.backup.dm</p><p>[2011/05/02 13:24:40 | 000,000,016 | -H-- | C] () -- C:\ProgramData\obtf504</p><p>[2011/03/02 22:37:25 | 000,000,600 | ---- | C] () -- C:\Users\Xephyria\AppData\Roaming\winscp.rnd</p><p>[2010/09/09 23:07:14 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll</p><p>[2010/08/28 11:13:58 | 000,129,024 | ---- | C] () -- C:\Windows\System32\AVERM.dll</p><p>[2010/08/28 11:13:58 | 000,028,672 | ---- | C] () -- C:\Windows\System32\AVEQT.dll</p><p>[2010/08/18 14:01:53 | 000,303,104 | ---- | C] () -- C:\Windows\System32\eST3snm.dll</p><p>[2010/06/15 23:56:17 | 000,921,600 | ---- | C] () -- C:\Windows\System32\vorbisenc.dll</p><p>[2010/06/15 23:56:17 | 000,237,568 | ---- | C] () -- C:\Windows\System32\OggDS.dll</p><p>[2010/06/15 23:56:17 | 000,188,416 | ---- | C] () -- C:\Windows\System32\vorbis.dll</p><p>[2010/06/15 23:56:17 | 000,045,056 | ---- | C] () -- C:\Windows\System32\Ogg.dll</p><p>[2010/06/02 13:44:18 | 000,001,025 | ---- | C] () -- C:\Windows\System32\sysprs7.dll</p><p>[2010/06/02 13:44:18 | 000,000,205 | ---- | C] () -- C:\Windows\System32\lsprst7.dll</p><p>[2010/05/06 21:13:52 | 000,711,168 | ---- | C] () -- C:\Windows\is-T77SI.exe</p><p>[2010/04/24 15:39:33 | 000,000,000 | ---- | C] () -- C:\Users\Xephyria\AppData\Local\prvlcl.dat</p><p>[2010/04/16 17:55:18 | 000,000,103 | -H-- | C] () -- C:\ProgramData\obmlf5</p><p>[2010/03/12 17:48:05 | 047,369,160 | ---- | C] () -- C:\Windows\System32\MRT.exe</p><p>[2010/03/09 11:55:12 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat</p><p>[2010/03/09 10:00:47 | 000,021,316 | ---- | C] () -- C:\Windows\System32\emptyregdb.dat</p><p>[2009/10/28 09:22:08 | 004,835,652 | ---- | C] () -- C:\Windows\System32\libavcodec.dll</p><p>[2009/10/28 09:16:44 | 001,632,375 | ---- | C] () -- C:\Windows\System32\ffmpegmt.dll</p><p>[2009/10/28 09:16:12 | 000,611,638 | ---- | C] () -- C:\Windows\System32\libmplayer.dll</p><p>[2009/10/28 09:10:02 | 000,143,872 | ---- | C] () -- C:\Windows\System32\libmpeg2_ff.dll</p><p>[2009/10/28 08:46:26 | 000,248,320 | ---- | C] () -- C:\Windows\System32\ff_kernelDeint.dll</p><p>[2009/10/28 08:28:08 | 000,324,096 | ---- | C] () -- C:\Windows\System32\TomsMoComp_ff.dll</p><p>[2009/10/17 09:58:06 | 000,183,296 | ---- | C] () -- C:\Windows\System32\ff_samplerate.dll</p><p>[2009/10/17 09:57:06 | 000,146,944 | ---- | C] () -- C:\Windows\System32\ff_tremor.dll</p><p>[2009/10/17 09:04:24 | 000,178,688 | ---- | C] () -- C:\Windows\System32\ff_libmad.dll</p><p>[2009/10/17 09:04:08 | 000,113,152 | ---- | C] () -- C:\Windows\System32\ff_unrar.dll</p><p>[2009/10/17 09:03:48 | 000,257,024 | ---- | C] () -- C:\Windows\System32\ff_libdts.dll</p><p>[2009/10/17 09:03:44 | 000,142,848 | ---- | C] () -- C:\Windows\System32\ff_liba52.dll</p><p>[2009/10/17 09:03:40 | 000,484,864 | ---- | C] () -- C:\Windows\System32\ff_libfaad2.dll</p><p>[2009/10/17 06:53:32 | 000,100,864 | ---- | C] () -- C:\Windows\System32\ff_wmv9.dll</p><p>[2009/10/17 06:53:20 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll</p><p>[2009/10/17 05:40:42 | 000,957,047 | ---- | C] () -- C:\Windows\System32\ff_x264.dll</p><p>[2009/10/17 05:38:20 | 000,914,464 | ---- | C] () -- C:\Windows\System32\xvidcore.dll</p><p>[2009/08/12 06:21:26 | 000,087,552 | ---- | C] () -- C:\Windows\System32\ac3config.exe</p><p>[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll</p><p>[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe</p><p>[2009/08/01 08:56:43 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll</p><p>[2009/07/14 14:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat</p><p>[2009/07/14 14:33:53 | 004,228,720 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT</p><p>[2009/07/14 12:05:48 | 000,697,864 | ---- | C] () -- C:\Windows\System32\perfh009.dat</p><p>[2009/07/14 12:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat</p><p>[2009/07/14 12:05:48 | 000,144,308 | ---- | C] () -- C:\Windows\System32\perfc009.dat</p><p>[2009/07/14 12:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat</p><p>[2009/07/14 12:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT</p><p>[2009/07/14 12:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat</p><p>[2009/07/14 09:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin</p><p>[2009/07/14 09:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll</p><p>[2009/07/14 09:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll</p><p>[2009/06/25 22:26:01 | 000,000,000 | ---- | C] () -- C:\Windows\popcinfo.dat</p><p>[2009/06/11 07:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat</p><p>[2009/06/03 16:19:39 | 000,000,174 | ---- | C] () -- C:\Windows\hpbafd.ini</p><p>[2009/06/03 16:15:46 | 000,094,274 | ---- | C] () -- C:\Windows\System32\HPBHEALR.DLL</p><p>[2009/06/03 14:07:21 | 000,135,168 | ---- | C] () -- C:\Windows\System32\snmp_pp.dll</p><p>[2009/06/03 14:07:20 | 000,278,528 | ---- | C] () -- C:\Windows\System32\GL2PRCFG.DLL</p><p>[2009/06/03 14:07:20 | 000,143,360 | ---- | C] () -- C:\Windows\System32\GL2CFG.DLL</p><p>[2009/05/14 02:36:06 | 000,000,065 | ---- | C] () -- C:\Windows\FISHUI.INI</p><p>[2009/03/13 19:35:25 | 000,151,552 | ---- | C] () -- C:\Windows\System32\nvRegDev.dll</p><p>[2009/03/04 18:43:28 | 000,508,200 | ---- | C] () -- C:\Windows\System32\ICCProfiles.dll</p><p>[2009/01/11 08:17:32 | 000,163,840 | ---- | C] () -- C:\Windows\System32\ts.dll</p><p>[2009/01/11 08:16:56 | 000,148,480 | ---- | C] () -- C:\Windows\System32\mkx.dll</p><p>[2009/01/11 08:16:50 | 000,108,032 | ---- | C] () -- C:\Windows\System32\avi.dll</p><p>[2009/01/11 08:16:14 | 000,141,312 | ---- | C] () -- C:\Windows\System32\mp4.dll</p><p>[2009/01/11 08:16:04 | 000,335,872 | ---- | C] () -- C:\Windows\System32\gdsmux.exe</p><p>[2009/01/11 08:15:54 | 000,120,832 | ---- | C] () -- C:\Windows\System32\ogm.dll</p><p>[2009/01/11 08:15:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\mmfinfo.dll</p><p>[2009/01/11 08:15:36 | 000,103,424 | ---- | C] () -- C:\Windows\System32\dsmux.exe</p><p>[2009/01/11 08:15:32 | 000,102,400 | ---- | C] () -- C:\Windows\System32\avss.dll</p><p>[2009/01/11 08:15:28 | 000,246,784 | ---- | C] () -- C:\Windows\System32\dxr.dll</p><p>[2009/01/11 08:15:12 | 000,097,280 | ---- | C] () -- C:\Windows\System32\avs.dll</p><p>[2009/01/11 08:15:06 | 000,135,168 | ---- | C] () -- C:\Windows\System32\mkv2vfr.exe</p><p>[2009/01/11 08:14:08 | 000,079,360 | ---- | C] () -- C:\Windows\System32\mkzlib.dll</p><p>[2009/01/11 08:14:06 | 000,023,552 | ---- | C] () -- C:\Windows\System32\mkunicode.dll</p><p>[2008/12/04 08:11:50 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll</p><p>[2008/11/07 02:37:32 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll</p><p>[2008/10/21 03:09:46 | 000,034,308 | ---- | C] () -- C:\Windows\System32\BASSMOD.dll</p><p>[2008/08/12 09:23:16 | 009,338,880 | ---- | C] () -- C:\Windows\System32\Facev.dll</p><p>[2008/08/12 09:23:16 | 000,491,520 | ---- | C] () -- C:\Windows\System32\picn.dll</p><p>[2008/08/12 