Как да махна този вирус от Skype

Tsvetan Mitev · Март 5, 2012

трябва ли да задържа файловете на раб. плот или мога да ги изтрия?

Tsvetan Mitev · Март 5, 2012

продължавам да получавам скапаните съобщения с покана за дискусии от по десетки абонати!!!помогнете!!!моля!!! :matchesfart:

Night_Raven · Март 5, 2012

Научи се на обноски и не давай зор. Никой от потребителите във форума не ти е длъжен с нещо. Обяснил съм го по-подробно в тази тема.

---

Сканирай с Malwarebytes Anti-Malware. Ако тепърва инсталираш програмата, в края инсталацията ще има отметка за автоматична актуализация, не я премахвай. В противен случай обнови дефинициите й ръчно. Ако вече имаш програмата, провери дали имаш последната версия и ако нямаш, премахни твоята и инсталирай най-новата, като в края на инсталацията остави отметката за актуализация на дефинициите.

Инструкции за сканиране:

- стартирай програмата;

- избери Perform quick scan (Бързо сканиране) и кликни бутон Scan (Сканиране);

- след като приключи сканирането, ако не са открити заплахи, ще се отвори автоматично текстов файл (който можеш да затвориш) и програмата ще те уведоми, че не е открила нищо, след което можеш да кликнеш бутон OK и да я затвориш;

- ако са открити заплахи, кликни бутон OK и после Show Results (Покажи резултатите);

- кликни бутон Remove Selected (Премахни избраните);

Ако е нужен рестарт, се съгласи и рестартирай веднага. След рестарта стартирай отново програмата, иди на подпорозиорец Logs (Дневници), маркирай последния дневник, кликни бутон Open (Отвори) и му копирай съдържанието тук. Ако не е бил нужен рестарт, трябва да се появи текстов файл - копирай му съдържанието тук.

Tsvetan Mitev · Март 5, 2012

извини ме!!!не съм искал да бъда досаден!прочетох и темата която си поставил!сега ти благодаря че ми помагаш !!!и ето и файла:Malwarebytes Anti-Malware (Пробна версия) 1.60.1.1000

www.malwarebytes.org

Версия на базата от данни: v2012.03.05.05

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

TSURI_MITEV :: WORKGROU-E24652 [администратор]

Защита: включена

05.3.2012 г. 16:36:18

mbam-log-2012-03-05 (16-36-18).txt

Тип сканиране: Бързо сканиране

Изключени опции за сканиране: P2P

Сканирани обекти: 207860

Изминало време: 19 минута(и), 15 секунда(и)

Открити процеси в паметта: 0

(Не бяха открити зловредни обекти)

Открити модули в паметта: 0

(Не бяха открити зловредни обекти)

Открити ключове в системния регистър: 4

HKCU\SOFTWARE\B60JHDGR6V (Trojan.FakeAlert) -> Поставен под карантина и изтрит успешно.

HKCU\SOFTWARE\JP595IR86O (Trojan.FakeAlert) -> Поставен под карантина и изтрит успешно.

HKCU\SOFTWARE\XML (Trojan.FakeAlert) -> Поставен под карантина и изтрит успешно.

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> Поставен под карантина и изтрит успешно.

Открити стойности в системния регистър: 0

(Не бяха открити зловредни обекти)

Открити информационни обекти в системния регистър: 0

(Не бяха открити зловредни обекти)

Открити папки: 0

(Не бяха открити зловредни обекти)

Открити файлове: 2

C:\WINDOWS\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job (Trojan.Downloader) -> Поставен под карантина и изтрит успешно.

C:\WINDOWS\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job (Trojan.FakeAlert) -> Поставен под карантина и изтрит успешно.

(край)

Night_Raven · Март 5, 2012

Това са по-скоро останки. И все пак, имаш ли някакви оплаквания след сканирането? Ако да, какви по-точно?

Tsvetan Mitev · Март 5, 2012

ми отново се появяват тези дискусии!вече се чудя дали не може от настройките на скайпа да направя нещо?!

Night_Raven · Март 5, 2012

Това, че някой те добавя в дадени общи чат сесии, не значи, че ти си заразен. Значи, че този, който те е добавил в този общия чат, е заразен.

Ако искаш, ще погледна и лог от OTL. Изпълни долните инструкции, не тези, които си изпълнил преди.

Изтегли OTL и го запази на работния плот:

- стартирай инструмента;

- постави отметка в горната част на Scan All Users;

- в поле Standard Registry избери All;

- от падащо меню File Age избери 90 Days;

- постави отметки още на: Skip Microsoft Files, LOP Check и Purity Check;

- в поле Custom Scans/Fixes (в долната част на програмата) постави следния текст (маркирай го, натисни Ctrl+C и после в полето на OTL натисни Ctrl+V):

netsvcs
msconfig
safebootminimal
safebootnetwork
%SYSTEMDRIVE%\*.*
%USERPROFILE%\*.*
%USERPROFILE%\Application Data\*.*
%USERPROFILE%\Local Settings\Application Data\*.*
%AllUsersProfile%\*.*
%AllUsersProfile%\Application Data\*.*
%USERPROFILE%\My Documents\*.*
%CommonProgramFiles%\*.*
%PROGRAMFILES%\*.*
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /90
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\system32\Spool\prtprocs\w32x86\*.dll
/md5start
hlp.dat
winlogon.exe
wininit.exe
userinit.exe
explorer.exe
volsnap.sys
/md5stop

- кликни бутон Run Scan;

Изчакай сканирането да приключи. След края на сканирането автоматично ще се отворят двата новосъздадени на работния плот файла: OTL.txt и Extras.txt.

Моля, прикачи тези два файла (поотделно или в архив) към следващия си коментар.

Tsvetan Mitev · Март 5, 2012

OTL.Txt OTL.Txtсега излезе само този файл:

разбирам ,че правиш всичко възможно ,за да ме "изчистиш",но в същото време ми става съвестно като ти създавам толкова работа!!това е последното , което опитваме сега и ако не се получи ,няма да ти дотягам повече тази нощ!може-би утре ако няма резултат дотогава!!!само един въпрос!мога ли да препоръчам на тези ,които смятам че са заразени , да прегледат темата в този форум?благодаря ти и лека нощ или по-лека работа!!!

Night_Raven · Март 5, 2012

Има съмнителни елементи.

Ако имаш антивирусна програма инсталирана, я спри, както и всякакви други излишни програми. Изтегли ComboFix (ако случайно вече имаш някаква версия, я замени) и го запази на работния плот.

Стартирай го, кликни I Agree, изчакай да се разархивира и сканира докрай. Не кликай по прозореца на инструмента. Ако бъдеш попитан(а) дали да бъде инсталирана Recovery Console, кликни Yes и потвърди след това с OK и отново Yes (два пъти). Сканирането ще продължи. Ако има нужда от рестарт, компютърът ще се рестартира автоматично. След рестарта трябва да продължи сканирането. Отново не закачай прозореца, докато той не се самозатвори. След това постави съдържанието на текстовия файл C:\ComboFix.txt тук или го прикачи към коментара си.

Ако не можеш да установиш връзка с интернет след използване на ComboFix, рестартирай системата.

Tsvetan Mitev · Март 6, 2012

ComboFix 12-03-04.02 - TSURI_MITEV 03.2012 г. 11:27:37.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1251.359.1033.18.3327.2482 [GMT 1:00]

Running from: c:\documents and settings\TSURI_MITEV\Desktop\ComboFix.exe

AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\All Users\Application Data\TEMP

c:\documents and settings\All Users\Application Data\TEMP\AVG\avgmfapx.exe

c:\documents and settings\All Users\Application Data\TEMP\AVG\avgmfarx.dll

c:\documents and settings\All Users\Application Data\TEMP\AVG\avgntdumpx.exe

c:\documents and settings\All Users\Application Data\TEMP\AVG\avgrunasx.exe

c:\documents and settings\All Users\Application Data\TEMP\AVG\avi7.avg

c:\documents and settings\All Users\Application Data\TEMP\AVG\htmlayout.dll

c:\documents and settings\All Users\Application Data\TEMP\AVG\incavi.avm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_cz.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_da.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_es.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_fr.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ge.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_hu.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_id.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_in.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_it.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_jp.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ko.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ms.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_nl.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_pb.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_pl.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_pt.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ru.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_sc.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_sk.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_sp.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_tr.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_us.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_zh.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_zt.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaconf.txt

c:\documents and settings\All Users\Application Data\TEMP\AVG\mfacz.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\mfada.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaes.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\mfafr.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\mfage.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\mfahu.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaid.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\mfain.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\mfait.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\mfajp.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\mfako.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\mfams.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\mfanl.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\mfapb.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\mfapl.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\mfapt.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaru.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\mfasc.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\mfask.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\mfasp.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\mfatr.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaus.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\mfavera.txt

c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaverx.txt

c:\documents and settings\All Users\Application Data\TEMP\AVG\mfazh.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\mfazt.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\microavi.avg

c:\documents and settings\All Users\Application Data\TEMP\AVG\miniavi.avg

c:\documents and settings\All Users\Application Data\TEMP\AVG\setup.exe

c:\documents and settings\All Users\Application Data\TEMP\AVG\setup.ini

c:\documents and settings\TSURI_MITEV\Application Data\.#

c:\documents and settings\TSURI_MITEV\System

c:\documents and settings\TSURI_MITEV\System\win_qs8.jqx

c:\windows\system32\SETB02.tmp

c:\windows\system32\SETB06.tmp

c:\windows\system32\SETB0E.tmp

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_NVMINI

-------\Service_nvmini

.

((((((((((((((((((((((((( Files Created from 2012-02-06 to 2012-03-06 )))))))))))))))))))))))))))))))

.

