Tsvetan Mitev Публикувано Март 5, 2012 Report Share Публикувано Март 5, 2012 трябва ли да задържа файловете на раб. плот или мога да ги изтрия? Цитирай Link to comment Сподели другаде More sharing options...
Tsvetan Mitev Публикувано Март 5, 2012 Report Share Публикувано Март 5, 2012 продължавам да получавам скапаните съобщения с покана за дискусии от по десетки абонати!!!помогнете!!!моля!!! Цитирай Link to comment Сподели другаде More sharing options...
Night_Raven Публикувано Март 5, 2012 Report Share Публикувано Март 5, 2012 Научи се на обноски и не давай зор. Никой от потребителите във форума не ти е длъжен с нещо. Обяснил съм го по-подробно в тази тема. --- Сканирай с Malwarebytes Anti-Malware. Ако тепърва инсталираш програмата, в края инсталацията ще има отметка за автоматична актуализация, не я премахвай. В противен случай обнови дефинициите й ръчно. Ако вече имаш програмата, провери дали имаш последната версия и ако нямаш, премахни твоята и инсталирай най-новата, като в края на инсталацията остави отметката за актуализация на дефинициите. Инструкции за сканиране:- стартирай програмата;- избери Perform quick scan (Бързо сканиране) и кликни бутон Scan (Сканиране);- след като приключи сканирането, ако не са открити заплахи, ще се отвори автоматично текстов файл (който можеш да затвориш) и програмата ще те уведоми, че не е открила нищо, след което можеш да кликнеш бутон OK и да я затвориш;- ако са открити заплахи, кликни бутон OK и после Show Results (Покажи резултатите);- кликни бутон Remove Selected (Премахни избраните);Ако е нужен рестарт, се съгласи и рестартирай веднага. След рестарта стартирай отново програмата, иди на подпорозиорец Logs (Дневници), маркирай последния дневник, кликни бутон Open (Отвори) и му копирай съдържанието тук. Ако не е бил нужен рестарт, трябва да се появи текстов файл - копирай му съдържанието тук. Цитирай Link to comment Сподели другаде More sharing options...
Tsvetan Mitev Публикувано Март 5, 2012 Report Share Публикувано Март 5, 2012 извини ме!!!не съм искал да бъда досаден!прочетох и темата която си поставил!сега ти благодаря че ми помагаш !!!и ето и файла:Malwarebytes Anti-Malware (Пробна версия) 1.60.1.1000www.malwarebytes.org Версия на базата от данни: v2012.03.05.05 Windows XP Service Pack 3 x86 NTFSInternet Explorer 8.0.6001.18702TSURI_MITEV :: WORKGROU-E24652 [администратор] Защита: включена 05.3.2012 г. 16:36:18mbam-log-2012-03-05 (16-36-18).txt Тип сканиране: Бързо сканиранеВключени опции за сканиране: Памет | Автоматично зареждане | Системен регистър | Файлова система | Евристики/Допълнителни | Евристики/Shuriken | PUP | PUMИзключени опции за сканиране: P2PСканирани обекти: 207860Изминало време: 19 минута(и), 15 секунда(и) Открити процеси в паметта: 0(Не бяха открити зловредни обекти) Открити модули в паметта: 0(Не бяха открити зловредни обекти) Открити ключове в системния регистър: 4HKCU\SOFTWARE\B60JHDGR6V (Trojan.FakeAlert) -> Поставен под карантина и изтрит успешно.HKCU\SOFTWARE\JP595IR86O (Trojan.FakeAlert) -> Поставен под карантина и изтрит успешно.HKCU\SOFTWARE\XML (Trojan.FakeAlert) -> Поставен под карантина и изтрит успешно.HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> Поставен под карантина и изтрит успешно. Открити стойности в системния регистър: 0(Не бяха открити зловредни обекти) Открити информационни обекти в системния регистър: 0(Не бяха открити зловредни обекти) Открити папки: 0(Не бяха открити зловредни обекти) Открити файлове: 2C:\WINDOWS\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job (Trojan.Downloader) -> Поставен под карантина и изтрит успешно.C:\WINDOWS\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job (Trojan.FakeAlert) -> Поставен под карантина и изтрит успешно. (край) Цитирай Link to comment Сподели другаде More sharing options...
Night_Raven Публикувано Март 5, 2012 Report Share Публикувано Март 5, 2012 Това са по-скоро останки. И все пак, имаш ли някакви оплаквания след сканирането? Ако да, какви по-точно? Цитирай Link to comment Сподели другаде More sharing options...
Tsvetan Mitev Публикувано Март 5, 2012 Report Share Публикувано Март 5, 2012 ми отново се появяват тези дискусии!вече се чудя дали не може от настройките на скайпа да направя нещо?! Цитирай Link to comment Сподели другаде More sharing options...
Night_Raven Публикувано Март 5, 2012 Report Share Публикувано Март 5, 2012 Това, че някой те добавя в дадени общи чат сесии, не значи, че ти си заразен. Значи, че този, който те е добавил в този общия чат, е заразен. Ако искаш, ще погледна и лог от OTL. Изпълни долните инструкции, не тези, които си изпълнил преди. Изтегли OTL и го запази на работния плот:- стартирай инструмента;- постави отметка в горната част на Scan All Users;- в поле Standard Registry избери All;- от падащо меню File Age избери 90 Days;- постави отметки още на: Skip Microsoft Files, LOP Check и Purity Check;- в поле Custom Scans/Fixes (в долната част на програмата) постави следния текст (маркирай го, натисни Ctrl+C и после в полето на OTL натисни Ctrl+V):netsvcs msconfig safebootminimal safebootnetwork %SYSTEMDRIVE%\*.* %USERPROFILE%\*.* %USERPROFILE%\Application Data\*.* %USERPROFILE%\Local Settings\Application Data\*.* %AllUsersProfile%\*.* %AllUsersProfile%\Application Data\*.* %USERPROFILE%\My Documents\*.* %CommonProgramFiles%\*.* %PROGRAMFILES%\*.* %systemroot%\system32\*.dll /lockedfiles %systemroot%\Tasks\*.job /lockedfiles %systemroot%\system32\drivers\*.sys /90 %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\system32\Spool\prtprocs\w32x86\*.dll /md5start hlp.dat winlogon.exe wininit.exe userinit.exe explorer.exe volsnap.sys /md5stop- кликни бутон Run Scan;Изчакай сканирането да приключи. След края на сканирането автоматично ще се отворят двата новосъздадени на работния плот файла: OTL.txt и Extras.txt. Моля, прикачи тези два файла (поотделно или в архив) към следващия си коментар. Цитирай Link to comment Сподели другаде More sharing options...
Tsvetan Mitev Публикувано Март 5, 2012 Report Share Публикувано Март 5, 2012 OTL.TxtOTL.Txtсега излезе само този файл: разбирам ,че правиш всичко възможно ,за да ме "изчистиш",но в същото време ми става съвестно като ти създавам толкова работа!!това е последното , което опитваме сега и ако не се получи ,няма да ти дотягам повече тази нощ!може-би утре ако няма резултат дотогава!!!само един въпрос!мога ли да препоръчам на тези ,които смятам че са заразени , да прегледат темата в този форум?благодаря ти и лека нощ или по-лека работа!!! Цитирай Link to comment Сподели другаде More sharing options...
Night_Raven Публикувано Март 5, 2012 Report Share Публикувано Март 5, 2012 Има съмнителни елементи. Ако имаш антивирусна програма инсталирана, я спри, както и всякакви други излишни програми. Изтегли ComboFix (ако случайно вече имаш някаква версия, я замени) и го запази на работния плот.Стартирай го, кликни I Agree, изчакай да се разархивира и сканира докрай. Не кликай по прозореца на инструмента. Ако бъдеш попитан(а) дали да бъде инсталирана Recovery Console, кликни Yes и потвърди след това с OK и отново Yes (два пъти). Сканирането ще продължи. Ако има нужда от рестарт, компютърът ще се рестартира автоматично. След рестарта трябва да продължи сканирането. Отново не закачай прозореца, докато той не се самозатвори. След това постави съдържанието на текстовия файл C:\ComboFix.txt тук или го прикачи към коментара си. Ако не можеш да установиш връзка с интернет след използване на ComboFix, рестартирай системата. Цитирай Link to comment Сподели другаде More sharing options...
Tsvetan Mitev Публикувано Март 6, 2012 Report Share Публикувано Март 6, 2012 ComboFix 12-03-04.02 - TSURI_MITEV 03.2012 г. 11:27:37.1.2 - x86Microsoft Windows XP Professional 5.1.2600.3.1251.359.1033.18.3327.2482 [GMT 1:00]Running from: c:\documents and settings\TSURI_MITEV\Desktop\ComboFix.exeAV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\documents and settings\All Users\Application Data\TEMPc:\documents and settings\All Users\Application Data\TEMP\AVG\avgmfapx.exec:\documents and settings\All Users\Application Data\TEMP\AVG\avgmfarx.dllc:\documents and settings\All Users\Application Data\TEMP\AVG\avgntdumpx.exec:\documents and settings\All Users\Application Data\TEMP\AVG\avgrunasx.exec:\documents and settings\All Users\Application Data\TEMP\AVG\avi7.avgc:\documents and settings\All Users\Application Data\TEMP\AVG\htmlayout.dllc:\documents and settings\All Users\Application Data\TEMP\AVG\incavi.avmc:\documents and settings\All Users\Application Data\TEMP\AVG\license_cz.htmc:\documents and settings\All Users\Application Data\TEMP\AVG\license_da.htmc:\documents and settings\All Users\Application Data\TEMP\AVG\license_es.htmc:\documents and settings\All Users\Application Data\TEMP\AVG\license_fr.htmc:\documents and settings\All Users\Application Data\TEMP\AVG\license_ge.htmc:\documents and settings\All Users\Application Data\TEMP\AVG\license_hu.htmc:\documents and settings\All Users\Application Data\TEMP\AVG\license_id.htmc:\documents and settings\All Users\Application Data\TEMP\AVG\license_in.htmc:\documents and settings\All Users\Application Data\TEMP\AVG\license_it.htmc:\documents and settings\All Users\Application Data\TEMP\AVG\license_jp.htmc:\documents and settings\All Users\Application Data\TEMP\AVG\license_ko.htmc:\documents and settings\All Users\Application Data\TEMP\AVG\license_ms.htmc:\documents and settings\All Users\Application Data\TEMP\AVG\license_nl.htmc:\documents and settings\All Users\Application Data\TEMP\AVG\license_pb.htmc:\documents and settings\All Users\Application Data\TEMP\AVG\license_pl.htmc:\documents and settings\All Users\Application Data\TEMP\AVG\license_pt.htmc:\documents and settings\All Users\Application Data\TEMP\AVG\license_ru.htmc:\documents and settings\All Users\Application Data\TEMP\AVG\license_sc.htmc:\documents and settings\All Users\Application Data\TEMP\AVG\license_sk.htmc:\documents and settings\All Users\Application Data\TEMP\AVG\license_sp.htmc:\documents and settings\All Users\Application Data\TEMP\AVG\license_tr.htmc:\documents and settings\All Users\Application Data\TEMP\AVG\license_us.htmc:\documents and settings\All Users\Application Data\TEMP\AVG\license_zh.htmc:\documents and settings\All Users\Application Data\TEMP\AVG\license_zt.htmc:\documents and settings\All Users\Application Data\TEMP\AVG\mfaconf.txtc:\documents and settings\All Users\Application Data\TEMP\AVG\mfacz.lnsc:\documents and settings\All Users\Application Data\TEMP\AVG\mfada.lnsc:\documents and settings\All Users\Application Data\TEMP\AVG\mfaes.lnsc:\documents and settings\All Users\Application Data\TEMP\AVG\mfafr.lnsc:\documents and settings\All Users\Application Data\TEMP\AVG\mfage.lnsc:\documents and settings\All Users\Application Data\TEMP\AVG\mfahu.lnsc:\documents and settings\All Users\Application Data\TEMP\AVG\mfaid.lnsc:\documents and settings\All Users\Application Data\TEMP\AVG\mfain.lnsc:\documents and settings\All Users\Application Data\TEMP\AVG\mfait.lnsc:\documents and settings\All Users\Application Data\TEMP\AVG\mfajp.lnsc:\documents and settings\All Users\Application Data\TEMP\AVG\mfako.lnsc:\documents and settings\All Users\Application Data\TEMP\AVG\mfams.lnsc:\documents and settings\All Users\Application Data\TEMP\AVG\mfanl.lnsc:\documents and settings\All Users\Application Data\TEMP\AVG\mfapb.lnsc:\documents and settings\All Users\Application Data\TEMP\AVG\mfapl.lnsc:\documents and settings\All Users\Application Data\TEMP\AVG\mfapt.lnsc:\documents and settings\All Users\Application Data\TEMP\AVG\mfaru.lnsc:\documents and settings\All Users\Application Data\TEMP\AVG\mfasc.lnsc:\documents and settings\All Users\Application Data\TEMP\AVG\mfask.lnsc:\documents and settings\All Users\Application Data\TEMP\AVG\mfasp.lnsc:\documents and settings\All Users\Application Data\TEMP\AVG\mfatr.lnsc:\documents and settings\All Users\Application Data\TEMP\AVG\mfaus.lnsc:\documents and settings\All Users\Application Data\TEMP\AVG\mfavera.txtc:\documents and settings\All Users\Application Data\TEMP\AVG\mfaverx.txtc:\documents and settings\All Users\Application Data\TEMP\AVG\mfazh.lnsc:\documents and settings\All Users\Application Data\TEMP\AVG\mfazt.lnsc:\documents and settings\All Users\Application Data\TEMP\AVG\microavi.avgc:\documents and settings\All Users\Application Data\TEMP\AVG\miniavi.avgc:\documents and settings\All Users\Application Data\TEMP\AVG\setup.exec:\documents and settings\All Users\Application Data\TEMP\AVG\setup.inic:\documents and settings\TSURI_MITEV\Application Data\.