09:23:16 | 000,208,896 | ---- | C] () -- C:\Windows\System32\image.dll</p><p>[2008/08/12 09:23:13 | 000,655,360 | ---- | C] () -- C:\Windows\System32\EncIcons.dll</p><p>[2008/08/12 09:23:13 | 000,507,904 | ---- | C] () -- C:\Windows\System32\SimpleExt.dll</p><p>[2008/08/12 09:23:13 | 000,241,752 | ---- | C] () -- C:\Windows\System32\IcnOvrly.dll</p><p>[2008/08/12 09:23:13 | 000,053,248 | ---- | C] () -- C:\Windows\System32\FunFrm.dll</p><p>[2008/08/12 09:23:12 | 009,502,720 | ---- | C] () -- C:\Windows\System32\FaceVerify.dll</p><p>[2008/08/12 09:23:12 | 001,564,672 | ---- | C] () -- C:\Windows\System32\MainOp.dll</p><p>[2008/08/12 09:23:12 | 001,163,264 | ---- | C] () -- C:\Windows\System32\PicNotify.dll</p><p>[2008/08/12 09:23:12 | 000,221,184 | ---- | C] () -- C:\Windows\System32\SetDev.dll</p><p>[2008/08/12 09:23:12 | 000,126,976 | ---- | C] () -- C:\Windows\System32\VideoOp.dll</p><p>[2008/08/12 09:23:12 | 000,094,208 | ---- | C] () -- C:\Windows\System32\Momo.dll</p><p>[2008/08/12 09:23:12 | 000,049,152 | ---- | C] () -- C:\Windows\System32\DevFilt.dll</p><p>[2008/08/12 09:23:11 | 001,974,272 | ---- | C] () -- C:\Windows\System32\Imagereog.dll</p><p>[2008/08/12 09:23:11 | 000,442,368 | ---- | C] () -- C:\Windows\System32\Apblend.dll</p><p>[2008/08/12 09:22:33 | 000,057,344 | ---- | C] () -- C:\Windows\AsfHelper.dll</p><p>[2008/08/12 08:50:24 | 000,015,190 | ---- | C] () -- C:\Windows\M</p></blockquote><p></p>
[QUOTE="xephyria, post: 25188, member: 804"] I managed to get it to scan in safe mode. Here are the contents in OTL.txt OTL logfile created on: 2/10/2011 12:28:05 AM - Run 1 OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\Xephyria\Desktop\New folder Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00004809 | Country: Singapore | Language: ENE | Date Format: d/M/yyyy 2.99 Gb Total Physical Memory | 2.21 Gb Available Physical Memory | 73.72% Memory free 5.99 Gb Paging File | 5.25 Gb Available in Paging File | 87.60% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 252.81 Gb Total Space | 100.75 Gb Free Space | 39.85% Space Free | Partition Type: NTFS Drive D: | 30.52 Gb Total Space | 16.86 Gb Free Space | 55.23% Space Free | Partition Type: NTFS Computer Name: XEPHYRIA-PC | User Name: Xephyria | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - C:\Windows\207992514:1028233971.exe File not found PRC - C:\Users\Xephyria\Desktop\New folder\iExplorer.exe (OldTimer Tools) PRC - C:\Windows\explorer.exe (Microsoft Corporation) [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - C:\Windows\System32\IcnOvrly.dll () [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - (WRConsumerService) -- File not found SRV - (WebrootSpySweeperService) -- File not found SRV - (nvsvc) -- File not found SRV - (HitmanPro35CrusaderBoot) Hitman Pro 3.5 Crusader (Boot) -- C:\Users\Xephyria\Downloads\HitmanPro35.exe () SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe () SRV - (nosGetPlusHelper) getPlus(R) -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll (NOS Microsystems Ltd.) SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation) SRV - (SwitchBoard) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.) SRV - (SBSDWSCService) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) SRV - (System_Repair_UpdateMonitor) -- C:\Program Files\Lenovo\OneKey App\System Repair\UpdateMonitor.exe (Lenovo Group Limited) SRV - (IGRS) -- C:\Program Files\Lenovo\ReadyComm\common\IGRS.exe (Lenovo Group Limited) SRV - (ReadyComm.DirectRouter) -- C:\Windows\System32\IgrsSvcs.exe (Microsoft Corporation) SRV - (PS_MDP) -- C:\Windows\System32\IgrsSvcs.exe (Microsoft Corporation) SRV - (IncSvc) -- C:\Windows\System32\IgrsSvcs.exe (Microsoft Corporation) SRV - (O2FLASH) -- C:\Windows\System32\drivers\o2flash.exe (O2Micro International) SRV - (SuperProServer) -- C:\Program Files\Soft Flow\FCAP Array v1.0\Server\WinNT\spnsrvnt.exe () [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - (Avgmfx86) -- C:\Windows\System32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.) DRV - (hitmanpro35) -- C:\Windows\System32\drivers\hitmanpro35.sys () DRV - (TrufosAlt) -- C:\Windows\System32\drivers\TrufosAlt.sys (BitDefender S.R.L.) DRV - (Avgtdix) -- C:\Windows\System32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.) DRV - (AVGIDSShim) -- C:\Windows\System32\drivers\AVGIDSShim.sys (AVG Technologies CZ, s.r.o. ) DRV - (AVGIDSFilter) -- C:\Windows\System32\drivers\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. ) DRV - (AVGIDSDriver) -- C:\Windows\System32\drivers\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. ) DRV - (AVGIDSEH) -- C:\Windows\system32\DRIVERS\AVGIDSEH.Sys (AVG Technologies CZ, s.r.o. ) DRV - (Avgldx86) -- C:\Windows\System32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.) DRV - (Avgrkx86) -- C:\Windows\system32\DRIVERS\avgrkx86.sys (AVG Technologies CZ, s.r.o.) DRV - (ssidrv) -- C:\Windows\system32\DRIVERS\ssidrv.sys (Webroot Software, Inc. (www.webroot.com)) DRV - (ssfs0bbc) -- C:\Windows\system32\DRIVERS\ssfs0bbc.sys (Webroot Software, Inc. (www.webroot.com)) DRV - (sshrmd) -- C:\Windows\system32\DRIVERS\sshrmd.sys (Webroot Software, Inc. (www.webroot.com)) DRV - (PCTCore) -- C:\Windows\system32\drivers\PCTCore.sys (PC Tools) DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (pctDS) -- C:\Windows\system32\drivers\pctDS.sys (PC Tools) DRV - (PSI) -- C:\Windows\System32\drivers\psi_mf.sys (Secunia) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation) DRV - (NETw5s32) Intel(R) -- C:\Windows\System32\drivers\NETw5s32.sys (Intel Corporation) DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation) DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation) DRV - (Cam5607) -- C:\Windows\System32\drivers\BisonC07.sys (Bison Electronics. Inc. ) DRV - (CnxtHdAudService) -- C:\Windows\System32\drivers\CHDRT32.sys (Conexant Systems Inc.) DRV - (ACPIVPC) -- C:\Windows\System32\drivers\AcpiVpc.sys (Lenovo Corporation) DRV - (netw5v32) Intel(R) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation) DRV - (O2SDRDR) -- C:\Windows\System32\drivers\o2sd.sys (O2Micro ) DRV - (O2MDRDR) -- C:\Windows\System32\drivers\o2media.sys (O2Micro ) DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys (Duplex Secure Ltd.) DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.) DRV - (WDC_SAM) -- C:\Windows\System32\drivers\wdcsam.sys (Western Digital Technologies) DRV - (enecirhid) -- C:\Windows\System32\drivers\enecirhid.sys (ENE TECHNOLOGY INC.) DRV - (enecir) -- C:\Windows\System32\drivers\enecir.sys (ENE TECHNOLOGY INC.) DRV - (enecirhidma) -- C:\Windows\System32\drivers\enecirhidma.sys (ENE TECHNOLOGY INC.) DRV - (WSVD) -- C:\Windows\System32\drivers\WSVD.sys (CyberLink) DRV - (tvtumon) -- C:\Windows\System32\drivers\tvtumon.sys (Lenovo) DRV - (EMSC) -- C:\Windows\system32\DRIVERS\EMSC.SYS (Windows (R) Codename Longhorn DDK provider) DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.) DRV - (WimFltr) -- C:\Windows\System32\drivers\WimFltr.sys (Microsoft Corporation) DRV - (SNTNLUSB) -- C:\Windows\System32\drivers\SNTNLUSB.SYS (Rainbow Technologies Inc.) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\..\URLSearchHook: {ea0969b3-6e12-4ac0-b6c9-148e81247954} - C:\Program Files\Messenger_Plus_Live_Australia\tbMess.dll (Conduit Ltd.) IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3987451672-638147033-4213727604-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/ IE - HKU\S-1-5-21-3987451672-638147033-4213727604-1004\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-3987451672-638147033-4213727604-1004\..\URLSearchHook: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - No CLSID value found IE - HKU\S-1-5-21-3987451672-638147033-4213727604-1004\..\URLSearchHook: {1e82937c-f660-4a34-b6f0-b185c8729ea5} - No CLSID value found IE - HKU\S-1-5-21-3987451672-638147033-4213727604-1004\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found IE - HKU\S-1-5-21-3987451672-638147033-4213727604-1004\..\URLSearchHook: {ea0969b3-6e12-4ac0-b6c9-148e81247954} - C:\Program Files\Messenger_Plus_Live_Australia\tbMess.dll (Conduit Ltd.) IE - HKU\S-1-5-21-3987451672-638147033-4213727604-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3987451672-638147033-4213727604-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search" FF - prefs.js..browser.search.defaultthis.engineName: "Fast Browser Search" FF - prefs.js..browser.search.defaulturl: "http://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=4&q=" FF - prefs.js..browser.search.order.1: "Fast Browser Search" FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=616163" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "http://www.google.com.sg/" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.9 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {888d99e7-e8b5-46a3-851e-1ec45da1e644}:6.0.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.99 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26 FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:12.0.0.1806 FF - prefs.js..extensions.enabledItems: redshift_V2@shift-themes.com:3.6 FF - prefs.js..network.proxy.type: 0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@ahnlab.com/asp/npaosmgr.1: C:\Program Files\AhnLab\ASP\Components\aosmgr\conflict_221\npaosmgr.dll (AhnLab, Inc.) FF - HKLM\Software\MozillaPlugins\@ahnlab.com/asp/npmkd25aos: C:\Program Files\AhnLab\ASP\MyKeyDefense 2.5\npmkd25aos.dll (AhnLab, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@ahnlab.com/asp/npmkd25aos: C:\Program Files\AhnLab\ASP\MyKeyDefense 2.5\npmkd25aos.dll (AhnLab, Inc.) FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.1: C:\Users\Xephyria\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll ( ) FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Xephyria\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( ) FF - HKCU\Software\MozillaPlugins\@octoshape.com/Octoshape Streaming Services,version=1.0: C:\Users\Xephyria\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1101262-0-npoctoshape.dll (Octoshape ApS) FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Xephyria\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google) FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Xephyria\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll () FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Xephyria\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Xephyria\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Xephyria\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2011/09/27 11:12:58 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.22\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/17 13:23:49 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.22\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/17 13:23:49 | 000,000,000 | ---D | M] [2010/03/09 09:48:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Xephyria\AppData\Roaming\Mozilla\Extensions [2011/10/01 15:03:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Xephyria\AppData\Roaming\Mozilla\Firefox\Profiles\jth42vui.default\extensions [2010/04/27 21:16:15 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Xephyria\AppData\Roaming\Mozilla\Firefox\Profiles\jth42vui.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011/08/23 20:54:33 | 000,000,000 | ---D | M] (Stylish) -- C:\Users\Xephyria\AppData\Roaming\Mozilla\Firefox\Profiles\jth42vui.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8} [2010/10/17 12:10:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Xephyria\AppData\Roaming\Mozilla\Firefox\Profiles\jth42vui.default\extensions\{50931610-3d8e-11dd-ae16-0800200c9a66} [2011/08/25 11:54:56 | 000,000,000 | ---D | M] (ReloadEvery) -- C:\Users\Xephyria\AppData\Roaming\Mozilla\Firefox\Profiles\jth42vui.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644} [2011/07/04 09:51:45 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Xephyria\AppData\Roaming\Mozilla\Firefox\Profiles\jth42vui.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2011/03/18 11:28:34 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\Xephyria\AppData\Roaming\Mozilla\Firefox\Profiles\jth42vui.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} [2011/01/17 08:28:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Xephyria\AppData\Roaming\Mozilla\Firefox\Profiles\jth42vui.default\extensions\{ea0969b3-6e12-4ac0-b6c9-148e81247954}-trash [2010/10/17 12:09:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Xephyria\AppData\Roaming\Mozilla\Firefox\Profiles\jth42vui.default\extensions\info@djzig.com [2010/10/17 12:08:38 | 000,000,000 | ---D | M] (RedShift V3) -- C:\Users\Xephyria\AppData\Roaming\Mozilla\Firefox\Profiles\jth42vui.default\extensions\redshift_V2@shift-themes.com [2011/09/27 11:13:43 | 000,003,739 | ---- | M] () -- C:\Users\Xephyria\AppData\Roaming\Mozilla\Firefox\Profiles\jth42vui.default\searchplugins\avg-secure-search.xml [2009/12/23 23:40:32 | 000,009,941 | ---- | M] () -- C:\Users\Xephyria\AppData\Roaming\Mozilla\Firefox\Profiles\jth42vui.default\searchplugins\mywebsearch.xml [2011/09/27 11:17:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2010/04/17 23:17:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010/08/20 20:55:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010/10/14 22:43:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2011/02/05 10:43:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011/04/05 01:37:03 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011/07/04 10:03:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [2011/09/27 11:12:58 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG2012\FIREFOX4 [2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2009/02/21 08:24:52 | 000,660,872 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\npOGAPlugin.dll [2011/09/17 13:23:43 