2012-03-05 15:34 . 2012-03-05 15:34 -------- d-----w- c:\documents and settings\TSURI_MITEV\Application Data\Malwarebytes

2012-03-05 15:32 . 2012-03-05 15:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-03-05 15:32 . 2012-03-05 15:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2012-03-05 15:32 . 2011-12-10 14:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-03-01 20:00 . 2012-03-01 20:00 -------- d-----w- C:\Downloads

2012-02-16 17:00 . 2012-01-11 19:06 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll

2012-02-16 17:00 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll

2012-02-12 10:57 . 2012-02-12 10:57 -------- d-----w- c:\documents and settings\TSURI_MITEV\Application Data\vlc

2012-02-12 10:55 . 2012-02-12 10:55 -------- d-----w- c:\program files\VideoLAN

2012-02-12 10:53 . 2012-02-12 10:53 16742799 ----a-w- C:\vlc-0.9.9-win32.exe

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-01-20 19:36 . 2011-05-27 17:27 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-01-12 16:53 . 2004-08-03 23:17 1859968 ----a-w- c:\windows\system32\win32k.sys

2011-12-17 19:46 . 2004-08-04 00:56 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-12-17 19:46 . 2004-08-04 00:56 916992 ----a-w- c:\windows\system32\wininet.dll

2011-12-17 19:46 . 2004-08-04 00:56 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-12-16 12:22 . 2004-08-03 22:59 385024 ----a-w- c:\windows\system32\html.iec

2010-01-18 22:56 . 2010-01-18 22:54 16832288 ----a-w- c:\program files\jre-6u17-windows-i586-s.exe

2009-08-25 11:15 . 2009-08-25 11:15 16909168 ----a-w- c:\program files\IE8-WindowsXP-x86-BGR.exe

2012-02-13 13:14 . 2011-05-13 21:19 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-10-13 17351304]

"VoipBuster"="c:\program files\VoipBuster.com\VoipBuster\VoipBuster.exe" [2011-08-23 13872432]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-23 39408]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]

"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

"TBSysTray"="c:\program files\UPDD\TBSystry.exe" [2002-11-20 344064]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AntiVirus Plus.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AntiVirus Plus.lnk

backup=c:\windows\pss\AntiVirus Plus.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^TSURI_MITEV^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk]

path=c:\documents and settings\TSURI_MITEV\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk

backup=c:\windows\pss\OpenOffice.org 3.3.lnkStartup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\aidaemon]

2010-01-19 16:58 315392 ----a-w- c:\program files\UPDD\AIDAEMON.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitComet]

2011-09-23 07:02 11515184 ----a-w- c:\program files\BitComet\BitComet.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GUCI_AVS]

2007-12-10 14:55 323584 ----a-w- c:\windows\PixArt\PAP7501\GUCI_AVS.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyGarminAgent]

2010-03-16 08:36 337256 ----a-w- c:\program files\Garmin\MyGarminAgent\myGarminAgent.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nero MediaHome 4]

2010-10-29 15:59 5178664 ----a-w- c:\program files\Nero\Nero MediaHome 4\NeroMediaHome.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2001-07-09 08:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PAP7501_Monitor]

2007-12-10 14:55 323584 ----a-w- c:\windows\PixArt\PAP7501\GUCI_AVS.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]

2009-12-10 17:00 18789920 ----a-w- c:\windows\RTHDCPL.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

2009-06-23 10:19 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tbdaemon]

2010-01-19 16:58 442368 ----a-w- c:\program files\UPDD\TBDAEMON.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Telefonica]

2007-09-17 12:58 16384 ----a-w- c:\program files\Telefonica\bin\StartCmd.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VoipBuster]

2011-08-23 12:10 13872432 ----a-w- c:\program files\VoipBuster.com\VoipBuster\voipbuster.exe

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\VoipBuster.com\\VoipBuster\\VoipBuster.exe"=

"c:\\Program Files\\Opera\\opera.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Ahead\\Nero ShowTime\\ShowTime.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"c:\\WINDOWS\\system32\\dpvsetup.exe"=

"c:\\Program Files\\Telefonica\\AsistCfg90\\awcbrwsr.exe"=

"c:\\Program Files\\BitComet\\BitComet.exe"=

"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=

"c:\\Program Files\\Nero\\Nero MediaHome 4\\NMMediaServerService.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=

"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer.exe"=

"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer_Service.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"25625:TCP"= 25625:TCP:BitComet 25625 TCP

"25625:UDP"= 25625:UDP:BitComet 25625 UDP

.

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [13.9.2010 і. 15:27 23120]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [07.9.2010 і. 03:48 32592]

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [08.12.2010 і. 04:12 230608]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [12.11.2010 і. 13:19 295248]

R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [12.10.2011 і. 06:25 4433248]

R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [02.8.2011 і. 06:09 192776]

R2 ezGOSvc;Easybits GO Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [04.8.2004 і. 01:56 14336]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [05.3.2012 і. 16:32 652360]

R2 sprtsvc_Telefonica;SupportSoft Sprocket Service (Telefonica);c:\program files\Telefonica\bin\sprtsvc.exe [08.3.2007 і. 19:22 202280]

R2 tbupddwu;tbupddwu;c:\program files\UPDD\TBUPDDWU.EXE [14.11.2010 і. 22:48 573440]

R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [03.8.2010 і. 15:23 134608]

R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [03.8.2010 і. 15:23 24272]

R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [03.8.2010 і. 15:23 16720]

R3 hidkmdf;HID Class Shim for KMDF;c:\windows\system32\drivers\HIDKMDF.SYS [14.11.2010 і. 22:48 5632]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [05.3.2012 і. 16:32 20464]

R3 upddvh;Touch-Base Serial Multi-touch Driver;c:\windows\system32\drivers\UPDDVH.SYS [14.11.2010 і. 22:48 26600]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 і. 13:16 130384]

S2 gupdate1ca1761e381e3cc;Ус»уі° Google Update (gupdate1ca1761e381e3cc);c:\program files\Google\Update\GoogleUpdate.exe [07.8.2009 і. 14:20 133104]

S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [16.12.2009 і. 21:45 1691480]

S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [13.11.2010 і. 20:25 23456]

S3 GUCI_AVS;Generic USB Controller Interface (AVS);c:\windows\system32\drivers\GUCI_AVS.sys [22.1.2010 і. 14:37 540160]

S3 gupdatem;Ус»уі° Ѕ° Google рєту°»ё·°цёя (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [07.8.2009 і. 14:20 133104]

S3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [03.12.2011 і. 14:22 155344]

S3 TBUPDD;TBUPDD;c:\windows\system32\drivers\TBUPDDWD.SYS [14.11.2010 і. 12:17 339657]

S3 tbupddsu;Universal Pointer Device Driver;c:\windows\system32\drivers\TBUPDDSU.SYS [14.11.2010 і. 22:48 65600]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 і. 13:16 753504]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

ezGOSvc

.

Contents of the 'Scheduled Tasks' folder

.

2012-03-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-07 13:20]

.

2012-03-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-07 13:20]

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.bg/

uInternet Settings,ProxyServer = hxxp://87.246.55.154:8080

uInternet Settings,ProxyOverride = <local>

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: &С&валяне &с BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm

IE: &С&валяне на всички с BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm

TCP: DhcpNameServer = 80.58.61.250 80.58.61.254

FF - ProfilePath - c:\documents and settings\TSURI_MITEV\Application Data\Mozilla\Firefox\Profiles\rzkc9neg.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2086743&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - www.google.bg

FF - prefs.js: keyword.URL - hxxp://search.avg.com/?d=4d5977ec&i=23&tp=ab&nt=1&q=

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

MSConfigStartUp-AntiVirus Plus - c:\program files\AntiVirus Plus\AntiVirus Plus.70106.exe

MSConfigStartUp-ares - c:\program files\Ares\Ares.exe

MSConfigStartUp-ares vista - c:\program files\Ares Vista\AresVista.exe

MSConfigStartUp-JP595IR86O - c:\docume~1\TSURI_~1\LOCALS~1\Temp\Wpk.exe

MSConfigStartUp-Make A Voozie - c:\documents and settings\All Users\Application Data\Make A Voozie\VoozieMaker.exe

MSConfigStartUp-MSMSGS - c:\program files\Messenger\msmsgs.exe

AddRemove-PhotoFiltre - c:\documents and settings\TSURI_MITEV\Desktop\PhotoFiltre\Uninst.exe

AddRemove-Пакет за езиков интерфейс на The KMPlayer - c:\program files\The KMPlayer\uninsall_bg.exe

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-03-06 11:39

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(968)

c:\windows\system32\Ati2evxx.dll

c:\windows\system32\atiadlxx.dll

.

- - - - - - - > 'explorer.exe'(2548)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\msi.dll

c:\program files\Common Files\Ahead\Lib\NeroDigitalExt.dll

c:\program files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\progra~1\AVG\AVG2012\avgrsx.exe

c:\program files\AVG\AVG2012\avgcsrvx.exe

c:\windows\system32\Ati2evxx.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\AVG\AVG2012\avgnsx.exe

c:\program files\AVG\AVG2012\avgemcx.exe

c:\program files\Nero\Nero MediaHome 4\NMMediaServerService.exe

c:\windows\system32\rundll32.exe

.

**************************************************************************

.

Completion time: 2012-03-06 11:44:18 - machine was rebooted

ComboFix-quarantined-files.txt 2012-03-06 10:44

.

Pre-Run: 5 181 161 472 bytes free

Post-Run: 7 154 733 056 bytes free

.

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

.

- - End Of File - - 319BBFFA8E81B44FF504241274F84E99

Night_Raven · Март 9, 2012

Не виждам нищо реално опасно в дневниците. Ако продължаваш да бъдеш включван в някакви чат сесии, то е защото другите потребители са заразени, а не ти. Освен да им кажеш да си почистят компютрите и/или да ги блокираш, не виждам какво друго може да се направи.

tedi dimitrova · Май 6, 2012

Malwarebytes Anti-Malware (Trial) 1.61.0.1400

www.malwarebytes.org

Database version: v2012.05.06.03

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 6.0.2900.5512

Ivalina :: OWNER [administrator]

Protection: Enabled

5/6/2012 3:24:57 PM

mbam-log-2012-05-06 (15-24-57).txt

Scan type: Quick scan

Scan options disabled: P2P

Objects scanned: 184105

Time elapsed: 17 minute(s), 48 second(s)

Memory Processes Detected: 3

C:\Documents and Settings\Ivalina\Application Data\HEX-5823-6893-6818\jusched.exe (Trojan.Agent) -> 1696 -> Delete on reboot.

C:\Documents and Settings\Ivalina\Application Data\web2net.exe (Trojan.Agent) -> 1744 -> Delete on reboot.

C:\WINDOWS\iqs.exe (Trojan.Agent) -> 1904 -> Delete on reboot.