#c:\documents and settings\TSURI_MITEV\Systemc:\documents and settings\TSURI_MITEV\System\win_qs8.jqxc:\windows\system32\SETB02.tmpc:\windows\system32\SETB06.tmpc:\windows\system32\SETB0E.tmp..((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))..-------\Legacy_NVMINI-------\Service_nvmini..((((((((((((((((((((((((( Files Created from 2012-02-06 to 2012-03-06 )))))))))))))))))))))))))))))))..2012-03-05 15:34 . 2012-03-05 15:34 -------- d-----w- c:\documents and settings\TSURI_MITEV\Application Data\Malwarebytes2012-03-05 15:32 . 2012-03-05 15:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2012-03-05 15:32 . 2012-03-05 15:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes2012-03-05 15:32 . 2011-12-10 14:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys2012-03-01 20:00 . 2012-03-01 20:00 -------- d-----w- C:\Downloads2012-02-16 17:00 . 2012-01-11 19:06 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll2012-02-16 17:00 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll2012-02-12 10:57 . 2012-02-12 10:57 -------- d-----w- c:\documents and settings\TSURI_MITEV\Application Data\vlc2012-02-12 10:55 . 2012-02-12 10:55 -------- d-----w- c:\program files\VideoLAN2012-02-12 10:53 . 2012-02-12 10:53 16742799 ----a-w- C:\vlc-0.9.9-win32.exe...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2012-01-20 19:36 . 2011-05-27 17:27 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2012-01-12 16:53 . 2004-08-03 23:17 1859968 ----a-w- c:\windows\system32\win32k.sys2011-12-17 19:46 . 2004-08-04 00:56 1469440 ------w- c:\windows\system32\inetcpl.cpl2011-12-17 19:46 . 2004-08-04 00:56 916992 ----a-w- c:\windows\system32\wininet.dll2011-12-17 19:46 . 2004-08-04 00:56 43520 ----a-w- c:\windows\system32\licmgr10.dll2011-12-16 12:22 . 2004-08-03 22:59 385024 ----a-w- c:\windows\system32\html.iec2010-01-18 22:56 . 2010-01-18 22:54 16832288 ----a-w- c:\program files\jre-6u17-windows-i586-s.exe2009-08-25 11:15 . 2009-08-25 11:15 16909168 ----a-w- c:\program files\IE8-WindowsXP-x86-BGR.exe2012-02-13 13:14 . 2011-05-13 21:19 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shownREGEDIT4.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-10-13 17351304]"VoipBuster"="c:\program files\VoipBuster.com\VoipBuster\VoipBuster.exe" [2011-08-23 13872432]"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-23 39408].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]"TBSysTray"="c:\program files\UPDD\TBSystry.exe" [2002-11-20 344064]"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872].[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360].[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart.[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]Authentication Packages REG_MULTI_SZ msv1_0 nwprovau.[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]@="Driver".[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AntiVirus Plus.lnk]path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AntiVirus Plus.lnkbackup=c:\windows\pss\AntiVirus Plus.lnkCommon Startup.[HKLM\~\startupfolder\C:^Documents and Settings^TSURI_MITEV^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk]path=c:\documents and settings\TSURI_MITEV\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnkbackup=c:\windows\pss\OpenOffice.org 3.3.lnkStartup.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\aidaemon]2010-01-19 16:58 315392 ----a-w- c:\program files\UPDD\AIDAEMON.EXE.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitComet]2011-09-23 07:02 11515184 ----a-w- c:\program files\BitComet\BitComet.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GUCI_AVS]2007-12-10 14:55 323584 ----a-w- c:\windows\PixArt\PAP7501\GUCI_AVS.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyGarminAgent]2010-03-16 08:36 337256 ----a-w- c:\program files\Garmin\MyGarminAgent\myGarminAgent.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nero MediaHome 4]2010-10-29 15:59 5178664 ----a-w- c:\program files\Nero\Nero MediaHome 4\NeroMediaHome.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]2001-07-09 08:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PAP7501_Monitor]2007-12-10 14:55 323584 ----a-w- c:\windows\PixArt\PAP7501\GUCI_AVS.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]2009-12-10 17:00 18789920 ----a-w- c:\windows\RTHDCPL.EXE.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]2009-06-23 10:19 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tbdaemon]2010-01-19 16:58 442368 ----a-w- c:\program files\UPDD\TBDAEMON.EXE.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Telefonica]2007-09-17 12:58 16384 ----a-w- c:\program files\Telefonica\bin\StartCmd.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VoipBuster]2011-08-23 12:10 13872432 ----a-w- c:\program files\VoipBuster.com\VoipBuster\voipbuster.exe.[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="c:\\Program Files\\VoipBuster.com\\VoipBuster\\VoipBuster.exe"="c:\\Program Files\\Opera\\opera.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe"="c:\\Program Files\\Ahead\\Nero ShowTime\\ShowTime.exe"="c:\\Program Files\\Mozilla Firefox\\firefox.exe"="c:\\WINDOWS\\system32\\dpvsetup.exe"="c:\\Program Files\\Telefonica\\AsistCfg90\\awcbrwsr.exe"="c:\\Program Files\\BitComet\\BitComet.exe"="c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"="c:\\Program Files\\Skype\\Phone\\Skype.exe"="c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"="c:\\Program Files\\Nero\\Nero MediaHome 4\\NMMediaServerService.exe"="c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"="c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"="c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"="c:\\Program Files\\TeamViewer\\Version6\\TeamViewer.exe"="c:\\Program Files\\TeamViewer\\Version6\\TeamViewer_Service.exe"=.[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]"25625:TCP"= 25625:TCP:BitComet 25625 TCP"25625:UDP"= 25625:UDP:BitComet 25625 UDP.R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [13.9.2010 і. 15:27 23120]R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [07.9.2010 і. 03:48 32592]R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [08.12.2010 і. 04:12 230608]R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [12.11.2010 і. 13:19 295248]R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [12.10.2011 і. 06:25 4433248]R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [02.8.2011 і. 06:09 192776]R2 ezGOSvc;Easybits GO Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [04.8.2004 і. 01:56 14336]R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [05.3.2012 і. 16:32 652360]R2 sprtsvc_Telefonica;SupportSoft Sprocket Service (Telefonica);c:\program files\Telefonica\bin\sprtsvc.exe [08.3.2007 і. 19:22 202280]R2 tbupddwu;tbupddwu;c:\program files\UPDD\TBUPDDWU.EXE [14.11.2010 і. 22:48 573440]R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [03.8.2010 і. 15:23 134608]R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [03.8.2010 і. 15:23 24272]R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [03.8.2010 і. 15:23 16720]R3 hidkmdf;HID Class Shim for KMDF;c:\windows\system32\drivers\HIDKMDF.SYS [14.11.2010 і. 22:48 5632]R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [05.3.2012 і. 16:32 20464]R3 upddvh;Touch-Base Serial Multi-touch Driver;c:\windows\system32\drivers\UPDDVH.SYS [14.11.2010 і. 22:48 26600]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 і. 13:16 130384]S2 gupdate1ca1761e381e3cc;Ус»уі° Google Update (gupdate1ca1761e381e3cc);c:\program files\Google\Update\GoogleUpdate.exe [07.8.2009 і. 14:20 133104]S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [16.12.2009 і. 21:45 1691480]S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [13.11.2010 і. 20:25 23456]S3 GUCI_AVS;Generic USB Controller Interface (AVS);c:\windows\system32\drivers\GUCI_AVS.sys [22.1.2010 і. 14:37 540160]S3 gupdatem;Ус»уі° Ѕ° Google рєту°»ё·°цёя (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [07.8.2009 і. 14:20 133104]S3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [03.12.2011 і. 14:22 155344]S3 TBUPDD;TBUPDD;c:\windows\system32\drivers\TBUPDDWD.SYS [14.11.2010 і. 12:17 339657]S3 tbupddsu;Universal Pointer Device Driver;c:\windows\system32\drivers\TBUPDDSU.SYS [14.11.2010 і. 22:48 65600]S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 і. 13:16 753504].--- Other Services/Drivers In Memory ---.*NewlyCreated* - WS2IFSL.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcsezGOSvc.Contents of the 'Scheduled Tasks' folder.2012-03-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-07 13:20].2012-03-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-07 13:20]..------- Supplementary Scan -------.uStart Page = hxxp://www.google.bg/uInternet Settings,ProxyServer = hxxp://87.246.55.154:8080uInternet Settings,ProxyOverride = <local>uSearchAssistant = hxxp://www.google.com/ieuSearchURL,(Default) = hxxp://www.google.com/search?q=%sIE: &С&валяне &с BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htmIE: &С&валяне на всички с BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htmTCP: DhcpNameServer = 80.58.61.250 80.58.61.254FF - ProfilePath - c:\documents and settings\TSURI_MITEV\Application Data\Mozilla\Firefox\Profiles\rzkc9neg.default\FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2086743&SearchSource=3&q={searchTerms}FF - prefs.js: browser.search.selectedEngine - GoogleFF - prefs.js: browser.startup.homepage - www.google.bgFF - prefs.js: keyword.URL - hxxp://search.avg.com/?d=4d5977ec&i=23&tp=ab&nt=1&q=.- - - - ORPHANS REMOVED - - - -.Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)MSConfigStartUp-AntiVirus Plus - c:\program files\AntiVirus Plus\AntiVirus Plus.70106.exeMSConfigStartUp-ares - c:\program files\Ares\Ares.exeMSConfigStartUp-ares vista - c:\program files\Ares Vista\AresVista.exeMSConfigStartUp-JP595IR86O - c:\docume~1\TSURI_~1\LOCALS~1\Temp\Wpk.exeMSConfigStartUp-Make A Voozie - c:\documents and settings\All Users\Application Data\Make A Voozie\VoozieMaker.exeMSConfigStartUp-MSMSGS - c:\program files\Messenger\msmsgs.exeAddRemove-PhotoFiltre - c:\documents and settings\TSURI_MITEV\Desktop\PhotoFiltre\Uninst.exeAddRemove-Пакет за езиков интерфейс на The KMPlayer - c:\program files\The KMPlayer\uninsall_bg.exe...**************************************************************************.catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2012-03-06 11:39Windows 5.1.2600 Service Pack 3 NTFS.scanning hidden processes ....scanning hidden autostart entries ....scanning hidden files ....scan completed successfullyhidden files: 0.**************************************************************************.--------------------- DLLs Loaded Under Running Processes ---------------------.- - - - - - - > 'winlogon.exe'(968)c:\windows\system32\Ati2evxx.dllc:\windows\system32\atiadlxx.dll.- - - - - - - > 'explorer.exe'(2548)c:\windows\system32\WININET.dllc:\windows\system32\ieframe.dllc:\windows\system32\msi.dllc:\program files\Common Files\Ahead\Lib\NeroDigitalExt.dllc:\program files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dllc:\windows\system32\webcheck.dllc:\windows\system32\WPDShServiceObj.dllc:\windows\system32\PortableDeviceTypes.dllc:\windows\system32\PortableDeviceApi.dll.------------------------ Other Running Processes ------------------------.c:\progra~1\AVG\AVG2012\avgrsx.exec:\program files\AVG\AVG2012\avgcsrvx.exec:\windows\system32\Ati2evxx.exec:\windows\system32\Ati2evxx.exec:\program files\Java\jre6\bin\jqs.exec:\program files\AVG\AVG2012\avgnsx.exec:\program files\AVG\AVG2012\avgemcx.exec:\program files\Nero\Nero MediaHome 4\NMMediaServerService.exec:\windows\system32\rundll32.exe.**************************************************************************.Completion time: 2012-03-06 11:44:18 - machine was rebootedComboFix-quarantined-files.txt 2012-03-06 10:44.Pre-Run: 5 181 161 472 bytes freePost-Run: 7 154 733 056 bytes free.WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe[boot loader]timeout=2default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS[operating systems]c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdconsUnsupportedDebug="do not select this" /debugmulti(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect.- - End Of File - - 319BBFFA8E81B44FF504241274F84E99 Цитирай Link to comment Сподели другаде More sharing options...