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml [2011/09/17 13:23:43 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml [2011/09/17 13:23:43 | 000,000,769 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml [2011/09/17 13:23:43 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml [color=#E56717]========== Chrome ==========[/color] CHR - default_search_provider: AVG Secure Search (Enabled) CHR - default_search_provider: search_url = http://isearch.avg.com/search?cid={D3939C4A-B65B-4244-A081-B1514F47A099}&mid=58b4285e2b2398758bea4a45a5d97b4f-a645f0db1685d84c007f550ea279318f5e3fa1c3&lang=en&ds=AVG&pr=fr&d=&v=&sap=dsp&q={searchTerms} CHR - default_search_provider: suggest_url = http://clients5.google.com/complete/search?hl={language}&q={searchTerms}&client=ie8&inputencoding={inputEncoding}&outputencoding={outputEncoding} CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Xephyria\AppData\Local\Google\Chrome\Application\14.0.835.186\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Xephyria\AppData\Local\Google\Chrome\Application\14.0.835.186\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Xephyria\AppData\Local\Google\Chrome\Application\14.0.835.186\pdf.dll CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll CHR - plugin: Office Genuine Advantage (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npOGAPlugin.dll CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Xephyria\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Xephyria\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll CHR - plugin: Octoshape Streaming Services (Enabled) = C:\Users\Xephyria\AppData\Roaming\Mozilla\plugins\npoctoshape.dll CHR - plugin: Octoshape Streaming Services (Enabled) = C:\Users\Xephyria\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1101262-0-npoctoshape.dll CHR - plugin: AhnLab Online Security (Enabled) = C:\Program Files\AhnLab\ASP\Components\aosmgr\conflict_221\npaosmgr.dll CHR - plugin: AhnLab MyKeyDefense 2.5 (Enabled) = C:\Program Files\AhnLab\ASP\MyKeyDefense 2.5\npmkd25aos.dll CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Unity Player (Enabled) = C:\Users\Xephyria\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll CHR - plugin: Google Update (Enabled) = C:\Users\Xephyria\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll CHR - plugin: Facebook Plugin (Enabled) = C:\Users\Xephyria\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll CHR - plugin: Facebook Plugin (Enabled) = C:\Users\Xephyria\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: AVG Safe Search = C:\Users\Xephyria\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1804_0\ Hosts file not found O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.) O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (no name) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - No CLSID value found. O2 - BHO: (Messenger Plus Live Australia Toolbar) - {ea0969b3-6e12-4ac0-b6c9-148e81247954} - C:\Program Files\Messenger_Plus_Live_Australia\tbMess.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Messenger Plus Live Australia Toolbar) - {ea0969b3-6e12-4ac0-b6c9-148e81247954} - C:\Program Files\Messenger_Plus_Live_Australia\tbMess.dll (Conduit Ltd.) O3 - HKU\S-1-5-21-3987451672-638147033-4213727604-1004\..\Toolbar\WebBrowser: (no name) - {1392B8D2-5C05-419F-A8F6-B9F15A596612} - No CLSID value found. O3 - HKU\S-1-5-21-3987451672-638147033-4213727604-1004\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O3 - HKU\S-1-5-21-3987451672-638147033-4213727604-1004\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found. O3 - HKU\S-1-5-21-3987451672-638147033-4213727604-1004\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found. O3 - HKU\S-1-5-21-3987451672-638147033-4213727604-1004\..\Toolbar\WebBrowser: (Messenger Plus Live Australia Toolbar) - {EA0969B3-6E12-4AC0-B6C9-148E81247954} - C:\Program Files\Messenger_Plus_Live_Australia\tbMess.dll (Conduit Ltd.) O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe () O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [Energy Management] C:\Program Files\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited) O4 - HKLM..\Run: [EnergyUtility] C:\Program Files\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited) O4 - HKLM..\Run: [PlusService] C:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe (Yuna Software) O4 - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SMARTAUDIO\SMAUDIO.EXE (Conexant Systems, Inc.) O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [TmlCMode] C:\Program Files\Compal\TmlCMode\TmlCMode.exe (Compal Electronic Inc.) O4 - HKLM..\Run: [VeriFaceManager] C:\Program Files\Lenovo\VeriFaceIII\PManage.exe () O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3987451672-638147033-4213727604-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3987451672-638147033-4213727604-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000036 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000037 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000038 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000039 - %SystemRoot%\System32\winrnr.dll File not found O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab (Minesweeper Flags Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.1.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7C60CD6A-A8B0-4CAC-9C11-C4EBF776D116}: DhcpNameServer = 10.1.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9A30652C-DA78-4742-80DC-9F48B0C2DF81}: DhcpNameServer = 10.176.66.71 10.188.66.103 O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.) O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O24 - Desktop WallPaper: C:\Users\Xephyria\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg O24 - Desktop BackupWallPaper: C:\Users\Xephyria\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/06/11 07:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{34d0e4a5-6496-11e0-9e9f-001fe2f7c64c}\Shell - "" = AutoRun O33 - MountPoints2\{34d0e4a5-6496-11e0-9e9f-001fe2f7c64c}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a O33 - MountPoints2\{3f740a0e-dffd-11e0-8662-001eec67b3a4}\Shell - "" = AutoRun O33 - MountPoints2\{3f740a0e-dffd-11e0-8662-001eec67b3a4}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart) O34 - HKLM BootExecute: (bootdelete) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] File not found -- C:\Windows\System32\drivers\ File not found -- C:\Windows\System32\ [2011/10/01 20:23:51 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\CrashDumps [2011/10/01 20:23:40 | 000,040,016 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys_CLN [2011/10/01 20:15:55 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\NPE [2011/10/01 20:15:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton [2011/10/01 14:31:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hitman Pro 3.5 [2011/10/01 14:31:36 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5 [2011/10/01 14:07:06 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\Desktop\New folder [2011/10/01 13:45:36 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{E2DC0DFD-BB8F-4534-BE96-5B7264E8BFC8} [2011/10/01 13:45:23 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{CCC4AC9A-0BA2-4C00-9097-D6821D34677E} [2011/10/01 12:58:48 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{F0F5A646-4002-43A3-9A92-E621D0001F00} [2011/10/01 03:39:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro [2011/10/01 03:23:27 | 000,656,320 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctEFA.sys [2011/10/01 03:23:27 | 000,338,880 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctDS.sys [2011/10/01 03:23:26 | 000,249,616 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctgntdi.sys [2011/10/01 03:23:26 | 000,102,184 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctwfpfilter.sys [2011/10/01 03:23:24 | 000,239,168 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTCore.sys [2011/10/01 03:23:24 | 000,160,448 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTAppEvent.sys [2011/10/01 03:23:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Tools Security [2011/10/01 03:23:22 | 000,070,536 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctplsg.sys [2011/10/01 03:23:18 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Roaming\PC Tools [2011/10/01 03:23:18 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools [2011/10/01 03:15:25 | 000,339,600 | ---- | C] (BitDefender S.R.L.) -- C:\Windows\System32\drivers\TrufosAlt.sys [2011/10/01 00:58:18 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{59C732E1-AB9D-45C3-93E4-6FB8E14A863A} [2011/10/01 00:58:05 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{1C10D30D-989F-4FF4-BEF6-F77B8B3F86CA} [2011/10/01 00:55:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy [2011/10/01 00:54:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2011/10/01 00:54:57 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy [2011/09/30 12:57:45 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{B1464504-4F9F-4B5F-AF87-0999F348769D} [2011/09/30 12:57:42 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{508E5F87-B1FC-412C-AE75-4F9658F2204C} [2011/09/29 23:53:34 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{2DDE5CE7-72A0-4B9A-AF13-582700F3DFB4} [2011/09/29 23:53:08 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{92955107-18F8-4BFB-90C9-99FA2CC08DCB} [2011/09/29 11:52:43 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{800D026F-221C-44AB-BC85-1B8CA4910EA2} [2011/09/29 11:52:41 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{5EE3412E-9743-40BA-B565-8A7AD1883A08} [2011/09/29 02:30:04 | 000,000,000 | ---D | C] -- C:\Program Files\MSSOAP [2011/09/29 02:30:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MSSoap [2011/09/29 02:29:49 | 000,000,000 | ---D | C] -- C:\Program Files\Webroot [2011/09/29 01:40:41 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools Security [2011/09/29 01:40:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools [2011/09/28 23:52:09 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{D4380F8F-DF30-4EE3-A7E4-9C3AEA67141C} [2011/09/28 23:51:57 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{D8E15083-E743-47EA-9897-62ADC60B496E} [2011/09/28 11:09:52 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{B70B1CCC-A74D-4D45-B93F-31277C3387BE} [2011/09/28 11:09:51 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{60E85EBC-2C33-4E94-BC56-462DF53A6BF8} [2011/09/27 23:09:20 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{424DB085-4FF5-4FAB-9599-C93DC521B577} [2011/09/27 23:09:07 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{146449F0-EE85-4F95-8050-602412AC8455} [2011/09/27 12:00:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab [2011/09/27 11:27:07 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Roaming\AVG [2011/09/27 11:14:32 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Roaming\AVG2012 [2011/09/27 11:12:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2012 [2011/09/27 11:11:24 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012 [2011/09/27 11:08:20 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{EE9E42C1-C5CE-4767-BF03-D5E8690822B6} [2011/09/27 11:08:01 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{1B661A3C-FF8B-4059-884D-2E6F8343D751} [2011/09/26 23:54:47 | 000,000,000 | ---D | C] -- C:\Windows\System32\SPReview [2011/09/26 23:52:47 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData [2011/09/26 22:53:05 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2011/09/26 22:53:05 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2011/09/26 22:53:05 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2011/09/26 22:52:52 | 000,000,000 | --SD | C] -- C:\ComboFix [2011/09/26 22:52:45 | 000,000,000 | ---D | C] -- C:\Qoobox [2011/09/26 20:30:49 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{9D18FDD1-23B7-4907-8691-6296D4ED62DA} [2011/09/26 20:30:34 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{07C42C93-DEDF-4BCF-9B6C-EDA60582DA62} [2011/09/26 11:45:44 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{E28135DA-0D0D-400E-87C5-384991271C15} [2011/09/25 23:23:30 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Roaming\PDAppFlex [2011/09/25 19:15:51 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{CD3F4BC3-7639-4AAD-8DCC-D06F79CEC305} [2011/09/25 19:15:39 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{F173B534-9B7B-45EB-88CF-3148D54174B0} [2011/09/25 07:15:51 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{00123D7C-66C3-499E-83B6-4C41CB020252} [2011/09/24 19:15:37 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{C1826960-0490-48B2-AB52-7EE94C3D45E9} [2011/09/24 19:15:25 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{C2FA8F88-182D-40F8-A7B7-0EF7827DCDE4} [2011/09/24 07:14:58 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{053792B8-477F-4EF5-B3F3-05B11B23F099} [2011/09/23 19:14:26 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{91433428-79D9-4B1B-9E14-64642C5AABD9} [2011/09/23 19:14:10 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{FC7BAF89-5900-446F-A699-BF7D8077E0B2} [2011/09/23 10:14:34 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{E545B141-18EE-4DFA-85B8-592613FD467E} [2011/09/22 20:43:52 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{0A14CBB7-4E8A-4EC7-859B-1278D3DAE7BE} [2011/09/22 20:43:33 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{844BA3F3-79D3-4E73-9784-9E1D880BBB2A} [2011/09/22 10:00:25 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{4C7ABF38-F518-4924-8DD2-B9EAF3F419C9} [2011/09/21 16:36:20 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{28D23E4F-CD8F-46CA-94C4-D7C73CEB73FB} [2011/09/21 16:35:36 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{07D42F86-0AD4-42E1-A067-68CE85C4B381} [2011/09/21 12:04:56 