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 6

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Java Update Manager (Trojan.Agent) -> Data: C:\Documents and Settings\Ivalina\Application Data\HEX-5823-6893-6818\jusched.exe -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Windows Login access (Trojan.Agent) -> Data: C:\Documents and Settings\Ivalina\Application Data\web2net.exe -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Microsoft Firevall Engine (Trojan.Agent) -> Data: c:\windows\iqs.exe -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Microsoft Firevall Engine (Trojan.Agent) -> Data: c:\windows\iqs.exe -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\Run|Microsoft Firevall Engine (Trojan.Agent) -> Data: c:\windows\iqs.exe -> Quarantined and deleted successfully.

s.feradov · Май 6, 2012

Има ли проблеми след сканирането с Malwarebytes' Anti-Malware? Ако да, то в какво се изразяват те?

tedi dimitrova · Май 6, 2012

Засега не, но ми изписва съобщеие при стратиране, което е your computer might be a risk:

-no firewall is turned on

_Autumatic updates is turned ogg

-avg anti-virus free might be out of dateТрябва ли да инсталирам нова антивирусна програма и да оправя настройките на Firewall

tedi dimitrova · Май 6, 2012

OTL logfile created on: 5/6/2012 4:48:03 PM - Run 1

OTL by OldTimer - Version 3.2.42.2 Folder = C:\Documents and Settings\Ivalina\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.5512)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

478.42 Mb Total Physical Memory | 123.18 Mb Available Physical Memory | 25.75% Memory free

1.09 Gb Paging File | 0.60 Gb Available in Paging File | 54.75% Paging File free

Paging file location(s): C:\pagefile.sys 720 1440 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 24.41 Gb Total Space | 7.79 Gb Free Space | 31.90% Space Free | Partition Type: NTFS

Drive D: | 52.27 Gb Total Space | 50.63 Gb Free Space | 96.87% Space Free | Partition Type: NTFS

Unable to calculate disk information.

Computer Name: OWNER | User Name: Ivalina | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days

========== Processes (SafeList) ==========

PRC - [2012/05/06 16:42:32 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ivalina\Desktop\OTL.exe

PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- D:\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2012/04/04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- D:\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2011/05/01 16:55:19 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe

PRC - [2010/09/30 08:30:13 | 000,693,016 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgcsrvx.exe

PRC - [2010/09/30 08:30:01 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe

PRC - [2010/09/30 08:29:51 | 002,048,352 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe

PRC - [2009/07/01 19:37:06 | 000,037,888 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe

PRC - [2008/04/14 15:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2005/01/01 02:02:03 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe

PRC - [2005/01/01 02:02:03 | 000,595,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe

PRC - [2005/01/01 02:02:03 | 000,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe

PRC - [2004/10/14 10:11:10 | 001,388,544 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe

PRC - [2002/09/20 15:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

========== Modules (No Company Name) ==========

MOD - [2010/07/06 11:44:34 | 000,221,184 | ---- | M] () -- C:\Documents and Settings\Ivalina\Application Data\Mozilla\Firefox\Profiles 3y0f3m0.default\extensions\browserhighlighter@ebay.com\components\Shim.dll

MOD - [2009/09/21 06:10:14 | 001,032,192 | ---- | M] () -- C:\Documents and Settings\Ivalina\Application Data\Mozilla\Firefox\Profiles 3y0f3m0.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\components\IBitCometExtension.dll

MOD - [2009/07/01 19:37:06 | 000,037,888 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe

MOD - [2009/06/08 02:27:11 | 000,140,800 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)

SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- D:\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2011/05/30 12:33:54 | 001,025,352 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG8\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)

SRV - [2010/09/30 08:30:01 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd)

SRV - [2009/11/16 12:45:45 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

SRV - [2005/01/01 02:02:03 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc)

SRV - [2002/09/20 15:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)

DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)

DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)

DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)

DRV - File not found [Kernel | On_Demand | Stopped] -- E:\Fxdrv.sys -- (FXDRV)

DRV - File not found [Kernel | System | Stopped] -- -- (Changer)

DRV - File not found [Kernel | On_Demand | Unknown] -- -- (asrwrdtb)

DRV - [2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)

DRV - [2011/08/25 22:14:58 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)

DRV - [2008/04/13 23:05:40 | 000,032,768 | ---- | M] (SiS Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisnic.sys -- (SISNIC)

DRV - [2005/03/01 13:01:40 | 000,392,704 | ---- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)

DRV - [2005/01/01 02:02:35 | 000,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (AvgTdiX)

DRV - [2005/01/01 02:02:29 | 000,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (AvgLdx86)

DRV - [2005/01/01 02:02:29 | 000,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (AvgMfx86)

DRV - [2004/09/14 13:55:44 | 000,088,960 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MidiSyn.sys -- (MidiSyn)

========== Standard Registry (All) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=13925&gct=&gc=1&q=

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=13925&gct=&gc=1&q=

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKLM\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)

IE - HKLM\..\SearchScopes,DefaultScope = {CCC7A320-B3CA-4199-B1A6-9F516DD69829}

IE - HKLM\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}

IE - HKLM\..\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&query={searchTerms}&invocationType=tb50winampie7

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

IE - HKU\S-1-5-21-1417001333-413027322-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie

IE - HKU\S-1-5-21-1417001333-413027322-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKU\S-1-5-21-1417001333-413027322-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie

IE - HKU\S-1-5-21-1417001333-413027322-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

IE - HKU\S-1-5-21-1417001333-413027322-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://zonedirector.com/1/

IE - HKU\S-1-5-21-1417001333-413027322-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKU\S-1-5-21-1417001333-413027322-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKU\S-1-5-21-1417001333-413027322-1801674531-1003\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)

IE - HKU\S-1-5-21-1417001333-413027322-1801674531-1003\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()

IE - HKU\S-1-5-21-1417001333-413027322-1801674531-1003\..\URLSearchHook: {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll ()

IE - HKU\S-1-5-21-1417001333-413027322-1801674531-1003\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)

IE - HKU\S-1-5-21-1417001333-413027322-1801674531-1003\..\SearchScopes,DefaultScope = {CCC7A320-B3CA-4199-B1A6-9F516DD69829}

IE - HKU\S-1-5-21-1417001333-413027322-1801674531-1003\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=GOM2&o=16141&src=crm&q={searchTerms}&locale=en_EU&apn_ptnrs=QO&apn_dtid=YYYYYYYYBG&apn_uid=B3A40B5E-7D0E-40FB-8E46-4DA423903717&apn_sauid=0144F82D-DB60-4E89-82E9-420CC73F73A2

IE - HKU\S-1-5-21-1417001333-413027322-1801674531-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sear

IE - HKU\S-1-5-21-1417001333-413027322-1801674531-1003\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = http://www.daemon-search.com/search?q={searchTerms}

IE - HKU\S-1-5-21-1417001333-413027322-1801674531-1003\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://search.avg.com/route/?d=4cc7c441&v=6.10.6.4&i=23&tp=chrome&q={searchTerms}&lng={language}&iy=&ychte=us

IE - HKU\S-1-5-21-1417001333-413027322-1801674531-1003\..\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}: "URL" = http://toolbar.ask.com/toolbarv/askRedirect?gct=&gc=1&q={searchTerms}&crm=1&toolbar=UT2

IE - HKU\S-1-5-21-1417001333-413027322-1801674531-1003\..\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&query={searchTerms}&invocationType=tb50winampie7

IE - HKU\S-1-5-21-1417001333-413027322-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1417001333-413027322-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"

FF - prefs.js..browser.search.defaultenginename: "Ask.com"

FF - prefs.js..browser.search.order.1: "Ask.com"

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "http://zonedirector.com/1/"

FF - prefs.js..extensions.enabledItems: avg@igeared:7.005.030.004

FF - prefs.js..extensions.enabledItems: {B042753D-F57E-4e8e-A01B-7379A6D4CEFB}:1.10

FF - prefs.js..extensions.enabledItems: browserhighlighter@ebay.com:1.0

FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.19

FF - prefs.js..keyword.URL: "http://search.avg.com/route/?d=4cc7c441&v=7.005.030.004&i=23&tp=ab&iy=&ychte=us&lng=bg&q="

FF - prefs.js..network.proxy.no_proxies_on: "*.local"

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll File not found

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG8\Toolbar\Firefox\avg@igeared [2011/06/24 00:14:50 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2010/11/08 21:43:39 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/04/21 01:35:59 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/10/08 21:43:51 | 000,000,000 | ---D | M]

[2005/01/01 02:07:49 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Ivalina\Application Data\Mozilla\Extensions

[2005/01/01 02:07:49 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Ivalina\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}

[2012/05/05 18:39:55 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Ivalina\Application Data\Mozilla\Firefox\Profiles 3y0f3m0.default\extensions

[2009/09/21 06:10:14 | 000,000,000 | ---D | M] (BitComet Video Downloader) -- C:\Documents and Settings\Ivalina\Application Data\Mozilla\Firefox\Profiles 3y0f3m0.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}

[2012/04/30 18:58:32 | 000,000,000 | ---D | M] (The Browser Highlighter) -- C:\Documents and Settings\Ivalina\Application Data\Mozilla\Firefox\Profiles 3y0f3m0.default\extensions\browserhighlighter@ebay.com

[2009/09/24 05:01:16 | 000,000,687 | ---- | M] () -- C:\Documents and Settings\Ivalina\Application Data\Mozilla\Firefox\Profiles 3y0f3m0.default\searchplugins\ask.xml

[2011/08/13 07:41:25 | 000,002,396 | ---- | M] () -- C:\Documents and Settings\Ivalina\Application Data\Mozilla\Firefox\Profiles 3y0f3m0.default\searchplugins\askcom.xml

[2011/08/25 22:15:26 | 000,002,055 | ---- | M] () -- C:\Documents and Settings\Ivalina\Application Data\Mozilla\Firefox\Profiles 3y0f3m0.default\searchplugins\daemon-search.xml

[2012/03/03 15:13:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2011/05/01 16:55:34 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

[2010/11/09 10:06:01 | 000,000,000 | ---D | M] (The Browser Highlighter) -- C:\Program Files\Mozilla Firefox\extensions\browserhighlighter@ebay.com

[2011/06/24 00:14:50 | 000,000,000 | ---D | M] ("urn:mozilla:install-manifest" em:id="avg@igeared" em:name="AVG Security Toolbar" em:version="7.005.030.004" em:displayname="AVG Security Toolbar" em:iconURL="chrome://tavgp/skin/logo.ico" em:creator="AVG Technologies" em:description="AVG Security Toolbar" em:homepageURL="http://www.avg.com" >) -- C:\PROGRAM FILES\AVG\AVG8\TOOLBAR\FIREFOX\AVG@IGEARED

[2011/05/01 16:55:18 | 000,025,048 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll

[2011/05/01 16:55:18 | 000,138,712 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll

[2009/07/17 11:40:12 | 000,704,512 | ---- | M] (BitComet) -- C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll

[2011/05/01 16:55:22 | 000,066,520 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll

[2006/10/26 21:12:16 | 000,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL

[2011/09/05 20:04:56 | 000,183,696 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll

[2010/11/01 03:25:18 | 000,001,083 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\911bg.xml

[2010/11/01 03:25:18 | 000,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml

[2011/06/24 05:51:26 | 000,002,361 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg_igeared.xml

[2010/11/01 03:25:18 | 000,002,442 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\diribg.xml

[2010/11/01 03:25:18 | 000,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml

[2010/11/01 03:25:18 | 000,001,515 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pe-bg.xml

[2010/11/01 03:25:18 | 000,001,857 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\portalbgdict.xml

[2010/11/01 03:25:18 | 000,001,220 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-bg.xml

O1 HOSTS File: ([2008/04/14 15:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)

O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet ools\BitCometBHO_1.3.7.16.dll (BitComet)

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)

O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()

O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()

O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)

O3 - HKU\S-1-5-21-1417001333-413027322-1801674531-1003\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O3 - HKU\S-1-5-21-1417001333-413027322-1801674531-1003\..\Toolbar\ShellBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()

O3 - HKU\S-1-5-21-1417001333-413027322-1801674531-1003\..\Toolbar\ShellBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)

O3 - HKU\S-1-5-21-1417001333-413027322-1801674531-1003\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O3 - HKU\S-1-5-21-1417001333-413027322-1801674531-1003\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()

O3 - HKU\S-1-5-21-1417001333-413027322-1801674531-1003\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)

O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] D:\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [soundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe (Analog Devices, Inc.)