Night_Raven Публикувано Март 9, 2012 Report Share Публикувано Март 9, 2012 Не виждам нищо реално опасно в дневниците. Ако продължаваш да бъдеш включван в някакви чат сесии, то е защото другите потребители са заразени, а не ти. Освен да им кажеш да си почистят компютрите и/или да ги блокираш, не виждам какво друго може да се направи. Цитирай Link to comment Сподели другаде More sharing options...
tedi dimitrova Публикувано Май 6, 2012 Report Share Публикувано Май 6, 2012 Malwarebytes Anti-Malware (Trial) 1.61.0.1400www.malwarebytes.org Database version: v2012.05.06.03 Windows XP Service Pack 3 x86 NTFSInternet Explorer 6.0.2900.5512Ivalina :: OWNER [administrator] Protection: Enabled 5/6/2012 3:24:57 PMmbam-log-2012-05-06 (15-24-57).txt Scan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 184105Time elapsed: 17 minute(s), 48 second(s) Memory Processes Detected: 3C:\Documents and Settings\Ivalina\Application Data\HEX-5823-6893-6818\jusched.exe (Trojan.Agent) -> 1696 -> Delete on reboot.C:\Documents and Settings\Ivalina\Application Data\web2net.exe (Trojan.Agent) -> 1744 -> Delete on reboot.C:\WINDOWS\iqs.exe (Trojan.Agent) -> 1904 -> Delete on reboot. Memory Modules Detected: 0(No malicious items detected) Registry Keys Detected: 0(No malicious items detected) Registry Values Detected: 6HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Java Update Manager (Trojan.Agent) -> Data: C:\Documents and Settings\Ivalina\Application Data\HEX-5823-6893-6818\jusched.exe -> Quarantined and deleted successfully.HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Windows Login access (Trojan.Agent) -> Data: C:\Documents and Settings\Ivalina\Application Data\web2net.exe -> Quarantined and deleted successfully.HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Microsoft Firevall Engine (Trojan.Agent) -> Data: c:\windows\iqs.exe -> Quarantined and deleted successfully.HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Microsoft Firevall Engine (Trojan.Agent) -> Data: c:\windows\iqs.exe -> Quarantined and deleted successfully.HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\Run|Microsoft Firevall Engine (Trojan.Agent) -> Data: c:\windows\iqs.exe -> Quarantined and deleted successfully. Цитирай Link to comment Сподели другаде More sharing options...
s.feradov Публикувано Май 6, 2012 Report Share Публикувано Май 6, 2012 Има ли проблеми след сканирането с Malwarebytes' Anti-Malware? Ако да, то в какво се изразяват те? Цитирай Link to comment Сподели другаде More sharing options...
tedi dimitrova Публикувано Май 6, 2012 Report Share Публикувано Май 6, 2012 Засега не, но ми изписва съобщеие при стратиране, което е your computer might be a risk:-no firewall is turned on_Autumatic updates is turned ogg-avg anti-virus free might be out of dateТрябва ли да инсталирам нова антивирусна програма и да оправя настройките на Firewall Цитирай Link to comment Сподели другаде More sharing options...
tedi dimitrova Публикувано Май 6, 2012 Report Share Публикувано Май 6, 2012 OTL logfile created on: 5/6/2012 4:48:03 PM - Run 1OTL by OldTimer - Version 3.2.42.2 Folder = C:\Documents and Settings\Ivalina\DesktopWindows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstationInternet Explorer (Version = 6.0.2900.5512)Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 478.42 Mb Total Physical Memory | 123.18 Mb Available Physical Memory | 25.75% Memory free1.09 Gb Paging File | 0.60 Gb Available in Paging File | 54.75% Paging File freePaging file location(s): C:\pagefile.sys 720 1440 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program FilesDrive C: | 24.41 Gb Total Space | 7.79 Gb Free Space | 31.90% Space Free | Partition Type: NTFSDrive D: | 52.27 Gb Total Space | 50.63 Gb Free Space | 96.87% Space Free | Partition Type: NTFSUnable to calculate disk information. Computer Name: OWNER | User Name: Ivalina | Logged in as Administrator.Boot Mode: Normal | Scan Mode: All usersCompany Name Whitelist: Off | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days ========== Processes (SafeList) ========== PRC - [2012/05/06 16:42:32 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ivalina\Desktop\OTL.exePRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- D:\Malwarebytes' Anti-Malware\mbamservice.exePRC - [2012/04/04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- D:\Malwarebytes' Anti-Malware\mbamgui.exePRC - [2011/05/01 16:55:19 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exePRC - [2010/09/30 08:30:13 | 000,693,016 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgcsrvx.exePRC - [2010/09/30 08:30:01 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exePRC - [2010/09/30 08:29:51 | 002,048,352 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exePRC - [2009/07/01 19:37:06 | 000,037,888 | ---- | M] () -- C:\Program Files\Winamp\winampa.exePRC - [2008/04/14 15:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exePRC - [2005/01/01 02:02:03 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exePRC - [2005/01/01 02:02:03 | 000,595,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exePRC - [2005/01/01 02:02:03 | 000,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exePRC - [2004/10/14 10:11:10 | 001,388,544 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exePRC - [2002/09/20 15:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe ========== Modules (No Company Name) ========== MOD - [2010/07/06 11:44:34 | 000,221,184 | ---- | M] () -- C:\Documents and Settings\Ivalina\Application Data\Mozilla\Firefox\Profiles 3y0f3m0.default\extensions\browserhighlighter@ebay.com\components\Shim.dllMOD - [2009/09/21 06:10:14 | 001,032,192 | ---- | M] () -- C:\Documents and Settings\Ivalina\Application Data\Mozilla\Firefox\Profiles 3y0f3m0.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\components\IBitCometExtension.dllMOD - [2009/07/01 19:37:06 | 000,037,888 | ---- | M] () -- C:\Program Files\Winamp\winampa.exeMOD - [2009/06/08 02:27:11 | 000,140,800 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll ========== Win32 Services (SafeList) ========== SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- D:\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)SRV - [2011/05/30 12:33:54 | 001,025,352 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG8\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)SRV - [2010/09/30 08:30:01 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd)SRV - [2009/11/16 12:45:45 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)SRV - [2005/01/01 02:02:03 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc)SRV - [2002/09/20 15:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default)) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)DRV - File not found [Kernel | On_Demand | Stopped] -- E:\Fxdrv.sys -- (FXDRV)DRV - File not found [Kernel | System | Stopped] -- -- (Changer)DRV - File not found [Kernel | On_Demand | Unknown] -- -- (asrwrdtb)DRV - [2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)DRV - [2011/08/25 22:14:58 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)DRV - [2008/04/13 23:05:40 | 000,032,768 | ---- | M] (SiS Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisnic.sys -- (SISNIC)DRV - [2005/03/01 13:01:40 | 000,392,704 | ---- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)DRV - [2005/01/01 02:02:35 | 000,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (AvgTdiX)DRV - [2005/01/01 02:02:29 | 000,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (AvgLdx86)DRV - [2005/01/01 02:02:29 | 000,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (AvgMfx86)DRV - [2004/09/14 13:55:44 | 000,088,960 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MidiSyn.sys -- (MidiSyn) ========== Standard Registry (All) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhomeIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=13925&gct=&gc=1&q=IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htmIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=homeIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htmIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=13925&gct=&gc=1&q=IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htmIE - HKLM\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)IE - HKLM\..\SearchScopes,DefaultScope = {CCC7A320-B3CA-4199-B1A6-9F516DD69829}IE - HKLM\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}IE - HKLM\..\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&query={searchTerms}&invocationType=tb50winampie7 IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ IE - HKU\S-1-5-21-1417001333-413027322-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ieIE - HKU\S-1-5-21-1417001333-413027322-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htmIE - HKU\S-1-5-21-1417001333-413027322-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ieIE - HKU\S-1-5-21-1417001333-413027322-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.comIE - HKU\S-1-5-21-1417001333-413027322-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://zonedirector.com/1/IE - HKU\S-1-5-21-1417001333-413027322-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ieIE - HKU\S-1-5-21-1417001333-413027322-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ieIE - HKU\S-1-5-21-1417001333-413027322-1801674531-1003\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)IE - HKU\S-1-5-21-1417001333-413027322-1801674531-1003\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()IE - HKU\S-1-5-21-1417001333-413027322-1801674531-1003\..\URLSearchHook: {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll ()IE - HKU\S-1-5-21-1417001333-413027322-1801674531-1003\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)IE - HKU\S-1-5-21-1417001333-413027322-1801674531-1003\..\SearchScopes,DefaultScope = {CCC7A320-B3CA-4199-B1A6-9F516DD69829}IE - HKU\S-1-5-21-1417001333-413027322-1801674531-1003\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=GOM2&o=16141&src=crm&q={searchTerms}&locale=en_EU&apn_ptnrs=QO&apn_dtid=YYYYYYYYBG&apn_uid=B3A40B5E-7D0E-40FB-8E46-4DA423903717&apn_sauid=0144F82D-DB60-4E89-82E9-420CC73F73A2IE - HKU\S-1-5-21-1417001333-413027322-1801674531-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searIE - HKU\S-1-5-21-1417001333-413027322-1801674531-1003\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = http://www.daemon-search.com/search?q={searchTerms}IE - HKU\S-1-5-21-1417001333-413027322-1801674531-1003\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://search.avg.com/route/?d=4cc7c441&v=6.10.6.4&i=23&tp=chrome&q={searchTerms}&lng={language}&iy=&ychte=usIE - HKU\S-1-5-21-1417001333-413027322-1801674531-1003\..\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}: "URL" = http://toolbar.ask.com/toolbarv/askRedirect?gct=&gc=1&q={searchTerms}&crm=1&toolbar=UT2IE - HKU\S-1-5-21-1417001333-413027322-1801674531-1003\..\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&query={searchTerms}&invocationType=tb50winampie7IE - HKU\S-1-5-21-1417001333-413027322-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0IE - HKU\S-1-5-21-1417001333-413027322-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com"FF - prefs.js..browser.search.defaultenginename: "Ask.com"FF - prefs.js..browser.search.order.1: "Ask.com"FF - prefs.js..browser.search.selectedEngine: "Google"FF - prefs.js..browser.search.useDBForOrder: trueFF - prefs.js..browser.startup.homepage: "http://zonedirector.com/1/"FF - prefs.js..extensions.enabledItems: avg@igeared:7.005.030.004FF - prefs.js..extensions.enabledItems: {B042753D-F57E-4e8e-A01B-7379A6D4CEFB}:1.10FF - prefs.js..extensions.enabledItems: browserhighlighter@ebay.com:1.0FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.19FF - prefs.js..keyword.URL: "http://search.avg.com/route/?d=4cc7c441&v=7.005.030.004&i=23&tp=ab&iy=&ychte=us&lng=bg&q="FF - prefs.js..network.proxy.no_proxies_on: "*.local"FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll File not foundFF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG8\Toolbar\Firefox\avg@igeared [2011/06/24 00:14:50 | 000,000,000 | ---D | M]FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2010/11/08 21:43:39 | 000,000,000 | ---D | M]FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/04/21 01:35:59 | 000,000,000 | ---D | M]FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/10/08 21:43:51 | 000,000,000 | ---D | M] [2005/01/01 02:07:49 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Ivalina\Application Data\Mozilla\Extensions[2005/01/01 02:07:49 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Ivalina\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}[2012/05/05 18:39:55 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Ivalina\Application Data\Mozilla\Firefox\Profiles 3y0f3m0.default\extensions[2009/09/21 06:10:14 | 000,000,000 | ---D | M] (BitComet Video Downloader) -- C:\Documents and Settings\Ivalina\Application Data\Mozilla\Firefox\Profiles 3y0f3m0.