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 [2011/09/21 10:22:15 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{7AE849AE-44D7-416E-A216-AAD815632D91} [2011/09/20 14:00:41 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{40C799D2-35EB-4EF3-BDC8-AB6F40DE78B8} [2011/09/19 20:16:30 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{FD689BBB-7CA9-42F4-801E-420799FB10DF} [2011/09/19 20:16:17 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{BCC5CD4C-E34E-4899-B13D-5BACCC8AACA7} [2011/09/19 16:42:12 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant [2011/09/19 16:42:08 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe Download Assistant [2011/09/19 11:57:27 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{8A8C72C7-04DC-4A74-B785-E4E070736EDD} [2011/09/18 14:55:34 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{FF708B01-0FA9-4D94-85C0-CDE17418105F} [2011/09/18 01:24:36 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{3F248BC5-DB61-45BB-B970-47DB9E339068} [2011/09/17 13:23:58 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{72B8E1FE-B5A0-42C3-AD62-BCC6FEA29872} [2011/09/17 13:23:42 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{763C4A95-99F0-4B3A-9CC1-8E6356BE8011} [2011/09/17 05:01:54 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{F7961D84-AA07-4A13-86FC-2B9A24EDC60F} [2011/09/16 17:01:36 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{1262316B-C871-4348-9C23-48C4443E89B4} [2011/09/16 17:01:18 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{226D39C1-5704-4D7F-BC47-6FA553880AD0} [2011/09/16 10:48:01 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{BBAD94B5-CB73-437F-9D86-D032DCC78340} [2011/09/15 19:19:02 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{EFB59BDD-CD56-4B2B-A983-480FDFBA72A5} [2011/09/15 19:18:46 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{2ECBFD61-C04B-47E2-8E02-CC8F4D250D09} [2011/09/15 11:19:11 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{1258DA56-E88E-45C6-97CE-328452CAD500} [2011/09/14 21:03:20 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{333180A8-7761-4E6A-81C8-50818D623E09} [2011/09/14 21:03:08 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{CE962796-C179-4E95-ADBC-18D793EB040A} [2011/09/14 13:07:01 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{62364E6F-D3DB-4CDC-9234-B91D6BE1B2E4} [2011/09/13 20:21:08 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{D23E90EC-F711-456C-9C68-993AA4B3F39E} [2011/09/13 20:20:55 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{DB2BE91C-23E7-4573-9A44-24DB9C042141} [2011/09/13 11:09:45 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{F5BBC159-3EE4-4798-9063-6B8DCAB179ED} [2011/09/13 11:01:53 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{CB3754D2-B3A6-4F2D-87A2-D84C6B3EEC40} [2011/09/12 20:50:19 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{3D9E3A1F-C1C7-4053-A7DF-8F6A7F3C16E8} [2011/09/12 20:50:00 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{1E3F4723-4CA8-4924-957A-18DA75CE06F4} [2011/09/12 11:42:09 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{50F0F80A-9C87-442E-AC3C-469747378D25} [2011/09/11 18:44:54 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{C1988CBB-CD1A-40F6-A3EC-2A387B42E671} [2011/09/11 18:44:39 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{72586E9C-89AC-4740-8DD9-3575AE029555} [2011/09/10 22:06:55 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{210ADADF-C21F-4DE8-8FAF-948264DC9279} [2011/09/10 22:06:40 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{1DA92F09-C301-4A7F-8C09-42E0731C18F5} [2011/09/10 10:06:11 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{750032A0-FEF5-457D-87AD-29B271DFBC8D} [2011/09/09 22:05:44 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{4E7BA25C-BAA8-4544-80B5-A9A24AEF2451} [2011/09/09 22:05:32 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{644532CB-F1EF-4DB7-8E65-E8ACE61AB1D0} [2011/09/09 10:05:16 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{1EA20CF4-8F02-4BED-A7D7-A57C3812F728} [2011/09/09 10:05:14 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{0F29B55D-7379-4864-8C29-8054586BFC32} [2011/09/08 22:04:46 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{386DA140-11F7-4053-BD93-4612E79F7167} [2011/09/08 22:04:33 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{22E78469-0A66-4B29-B070-2AA660F66D07} [2011/09/07 21:46:01 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{43A67F2A-D53B-4FD7-96E9-1B236390D5E3} [2011/09/07 21:45:48 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{8790CBFD-27EB-47D3-A6C5-342E7D3EB696} [2011/09/07 09:45:30 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{C6C8DF46-61DC-4511-B9E6-B7DB7E795228} [2011/09/07 09:45:27 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{1B26DF2F-0550-4F8B-A12F-8DBFA6015F21} [2011/09/06 20:35:49 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{C498A37C-A4C0-44DC-8B5A-9E8718B4BAD8} [2011/09/06 20:35:32 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{404550A1-37D6-45EE-B87C-48EB52A76C43} [2011/09/06 07:57:10 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{E9203349-8904-49AA-8D06-11AF68379750} [2011/09/05 19:39:42 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{53F1957C-2364-4242-AB45-8E360BBFC08F} [2011/09/05 19:39:41 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{EB135E73-9209-42E6-A375-92CB2A91F632} [2011/09/05 07:39:06 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{B3B64FBE-2FA2-4A82-AB4D-DDEDAA316185} [2011/09/05 07:38:24 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{B85EE0A5-7C50-45ED-AE34-C44A9BE67462} [2011/09/04 13:03:31 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{B8AABB06-8963-45B3-A480-ED93EDC4B9D2} [2011/09/04 13:03:19 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{F4BEBD93-FCDA-4FD1-A0A2-F9AD1F5FFB0C} [2011/09/03 21:29:50 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{0651F868-2850-4E8D-BFC6-F256DE4C363D} [2011/09/03 09:29:12 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{DB0E994F-8633-4B6B-A934-77FEA29B4C55} [2011/09/02 21:28:38 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{1EA7A2A3-351C-45C8-9CA1-F1EAE2A7AFB9} [2011/09/02 21:28:22 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{9DEFD901-C7ED-4835-B5EC-EEFE3EBBADAE} [2011/09/02 11:02:36 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{F932588B-EEB2-4F8A-9C02-2FFBACF93EED} [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] File not found -- C:\Windows\System32\drivers\ File not found -- C:\Windows\System32\ [2011/10/02 00:31:22 | 000,714,162 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011/10/02 00:31:22 | 000,152,218 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011/10/02 00:26:13 | 000,000,000 | ---- | M] () -- C:\Windows\207992514 [2011/10/02 00:25:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011/10/02 00:25:58 | 2411,655,168 | -HS- | M] () -- C:\hiberfil.sys [2011/10/02 00:22:36 | 000,215,926 | ---- | M] () -- C:\Users\Xephyria\Desktop\task manger.jpg [2011/10/01 23:57:01 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3987451672-638147033-4213727604-1004UA.job [2011/10/01 21:09:03 | 000,009,728 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011/10/01 21:09:03 | 000,009,728 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011/10/01 21:01:41 | 000,000,056 | -HS- | M] () -- C:\_PartitionInfo [2011/10/01 21:01:37 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\RegCure Startup.job [2011/10/01 21:01:24 | 000,048,016 | -HS- | M] () -- C:\Windows\System32\c_41391.nl_ [2011/10/01 21:00:56 | 000,040,016 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys [2011/10/01 20:23:40 | 000,040,016 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys_CLN [2011/10/01 16:57:02 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3987451672-638147033-4213727604-1004Core.job [2011/10/01 16:46:26 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2011/10/01 14:31:38 | 000,023,624 | ---- | M] () -- C:\Windows\System32\drivers\hitmanpro35.sys [2011/10/01 13:57:55 | 000,646,656 | ---- | M] () -- C:\Users\Xephyria\Desktop\OTS.exe [2011/10/01 13:48:26 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011/10/01 13:42:03 | 000,007,252 | ---- | M] () -- C:\Windows\System32\.crusader [2011/10/01 03:15:26 | 000,339,600 | ---- | M] (BitDefender S.R.L.) -- C:\Windows\System32\drivers\TrufosAlt.sys [2011/10/01 02:47:01 | 001,008,092 | ---- | M] () -- C:\Users\Xephyria\Desktop\rkill(2).com [2011/10/01 02:16:10 | 001,008,092 | ---- | M] () -- C:\Users\Xephyria\Desktop\iExplore(2).exe [2011/10/01 02:12:53 | 000,000,164 | ---- | M] () -- C:\Windows\install.dat [2011/10/01 01:33:56 | 000,294,400 | ---- | M] () -- C:\Users\Xephyria\Desktop\exeHelper (2).com [2011/10/01 01:10:03 | 001,008,092 | ---- | M] () -- C:\Users\Xephyria\Desktop\rkill.scr [2011/10/01 01:09:35 | 001,008,092 | ---- | M] () -- C:\Users\Xephyria\Desktop\rkill.exe [2011/09/30 12:53:23 | 473,517,156 | ---- | M] () -- C:\Windows\MEMORY.DMP [2011/09/30 11:58:18 | 000,000,103 | -H-- | M] () -- C:\ProgramData\obmlf5 [2011/09/29 02:27:54 | 001,008,092 | ---- | M] () -- C:\Users\Xephyria\Desktop\rkill.com [2011/09/29 01:42:13 | 001,454,782 | ---- | M] () -- C:\Windows\System32\drivers\Cat.DB [2011/09/29 00:40:04 | 004,228,720 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011/09/28 23:53:52 | 047,369,160 | ---- | M] () -- C:\Windows\System32\MRT.exe [2011/09/28 22:38:25 | 000,007,513 | ---- | M] () -- C:\Users\Xephyria\Documents\FlowJo75.prefs [2011/09/27 11:15:44 | 105,150,346 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm [2011/09/27 00:17:30 | 000,152,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msclmd.dll [2011/09/26 22:31:32 | 000,000,837 | ---- | M] () -- C:\Windows\System32\drivers\etc\HOSTS.MVP [2011/09/26 20:52:23 | 000,000,000 | ---- | M] () -- C:\Users\Xephyria\AppData\Local\prvlcl.dat [2011/09/26 20:42:29 | 000,000,000 | -HS- | M] () -- C:\Windows\{2521BB91-29B1-4d7e-9137-AC9875D77735} [2011/09/24 03:00:00 | 000,000,378 | ---- | M] () -- C:\Windows\tasks\RegCure.job [2011/09/23 11:34:51 | 000,020,588 | ---- | M] () -- C:\Users\Xephyria\Desktop\VID ethics_2011.pdf [2011/09/14 22:26:55 | 000,000,272 | ---- | M] () -- C:\Users\Xephyria\AppData\Roaming\.backup.dm [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2011/10/02 00:22:35 | 000,215,926 | ---- | C] () -- C:\Users\Xephyria\Desktop\task manger.jpg [2011/10/01 13:57:40 | 000,646,656 | ---- | C] () -- C:\Users\Xephyria\Desktop\OTS.exe [2011/10/01 13:43:58 | 000,000,000 | ---- | C] () -- C:\Windows\207992514 [2011/10/01 13:43:18 | 000,048,016 | -HS- | C] () -- C:\Windows\System32\c_41391.nl_ [2011/10/01 13:42:03 | 000,007,252 | ---- | C] () -- C:\Windows\System32\.crusader [2011/10/01 03:39:31 | 000,023,624 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro35.sys [2011/10/01 02:46:53 | 001,008,092 | ---- | C] () -- C:\Users\Xephyria\Desktop\rkill(2).com [2011/10/01 02:15:59 | 001,008,092 | ---- | C] () -- C:\Users\Xephyria\Desktop\iExplore(2).exe [2011/10/01 01:33:47 | 000,294,400 | ---- | C] () -- C:\Users\Xephyria\Desktop\exeHelper (2).com [2011/10/01 01:09:45 | 001,008,092 | ---- | C] () -- C:\Users\Xephyria\Desktop\rkill.scr [2011/10/01 01:09:11 | 001,008,092 | ---- | C] () -- C:\Users\Xephyria\Desktop\rkill.exe [2011/09/29 12:06:43 | 473,517,156 | ---- | C] () -- C:\Windows\MEMORY.DMP [2011/09/29 02:27:51 | 001,008,092 | ---- | C] () -- C:\Users\Xephyria\Desktop\rkill.com [2011/09/29 02:09:08 | 000,000,164 | ---- | C] () -- C:\Windows\install.dat [2011/09/29 01:41:47 | 001,454,782 | ---- | C] () -- C:\Windows\System32\drivers\Cat.DB [2011/09/26 22:53:05 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2011/09/26 22:53:05 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2011/09/26 22:53:05 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2011/09/26 22:53:05 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2011/09/26 22:53:05 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2011/09/26 20:42:29 | 000,000,000 | -HS- | C] () -- C:\Windows\{2521BB91-29B1-4d7e-9137-AC9875D77735} [2011/09/26 00:25:25 | 000,001,181 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS5.1.lnk [2011/09/26 00:23:25 | 000,001,143 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS5.1.lnk [2011/09/26 00:22:43 | 000,001,236 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Device Central CS5.5.lnk [2011/09/26 00:21:08 | 000,001,337 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS5.5.lnk [2011/09/26 00:20:55 | 000,001,509 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS5.5.lnk [2011/09/23 11:34:36 | 000,020,588 | ---- | C] () -- C:\Users\Xephyria\Desktop\VID ethics_2011.pdf [2011/09/19 17:09:40 | 000,000,967 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk [2011/09/19 16:42:08 | 000,001,013 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Download Assistant.lnk [2011/09/14 22:26:55 | 000,000,272 | ---- | C] () -- C:\Users\Xephyria\AppData\Roaming\.backup.dm [2011/05/02 13:24:40 | 000,000,016 | -H-- | C] () -- C:\ProgramData\obtf504 [2011/03/02 22:37:25 | 000,000,600 | ---- | C] () -- C:\Users\Xephyria\AppData\Roaming\winscp.rnd [2010/09/09 23:07:14 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll [2010/08/28 11:13:58 | 000,129,024 | ---- | C] () -- C:\Windows\System32\AVERM.dll [2010/08/28 11:13:58 | 000,028,672 | ---- | C] () -- C:\Windows\System32\AVEQT.dll [2010/08/18 14:01:53 | 000,303,104 | ---- | C] () -- C:\Windows\System32\eST3snm.dll [2010/06/15 23:56:17 | 000,921,600 | ---- | C] () -- C:\Windows\System32\vorbisenc.dll [2010/06/15 23:56:17 | 000,237,568 | ---- | C] () -- C:\Windows\System32\OggDS.dll [2010/06/15 23:56:17 | 000,188,416 | ---- | C] () -- C:\Windows\System32\vorbis.dll [2010/06/15 23:56:17 | 000,045,056 | ---- | C] () -- C:\Windows\System32\Ogg.dll [2010/06/02 13:44:18 | 000,001,025 | ---- | C] () -- C:\Windows\System32\sysprs7.dll [2010/06/02 13:44:18 | 000,000,205 | ---- | C] () -- C:\Windows\System32\lsprst7.dll [2010/05/06 21:13:52 | 000,711,168 | ---- | C] () -- C:\Windows\is-T77SI.exe [2010/04/24 15:39:33 | 000,000,000 | ---- | C] () -- C:\Users\Xephyria\AppData\Local\prvlcl.dat [2010/04/16 17:55:18 | 000,000,103 | -H-- | C] () -- C:\ProgramData\obmlf5 [2010/03/12 17:48:05 | 047,369,160 | ---- | C] () -- C:\Windows\System32\MRT.exe [2010/03/09 11:55:12 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010/03/09 10:00:47 | 000,021,316 | ---- | C] () -- C:\Windows\System32\emptyregdb.dat [2009/10/28 09:22:08 | 004,835,652 | ---- | C] () -- C:\Windows\System32\libavcodec.dll [2009/10/28 09:16:44 | 001,632,375 | ---- | C] () -- C:\Windows\System32\ffmpegmt.dll [2009/10/28 09:16:12 | 000,611,638 | ---- | C] () -- C:\Windows\System32\libmplayer.dll [2009/10/28 09:10:02 | 000,143,872 | ---- | C] () -- C:\Windows\System32\libmpeg2_ff.dll [2009/10/28 08:46:26 | 000,248,320 | ---- | C] () -- C:\Windows\System32\ff_kernelDeint.dll [2009/10/28 08:28:08 | 000,324,096 | ---- | C] () -- C:\Windows\System32\TomsMoComp_ff.dll [2009/10/17 09:58:06 | 000,183,296 | ---- | C] () -- C:\Windows\System32\ff_samplerate.dll [2009/10/17 09:57:06 | 000,146,944 | ---- | C] () -- C:\Windows\System32\ff_tremor.dll [2009/10/17 09:04:24 | 000,178,688 | ---- | C] () -- C:\Windows\System32\ff_libmad.dll [2009/10/17 09:04:08 | 000,113,152 | ---- | C] () -- C:\Windows\System32\ff_unrar.dll [2009/10/17 09:03:48 | 000,257,024 | ---- | C] () -- C:\Windows\System32\ff_libdts.dll [2009/10/17 09:03:44 | 000,142,848 | ---- | C] () -- C:\Windows\System32\ff_liba52.dll [2009/10/17 09:03:40 | 000,484,864 | ---- | C] () -- C:\Windows\System32\ff_libfaad2.dll [2009/10/17 06:53:32 | 000,100,864 | ---- | C] () -- C:\Windows\System32\ff_wmv9.dll [2009/10/17 06:53:20 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2009/10/17 05:40:42 | 000,957,047 | ---- | C] () -- C:\Windows\System32\ff_x264.dll [2009/10/17 05:38:20 | 000,914,464 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2009/08/12 06:21:26 | 000,087,552 | ---- | C] () -- C:\Windows\System32\ac3config.exe [2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll [2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe [2009/08/01 08:56:43 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009/07/14 14:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009/07/14 14:33:53 | 004,228,720 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2009/07/14 12:05:48 | 000,697,864 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2009/07/14 12:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2009/07/14 12:05:48 | 000,144,308 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2009/07/14 12:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2009/07/14 12:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2009/07/14 12:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2009/07/14 09:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009/07/14 09:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009/07/14 09:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll [2009/06/25 22:26:01 | 000,000,000 | ---- | C] () -- C:\Windows\popcinfo.dat [2009/06/11 07:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2009/06/03 16:19:39 | 000,000,174 | ---- | C] () -- C:\Windows\hpbafd.ini [2009/06/03 16:15:46 | 000,094,274 | ---- | C] () -- C:\Windows\System32\HPBHEALR.DLL [2009/06/03 14:07:21 | 000,135,168 | ---- | C] () -- C:\Windows\System32\snmp_pp.dll [2009/06/03 14:07:20 | 000,278,528 | ---- | C] () -- C:\Windows\System32\GL2PRCFG.DLL [2009/06/03 14:07:20 | 000,143,360 | ---- | C] () -- C:\Windows\System32\GL2CFG.DLL [2009/05/14 02:36:06 | 000,000,065 | ---- | C] () -- C:\Windows\FISHUI.INI [2009/03/13 19:35:25 | 000,151,552 | ---- | C] () -- C:\Windows\System32\nvRegDev.dll [2009/03/04 18:43:28 | 000,508,200 | ---- | C] () -- C:\Windows\System32\ICCProfiles.dll [2009/01/11 08:17:32 | 000,163,840 | ---- | C] () -- C:\Windows\System32\ts.dll [2009/01/11 08:16:56 | 000,148,480 | ---- | C] () -- C:\Windows\System32\mkx.dll [2009/01/11 08:16:50 | 000,108,032 | ---- | C] () -- C:\Windows\System32\avi.dll [2009/01/11 08:16:14 | 000,141,312 | ---- | C] () -- C:\Windows\System32\mp4.dll [2009/01/11 08:16:04 | 000,335,872 | ---- | C] () -- C:\Windows\System32\gdsmux.exe [2009/01/11 08:15:54 | 000,120,832 | ---- | C] () -- C:\Windows\System32\ogm.dll [2009/01/11 08:15:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\mmfinfo.dll [2009/01/11 08:15:36 | 000,103,424 | ---- | C] () -- C:\Windows\System32\dsmux.exe [2009/01/11 08:15:32 | 000,102,400 | ---- | C] () -- C:\Windows\System32\avss.dll [2009/01/11 08:15:28 | 000,246,784 | ---- | C] () -- C:\Windows\System32\dxr.dll [2009/01/11 08:15:12 | 000,097,280 | ---- | C] () -- C:\Windows\System32\avs.dll [2009/01/11 08:15:06 | 000,135,168 | ---- | C] () -- C:\Windows\System32\mkv2vfr.exe [2009/01/11 08:14:08 | 000,079,360 | ---- | C] () -- C:\Windows\System32\mkzlib.dll [2009/01/11 08:14:06 | 000,023,552 | ---- | C] () -- C:\Windows\System32\mkunicode.dll [2008/12/04 08:11:50 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2008/11/07 02:37:32 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll [2008/10/21 03:09:46 | 000,034,308 | ---- | C] () -- C:\Windows\System32\BASSMOD.dll [2008/08/12 09:23:16 | 009,338,880 | ---- | C] () -- C:\Windows\System32\Facev.dll [2008/08/12 09:23:16 | 000,491,520 | ---- | C] () -- C:\Windows\System32\picn.dll [2008/08/12 09:23:16 | 000,208,896 | ---- | C] () -- C:\Windows\System32\image.dll [2008/08/12 09:23:13 | 000,655,360 | ---- | C] () -- C:\Windows\System32\EncIcons.dll [2008/08/12 09:23:13 | 000,507,904 | ---- | C] () -- C:\Windows\System32\SimpleExt.dll [2008/08/12 09:23:13 | 000,241,752 | ---- | C] () -- C:\Windows\System32\IcnOvrly.dll [2008/08/12 09:23:13 | 000,053,248 | ---- | C] () -- C:\Windows\System32\FunFrm.dll [2008/08/12 09:23:12 | 009,502,720 | ---- | C] () -- C:\Windows\System32\FaceVerify.dll [2008/08/12 09:23:12 | 001,564,672 | ---- | C] () -- C:\Windows\System32\MainOp.dll [2008/08/12 09:23:12 | 001,163,264 | ---- | C] () -- C:\Windows\System32\PicNotify.dll [2008/08/12 09:23:12 | 000,221,184 | ---- | C] () -- C:\Windows\System32\SetDev.dll [2008/08/12 09:23:12 | 000,126,976 | ---- | C] () -- C:\Windows\System32\VideoOp.dll [2008/08/12 09:23:12 | 000,094,208 | ---- | C] () -- C:\Windows\System32\Momo.dll [2008/08/12 09:23:12 | 000,049,152 | ---- | C] () -- C:\Windows\System32\DevFilt.dll [2008/08/12 09:23:11 | 001,974,272 | ---- | C] () -- C:\Windows\System32\Imagereog.dll [2008/08/12 09:23:11 | 000,442,368 | ---- | C] () -- C:\Windows\System32\Apblend.dll [2008/08/12 09:22:33 | 000,057,344 | ---- | C] () -- C:\Windows\AsfHelper.dll [2008/08/12 08:50:24 | 000,015,190 | ---- | C] () -- C:\Windows\M [/QUOTE]
Insert quotes…
Verification
Post reply
Top