O4 - HKLM..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe (Analog Devices, Inc.)

O4 - HKLM..\Run: [TrojanScanner] D:\Trojan Remover\Trjscan.exe /boot File not found

O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()

O4 - HKU\S-1-5-21-1417001333-413027322-1801674531-1003..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-1417001333-413027322-1801674531-1003..\Run: [DAEMON Tools Lite] "D:\DAEMON Tools Lite\DTLite.exe" -autorun File not found

O4 - HKU\S-1-5-21-1417001333-413027322-1801674531-1003..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent File not found

O4 - HKU\.DEFAULT..\RunOnce: [_nltide_3] C:\WINDOWS\System32\advpack.dll (Microsoft Corporation)

O4 - HKU\S-1-5-18..\RunOnce: [_nltide_3] C:\WINDOWS\System32\advpack.dll (Microsoft Corporation)

O4 - HKU\S-1-5-19..\RunOnce: [_nltide_3] C:\WINDOWS\System32\advpack.dll (Microsoft Corporation)

O4 - HKU\S-1-5-20..\RunOnce: [_nltide_3] C:\WINDOWS\System32\advpack.dll (Microsoft Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-1417001333-413027322-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8 - Extra context menu item: &D&ownload &with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)

O8 - Extra context menu item: &D&ownload all video with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)

O8 - Extra context menu item: &D&ownload all with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)

O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html ()

O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)

O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)

O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet ools\BitCometBHO_1.3.7.16.dll (BitComet)

O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)

O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.36.0.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3CE157CB-E1A7-4711-BB05-FF914A956BE3}: DhcpNameServer = 10.36.0.1

O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()

O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)

O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)

O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ipp - No CLSID value found

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)

O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)

O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp - No CLSID value found

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler v {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)

O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter ext/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O18 - Protocol\Filter ext/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)

O20 - Winlogon\Notify\avgrsstarter: DllName - (avgrsstx.dll) - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)

O20 - Winlogon\Notify\crypt32chain: DllName - (crypt32.dll) - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)

O20 - Winlogon\Notify\cryptnet: DllName - (cryptnet.dll) - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)

O20 - Winlogon\Notify\cscdll: DllName - (cscdll.dll) - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)

O20 - Winlogon\Notify\dimsntfy: DllName - (%SystemRoot%\System32\dimsntfy.dll) - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)

O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\Schedule: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\sclgntfy: DllName - (sclgntfy.dll) - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)

O20 - Winlogon\Notify\SensLogn: DllName - (WlNotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify ermsrv: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\WgaLogon: DllName - (WgaLogon.dll) - C:\WINDOWS\System32\wgalogon.dll (Microsoft Corporation)

O20 - Winlogon\Notify\wlballoon: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)

O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O24 - Desktop Components:0 () - file:///C:/DOCUME~1/Ivalina/LOCALS~1/Temp/msohtmlclip1/02/clip_image001.jpg

O24 - Desktop Components:1 (My Current Home Page) - About:Home

O24 - Desktop WallPaper:

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Ivalina\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)

O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)

O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2005/01/01 01:31:12 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: 6to4 - File not found

NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found

NetSvcs: Ias - File not found

NetSvcs: Iprip - File not found

NetSvcs: Irmon - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: WmdmPmSp - File not found

MsConfig - StartUpReg: GrooveMonitor - hkey= - key= - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)

MsConfig - StartUpReg: NeroFilterCheck - hkey= - key= - File not found

MsConfig - State: "system.ini" - 0

MsConfig - State: "win.ini" - 0

MsConfig - State: "bootini" - 0

MsConfig - State: "services" - 0

MsConfig - State: "startup" - 2

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: sermouse.sys - Driver

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: vga.sys - Driver

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: sermouse.sys - Driver

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: vga.sys - Driver

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

========== Files/Folders - Created Within 90 Days ==========

[2012/05/06 16:42:31 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Ivalina\Desktop\OTL.exe

[2012/05/06 16:01:19 | 000,000,000 | ---D | C] -- C:\Avenger

[2012/05/06 15:22:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ivalina\Application Data\Malwarebytes

[2012/05/06 15:21:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012/05/06 15:21:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2012/05/06 15:21:18 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2012/04/27 17:19:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ivalina\Desktop\Adobe Photoshop CS5.1EN

[2012/04/27 15:42:35 | 000,000,000 | ---D | C] -- C:\Program Files\Toggle Downloader

[2012/04/27 15:42:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ivalina\Start Menu\Programs\Toggle Downloader

[2012/04/06 19:43:35 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF

[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2012/05/06 16:42:32 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ivalina\Desktop\OTL.exe

[2012/05/06 16:02:48 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2012/05/06 15:21:23 | 000,000,534 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk

[2012/05/05 17:09:07 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2012/05/02 19:57:13 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

[2012/04/29 21:25:37 | 000,168,960 | ---- | M] () -- C:\Documents and Settings\Ivalina\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2012/04/29 17:40:59 | 000,038,891 | ---- | M] () -- C:\Documents and Settings\Ivalina\Desktop\supernatural.720.hdtv-lol.srt

[2012/04/27 20:22:23 | 000,265,105 | ---- | M] () -- C:\Documents and Settings\Ivalina\Desktop\414331_2952182453583_1532062870_32116290_876525801_o.jpg

[2012/04/21 22:11:26 | 000,036,443 | ---- | M] () -- C:\Documents and Settings\Ivalina\Desktop\supernatural.719.hdtv-lol.srt

[2012/04/15 18:15:21 | 000,368,172 | ---- | M] () -- C:\Documents and Settings\Ivalina\Desktop\459056_2703529202167_1674845153_1686285_926405320_o.jpg

[2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2012/04/02 16:28:10 | 000,035,927 | ---- | M] () -- C:\Documents and Settings\Ivalina\Desktop\supernatural.718.hdtv-lol.srt

[2012/04/01 13:18:43 | 000,034,629 | ---- | M] () -- C:\Documents and Settings\Ivalina\Desktop he.vampire.diaries.s03e18.hdtv.xvid-fqm.srt

[2012/03/29 12:12:09 | 000,036,122 | ---- | M] () -- C:\Documents and Settings\Ivalina\Desktop\one.tree.hill.s09e12.720p.hdtv.x264-2hd.srt

[2012/03/25 19:55:20 | 000,435,260 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2012/03/25 19:55:20 | 000,068,156 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2012/03/17 21:56:19 | 000,032,304 | ---- | M] () -- C:\Documents and Settings\Ivalina\Desktop\supernatural.716.hdtv-lol.srt

[2012/03/17 00:08:35 | 000,035,000 | ---- | M] () -- C:\Documents and Settings\Ivalina\Desktop\The.Secret.Circle.S01E16.720p.HDTV.X264-DIMENSION.srt

[2012/03/12 20:10:35 | 000,000,552 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat

[2012/02/22 19:32:48 | 000,000,002 | ---- | M] () -- C:\WINDOWS\~sisRslt

[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/05/06 15:21:23 | 000,000,534 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk

[2012/04/29 21:23:57 | 000,038,891 | ---- | C] () -- C:\Documents and Settings\Ivalina\Desktop\supernatural.720.hdtv-lol.srt

[2012/04/29 21:03:46 | 000,036,443 | ---- | C] () -- C:\Documents and Settings\Ivalina\Desktop\supernatural.719.hdtv-lol.srt

[2012/04/27 20:22:19 | 000,265,105 | ---- | C] () -- C:\Documents and Settings\Ivalina\Desktop\414331_2952182453583_1532062870_32116290_876525801_o.jpg

[2012/04/15 18:15:16 | 000,368,172 | ---- | C] () -- C:\Documents and Settings\Ivalina\Desktop\459056_2703529202167_1674845153_1686285_926405320_o.jpg

[2012/04/03 20:13:11 | 000,036,122 | ---- | C] () -- C:\Documents and Settings\Ivalina\Desktop\one.tree.hill.s09e12.720p.hdtv.x264-2hd.srt

[2012/04/03 19:21:05 | 000,034,629 | ---- | C] () -- C:\Documents and Settings\Ivalina\Desktop he.vampire.diaries.s03e18.hdtv.xvid-fqm.srt

[2012/04/03 19:19:57 | 000,035,927 | ---- | C] () -- C:\Documents and Settings\Ivalina\Desktop\supernatural.718.hdtv-lol.srt

[2012/03/22 23:19:34 | 000,032,304 | ---- | C] () -- C:\Documents and Settings\Ivalina\Desktop\supernatural.716.hdtv-lol.srt

[2012/03/22 22:51:31 | 000,035,000 | ---- | C] () -- C:\Documents and Settings\Ivalina\Desktop\The.Secret.Circle.S01E16.720p.HDTV.X264-DIMENSION.srt

[2012/03/12 20:10:35 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat

[2011/04/14 16:07:32 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

[2010/10/13 21:27:08 | 000,162,304 | ---- | C] () -- C:\WINDOWS\System32\ztvunrar36.dll

[2010/10/13 21:27:08 | 000,077,312 | ---- | C] () -- C:\WINDOWS\System32\ztvunace26.dll

[2010/10/13 21:27:08 | 000,075,264 | ---- | C] () -- C:\WINDOWS\System32\unacev2.dll

[2010/10/13 21:27:07 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\UNRAR3.dll

========== LOP Check ==========

[2009/12/30 14:58:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ashampoo

[2010/10/27 09:18:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar

[2011/08/25 22:14:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite

[2011/08/24 17:30:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EA Core

[2009/12/30 14:57:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\page

[2010/10/13 21:27:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Simply Super Software