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}[2012/04/30 18:58:32 | 000,000,000 | ---D | M] (The Browser Highlighter) -- C:\Documents and Settings\Ivalina\Application Data\Mozilla\Firefox\Profiles 3y0f3m0.default\extensions\browserhighlighter@ebay.com[2009/09/24 05:01:16 | 000,000,687 | ---- | M] () -- C:\Documents and Settings\Ivalina\Application Data\Mozilla\Firefox\Profiles 3y0f3m0.default\searchplugins\ask.xml[2011/08/13 07:41:25 | 000,002,396 | ---- | M] () -- C:\Documents and Settings\Ivalina\Application Data\Mozilla\Firefox\Profiles 3y0f3m0.default\searchplugins\askcom.xml[2011/08/25 22:15:26 | 000,002,055 | ---- | M] () -- C:\Documents and Settings\Ivalina\Application Data\Mozilla\Firefox\Profiles 3y0f3m0.default\searchplugins\daemon-search.xml[2012/03/03 15:13:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions[2011/05/01 16:55:34 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}[2010/11/09 10:06:01 | 000,000,000 | ---D | M] (The Browser Highlighter) -- C:\Program Files\Mozilla Firefox\extensions\browserhighlighter@ebay.com[2011/06/24 00:14:50 | 000,000,000 | ---D | M] ("urn:mozilla:install-manifest" em:id="avg@igeared" em:name="AVG Security Toolbar" em:version="7.005.030.004" em:displayname="AVG Security Toolbar" em:iconURL="chrome://tavgp/skin/logo.ico" em:creator="AVG Technologies" em:description="AVG Security Toolbar" em:homepageURL="http://www.avg.com" >) -- C:\PROGRAM FILES\AVG\AVG8\TOOLBAR\FIREFOX\AVG@IGEARED[2011/05/01 16:55:18 | 000,025,048 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll[2011/05/01 16:55:18 | 000,138,712 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll[2009/07/17 11:40:12 | 000,704,512 | ---- | M] (BitComet) -- C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll[2011/05/01 16:55:22 | 000,066,520 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll[2006/10/26 21:12:16 | 000,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL[2011/09/05 20:04:56 | 000,183,696 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll[2010/11/01 03:25:18 | 000,001,083 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\911bg.xml[2010/11/01 03:25:18 | 000,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml[2011/06/24 05:51:26 | 000,002,361 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg_igeared.xml[2010/11/01 03:25:18 | 000,002,442 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\diribg.xml[2010/11/01 03:25:18 | 000,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml[2010/11/01 03:25:18 | 000,001,515 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pe-bg.xml[2010/11/01 03:25:18 | 000,001,857 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\portalbgdict.xml[2010/11/01 03:25:18 | 000,001,220 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-bg.xml O1 HOSTS File: ([2008/04/14 15:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hostsO1 - Hosts: 127.0.0.1 localhostO2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet ools\BitCometBHO_1.3.7.16.dll (BitComet)O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)O3 - HKU\S-1-5-21-1417001333-413027322-1801674531-1003\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)O3 - HKU\S-1-5-21-1417001333-413027322-1801674531-1003\..\Toolbar\ShellBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()O3 - HKU\S-1-5-21-1417001333-413027322-1801674531-1003\..\Toolbar\ShellBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)O3 - HKU\S-1-5-21-1417001333-413027322-1801674531-1003\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)O3 - HKU\S-1-5-21-1417001333-413027322-1801674531-1003\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()O3 - HKU\S-1-5-21-1417001333-413027322-1801674531-1003\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] D:\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)O4 - HKLM..\Run: [soundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe (Analog Devices, Inc.)O4 - HKLM..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe (Analog Devices, Inc.)O4 - HKLM..\Run: [TrojanScanner] D:\Trojan Remover\Trjscan.exe /boot File not foundO4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()O4 - HKU\S-1-5-21-1417001333-413027322-1801674531-1003..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)O4 - HKU\S-1-5-21-1417001333-413027322-1801674531-1003..\Run: [DAEMON Tools Lite] "D:\DAEMON Tools Lite\DTLite.exe" -autorun File not foundO4 - HKU\S-1-5-21-1417001333-413027322-1801674531-1003..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent File not foundO4 - HKU\.DEFAULT..\RunOnce: [_nltide_3] C:\WINDOWS\System32\advpack.dll (Microsoft Corporation)O4 - HKU\S-1-5-18..\RunOnce: [_nltide_3] C:\WINDOWS\System32\advpack.dll (Microsoft Corporation)O4 - HKU\S-1-5-19..\RunOnce: [_nltide_3] C:\WINDOWS\System32\advpack.dll (Microsoft Corporation)O4 - HKU\S-1-5-20..\RunOnce: [_nltide_3] C:\WINDOWS\System32\advpack.dll (Microsoft Corporation)O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145O7 - HKU\S-1-5-21-1417001333-413027322-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145O8 - Extra context menu item: &D&ownload &with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)O8 - Extra context menu item: &D&ownload all video with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)O8 - Extra context menu item: &D&ownload all with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html ()O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet ools\BitCometBHO_1.3.7.16.dll (BitComet)O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.)O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.36.0.1O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3CE157CB-E1A7-4711-BB05-FF914A956BE3}: DhcpNameServer = 10.36.0.1O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)O18 - Protocol\Handler\ipp - No CLSID value foundO18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)O18 - Protocol\Handler\msdaipp - No CLSID value foundO18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)O18 - Protocol\Handler v {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)O18 - Protocol\Filter ext/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)O18 - Protocol\Filter ext/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)O20 - Winlogon\Notify\avgrsstarter: DllName - (avgrsstx.dll) - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)O20 - Winlogon\Notify\crypt32chain: DllName - (crypt32.dll) - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)O20 - Winlogon\Notify\cryptnet: DllName - (cryptnet.dll) - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)O20 - Winlogon\Notify\cscdll: DllName - (cscdll.dll) - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)O20 - Winlogon\Notify\dimsntfy: DllName - (%SystemRoot%\System32\dimsntfy.dll) - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)O20 - Winlogon\Notify\Schedule: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)O20 - Winlogon\Notify\sclgntfy: DllName - (sclgntfy.dll) - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)O20 - Winlogon\Notify\SensLogn: DllName - (WlNotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)O20 - Winlogon\Notify ermsrv: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)O20 - Winlogon\Notify\WgaLogon: DllName - (WgaLogon.dll) - C:\WINDOWS\System32\wgalogon.dll (Microsoft Corporation)O20 - Winlogon\Notify\wlballoon: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)O24 - Desktop Components:0 () - file:///C:/DOCUME~1/Ivalina/LOCALS~1/Temp/msohtmlclip1/02/clip_image001.jpgO24 - Desktop Components:1 (My Current Home Page) - About:HomeO24 - Desktop WallPaper:O24 - Desktop BackupWallPaper: C:\Documents and Settings\Ivalina\Local Settings\Application Data\Microsoft\Wallpaper1.bmpO28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)O31 - SafeBoot: AlternateShell - cmd.exeO32 - HKLM CDRom: AutoRun - 1O32 - AutoRun File - [2005/01/01 01:31:12 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]O34 - HKLM BootExecute: (autocheck autochk *)O35 - HKLM\..comfile [open] -- "%1" %*O35 - HKLM\..exefile [open] -- "%1" %*O37 - HKLM\...com [@ = comfile] -- "%1" %*O37 - HKLM\...exe [@ = exefile] -- "%1" %*O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) NetSvcs: 6to4 - File not foundNetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not foundNetSvcs: Ias - File not foundNetSvcs: Iprip - File not foundNetSvcs: Irmon - File not foundNetSvcs: NWCWorkstation - File not foundNetSvcs: Nwsapagent - File not foundNetSvcs: WmdmPmSp - File not found MsConfig - StartUpReg: GrooveMonitor - hkey= - key= - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)MsConfig - StartUpReg: NeroFilterCheck - hkey= - key= - File not foundMsConfig - State: "system.ini" - 0MsConfig - State: "win.ini" - 0MsConfig - State: "bootini" - 0MsConfig - State: "services" - 0MsConfig - State: "startup" - 2 SafeBootMin: Base - Driver GroupSafeBootMin: Boot Bus Extender - Driver GroupSafeBootMin: Boot file system - Driver GroupSafeBootMin: File system - Driver GroupSafeBootMin: Filter - Driver GroupSafeBootMin: PCI Configuration - Driver GroupSafeBootMin: PNP Filter - Driver GroupSafeBootMin: Primary disk - Driver GroupSafeBootMin: SCSI Class - Driver GroupSafeBootMin: sermouse.sys - DriverSafeBootMin: System Bus Extender - Driver GroupSafeBootMin: vga.sys - DriverSafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllersSafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM DriveSafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDriveSafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controllerSafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - HdcSafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - KeyboardSafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - MouseSafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA AdaptersSafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapterSafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - SystemSafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk driveSafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - VolumeSafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: Base - Driver GroupSafeBootNet: Boot Bus Extender - Driver GroupSafeBootNet: Boot file system - Driver GroupSafeBootNet: File system - Driver GroupSafeBootNet: Filter - Driver GroupSafeBootNet: NDIS Wrapper - Driver GroupSafeBootNet: NetBIOSGroup - Driver GroupSafeBootNet: NetDDEGroup - Driver GroupSafeBootNet: Network - Driver GroupSafeBootNet: NetworkProvider - Driver GroupSafeBootNet: PCI Configuration - Driver GroupSafeBootNet: PNP Filter - Driver GroupSafeBootNet: PNP_TDI - Driver GroupSafeBootNet: Primary disk - Driver GroupSafeBootNet: SCSI Class - Driver GroupSafeBootNet: sermouse.sys - DriverSafeBootNet: Streams Drivers - Driver GroupSafeBootNet: System Bus Extender - Driver GroupSafeBootNet: TDI - Driver GroupSafeBootNet: vga.sys - DriverSafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllersSafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM DriveSafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDriveSafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controllerSafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - HdcSafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - KeyboardSafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - MouseSafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - NetSafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClientSafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetServiceSafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTransSafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA AdaptersSafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapterSafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - SystemSafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk driveSafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - VolumeSafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices ========== Files/Folders - Created Within 90 Days ========== [2012/05/06 16:42:31 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Ivalina\Desktop\OTL.exe[2012/05/06 16:01:19 | 000,000,000 | ---D | C] -- C:\Avenger[2012/05/06 15:22:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ivalina\Application Data\Malwarebytes[2012/05/06 15:21:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware[2012/05/06 15:21:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes[2012/05/06 15:21:18 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys[2012/04/27 17:19:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ivalina\Desktop\Adobe Photoshop CS5.1EN[2012/04/27 15:42:35 | 000,000,000 | ---D | C] -- C:\Program Files\Toggle Downloader[2012/04/27 15:42:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ivalina\Start Menu\Programs\Toggle Downloader[2012/04/06 19:43:35 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ][1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 90 Days ========== [2012/05/06 16:42:32 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ivalina\Desktop\OTL.exe[2012/05/06 16:02:48 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat[2012/05/06 15:21:23 | 000,000,534 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk[2012/05/05 17:09:07 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl[2012/05/02 19:57:13 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat[2012/04/29 21:25:37 | 000,168,960 | ---- | M] () -- C:\Documents and Settings\Ivalina\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini[2012/04/29 17:40:59 | 000,038,891 | ---- | M] () -- C:\Documents and Settings\Ivalina\Desktop\supernatural.720.hdtv-lol.srt[2012/04/27 20:22:23 | 000,265,105 | ---- | M] () -- C:\Documents and Settings\Ivalina\Desktop\414331_2952182453583_1532062870_32116290_876525801_o.jpg[2012/04/21 22:11:26 | 000,036,443 | ---- | M] () -- C:\Documents and Settings\Ivalina\Desktop\supernatural.719.hdtv-lol.srt[2012/04/15 18:15:21 | 000,368,172 | ---- | M] () -- C:\Documents and Settings\Ivalina\Desktop\459056_2703529202167_1674845153_1686285_926405320_o.jpg[2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys[2012/04/02 16:28:10 | 000,035,927 | ---- | M] () -- C:\Documents and Settings\Ivalina\Desktop\supernatural.718.hdtv-lol.srt[2012/04/01 13:18:43 | 000,034,629 | ---- | M] () -- C:\Documents and Settings\Ivalina\Desktop he.vampire.diaries.s03e18.hdtv.xvid-fqm.srt[2012/03/29 12:12:09 | 000,036,122 | ---- | M] () -- C:\Documents and Settings\Ivalina\Desktop\one.tree.hill.s09e12.720p.hdtv.x264-2hd.srt[2012/03/25 19:55:20 | 000,435,260 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat[2012/03/25 19:55:20 | 000,068,156 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat[2012/03/17 21:56:19 | 000,032,304 | ---- | M] () -- C:\Documents and Settings\Ivalina\Desktop\supernatural.716.hdtv-lol.srt[2012/03/17 00:08:35 | 000,035,000 | ---- | M] () -- C:\Documents and Settings\Ivalina\Desktop\The.Secret.Circle.S01E16.720p.HDTV.X264-DIMENSION.srt[2012/03/12 20:10:35 | 000,000,552 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat[2012/02/22 19:32:48 | 000,000,002 | ---- | M] () -- C:\WINDOWS\~sisRslt[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ][1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/05/06 15:21:23 | 000,000,534 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk[2012/04/29 21:23:57 | 000,038,891 | ---- | C] () -- C:\Documents and Settings\Ivalina\Desktop\supernatural.720.hdtv-lol.srt[2012/04/29 21:03:46 | 000,036,443 | ---- | C] () -- C:\Documents and Settings\Ivalina\Desktop\supernatural.719.hdtv-lol.srt[2012/04/27 20:22:19 | 000,265,105 | ---- | C] () -- C:\Documents and Settings\Ivalina\Desktop\414331_2952182453583_1532062870_32116290_876525801_o.jpg[2012/04/15 18:15:16 | 000,368,172 | ---- | C] () -- C:\Documents and Settings\Ivalina\Desktop\459056_2703529202167_1674845153_1686285_926405320_o.jpg[2012/04/03 20:13:11 | 000,036,122 | ---- | C] () -- C:\Documents and Settings\Ivalina\Desktop\one.tree.hill.s09e12.720p.hdtv.x264-2hd.srt[2012/04/03 19:21:05 | 000,034,629 | ---- | C] () -- C:\Documents and Settings\Ivalina\Desktop he.vampire.diaries.s03e18.hdtv.xvid-fqm.srt[2012/04/03 19:19:57 | 000,035,927 | ---- | C] () -- C:\Documents and Settings\Ivalina\Desktop\supernatural.718.hdtv-lol.srt[2012/03/22 23:19:34 | 000,032,304 | ---- | C] () -- C:\Documents and Settings\Ivalina\Desktop\supernatural.716.hdtv-lol.srt[2012/03/22 22:51:31 | 000,035,000 | ---- | C] () -- C:\Documents and Settings\Ivalina\Desktop\The.Secret.Circle.S01E16.720p.HDTV.X264-DIMENSION.srt[2012/03/12 20:10:35 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat[2011/04/14 16:07:32 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat[2010/10/13 21:27:08 | 000,162,304 | ---- | C] () -- C:\WINDOWS\System32\ztvunrar36.dll[2010/10/13 21:27:08 | 000,077,312 | ---- | C] () -- C:\WINDOWS\System32\ztvunace26.dll[2010/10/13 21:27:08 | 000,075,264 | ---- | C] () -- C:\WINDOWS\System32\unacev2.dll[2010/10/13 21:27:07 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\UNRAR3.dll ========== LOP Check ========== [2009/12/30 14:58:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ashampoo[2010/10/27 09:18:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar[2011/08/25 22:14:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite[2011/08/24 17:30:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EA Core[2009/12/30 14:57:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\page[2010/10/13 21:27:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Simply Super Software[2011/08/24 14:50:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP[2009/12/30 14:59:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ivalina\Application Data\Ashampoo[2011/08/12 18:12:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ivalina\Application Data\BSplayer PRO[2011/08/25 22:29:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ivalina\Application Data\DAEMON Tools Lite[2010/10/13 21:27:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ivalina\Application Data\Simply Super Software[2009/10/26 16:23:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ivalina\Application Data\uTorrent ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.* >[2005/01/01 01:31:12 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT[2011/10/10 23:10:12 | 000,000,211 | -HS- | M] () -- C:\boot.ini[2005/01/01 01:31:12 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS[2005/01/01 01:31:12 | 000,000,000 | RHS- | M] () -- C:\IO.SYS[2005/01/01 01:31:12 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS[2008/04/14 15:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM[2008/04/14 15:00:00 | 000,250,048 | RHS- | M] () -- C:\ntldr[2012/05/06 16:02:40 | 754,974,720 | -HS- | M] () -- C:\pagefile.sys < %USERPROFILE%\*.* >[2012/05/06 16:00:32 | 006,291,456 | -H-- | M] () -- C:\Documents and Settings\Ivalina\NTUSER.DAT[2012/05/06 17:05:16 | 000,001,024 | -H-- | M] () -- C:\Documents and Settings\Ivalina\ntuser.dat.LOG[2012/05/06 16:00:32 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Ivalina\ntuser.ini < %USERPROFILE%\AppData\Local\*.* > < %USERPROFILE%\AppData\Roaming\*.* >Invalid Environment Variable: ProgramData < %CommonProgramFiles%\*.* > < %PROGRAMFILES%\*.* > < %systemroot%\system32\config\systemprofile\AppData\Local\*.* > < %windir%\ServiceProfiles\LocalService\AppData\Local\Temp\*.* > < %windir%\ServiceProfiles\NetworkService\AppData\Local\Temp\*.* > < %windir%\\ temp\*.* > < %systemroot%\system32\*.dll /lockedfiles >[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ] < %systemroot%\Tasks\*.job /lockedfiles > < %systemroot%\system32\drivers\*.sys /90 >[2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbam.sys < %systemroot%\system32\drivers\*.sys /lockedfiles >[2011/08/25 22:14:58 | 000,691,696 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\sptd.sys < %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >[2008/07/06 15:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll[2006/10/26 20:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\Spool\prtprocs\w32x86\msonpppr.dll < %systemroot%\*. /rp /s > < %systemroot%\assembly emp\*.* /S /MD5 > < %systemroot%\assembly mp\*.* /S /MD5 > < %systemroot%\assembly\GAC_32\*.* /S /MD5 >[2011/08/24 17:10:03 | 000,069,120 | ---- | M] () MD5=DC426A365577F27187F99EB506ECD5D1 -- C:\WINDOWS\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll[2011/08/24 17:10:15 | 000,072,192 | ---- | M] () MD5=29B35A999E341A37BE67771BE01CC275 -- C:\WINDOWS\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll[2011/08/24 17:18:33 | 000,163,840 | ---- | M] () MD5=36BDD82A92AA704034475C2DEF7FBD29 -- C:\WINDOWS\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\3.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll[2011/08/24 17:10:49 | 000,066,728 | ---- | M] () MD5=C01B81BB10AD14DBC5C4ECD350638096 -- C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\big5.nlp[2011/08/24 17:10:49 | 000,082,172 | ---- | M] () MD5=EE1F60F8774D74BED8B13498F3FE737A -- C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\bopomofo.nlp[2011/08/24 17:10:49 | 000,116,756 | ---- | M] () MD5=F6DFDA5A31162D848634504565F6D321 -- C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\ksc.nlp[2011/08/24 17:10:49 | 004,546,560 | ---- | M] () MD5=0E6ABF2107C72F5FA86EE620BE315CA0 -- C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll[2011/08/24 17:10:49 | 000,059,342 | ---- | M] () MD5=DA5748A89E22A3932387E65694B25BBB -- C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\normidna.nlp[2011/08/24 17:10:49 | 000,045,794 | ---- | M] () MD5=3831A5E217D6FA828CCE1011DA26E677 -- C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\normnfc.nlp[2011/08/24 17:10:49 | 000,039,284 | ---- | M] () MD5=DBDE664E0BA4BACD0A6A04AE2232B205 -- C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\normnfd.nlp[2011/08/24 17:10:50 | 000,066,384 | ---- | M] () MD5=C9B88B759FE81D59CE8EBF5A0A8EB75A -- C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\normnfkc.nlp[2011/08/24 17:10:50 | 000,060,294 | ---- | M] () MD5=3CAB6AB66759FCDF73B61EE262C9ACF4 -- C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\normnfkd.nlp[2011/08/24 17:10:49 | 000,083,748 | ---- | M] () MD5=54144F43EDF5AA8F504A30E7C1D1A7B5 -- C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\prc.nlp[2011/08/24 17:10:49 | 000,083,748 | ---- | M] () MD5=901863C68E6523336CAC602FE9320ABC -- C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\prcp.nlp[2011/08/24 17:10:49 | 000,262,148 | ---- | M] () MD5=FB59D247F7143C3B9683A547E808A88B -- C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp[2011/08/24 17:10:49 | 000,020,320 | ---- | M] () MD5=FF13BA175F0013D2311827E0D438C60B -- C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp[2011/08/24 17:10:49 | 000,028,288 | ---- | M] () MD5=09E420F90A329BDA68477FA4AF43CB28 -- C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\xjis.nlp[2010/11/08 21:41:47 | 004,210,688 | ---- | M] () MD5=A9D42B0504EAE68C4D45692F019B543A -- C:\WINDOWS\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll[2011/08/24 17:10:46 | 000,486,400 | ---- | M] () MD5=B2EDA351AB2DEE6F0CE95B38F8BFA0D5 -- C:\WINDOWS\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll[2011/08/24 17:10:56 | 002,933,248 | ---- | M] () MD5=16F96C1496CBD0965285AB19A9271D02 -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll[2011/08/24 17:10:42 | 000,258,048 | ---- | M] () MD5=9631B15DB7C43C267636FF43C3075E07 -- C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll[2011/08/24 17:10:42 | 000,113,664 | ---- | M] () MD5=E786C33D35D39C5CCB523AECC18D7BD7 -- C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll[2010/11/08 21:41:55 | 000,368,640 | ---- | M] () MD5=34FA631FAA4B2DF8C0A92B7B5AD9D6E1 -- C:\WINDOWS\assembly\GAC_32\System.Printing\3.0.0.0__31bf3856ad364e35\System.Printing.dll[2011/08/24 17:10:24 | 000,261,632 | ---- | M] () MD5=F054572A92573CA32D5F3AA8C15D2BAC -- C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll[2011/08/24 17:09:45 | 005,238,784 | ---- | M] () MD5=4D041993C3728B5924039E69074F238C -- C:\WINDOWS\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll < %SystemRoot%\assembly\GAC_MSIL\*.