[2011/08/24 14:50:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP

[2009/12/30 14:59:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ivalina\Application Data\Ashampoo

[2011/08/12 18:12:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ivalina\Application Data\BSplayer PRO

[2011/08/25 22:29:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ivalina\Application Data\DAEMON Tools Lite

[2010/10/13 21:27:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ivalina\Application Data\Simply Super Software

[2009/10/26 16:23:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ivalina\Application Data\uTorrent

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >

[2005/01/01 01:31:12 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT

[2011/10/10 23:10:12 | 000,000,211 | -HS- | M] () -- C:\boot.ini

[2005/01/01 01:31:12 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS

[2005/01/01 01:31:12 | 000,000,000 | RHS- | M] () -- C:\IO.SYS

[2005/01/01 01:31:12 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS

[2008/04/14 15:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM

[2008/04/14 15:00:00 | 000,250,048 | RHS- | M] () -- C:\ntldr

[2012/05/06 16:02:40 | 754,974,720 | -HS- | M] () -- C:\pagefile.sys

< %USERPROFILE%\*.* >

[2012/05/06 16:00:32 | 006,291,456 | -H-- | M] () -- C:\Documents and Settings\Ivalina\NTUSER.DAT

[2012/05/06 17:05:16 | 000,001,024 | -H-- | M] () -- C:\Documents and Settings\Ivalina\ntuser.dat.LOG

[2012/05/06 16:00:32 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Ivalina\ntuser.ini

< %USERPROFILE%\AppData\Local\*.* >

< %USERPROFILE%\AppData\Roaming\*.* >

Invalid Environment Variable: ProgramData

< %CommonProgramFiles%\*.* >

< %PROGRAMFILES%\*.* >

< %systemroot%\system32\config\systemprofile\AppData\Local\*.* >

< %windir%\ServiceProfiles\LocalService\AppData\Local\Temp\*.* >

< %windir%\ServiceProfiles\NetworkService\AppData\Local\Temp\*.* >

< %windir%\\ temp\*.* >

< %systemroot%\system32\*.dll /lockedfiles >

[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /90 >

[2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbam.sys

< %systemroot%\system32\drivers\*.sys /lockedfiles >

[2011/08/25 22:14:58 | 000,691,696 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\sptd.sys

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >

[2008/07/06 15:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll

[2006/10/26 20:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\Spool\prtprocs\w32x86\msonpppr.dll

< %systemroot%\*. /rp /s >

< %systemroot%\assembly emp\*.* /S /MD5 >

< %systemroot%\assembly mp\*.* /S /MD5 >

< %systemroot%\assembly\GAC_32\*.* /S /MD5 >

[2011/08/24 17:10:03 | 000,069,120 | ---- | M] () MD5=DC426A365577F27187F99EB506ECD5D1 -- C:\WINDOWS\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll

[2011/08/24 17:10:15 | 000,072,192 | ---- | M] () MD5=29B35A999E341A37BE67771BE01CC275 -- C:\WINDOWS\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll

[2011/08/24 17:18:33 | 000,163,840 | ---- | M] () MD5=36BDD82A92AA704034475C2DEF7FBD29 -- C:\WINDOWS\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\3.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll

[2011/08/24 17:10:49 | 000,066,728 | ---- | M] () MD5=C01B81BB10AD14DBC5C4ECD350638096 -- C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\big5.nlp

[2011/08/24 17:10:49 | 000,082,172 | ---- | M] () MD5=EE1F60F8774D74BED8B13498F3FE737A -- C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\bopomofo.nlp

[2011/08/24 17:10:49 | 000,116,756 | ---- | M] () MD5=F6DFDA5A31162D848634504565F6D321 -- C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\ksc.nlp

[2011/08/24 17:10:49 | 004,546,560 | ---- | M] () MD5=0E6ABF2107C72F5FA86EE620BE315CA0 -- C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll

[2011/08/24 17:10:49 | 000,059,342 | ---- | M] () MD5=DA5748A89E22A3932387E65694B25BBB -- C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\normidna.nlp

[2011/08/24 17:10:49 | 000,045,794 | ---- | M] () MD5=3831A5E217D6FA828CCE1011DA26E677 -- C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\normnfc.nlp

[2011/08/24 17:10:49 | 000,039,284 | ---- | M] () MD5=DBDE664E0BA4BACD0A6A04AE2232B205 -- C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\normnfd.nlp

[2011/08/24 17:10:50 | 000,066,384 | ---- | M] () MD5=C9B88B759FE81D59CE8EBF5A0A8EB75A -- C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\normnfkc.nlp

[2011/08/24 17:10:50 | 000,060,294 | ---- | M] () MD5=3CAB6AB66759FCDF73B61EE262C9ACF4 -- C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\normnfkd.nlp

[2011/08/24 17:10:49 | 000,083,748 | ---- | M] () MD5=54144F43EDF5AA8F504A30E7C1D1A7B5 -- C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\prc.nlp

[2011/08/24 17:10:49 | 000,083,748 | ---- | M] () MD5=901863C68E6523336CAC602FE9320ABC -- C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\prcp.nlp

[2011/08/24 17:10:49 | 000,262,148 | ---- | M] () MD5=FB59D247F7143C3B9683A547E808A88B -- C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp

[2011/08/24 17:10:49 | 000,020,320 | ---- | M] () MD5=FF13BA175F0013D2311827E0D438C60B -- C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp

[2011/08/24 17:10:49 | 000,028,288 | ---- | M] () MD5=09E420F90A329BDA68477FA4AF43CB28 -- C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\xjis.nlp

[2010/11/08 21:41:47 | 004,210,688 | ---- | M] () MD5=A9D42B0504EAE68C4D45692F019B543A -- C:\WINDOWS\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll

[2011/08/24 17:10:46 | 000,486,400 | ---- | M] () MD5=B2EDA351AB2DEE6F0CE95B38F8BFA0D5 -- C:\WINDOWS\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll

[2011/08/24 17:10:56 | 002,933,248 | ---- | M] () MD5=16F96C1496CBD0965285AB19A9271D02 -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll

[2011/08/24 17:10:42 | 000,258,048 | ---- | M] () MD5=9631B15DB7C43C267636FF43C3075E07 -- C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll

[2011/08/24 17:10:42 | 000,113,664 | ---- | M] () MD5=E786C33D35D39C5CCB523AECC18D7BD7 -- C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll

[2010/11/08 21:41:55 | 000,368,640 | ---- | M] () MD5=34FA631FAA4B2DF8C0A92B7B5AD9D6E1 -- C:\WINDOWS\assembly\GAC_32\System.Printing\3.0.0.0__31bf3856ad364e35\System.Printing.dll

[2011/08/24 17:10:24 | 000,261,632 | ---- | M] () MD5=F054572A92573CA32D5F3AA8C15D2BAC -- C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll

[2011/08/24 17:09:45 | 005,238,784 | ---- | M] () MD5=4D041993C3728B5924039E69074F238C -- C:\WINDOWS\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll

< %SystemRoot%\assembly\GAC_MSIL\*.* /S /MD5 >

[2011/08/24 17:10:01 | 000,010,752 | ---- | M] () MD5=A5A56B4957BD59D324821522FE14F751 -- C:\WINDOWS\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll

[2011/08/24 17:09:47 | 000,507,904 | ---- | M] () MD5=B8FE2350B2236EE3D1CECA34E0C0FF17 -- C:\WINDOWS\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll

[2011/08/24 17:10:02 | 000,013,312 | ---- | M] () MD5=107F49F1BF0FB27A6CD758EB8C4D95A0 -- C:\WINDOWS\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll

[2011/08/24 17:10:05 | 000,008,192 | ---- | M] () MD5=6CD7461E06CB8BAEE3B16C3D7F637CD0 -- C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll

[2011/08/24 17:10:06 | 000,077,824 | ---- | M] () MD5=24F0385D06BD86A97412B8905483313E -- C:\WINDOWS\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll

[2011/08/24 17:10:08 | 000,006,656 | ---- | M] () MD5=11F3AC2D47E566615819F5BF0DD18379 -- C:\WINDOWS\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll

[2011/08/24 17:20:55 | 000,106,496 | ---- | M] () MD5=29CED3B606BA7E2B49E52931C5CB53B7 -- C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Conversion.v3.5\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Conversion.v3.5.dll

[2011/08/24 17:10:31 | 000,348,160 | ---- | M] () MD5=996AAEEC01C734347DE8A72542FD1C12 -- C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll

[2011/08/24 17:20:56 | 000,733,184 | ---- | M] () MD5=31C6E94759BF4D2FBE3239FFA717967D -- C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Engine\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll

[2011/08/24 17:10:34 | 000,036,864 | ---- | M] () MD5=D2A1C3150E43738BAB3D0AD9921B3E50 -- C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll

[2011/08/24 17:20:57 | 000,036,864 | ---- | M] () MD5=17C6F3F73858732DE59D6D957958E9AF -- C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Framework\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll

[2011/08/24 17:20:57 | 000,802,816 | ---- | M] () MD5=37F17D4698086C90127BBD90E73D7FE2 -- C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Tasks.v3.5\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.v3.5.dll

[2011/08/24 17:10:38 | 000,655,360 | ---- | M] () MD5=8A3F5B72C3F402C8D33027A4C77F55AC -- C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll

[2011/08/24 17:20:58 | 000,094,208 | ---- | M] () MD5=E32A06F647517D0DEA80F29B459E8FA2 -- C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Utilities.v3.5\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.v3.5.dll

[2011/08/24 17:10:41 | 000,077,824 | ---- | M] () MD5=640BF6BB259B53BEFF59135645C63B18 -- C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll

[2011/08/24 17:10:17 | 000,749,568 | ---- | M] () MD5=EB535D00C508119EEE4042B737165A3B -- C:\WINDOWS\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll

[2011/08/24 17:18:32 | 000,397,312 | ---- | M] () MD5=66F6B3248D6C39CEFA49174133A694FE -- C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\3.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll

[2011/08/24 17:10:14 | 000,110,592 | ---- | M] () MD5=D676BC7C829F86A215676281A1032C6B -- C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll

[2011/08/24 17:10:13 | 000,372,736 | ---- | M] () MD5=226956F70AEBBBF5ACBC9ADA6522B6F6 -- C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll

[2011/08/24 17:10:22 | 000,028,672 | ---- | M] () MD5=3D61BFCBE13C2DC8F5AE20BF02145322 -- C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll

[2011/08/24 17:10:11 | 000,659,456 | ---- | M] () MD5=EFC806A1C4C6CE9F69AECE0AB72C1E34 -- C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll

[2011/08/24 17:20:55 | 000,041,984 | ---- | M] () MD5=9F065BF574C956B85DB355C32E7E995E -- C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualC.STLCLR\1.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.STLCLR.dll

[2011/08/24 17:10:52 | 000,005,632 | ---- | M] () MD5=7E50D25F9A5BC75F22CA7AEB52176CA2 -- C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll

[2011/08/24 17:10:23 | 000,012,800 | ---- | M] () MD5=B27AA2EA41728FAF5E9642CFD2958FB9 -- C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll

[2011/08/24 17:10:10 | 000,032,768 | ---- | M] () MD5=D251A67B7D6DE2194F6E264055E020FB -- C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll

[2011/08/24 17:10:07 | 000,007,168 | ---- | M] () MD5=9659028AFA77387D6D2BF4280C10AB94 -- C:\WINDOWS\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll

[2011/08/24 17:18:37 | 000,598,016 | ---- | M] () MD5=28595FA306E58AACD7DAFF001F430703 -- C:\WINDOWS\assembly\GAC_MSIL\PresentationBuildTasks\3.0.0.0__31bf3856ad364e35\PresentationBuildTasks.dll

[2010/11/08 21:41:46 | 000,032,768 | ---- | M] () MD5=93F9CC2360815D8EF955407CF92B38AA -- C:\WINDOWS\assembly\GAC_MSIL\PresentationCFFRasterizer\3.0.0.0__31bf3856ad364e35\PresentationCFFRasterizer.dll

[2011/08/24 17:18:39 | 000,046,104 | ---- | M] () MD5=8BA7C024070F2B7FDD98ED8A4BA41789 -- C:\WINDOWS\assembly\GAC_MSIL\PresentationFontCache\3.0.0.0__31bf3856ad364e35\PresentationFontCache.exe

[2010/11/08 21:41:48 | 000,196,608 | ---- | M] () MD5=0C488A21B5A63055CB7736E3E0C75B1F -- C:\WINDOWS\assembly\GAC_MSIL\PresentationFramework.Aero\3.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll

[2010/11/08 21:41:49 | 000,139,264 | ---- | M] () MD5=DA8417F8973EC51F0F1859CA0B334FC5 -- C:\WINDOWS\assembly\GAC_MSIL\PresentationFramework.Classic\3.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll

[2010/11/08 21:41:49 | 000,397,312 | ---- | M] () MD5=7E61032F4F2BAB036B859D3B22D26DD0 -- C:\WINDOWS\assembly\GAC_MSIL\PresentationFramework.Luna\3.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll

[2010/11/08 21:41:50 | 000,163,840 | ---- | M] () MD5=D1E117EDDEFEB220351BE0C7B27A4646 -- C:\WINDOWS\assembly\GAC_MSIL\PresentationFramework.Royale\3.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll

[2010/11/08 21:41:51 | 005,283,840 | ---- | M] () MD5=DCC01F2F3B12AB72C5663E22140DA209 -- C:\WINDOWS\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll

[2010/11/08 21:41:53 | 000,864,256 | ---- | M] () MD5=428D3714C85BACE55476C91E0D90E495 -- C:\WINDOWS\assembly\GAC_MSIL\PresentationUI\3.0.0.0__31bf3856ad364e35\PresentationUI.dll

[2010/11/08 21:41:54 | 000,528,384 | ---- | M] () MD5=A37D01E48B3908330E780466312D54A6 -- C:\WINDOWS\assembly\GAC_MSIL\ReachFramework\3.0.0.0__31bf3856ad364e35\ReachFramework.dll

[2010/11/08 21:43:37 | 000,005,632 | ---- | M] () MD5=807B70A78ACE7D01F769FE502A769E67 -- C:\WINDOWS\assembly\GAC_MSIL\Sentinel.v3.5Client\3.5.0.0__b03f5f7f11d50a3a\Sentinel.v3.5Client.dll

[2010/11/08 21:41:39 | 000,110,592 | ---- | M] () MD5=6EC3D3F69A5D91C7879E938EB0AFDF1A -- C:\WINDOWS\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMdiagnostics.dll

[2011/08/24 17:10:44 | 000,110,592 | ---- | M] () MD5=0AD1C94AB2D36B79B9F2B54EADEB300A -- C:\WINDOWS\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll

[2010/11/08 21:43:37 | 000,045,056 | ---- | M] () MD5=B34B75256D536385B927193FB1DCBB81 -- C:\WINDOWS\assembly\GAC_MSIL\System.AddIn.Contract\2.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll

[2010/11/08 21:43:38 | 000,163,840 | ---- | M] () MD5=212E7E4F44432B5EDA508D454FC01A61 -- C:\WINDOWS\assembly\GAC_MSIL\System.AddIn\3.5.0.0__b77a5c561934e089\System.AddIn.dll

[2011/08/24 17:21:06 | 000,057,344 | ---- | M] () MD5=34AAEA0DCF908A7D3C1D8C2132B0E4D4 -- C:\WINDOWS\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\3.5.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll

[2011/08/24 17:10:45 | 000,081,920 | ---- | M] () MD5=41BC941761FB3D1E21826C3C0E3CEEEE -- C:\WINDOWS\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll

[2011/08/24 17:10:53 | 000,425,984 | ---- | M] () MD5=C1C4025B5F5311AC8BCC318B0C244D58 -- C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll

[2010/11/08 21:43:38 | 000,667,648 | ---- | M] () MD5=6617F24759BB1F3873C88AD9E0DF0435 -- C:\WINDOWS\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dll

[2010/11/08 21:43:39 | 000,053,248 | ---- | M] () MD5=1FDC244EEDD9B7804C7829DA11F1522E -- C:\WINDOWS\assembly\GAC_MSIL\System.Data.DataSetExtensions\3.5.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll

[2011/08/24 17:20:59 | 000,229,376 | ---- | M] () MD5=3FE6C3CDB01F039110152B1B0AE4980F -- C:\WINDOWS\assembly\GAC_MSIL\System.Data.Entity.Design\3.5.0.0__b77a5c561934e089\System.Data.Entity.Design.dll

[2011/08/24 17:21:01 | 002,879,488 | ---- | M] () MD5=CB45DFC6F9E1F954A718769D02D9C312 -- C:\WINDOWS\assembly\GAC_MSIL\System.Data.Entity\3.5.0.0__b77a5c561934e089\System.Data.Entity.dll

[2011/08/24 17:20:54 | 000,684,032 | ---- | M] () MD5=DDFB10C4A14ADD5D0A6C96E6DC3D29DF -- C:\WINDOWS\assembly\GAC_MSIL\System.Data.Linq\3.5.0.0__b77a5c561934e089\System.Data.Linq.dll

[2010/11/08 21:43:37 | 000,294,912 | ---- | M] () MD5=31D8266EF0201DEDDFF189A75A5D475A -- C:\WINDOWS\assembly\GAC_MSIL\System.Data.Services.Client\3.5.0.0__b77a5c561934e089\System.Data.Services.Client.dll

[2011/08/24 17:20:52 | 000,114,688 | ---- | M] () MD5=0A7F3B1C1A9CC722F48A7A16394F61C4 -- C:\WINDOWS\assembly\GAC_MSIL\System.Data.Services.Design\3.5.0.0__b77a5c561934e089\System.Data.Services.Design.dll

[2011/08/24 17:20:53 | 000,442,368 | ---- | M] () MD5=82F8B1D055AFF7DAF984290AEB453646 -- C:\WINDOWS\assembly\GAC_MSIL\System.Data.Services\3.5.0.0__b77a5c561934e089\System.Data.Services.dll

[2011/08/24 17:10:36 | 000,745,472 | ---- | M] () MD5=6388F9A7AA6E22DDA2E0D84E5BCE537C -- C:\WINDOWS\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll

[2011/08/24 17:10:29 | 000,970,752 | ---- | M] () MD5=97DDAFB2A7B33DC3F746EF35C9EDF892 -- C:\WINDOWS\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll

[2011/08/24 17:09:59 | 005,062,656 | ---- | M] () MD5=5C368BEBD58562133856B35BDCEFEADA -- C:\WINDOWS\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll

[2011/08/24 17:20:53 | 000,286,720 | ---- | M] () MD5=4C6FBCBB7E7D4E3B0CAAA42043B6A01F -- C:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\3.5.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll

[2011/08/24 17:10:21 | 000,188,416 | ---- | M] () MD5=F0D4CE77F1F9D9A7468335B1CE4C061B -- C:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll

[2011/08/24 17:10:26 | 000,401,408 | ---- | M] () MD5=F485CF34C45F850B25A7E38B08A7C435 -- C:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll

[2011/08/24 17:09:56 | 000,081,920 | ---- | M] () MD5=36ABC218228871A981027174216A2DA8 -- C:\WINDOWS\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll

[2011/08/24 17:10:58 | 000,626,688 | ---- | M] () MD5=179CC375C81B39902825ABFE3A7CD49D -- C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll

[2011/08/24 17:18:40 | 000,126,976 | ---- | M] () MD5=311A345681A73C66D3EE49C5157A473B -- C:\WINDOWS\assembly\GAC_MSIL\System.IdentityModel.Selectors\3.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll

[2010/11/08 21:41:40 | 000,430,080 | ---- | M] () MD5=3A107FEC33CD77CB0CD80D2EBD8052F0 -- C:\WINDOWS\assembly\GAC_MSIL\System.IdentityModel\3.0.0.0__b77a5c561934e089\System.IdentityModel.dll

[2011/08/24 17:18:33 | 000,131,072 | ---- | M] () MD5=80E67BFFD101CC6312B489BEE255430D -- C:\WINDOWS\assembly\GAC_MSIL\System.IO.Log\3.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll

[2011/08/24 17:21:02 | 000,143,360 | ---- | M] () MD5=217A1E1DED132261C825313A7FB2616C -- C:\WINDOWS\assembly\GAC_MSIL\System.Management.Instrumentation\3.5.0.0__b77a5c561934e089\System.Management.Instrumentation.dll

[2011/08/24 17:10:39 | 000,372,736 | ---- | M] () MD5=EBAADBBFB6C455E54EB6A0E47267D33C -- C:\WINDOWS\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll

[2011/08/24 17:10:35 | 000,258,048 | ---- | M] () MD5=7F9F1F17D368EE1EEA7E246FD934B9EC -- C:\WINDOWS\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll

[2010/11/08 21:43:39 | 000,233,472 | ---- | M] () MD5=2E66DE31546A6AB3A8160CE337E1C6BC -- C:\WINDOWS\assembly\GAC_MSIL\System.Net\3.5.0.0__b03f5f7f11d50a3a\System.Net.dll

[2011/08/24 17:10:32 | 000,303,104 | ---- | M] () MD5=2849F13593D2712CCB97FFBDD3C1232E -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll

[2011/08/24 17:10:27 | 000,131,072 | ---- | M] () MD5=C415D86079D431E7E1E32D0835A3FE81 -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll

[2010/11/08 21:41:40 | 000,966,656 | ---- | M] () MD5=FEF363534B2E325A1AE11DE7B12441E3 -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll

[2011/08/24 17:11:05 | 000,258,048 | ---- | M] () MD5=EC02948F86ACA3C0967F44BA2C6E11C4 -- C:\WINDOWS\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll

[2010/11/08 21:41:45 | 000,073,728 | ---- | M] () MD5=A80F41C8B2168E8B3ADD0AA4FCBDDC93 -- C:\WINDOWS\assembly\GAC_MSIL\System.ServiceModel.Install\3.0.0.0__b77a5c561934e089\System.ServiceModel.Install.dll

[2011/08/24 17:18:34 | 000,032,768 | ---- | M] () MD5=43920F2E0EF924094796AFF2CE6279AD -- C:\WINDOWS\assembly\GAC_MSIL\System.ServiceModel.WasHosting\3.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll

[2010/11/08 21:43:36 | 000,569,344 | ---- | M] () MD5=1565B7FAFDFA6EEE16101388E57E749F -- C:\WINDOWS\assembly\GAC_MSIL\System.ServiceModel.Web\3.5.0.0__31bf3856ad364e35\System.ServiceModel.Web.dll

[2010/11/08 21:41:43 | 005,931,008 | ---- | M] () MD5=3E284E5922C7D3D63D8B985526AE39EE -- C:\WINDOWS\assembly\GAC_MSIL\System.ServiceModel\3.0.0.0__b77a5c561934e089\System.ServiceModel.dll

[2011/08/24 17:11:02 | 000,114,688 | ---- | M] () MD5=50D2943D426BA91771AD87FDEC802AC3 -- C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll

[2011/08/24 17:18:39 | 000,688,128 | ---- | M] () MD5=31588B867657A7DF046AC1908550D73C -- C:\WINDOWS\assembly\GAC_MSIL\System.Speech\3.0.0.0__31bf3856ad364e35\System.Speech.dll

[2011/08/24 17:21:07 | 000,077,824 | ---- | M] () MD5=2C3559C513F7CD6F95DC382F31A6A22D -- C:\WINDOWS\assembly\GAC_MSIL\System.Web.Abstractions\3.5.0.0__31bf3856ad364e35\System.Web.Abstractions.dll

[2011/08/24 17:21:08 | 000,032,768 | ---- | M] () MD5=9E0D101B086297D5E166E03A8ACBF260 -- C:\WINDOWS\assembly\GAC_MSIL\System.Web.DynamicData.Design\3.5.0.0__31bf3856ad364e35\System.Web.DynamicData.Design.dll

[2011/08/24 17:21:09 | 000,225,280 | ---- | M] () MD5=E4613934FBC2471C01D9C9DADE7DD4D9 -- C:\WINDOWS\assembly\GAC_MSIL\System.Web.DynamicData\3.5.0.0__31bf3856ad364e35\System.Web.DynamicData.dll

[2011/08/24 17:21:03 | 000,131,072 | ---- | M] () MD5=A6A5297AAD0A9BA8829D20B1CBD68D32 -- C:\WINDOWS\assembly\GAC_MSIL\System.Web.Entity.Design\3.5.0.0__b77a5c561934e089\System.Web.Entity.Design.dll

[2011/08/24 17:21:04 | 000,139,264 | ---- | M] () MD5=1485861B7989FBA40B9387B748914335 -- C:\WINDOWS\assembly\GAC_MSIL\System.Web.Entity\3.5.0.0__b77a5c561934e089\System.Web.Entity.dll

[2011/08/24 17:21:10 | 000,335,872 | ---- | M] () MD5=7E83B8040233DDCDE03CF7F0A5F2837B -- C:\WINDOWS\assembly\GAC_MSIL\System.Web.Extensions.Design\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.Design.dll

[2011/08/24 17:21:12 | 001,277,952 | ---- | M] () MD5=11564BD3D6D705F47525C128480064F7 -- C:\WINDOWS\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll

[2011/08/24 17:09:52 | 000,835,584 | ---- | M] () MD5=C22D59F4EAC00510D1A86061A428C633 -- C:\WINDOWS\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll

[2011/08/24 17:09:48 | 000,077,824 | ---- | M] () MD5=F27A80887F125661CAC1A6039107428F -- C:\WINDOWS\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll

[2011/08/24 17:21:14 | 000,061,440 | ---- | M] () MD5=5B7868DF14D71D328EE8C1213F852393 -- C:\WINDOWS\assembly\GAC_MSIL\System.Web.Routing\3.5.0.0__31bf3856ad364e35\System.Web.Routing.dll

[2011/08/24 17:09:50 | 000,839,680 | ---- | M] () MD5=A89DFA6DB0C3D00559F770A214962A60 -- C:\WINDOWS\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll

[2011/08/24 17:09:55 | 005,025,792 | ---- | M] () MD5=4BBB50EE0660AD59380E27EA00F318C9 -- C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll

[2010/11/08 21:43:39 | 000,012,288 | ---- | M] () MD5=044C3400A836E5FB60D4A49EAEC24544 -- C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Presentation\3.5.0.0__b77a5c561934e089\System.Windows.Presentation.dll

[2011/08/24 17:18:35 | 001,138,688 | ---- | M] () MD5=A96933F3898290AA509080A90E0C7C5F -- C:\WINDOWS\assembly\GAC_MSIL\System.Workflow.Activities\3.0.0.0__31bf3856ad364e35\System.Workflow.Activities.dll

[2011/08/24 17:18:36 | 001,630,208 | ---- | M] () MD5=C4503F6EADC2638D6898514290A7A60B -- C:\WINDOWS\assembly\GAC_MSIL\System.Workflow.ComponentModel\3.0.0.0__31bf3856ad364e35\System.Workflow.ComponentModel.dll

[2011/08/24 17:18:36 | 000,540,672 | ---- | M] () MD5=6623152B2FB7DC650C6A8FE01AF71F44 -- C:\WINDOWS\assembly\GAC_MSIL\System.Workflow.Runtime\3.0.0.0__31bf3856ad364e35\System.Workflow.Runtime.dll

[2011/08/24 17:20:51 | 000,507,904 | ---- | M] () MD5=E249D1B3114088C0D390A60643BF2BBC -- C:\WINDOWS\assembly\GAC_MSIL\System.WorkflowServices\3.5.0.0__31bf3856ad364e35\System.WorkflowServices.dll

[2010/11/08 21:43:39 | 000,139,264 | ---- | M] () MD5=64925CC79EA9E8245A4F18703CCABEC4 -- C:\WINDOWS\assembly\GAC_MSIL\System.Xml.Linq\3.5.0.0__b77a5c561934e089\System.Xml.Linq.dll

[2011/08/24 17:11:00 | 002,048,000 | ---- | M] () MD5=FCA78DCEFF0809B060B01710D07CC16E -- C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll

[2011/08/24 17:10:19 | 003,149,824 | ---- | M] () MD5=86601F6A08C75A16D4D0509CB31EE318 -- C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll

[2010/11/08 21:41:56 | 000,167,936 | ---- | M] () MD5=F303A07A6EF37B8B6DD928D97A016B75 -- C:\WINDOWS\assembly\GAC_MSIL\UIAutomationClient\3.0.0.0__31bf3856ad364e35\UIAutomationClient.dll

[2010/11/08 21:41:57 | 000,385,024 | ---- | M] () MD5=09658EF5F16F2ABD74FE577D50C0D155 -- C:\WINDOWS\assembly\GAC_MSIL\UIAutomationClientsideProviders\3.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll

[2010/11/08 21:41:59 | 000,040,960 | ---- | M] () MD5=A93561FB224FA8539357C74065403630 -- C:\WINDOWS\assembly\GAC_MSIL\UIAutomationProvider\3.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll

[2010/11/08 21:42:00 | 000,098,304 | ---- | M] () MD5=5BE33FC308914C1AE6577A908D97A4FF -- C:\WINDOWS\assembly\GAC_MSIL\UIAutomationTypes\3.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll

[2010/11/08 21:42:01 | 001,245,184 | ---- | M] () MD5=64B09796E91430982C3C2A2B17BC2FA1 -- C:\WINDOWS\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll

[2010/11/08 21:42:02 | 000,094,208 | ---- | M] () MD5=E205A79EA6C06F91EA08BBE59FE83503 -- C:\WINDOWS\assembly\GAC_MSIL\WindowsFormsIntegration\3.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll

< MD5 for: AFD.SYS >

[2009/06/09 21:06:41 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=7E775010EF291DA96AD17CA4B17137D7 -- C:\WINDOWS\system32\dllcache\afd.sys

[2009/06/09 21:06:41 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=7E775010EF291DA96AD17CA4B17137D7 -- C:\WINDOWS\system32\drivers\afd.sys

< MD5 for: ATAPI.SYS >

[2009/06/09 21:22:19 | 017,778,242 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys

[2008/04/14 15:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: DISK.SYS >

[2009/06/09 21:22:19 | 017,778,242 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:disk.sys

[2008/04/14 15:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\system32\drivers\disk.sys

< MD5 for: EXPLORER.EXE >

[2008/04/14 15:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe

[2008/04/14 15:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\system32\dllcache\explorer.exe

< MD5 for: I8042PRT.SYS >

[2009/06/09 21:22:19 | 017,778,242 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:i8042prt.sys

[2008/04/14 15:00:00 | 000,052,480 | ---- | M] (Microsoft Corporation) MD5=4A0B06AA8943C1E332520F7440C0AA30 -- C:\WINDOWS\system32\drivers\i8042prt.sys

< MD5 for: LSASS.EXE >

[2008/04/14 15:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=BF2466B3E18E970D8A976FB95FC1CA85 -- C:\WINDOWS\system32\dllcache\lsass.exe

[2008/04/14 15:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=BF2466B3E18E970D8A976FB95FC1CA85 -- C:\WINDOWS\system32\lsass.exe

< MD5 for: NETBT.SYS >

[2008/04/14 15:00:00 | 000,162,816 | ---- | M] (Microsoft Corporation) MD5=74B2B2F5BEA5E9A3DC021D685551BD3D -- C:\WINDOWS\system32\dllcache\netbt.sys

[2008/04/14 15:00:00 | 000,162,816 | ---- | M] (Microsoft Corporation) MD5=74B2B2F5BEA5E9A3DC021D685551BD3D -- C:\WINDOWS\system32\drivers\netbt.sys

< MD5 for: REDBOOK.SYS >

[2009/06/09 21:22:19 | 017,778,242 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:redbook.sys

[2008/04/14 01:10:28 | 000,057,600 | ---- | M] (Microsoft Corporation) MD5=F828DD7E1419B6653894A8F97A0094C5 -- C:\WINDOWS\system32\drivers\redbook.sys

< MD5 for: SERIAL.SYS >

[2009/06/09 21:22:19 | 017,778,242 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:serial.sys

[2008/04/14 15:00:00 | 000,064,512 | ---- | M] (Microsoft Corporation) MD5=CCA207A8896D4C6A0C9CE29A4AE411A7 -- C:\WINDOWS\system32\drivers\serial.sys

< MD5 for: SVCHOST.EXE >

[2008/04/14 15:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\dllcache\svchost.exe

[2008/04/14 15:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe

< MD5 for: TCPIP.SYS >

[2009/06/09 21:10:35 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\dllcache cpip.sys

[2009/06/09 21:10:35 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\drivers cpip.sys

< MD5 for: USERINIT.EXE >

[2008/04/14 15:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\dllcache\userinit.exe

[2008/04/14 15:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: VOLSNAP.SYS >

[2008/04/14 15:00:00 | 000,052,352 | ---- | M] (Microsoft Corporation) MD5=4C8FCB5CC53AAB716D810740FE59D025 -- C:\WINDOWS\system32\dllcache\volsnap.sys

[2008/04/14 15:00:00 | 000,052,352 | ---- | M] (Microsoft Corporation) MD5=4C8FCB5CC53AAB716D810740FE59D025 -- C:\WINDOWS\system32\drivers\volsnap.sys

< MD5 for: WINLOGON.EXE >

[2008/04/14 15:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\dllcache\winlogon.exe

[2008/04/14 15:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========

[C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a] -> C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790 -> Junction

[C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a] -> C:\WINDOWS\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e -> Junction

< End of report >

OTL Extras logfile created on: 5/6/2012 4:48:03 PM - Run 1

OTL by OldTimer - Version 3.2.42.2 Folder = C:\Documents and Settings\Ivalina\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.5512)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

478.42 Mb Total Physical Memory | 123.18 Mb Available Physical Memory | 25.75% Memory free

1.09 Gb Paging File | 0.60 Gb Available in Paging File | 54.75% Paging File free

Paging file location(s): C:\pagefile.sys 720 1440 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 24.41 Gb Total Space | 7.79 Gb Free Space | 31.90% Space Free | Partition Type: NTFS

Drive D: | 52.27 Gb Total Space | 50.63 Gb Free Space | 96.87% Space Free | Partition Type: NTFS

Unable to calculate disk information.

Computer Name: OWNER | User Name: Ivalina | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-1417001333-413027322-1801674531-1003\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)

Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)

Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

"DoNotAllowExceptions" = 0

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"15894:TCP" = 15894:TCP:*:Enabled:BitComet 15894 TCP

"15894:UDP" = 15894:UDP:*:Enabled:BitComet 15894 UDP

"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009

"9394:TCP" = 9394:TCP:*:Enabled:BitComet 9394 TCP

"9394:UDP" = 9394:UDP:*:Enabled:BitComet 9394 UDP

"16668:TCP" = 16668:TCP:*:Enabled:BitComet 16668 TCP

"16668:UDP" = 16668:UDP:*:Enabled:BitComet 16668 UDP

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

"C:\Program Files\AVG\AVG8\avgemc.exe" = C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe -- (AVG Technologies CZ, s.r.o.)

"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)

"C:\Program Files\AVG\AVG8\avgnsx.exe" = C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)

"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)

"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)

"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)

"C:\Program Files\BitComet\BitComet.exe" = C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet.exe -- (www.BitComet.com)

"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)

"C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager

"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Computer, Inc.)

"C:\Documents and Settings\Ivalina\Application Data\HEX-5823-6893-6818\jusched.exe" = C:\Documents and Settings\Ivalina\Application Data\HEX-5823-6893-6818\jusched.exe:*:Enabled:Java Update Manager

"c:\windows\mdm.exe" = c:\windows\mdm.exe:*:Enabled:MSN Messenger

"c:\windows\winsrv.exe" = c:\windows\winsrv.exe:*:Enabled:MSN Messenger

"c:\windows\iqs.exe" = c:\windows\iqs.exe:*:Enabled:MSN Messenger

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3

"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting

"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin

"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2

"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{3D7E3EC9-46CF-4359-9289-39CE01DFB82F}" = Adobe Photoshop CS3

"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings

"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3

"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup

"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All

"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings

"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3

"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3

"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support

"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12

"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007

"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007

"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{926CC8AE-8414-43DF-8EB4-CF26D9C3C663}" =

"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007

"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007

"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007

"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3

"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings

"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3

"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps

"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A401975C-C1C5-4ECB-BC18-BFD9F8F401B7}" = Paint.NET v3.5.3

"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings

"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)

"{ACEB2BAF-96DF-48FD-ADD5-43842D4C443D}" = Adobe AIR

"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0

"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup

"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C209C9AF-5573-4261-AC58-7F263FE942B0}" = Crypto Budget II Web Camera

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client

"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files

"{DC226AC9-0314-496C-BE6A-B6A132628466}" = SiSAGP driver

"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings

"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3

"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

"{FF11004C-F42A-4A31-9BCF-7F5C8FDBE53C}" = Adobe Setup

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2

"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings

"Ashampoo Burning Studio 9_is1" = Ashampoo Burning Studio 9.20

"AVG8Uninstall" = AVG Free 8.5

"BitComet" = BitComet 1.14

"Bulgarian_KBD'S_Atanasov" = Bulgarian Keyboards XP by G. Atanasov

"CoreAAC" = CoreAAC

"ENTERPRISE" = Microsoft Office Enterprise 2007

"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.02

"GOM Player" = GOM Player

"InstallShield_{C209C9AF-5573-4261-AC58-7F263FE942B0}" = Crypto Budget II Web Camera

"KLiteCodecPack_is1" = K-Lite Codec Pack 4.7.5 (Full)

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft.Net.Client.3.5" = Microsoft .NET Framework Client Profile

"Mozilla Firefox (3.5.19)" = Mozilla Firefox (3.5.19)

"MPEG2 Codec(libmpeg2/mad)" = MPEG2 Codec(libmpeg2/mad)

"Nero - Burning Rom!UninstallKey" = Nero 6 Ultra Edition

"Toggle Downloader Adobe Photoshop" = Toggle Downloader Adobe Photoshop

"Trojan Remover_is1" = Trojan Remover 6.8.2

"Winamp" = Winamp

"Winamp Toolbar" = Winamp Toolbar

"Windows Media Format Runtime" = Windows Media Format Runtime

"WinRAR archiver" = WinRAR archiver

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 11/8/2010 3:21:53 PM | Computer Name = OWNER | Source = .NET Runtime Optimization Service | ID = 1101

Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)

- Failed to compile: System.ServiceModel, Version=3.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089

. Error code = 0x80070002

Error - 5/24/2011 10:14:06 AM | Computer Name = OWNER | Source = crypt32 | ID = 131083

Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

with error: A required certificate is not within its validity period when verifying

against the current system clock or the timestamp in the signed file.

Error - 5/24/2011 10:14:06 AM | Computer Name = OWNER | Source = crypt32 | ID = 131083

Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

with error: A required certificate is not within its validity period when verifying

against the current system clock or the timestamp in the signed file.

Error - 5/24/2011 10:14:23 AM | Computer Name = OWNER | Source = crypt32 | ID = 131080

Description = Failed auto update retrieval of third-party root list sequence number

from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>

with error: This operation returned because the timeout period expired.

Error - 5/24/2011 10:14:24 AM | Computer Name = OWNER | Source = crypt32 | ID = 131083

Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

with error: A required certificate is not within its validity period when verifying

against the current system clock or the timestamp in the signed file.

Error - 5/24/2011 10:14:25 AM | Computer Name = OWNER | Source = crypt32 | ID = 131080

Description = Failed auto update retrieval of third-party root list sequence number

from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>

with error: The specified server cannot perform the requested operation.

Error - 5/28/2011 5:04:18 AM | Computer Name = OWNER | Source = crypt32 | ID = 131083

Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

with error: A required certificate is not within its validity period when verifying

against the current system clock or the timestamp in the signed file.

Error - 5/28/2011 5:04:18 AM | Computer Name = OWNER | Source = crypt32 | ID = 131083

Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

with error: A required certificate is not within its validity period when verifying

against the current system clock or the timestamp in the signed file.

Error - 8/17/2011 2:41:12 PM | Computer Name = OWNER | Source = crypt32 | ID = 131077

Description = Failed auto update retrieval of third-party root certificate from:

<http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5.crt>

with error: This operation returned because the timeout period expired.

Error - 8/24/2011 9:34:50 AM | Computer Name = OWNER | Source = MsiInstaller | ID = 11722

Description = Product: Microsoft WSE 3.0 Runtime -- Error 1722.There is a problem

with this Windows Installer package. A program run as part of the setup did not

finish as expected. Contact your support personnel or package vendor. Action RegisterRuntime,

location: C:\WINDOWS\Installer\MSI14.tmp, command: INSTALL

[ System Events ]

Error - 5/6/2012 10:13:20 AM | Computer Name = OWNER | Source = Disk | ID = 262151

Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 5/6/2012 10:13:23 AM | Computer Name = OWNER | Source = Disk | ID = 262151

Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 5/6/2012 10:13:27 AM | Computer Name = OWNER | Source = Disk | ID = 262151

Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 5/6/2012 10:13:31 AM | Computer Name = OWNER | Source = Disk | ID = 262151

Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 5/6/2012 10:13:35 AM | Computer Name = OWNER | Source = Disk | ID = 262151

Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 5/6/2012 10:13:39 AM | Computer Name = OWNER | Source = Disk | ID = 262151

Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 5/6/2012 10:13:43 AM | Computer Name = OWNER | Source = Disk | ID = 262151

Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 5/6/2012 10:13:47 AM | Computer Name = OWNER | Source = Disk | ID = 262151

Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 5/6/2012 10:13:50 AM | Computer Name = OWNER | Source = Disk | ID = 262151

Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 5/6/2012 10:13:54 AM | Computer Name = OWNER | Source = Disk | ID = 262151