* /S /MD5 >[2011/08/24 17:10:01 | 000,010,752 | ---- | M] () MD5=A5A56B4957BD59D324821522FE14F751 -- C:\WINDOWS\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll[2011/08/24 17:09:47 | 000,507,904 | ---- | M] () MD5=B8FE2350B2236EE3D1CECA34E0C0FF17 -- C:\WINDOWS\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll[2011/08/24 17:10:02 | 000,013,312 | ---- | M] () MD5=107F49F1BF0FB27A6CD758EB8C4D95A0 -- C:\WINDOWS\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll[2011/08/24 17:10:05 | 000,008,192 | ---- | M] () MD5=6CD7461E06CB8BAEE3B16C3D7F637CD0 -- C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll[2011/08/24 17:10:06 | 000,077,824 | ---- | M] () MD5=24F0385D06BD86A97412B8905483313E -- C:\WINDOWS\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll[2011/08/24 17:10:08 | 000,006,656 | ---- | M] () MD5=11F3AC2D47E566615819F5BF0DD18379 -- C:\WINDOWS\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll[2011/08/24 17:20:55 | 000,106,496 | ---- | M] () MD5=29CED3B606BA7E2B49E52931C5CB53B7 -- C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Conversion.v3.5\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Conversion.v3.5.dll[2011/08/24 17:10:31 | 000,348,160 | ---- | M] () MD5=996AAEEC01C734347DE8A72542FD1C12 -- C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll[2011/08/24 17:20:56 | 000,733,184 | ---- | M] () MD5=31C6E94759BF4D2FBE3239FFA717967D -- C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Engine\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll[2011/08/24 17:10:34 | 000,036,864 | ---- | M] () MD5=D2A1C3150E43738BAB3D0AD9921B3E50 -- C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll[2011/08/24 17:20:57 | 000,036,864 | ---- | M] () MD5=17C6F3F73858732DE59D6D957958E9AF -- C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Framework\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll[2011/08/24 17:20:57 | 000,802,816 | ---- | M] () MD5=37F17D4698086C90127BBD90E73D7FE2 -- C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Tasks.v3.5\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.v3.5.dll[2011/08/24 17:10:38 | 000,655,360 | ---- | M] () MD5=8A3F5B72C3F402C8D33027A4C77F55AC -- C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll[2011/08/24 17:20:58 | 000,094,208 | ---- | M] () MD5=E32A06F647517D0DEA80F29B459E8FA2 -- C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Utilities.v3.5\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.v3.5.dll[2011/08/24 17:10:41 | 000,077,824 | ---- | M] () MD5=640BF6BB259B53BEFF59135645C63B18 -- C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll[2011/08/24 17:10:17 | 000,749,568 | ---- | M] () MD5=EB535D00C508119EEE4042B737165A3B -- C:\WINDOWS\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll[2011/08/24 17:18:32 | 000,397,312 | ---- | M] () MD5=66F6B3248D6C39CEFA49174133A694FE -- C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\3.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll[2011/08/24 17:10:14 | 000,110,592 | ---- | M] () MD5=D676BC7C829F86A215676281A1032C6B -- C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll[2011/08/24 17:10:13 | 000,372,736 | ---- | M] () MD5=226956F70AEBBBF5ACBC9ADA6522B6F6 -- C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll[2011/08/24 17:10:22 | 000,028,672 | ---- | M] () MD5=3D61BFCBE13C2DC8F5AE20BF02145322 -- C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll[2011/08/24 17:10:11 | 000,659,456 | ---- | M] () MD5=EFC806A1C4C6CE9F69AECE0AB72C1E34 -- C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll[2011/08/24 17:20:55 | 000,041,984 | ---- | M] () MD5=9F065BF574C956B85DB355C32E7E995E -- C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualC.STLCLR\1.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.STLCLR.dll[2011/08/24 17:10:52 | 000,005,632 | ---- | M] () MD5=7E50D25F9A5BC75F22CA7AEB52176CA2 -- C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll[2011/08/24 17:10:23 | 000,012,800 | ---- | M] () MD5=B27AA2EA41728FAF5E9642CFD2958FB9 -- C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll[2011/08/24 17:10:10 | 000,032,768 | ---- | M] () MD5=D251A67B7D6DE2194F6E264055E020FB -- C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll[2011/08/24 17:10:07 | 000,007,168 | ---- | M] () MD5=9659028AFA77387D6D2BF4280C10AB94 -- C:\WINDOWS\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll[2011/08/24 17:18:37 | 000,598,016 | ---- | M] () MD5=28595FA306E58AACD7DAFF001F430703 -- C:\WINDOWS\assembly\GAC_MSIL\PresentationBuildTasks\3.0.0.0__31bf3856ad364e35\PresentationBuildTasks.dll[2010/11/08 21:41:46 | 000,032,768 | ---- | M] () MD5=93F9CC2360815D8EF955407CF92B38AA -- C:\WINDOWS\assembly\GAC_MSIL\PresentationCFFRasterizer\3.0.0.0__31bf3856ad364e35\PresentationCFFRasterizer.dll[2011/08/24 17:18:39 | 000,046,104 | ---- | M] () MD5=8BA7C024070F2B7FDD98ED8A4BA41789 -- C:\WINDOWS\assembly\GAC_MSIL\PresentationFontCache\3.0.0.0__31bf3856ad364e35\PresentationFontCache.exe[2010/11/08 21:41:48 | 000,196,608 | ---- | M] () MD5=0C488A21B5A63055CB7736E3E0C75B1F -- C:\WINDOWS\assembly\GAC_MSIL\PresentationFramework.Aero\3.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll[2010/11/08 21:41:49 | 000,139,264 | ---- | M] () MD5=DA8417F8973EC51F0F1859CA0B334FC5 -- C:\WINDOWS\assembly\GAC_MSIL\PresentationFramework.Classic\3.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll[2010/11/08 21:41:49 | 000,397,312 | ---- | M] () MD5=7E61032F4F2BAB036B859D3B22D26DD0 -- C:\WINDOWS\assembly\GAC_MSIL\PresentationFramework.Luna\3.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll[2010/11/08 21:41:50 | 000,163,840 | ---- | M] () MD5=D1E117EDDEFEB220351BE0C7B27A4646 -- C:\WINDOWS\assembly\GAC_MSIL\PresentationFramework.Royale\3.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll[2010/11/08 21:41:51 | 005,283,840 | ---- | M] () MD5=DCC01F2F3B12AB72C5663E22140DA209 -- C:\WINDOWS\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll[2010/11/08 21:41:53 | 000,864,256 | ---- | M] () MD5=428D3714C85BACE55476C91E0D90E495 -- C:\WINDOWS\assembly\GAC_MSIL\PresentationUI\3.0.0.0__31bf3856ad364e35\PresentationUI.dll[2010/11/08 21:41:54 | 000,528,384 | ---- | M] () MD5=A37D01E48B3908330E780466312D54A6 -- C:\WINDOWS\assembly\GAC_MSIL\ReachFramework\3.0.0.0__31bf3856ad364e35\ReachFramework.dll[2010/11/08 21:43:37 | 000,005,632 | ---- | M] () MD5=807B70A78ACE7D01F769FE502A769E67 -- C:\WINDOWS\assembly\GAC_MSIL\Sentinel.v3.5Client\3.5.0.0__b03f5f7f11d50a3a\Sentinel.v3.5Client.dll[2010/11/08 21:41:39 | 000,110,592 | ---- | M] () MD5=6EC3D3F69A5D91C7879E938EB0AFDF1A -- C:\WINDOWS\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMdiagnostics.dll[2011/08/24 17:10:44 | 000,110,592 | ---- | M] () MD5=0AD1C94AB2D36B79B9F2B54EADEB300A -- C:\WINDOWS\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll[2010/11/08 21:43:37 | 000,045,056 | ---- | M] () MD5=B34B75256D536385B927193FB1DCBB81 -- C:\WINDOWS\assembly\GAC_MSIL\System.AddIn.Contract\2.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll[2010/11/08 21:43:38 | 000,163,840 | ---- | M] () MD5=212E7E4F44432B5EDA508D454FC01A61 -- C:\WINDOWS\assembly\GAC_MSIL\System.AddIn\3.5.0.0__b77a5c561934e089\System.AddIn.dll[2011/08/24 17:21:06 | 000,057,344 | ---- | M] () MD5=34AAEA0DCF908A7D3C1D8C2132B0E4D4 -- C:\WINDOWS\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\3.5.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll[2011/08/24 17:10:45 | 000,081,920 | ---- | M] () MD5=41BC941761FB3D1E21826C3C0E3CEEEE -- C:\WINDOWS\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll[2011/08/24 17:10:53 | 000,425,984 | ---- | M] () MD5=C1C4025B5F5311AC8BCC318B0C244D58 -- C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll[2010/11/08 21:43:38 | 000,667,648 | ---- | M] () MD5=6617F24759BB1F3873C88AD9E0DF0435 -- C:\WINDOWS\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dll[2010/11/08 21:43:39 | 000,053,248 | ---- | M] () MD5=1FDC244EEDD9B7804C7829DA11F1522E -- C:\WINDOWS\assembly\GAC_MSIL\System.Data.DataSetExtensions\3.5.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll[2011/08/24 17:20:59 | 000,229,376 | ---- | M] () MD5=3FE6C3CDB01F039110152B1B0AE4980F -- C:\WINDOWS\assembly\GAC_MSIL\System.Data.Entity.Design\3.5.0.0__b77a5c561934e089\System.Data.Entity.Design.dll[2011/08/24 17:21:01 | 002,879,488 | ---- | M] () MD5=CB45DFC6F9E1F954A718769D02D9C312 -- C:\WINDOWS\assembly\GAC_MSIL\System.Data.Entity\3.5.0.0__b77a5c561934e089\System.Data.Entity.dll[2011/08/24 17:20:54 | 000,684,032 | ---- | M] () MD5=DDFB10C4A14ADD5D0A6C96E6DC3D29DF -- C:\WINDOWS\assembly\GAC_MSIL\System.Data.Linq\3.5.0.0__b77a5c561934e089\System.Data.Linq.dll[2010/11/08 21:43:37 | 000,294,912 | ---- | M] () MD5=31D8266EF0201DEDDFF189A75A5D475A -- C:\WINDOWS\assembly\GAC_MSIL\System.Data.Services.Client\3.5.0.0__b77a5c561934e089\System.Data.Services.Client.dll[2011/08/24 17:20:52 | 000,114,688 | ---- | M] () MD5=0A7F3B1C1A9CC722F48A7A16394F61C4 -- C:\WINDOWS\assembly\GAC_MSIL\System.Data.Services.Design\3.5.0.0__b77a5c561934e089\System.Data.Services.Design.dll[2011/08/24 17:20:53 | 000,442,368 | ---- | M] () MD5=82F8B1D055AFF7DAF984290AEB453646 -- C:\WINDOWS\assembly\GAC_MSIL\System.Data.Services\3.5.0.0__b77a5c561934e089\System.Data.Services.dll[2011/08/24 17:10:36 | 000,745,472 | ---- | M] () MD5=6388F9A7AA6E22DDA2E0D84E5BCE537C -- C:\WINDOWS\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll[2011/08/24 17:10:29 | 000,970,752 | ---- | M] () MD5=97DDAFB2A7B33DC3F746EF35C9EDF892 -- C:\WINDOWS\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll[2011/08/24 17:09:59 | 005,062,656 | ---- | M] () MD5=5C368BEBD58562133856B35BDCEFEADA -- C:\WINDOWS\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll[2011/08/24 17:20:53 | 000,286,720 | ---- | M] () MD5=4C6FBCBB7E7D4E3B0CAAA42043B6A01F -- C:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\3.5.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll[2011/08/24 17:10:21 | 000,188,416 | ---- | M] () MD5=F0D4CE77F1F9D9A7468335B1CE4C061B -- C:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll[2011/08/24 17:10:26 | 000,401,408 | ---- | M] () MD5=F485CF34C45F850B25A7E38B08A7C435 -- C:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll[2011/08/24 17:09:56 | 000,081,920 | ---- | M] () MD5=36ABC218228871A981027174216A2DA8 -- C:\WINDOWS\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll[2011/08/24 17:10:58 | 000,626,688 | ---- | M] () MD5=179CC375C81B39902825ABFE3A7CD49D -- C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll[2011/08/24 17:18:40 | 000,126,976 | ---- | M] () MD5=311A345681A73C66D3EE49C5157A473B -- C:\WINDOWS\assembly\GAC_MSIL\System.IdentityModel.Selectors\3.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll[2010/11/08 21:41:40 | 000,430,080 | ---- | M] () MD5=3A107FEC33CD77CB0CD80D2EBD8052F0 -- C:\WINDOWS\assembly\GAC_MSIL\System.IdentityModel\3.0.0.0__b77a5c561934e089\System.IdentityModel.dll[2011/08/24 17:18:33 | 000,131,072 | ---- | M] () MD5=80E67BFFD101CC6312B489BEE255430D -- C:\WINDOWS\assembly\GAC_MSIL\System.IO.Log\3.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll[2011/08/24 17:21:02 | 000,143,360 | ---- | M] () MD5=217A1E1DED132261C825313A7FB2616C -- C:\WINDOWS\assembly\GAC_MSIL\System.Management.Instrumentation\3.5.0.0__b77a5c561934e089\System.Management.Instrumentation.dll[2011/08/24 17:10:39 | 000,372,736 | ---- | M] () MD5=EBAADBBFB6C455E54EB6A0E47267D33C -- C:\WINDOWS\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll[2011/08/24 17:10:35 | 000,258,048 | ---- | M] () MD5=7F9F1F17D368EE1EEA7E246FD934B9EC -- C:\WINDOWS\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll[2010/11/08 21:43:39 | 000,233,472 | ---- | M] () MD5=2E66DE31546A6AB3A8160CE337E1C6BC -- C:\WINDOWS\assembly\GAC_MSIL\System.Net\3.5.0.0__b03f5f7f11d50a3a\System.Net.dll[2011/08/24 17:10:32 | 000,303,104 | ---- | M] () MD5=2849F13593D2712CCB97FFBDD3C1232E -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll[2011/08/24 17:10:27 | 000,131,072 | ---- | M] () MD5=C415D86079D431E7E1E32D0835A3FE81 -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll[2010/11/08 21:41:40 | 000,966,656 | ---- | M] () MD5=FEF363534B2E325A1AE11DE7B12441E3 -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll[2011/08/24 17:11:05 | 000,258,048 | ---- | M] () MD5=EC02948F86ACA3C0967F44BA2C6E11C4 -- C:\WINDOWS\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll[2010/11/08 21:41:45 | 000,073,728 | ---- | M] () MD5=A80F41C8B2168E8B3ADD0AA4FCBDDC93 -- C:\WINDOWS\assembly\GAC_MSIL\System.ServiceModel.Install\3.0.0.0__b77a5c561934e089\System.ServiceModel.Install.dll[2011/08/24 17:18:34 | 000,032,768 | ---- | M] () MD5=43920F2E0EF924094796AFF2CE6279AD -- C:\WINDOWS\assembly\GAC_MSIL\System.ServiceModel.WasHosting\3.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll[2010/11/08 21:43:36 | 000,569,344 | ---- | M] () MD5=1565B7FAFDFA6EEE16101388E57E749F -- C:\WINDOWS\assembly\GAC_MSIL\System.ServiceModel.Web\3.5.0.0__31bf3856ad364e35\System.ServiceModel.Web.dll[2010/11/08 21:41:43 | 005,931,008 | ---- | M] () MD5=3E284E5922C7D3D63D8B985526AE39EE -- C:\WINDOWS\assembly\GAC_MSIL\System.ServiceModel\3.0.0.0__b77a5c561934e089\System.ServiceModel.dll[2011/08/24 17:11:02 | 000,114,688 | ---- | M] () MD5=50D2943D426BA91771AD87FDEC802AC3 -- C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll[2011/08/24 17:18:39 | 000,688,128 | ---- | M] () MD5=31588B867657A7DF046AC1908550D73C -- C:\WINDOWS\assembly\GAC_MSIL\System.Speech\3.0.0.0__31bf3856ad364e35\System.Speech.dll[2011/08/24 17:21:07 | 000,077,824 | ---- | M] () MD5=2C3559C513F7CD6F95DC382F31A6A22D -- C:\WINDOWS\assembly\GAC_MSIL\System.Web.Abstractions\3.5.0.0__31bf3856ad364e35\System.Web.Abstractions.dll[2011/08/24 17:21:08 | 000,032,768 | ---- | M] () MD5=9E0D101B086297D5E166E03A8ACBF260 -- C:\WINDOWS\assembly\GAC_MSIL\System.Web.DynamicData.Design\3.5.0.0__31bf3856ad364e35\System.Web.DynamicData.Design.dll[2011/08/24 17:21:09 | 000,225,280 | ---- | M] () MD5=E4613934FBC2471C01D9C9DADE7DD4D9 -- C:\WINDOWS\assembly\GAC_MSIL\System.Web.DynamicData\3.5.0.0__31bf3856ad364e35\System.Web.DynamicData.dll[2011/08/24 17:21:03 | 000,131,072 | ---- | M] () MD5=A6A5297AAD0A9BA8829D20B1CBD68D32 -- C:\WINDOWS\assembly\GAC_MSIL\System.Web.Entity.Design\3.5.0.0__b77a5c561934e089\System.Web.Entity.Design.dll[2011/08/24 17:21:04 | 000,139,264 | ---- | M] () MD5=1485861B7989FBA40B9387B748914335 -- C:\WINDOWS\assembly\GAC_MSIL\System.Web.Entity\3.5.0.0__b77a5c561934e089\System.Web.Entity.dll[2011/08/24 17:21:10 | 000,335,872 | ---- | M] () MD5=7E83B8040233DDCDE03CF7F0A5F2837B -- C:\WINDOWS\assembly\GAC_MSIL\System.Web.Extensions.Design\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.Design.dll[2011/08/24 17:21:12 | 001,277,952 | ---- | M] () MD5=11564BD3D6D705F47525C128480064F7 -- C:\WINDOWS\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll[2011/08/24 17:09:52 | 000,835,584 | ---- | M] () MD5=C22D59F4EAC00510D1A86061A428C633 -- C:\WINDOWS\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll[2011/08/24 17:09:48 | 000,077,824 | ---- | M] () MD5=F27A80887F125661CAC1A6039107428F -- C:\WINDOWS\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll[2011/08/24 17:21:14 | 000,061,440 | ---- | M] () MD5=5B7868DF14D71D328EE8C1213F852393 -- C:\WINDOWS\assembly\GAC_MSIL\System.Web.Routing\3.5.0.0__31bf3856ad364e35\System.Web.Routing.dll[2011/08/24 17:09:50 | 000,839,680 | ---- | M] () MD5=A89DFA6DB0C3D00559F770A214962A60 -- C:\WINDOWS\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll[2011/08/24 17:09:55 | 005,025,792 | ---- | M] () MD5=4BBB50EE0660AD59380E27EA00F318C9 -- C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll[2010/11/08 21:43:39 | 000,012,288 | ---- | M] () MD5=044C3400A836E5FB60D4A49EAEC24544 -- C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Presentation\3.5.0.0__b77a5c561934e089\System.Windows.Presentation.dll[2011/08/24 17:18:35 | 001,138,688 | ---- | M] () MD5=A96933F3898290AA509080A90E0C7C5F -- C:\WINDOWS\assembly\GAC_MSIL\System.Workflow.Activities\3.0.0.0__31bf3856ad364e35\System.Workflow.Activities.dll[2011/08/24 17:18:36 | 001,630,208 | ---- | M] () MD5=C4503F6EADC2638D6898514290A7A60B -- C:\WINDOWS\assembly\GAC_MSIL\System.Workflow.ComponentModel\3.0.0.0__31bf3856ad364e35\System.Workflow.ComponentModel.dll[2011/08/24 17:18:36 | 000,540,672 | ---- | M] () MD5=6623152B2FB7DC650C6A8FE01AF71F44 -- C:\WINDOWS\assembly\GAC_MSIL\System.Workflow.Runtime\3.0.0.0__31bf3856ad364e35\System.Workflow.Runtime.dll[2011/08/24 17:20:51 | 000,507,904 | ---- | M] () MD5=E249D1B3114088C0D390A60643BF2BBC -- C:\WINDOWS\assembly\GAC_MSIL\System.WorkflowServices\3.5.0.0__31bf3856ad364e35\System.WorkflowServices.dll[2010/11/08 21:43:39 | 000,139,264 | ---- | M] () MD5=64925CC79EA9E8245A4F18703CCABEC4 -- C:\WINDOWS\assembly\GAC_MSIL\System.Xml.Linq\3.5.0.0__b77a5c561934e089\System.Xml.Linq.dll[2011/08/24 17:11:00 | 002,048,000 | ---- | M] () MD5=FCA78DCEFF0809B060B01710D07CC16E -- C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll[2011/08/24 17:10:19 | 003,149,824 | ---- | M] () MD5=86601F6A08C75A16D4D0509CB31EE318 -- C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll[2010/11/08 21:41:56 | 000,167,936 | ---- | M] () MD5=F303A07A6EF37B8B6DD928D97A016B75 -- C:\WINDOWS\assembly\GAC_MSIL\UIAutomationClient\3.0.0.0__31bf3856ad364e35\UIAutomationClient.dll[2010/11/08 21:41:57 | 000,385,024 | ---- | M] () MD5=09658EF5F16F2ABD74FE577D50C0D155 -- C:\WINDOWS\assembly\GAC_MSIL\UIAutomationClientsideProviders\3.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll[2010/11/08 21:41:59 | 000,040,960 | ---- | M] () MD5=A93561FB224FA8539357C74065403630 -- C:\WINDOWS\assembly\GAC_MSIL\UIAutomationProvider\3.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll[2010/11/08 21:42:00 | 000,098,304 | ---- | M] () MD5=5BE33FC308914C1AE6577A908D97A4FF -- C:\WINDOWS\assembly\GAC_MSIL\UIAutomationTypes\3.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll[2010/11/08 21:42:01 | 001,245,184 | ---- | M] () MD5=64B09796E91430982C3C2A2B17BC2FA1 -- C:\WINDOWS\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll[2010/11/08 21:42:02 | 000,094,208 | ---- | M] () MD5=E205A79EA6C06F91EA08BBE59FE83503 -- C:\WINDOWS\assembly\GAC_MSIL\WindowsFormsIntegration\3.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll < MD5 for: AFD.SYS >[2009/06/09 21:06:41 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=7E775010EF291DA96AD17CA4B17137D7 -- C:\WINDOWS\system32\dllcache\afd.sys[2009/06/09 21:06:41 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=7E775010EF291DA96AD17CA4B17137D7 -- C:\WINDOWS\system32\drivers\afd.sys < MD5 for: ATAPI.SYS >[2009/06/09 21:22:19 | 017,778,242 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys[2008/04/14 15:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys < MD5 for: DISK.SYS >[2009/06/09 21:22:19 | 017,778,242 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:disk.sys[2008/04/14 15:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\system32\drivers\disk.sys < MD5 for: EXPLORER.EXE >[2008/04/14 15:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe[2008/04/14 15:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\system32\dllcache\explorer.exe < MD5 for: I8042PRT.SYS >[2009/06/09 21:22:19 | 017,778,242 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:i8042prt.sys[2008/04/14 15:00:00 | 000,052,480 | ---- | M] (Microsoft Corporation) MD5=4A0B06AA8943C1E332520F7440C0AA30 -- C:\WINDOWS\system32\drivers\i8042prt.sys < MD5 for: LSASS.EXE >[2008/04/14 15:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=BF2466B3E18E970D8A976FB95FC1CA85 -- C:\WINDOWS\system32\dllcache\lsass.exe[2008/04/14 15:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=BF2466B3E18E970D8A976FB95FC1CA85 -- C:\WINDOWS\system32\lsass.exe < MD5 for: NETBT.SYS >[2008/04/14 15:00:00 | 000,162,816 | ---- | M] (Microsoft Corporation) MD5=74B2B2F5BEA5E9A3DC021D685551BD3D -- C:\WINDOWS\system32\dllcache\netbt.sys[2008/04/14 15:00:00 | 000,162,816 | ---- | M] (Microsoft Corporation) MD5=74B2B2F5BEA5E9A3DC021D685551BD3D -- C:\WINDOWS\system32\drivers\netbt.sys < MD5 for: REDBOOK.SYS >[2009/06/09 21:22:19 | 017,778,242 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:redbook.sys[2008/04/14 01:10:28 | 000,057,600 | ---- | M] (Microsoft Corporation) MD5=F828DD7E1419B6653894A8F97A0094C5 -- C:\WINDOWS\system32\drivers\redbook.sys < MD5 for: SERIAL.SYS >[2009/06/09 21:22:19 | 017,778,242 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:serial.sys[2008/04/14 15:00:00 | 000,064,512 | ---- | M] (Microsoft Corporation) MD5=CCA207A8896D4C6A0C9CE29A4AE411A7 -- C:\WINDOWS\system32\drivers\serial.sys < MD5 for: SVCHOST.EXE >[2008/04/14 15:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\dllcache\svchost.exe[2008/04/14 15:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe < MD5 for: TCPIP.SYS >[2009/06/09 21:10:35 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\dllcache cpip.sys[2009/06/09 21:10:35 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\drivers cpip.sys < MD5 for: USERINIT.EXE >[2008/04/14 15:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\dllcache\userinit.exe[2008/04/14 15:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe < MD5 for: VOLSNAP.SYS >[2008/04/14 15:00:00 | 000,052,352 | ---- | M] (Microsoft Corporation) MD5=4C8FCB5CC53AAB716D810740FE59D025 -- C:\WINDOWS\system32\dllcache\volsnap.sys[2008/04/14 15:00:00 | 000,052,352 | ---- | M] (Microsoft Corporation) MD5=4C8FCB5CC53AAB716D810740FE59D025 -- C:\WINDOWS\system32\drivers\volsnap.sys < MD5 for: WINLOGON.EXE >[2008/04/14 15:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\dllcache\winlogon.exe[2008/04/14 15:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe ========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========[C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a] -> C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790 -> Junction[C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a] -> C:\WINDOWS\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e -> Junction < End of report > OTL Extras logfile created on: 5/6/2012 4:48:03 PM - Run 1OTL by OldTimer - Version 3.2.42.2 Folder = C:\Documents and Settings\Ivalina\DesktopWindows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstationInternet Explorer (Version = 6.0.2900.5512)Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 478.42 Mb Total Physical Memory | 123.18 Mb Available Physical Memory | 25.75% Memory free1.09 Gb Paging File | 0.60 Gb Available in Paging File | 54.75% Paging File freePaging file location(s): C:\pagefile.sys 720 1440 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program FilesDrive C: | 24.41 Gb Total Space | 7.79 Gb Free Space | 31.90% Space Free | Partition Type: NTFSDrive D: | 52.27 Gb Total Space | 50.63 Gb Free Space | 96.87% Space Free | Partition Type: NTFSUnable to calculate disk information. Computer Name: OWNER | User Name: Ivalina | Logged in as Administrator.Boot Mode: Normal | Scan Mode: All usersCompany Name Whitelist: Off | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>].cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l [HKEY_USERS\S-1-5-21-1417001333-413027322-1801674531-1003\SOFTWARE\Classes\<extension>].html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]batfile [open] -- "%1" %*cmdfile [open] -- "%1" %*comfile [open] -- "%1" %*cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*exefile [open] -- "%1" %*InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %lpiffile [open] -- "%1" %*regfile [merge] -- Reg Error: Key error.scrfile [config] -- "%1"scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %lscrfile [open] -- "%1" /Stxtfile [edit] -- Reg Error: Key error.Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]"FirstRunDisabled" = 1"AntiVirusDisableNotify" = 0"FirewallDisableNotify" = 0"UpdatesDisableNotify" = 0"AntiVirusOverride" = 0"FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]"DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]"Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]"Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]"EnableFirewall" = 0"DoNotAllowExceptions" = 0"DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]"15894:TCP" = 15894:TCP:*:Enabled:BitComet 15894 TCP"15894:UDP" = 15894:UDP:*:Enabled:BitComet 15894 UDP"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009"9394:TCP" = 9394:TCP:*:Enabled:BitComet 9394 TCP"9394:UDP" = 9394:UDP:*:Enabled:BitComet 9394 UDP"16668:TCP" = 16668:TCP:*:Enabled:BitComet 16668 TCP"16668:UDP" = 16668:UDP:*:Enabled:BitComet 16668 UDP ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)"C:\Program Files\AVG\AVG8\avgemc.exe" = C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe -- (AVG Technologies CZ, s.r.o.)"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)"C:\Program Files\AVG\AVG8\avgnsx.exe" = C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)"C:\Program Files\BitComet\BitComet.exe" = C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet.exe -- (www.BitComet.com)"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)"C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Computer, Inc.)"C:\Documents and Settings\Ivalina\Application Data\HEX-5823-6893-6818\jusched.exe" = C:\Documents and Settings\Ivalina\Application Data\HEX-5823-6893-6818\jusched.exe:*:Enabled:Java Update Manager"c:\windows\mdm.exe" = c:\windows\mdm.exe:*:Enabled:MSN Messenger"c:\windows\winsrv.exe" = c:\windows\winsrv.exe:*:Enabled:MSN Messenger"c:\windows\iqs.exe" = c:\windows\iqs.exe:*:Enabled:MSN Messenger ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP"{3D7E3EC9-46CF-4359-9289-39CE01DFB82F}" = Adobe Photoshop CS3"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{926CC8AE-8414-43DF-8EB4-CF26D9C3C663}" ="{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2"{A401975C-C1C5-4ECB-BC18-BFD9F8F401B7}" = Paint.NET v3.5.3"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)"{ACEB2BAF-96DF-48FD-ADD5-43842D4C443D}" = Adobe AIR"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2"{C209C9AF-5573-4261-AC58-7F263FE942B0}" = Crypto Budget II Web Camera"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files"{DC226AC9-0314-496C-BE6A-B6A132628466}" = SiSAGP driver"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219"{FF11004C-F42A-4A31-9BCF-7F5C8FDBE53C}" = Adobe Setup"Adobe AIR" = Adobe AIR"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings"Ashampoo Burning Studio 9_is1" = Ashampoo Burning Studio 9.20"AVG8Uninstall" = AVG Free 8.5"BitComet" = BitComet 1.14"Bulgarian_KBD'S_Atanasov" = Bulgarian Keyboards XP by G. Atanasov"CoreAAC" = CoreAAC"ENTERPRISE" = Microsoft Office Enterprise 2007"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.02"GOM Player" = GOM Player"InstallShield_{C209C9AF-5573-4261-AC58-7F263FE942B0}" = Crypto Budget II Web Camera"KLiteCodecPack_is1" = K-Lite Codec Pack 4.7.5 (Full)"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1"Microsoft.Net.Client.3.5" = Microsoft .NET Framework Client Profile"Mozilla Firefox (3.5.19)" = Mozilla Firefox (3.5.19)"MPEG2 Codec(libmpeg2/mad)" = MPEG2 Codec(libmpeg2/mad)"Nero - Burning Rom!UninstallKey" = Nero 6 Ultra Edition"Toggle Downloader Adobe Photoshop" = Toggle Downloader Adobe Photoshop"Trojan Remover_is1" = Trojan Remover 6.8.2"Winamp" = Winamp"Winamp Toolbar" = Winamp Toolbar"Windows Media Format Runtime" = Windows Media Format Runtime"WinRAR archiver" = WinRAR archiver ========== Last 10 Event Log Errors ========== [ Application Events ]Error - 11/8/2010 3:21:53 PM | Computer Name = OWNER | Source = .NET Runtime Optimization Service | ID = 1101Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Failed to compile: System.ServiceModel, Version=3.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 . Error code = 0x80070002 Error - 5/24/2011 10:14:06 AM | Computer Name = OWNER | Source = crypt32 | ID = 131083Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. Error - 5/24/2011 10:14:06 AM | Computer Name = OWNER | Source = crypt32 | ID = 131083Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. Error - 5/24/2011 10:14:23 AM | Computer Name = OWNER | Source = crypt32 | ID = 131080Description = Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired. Error - 5/24/2011 10:14:24 AM | Computer Name = OWNER | Source = crypt32 | ID = 131083Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. Error - 5/24/2011 10:14:25 AM | Computer Name = OWNER | Source = crypt32 | ID = 131080Description = Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The specified server cannot perform the requested operation. Error - 5/28/2011 5:04:18 AM | Computer Name = OWNER | Source = crypt32 | ID = 131083Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. Error - 5/28/2011 5:04:18 AM | Computer Name = OWNER | Source = crypt32 | ID = 131083Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. Error - 8/17/2011 2:41:12 PM | Computer Name = OWNER | Source = crypt32 | ID = 131077Description = Failed auto update retrieval of third-party root certificate from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5.crt> with error: This operation returned because the timeout period expired. Error - 8/24/2011 9:34:50 AM | Computer Name = OWNER | Source = MsiInstaller | ID = 11722Description = Product: Microsoft WSE 3.0 Runtime -- Error 1722.There is a problem with this Windows Installer package. A program run as part of the setup did not finish as expected. Contact your support personnel or package vendor. Action RegisterRuntime, location: C:\WINDOWS\Installer\MSI14.tmp, command: INSTALL [ System Events ]Error - 5/6/2012 10:13:20 AM | Computer Name = OWNER | Source = Disk | ID = 262151Description = The device, \Device\Harddisk0\D, has a bad block. Error - 5/6/2012 10:13:23 AM | Computer Name = OWNER | Source = Disk | ID = 262151Description = The device, \Device\Harddisk0\D, has a bad block. Error - 5/6/2012 10:13:27 AM | Computer Name = OWNER | Source = Disk | ID = 262151Description = The device, \Device\Harddisk0\D, has a bad block. Error - 5/6/2012 10:13:31 AM | Computer Name = OWNER | Source = Disk | ID = 262151Description = The device, \Device\Harddisk0\D, has a bad block. Error - 5/6/2012 10:13:35 AM | Computer Name = OWNER | Source = Disk | ID = 262151Description = The device, \Device\Harddisk0\D, has a bad block. Error - 5/6/2012 10:13:39 AM | Computer Name = OWNER | Source = Disk | ID = 262151Description = The device, \Device\Harddisk0\D, has a bad block. Error - 5/6/2012 10:13:43 AM | Computer Name = OWNER | Source = Disk | ID = 262151Description = The device, \Device\Harddisk0\D, has a bad block. Error - 5/6/2012 10:13:47 AM | Computer Name = OWNER | Source = Disk | ID = 262151Description = The device, \Device\Harddisk0\D, has a bad block. Error - 5/6/2012 10:13:50 AM | Computer Name = OWNER | Source = Disk | ID = 262151Description = The device, \Device\Harddisk0\D, has a bad block. Error - 5/6/2012 10:13:54 AM | Computer Name = OWNER | Source = Disk | ID = 262151Description = The device, \Device\Harddisk0\D, has a bad block. < End of report > OTL Extras logfile created on: 5/6/2012 4:48:03 PM - Run 1OTL by OldTimer - Version 3.2.42.2 Folder = C:\Documents and Settings\Ivalina\DesktopWindows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstationInternet Explorer (Version = 6.0.2900.5512)Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 478.42 Mb Total Physical Memory | 123.18 Mb Available Physical Memory | 25.75% Memory free1.09 Gb Paging File | 0.60 Gb Available in Paging File | 54.75% Paging File freePaging file location(s): C:\pagefile.sys 720 1440 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program FilesDrive C: | 24.41 Gb Total Space | 7.79 Gb Free Space | 31.90% Space Free | Partition Type: NTFSDrive D: | 52.27 Gb Total Space | 50.63 Gb Free Space | 96.87% Space Free | Partition Type: NTFSUnable to calculate disk information. Computer Name: OWNER | User Name: Ivalina | Logged in as Administrator.Boot Mode: Normal | Scan Mode: All usersCompany Name Whitelist: Off | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>].cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l [HKEY_USERS\S-1-5-21-1417001333-413027322-1801674531-1003\SOFTWARE\Classes\<extension>].html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]batfile [open] -- "%1" %*cmdfile [open] -- "%1" %*comfile [open] -- "%1" %*cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*exefile [open] -- "%1" %*InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %lpiffile [open] -- "%1" %*regfile [merge] -- Reg Error: Key error.scrfile [config] -- "%1"scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %lscrfile [open] -- "%1" /Stxtfile [edit] -- Reg Error: Key error.Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]"FirstRunDisabled" = 1"AntiVirusDisableNotify" = 0"FirewallDisableNotify" = 0"UpdatesDisableNotify" = 0"AntiVirusOverride" = 0"FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]"DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]"Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]"Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]"EnableFirewall" = 0"DoNotAllowExceptions" = 0"DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]"15894:TCP" = 15894:TCP:*:Enabled:BitComet 15894 TCP"15894:UDP" = 15894:UDP:*:Enabled:BitComet 15894 UDP"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009"9394:TCP" = 9394:TCP:*:Enabled:BitComet 9394 TCP"9394:UDP" = 9394:UDP:*:Enabled:BitComet 9394 UDP"16668:TCP" = 16668:TCP:*:Enabled:BitComet 16668 TCP"16668:UDP" = 16668:UDP:*:Enabled:BitComet 16668 UDP ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)"C:\Program Files\AVG\AVG8\avgemc.exe" = C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe -- (AVG Technologies CZ, s.r.o.)"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)"C:\Program Files\AVG\AVG8\avgnsx.exe" = C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)"C:\Program Files\BitComet\BitComet.exe" = C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet.exe -- (www.BitComet.com)"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)"C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Computer, Inc.)"C:\Documents and Settings\Ivalina\Application Data\HEX-5823-6893-6818\jusched.exe" = C:\Documents and Settings\Ivalina\Application Data\HEX-5823-6893-6818\jusched.exe:*:Enabled:Java Update Manager"c:\windows\mdm.exe" = c:\windows\mdm.exe:*:Enabled:MSN Messenger"c:\windows\winsrv.exe" = c:\windows\winsrv.exe:*:Enabled:MSN Messenger"c:\windows\iqs.exe" = c:\windows\iqs.exe:*:Enabled:MSN Messenger ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP"{3D7E3EC9-46CF-4359-9289-39CE01DFB82F}" = Adobe Photoshop CS3"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{926CC8AE-8414-43DF-8EB4-CF26D9C3C663}" ="{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2"{A401975C-C1C5-4ECB-BC18-BFD9F8F401B7}" = Paint.NET v3.5.3"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)"{ACEB2BAF-96DF-48FD-ADD5-43842D4C443D}" = Adobe AIR"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2"{C209C9AF-5573-4261-AC58-7F263FE942B0}" = Crypto Budget II Web Camera"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files"{DC226AC9-0314-496C-BE6A-B6A132628466}" = SiSAGP driver"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219"{FF11004C-F42A-4A31-9BCF-7F5C8FDBE53C}" = Adobe Setup"Adobe AIR" = Adobe AIR"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings"Ashampoo Burning Studio 9_is1" = Ashampoo Burning Studio 9.20"AVG8Uninstall" = AVG Free 8.5"BitComet" = BitComet 1.14"Bulgarian_KBD'S_Atanasov" = Bulgarian Keyboards XP by G. Atanasov"CoreAAC" = CoreAAC"ENTERPRISE" = Microsoft Office Enterprise 2007"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.02"GOM Player" = GOM Player"InstallShield_{C209C9AF-5573-4261-AC58-7F263FE942B0}" = Crypto Budget II Web Camera"KLiteCodecPack_is1" = K-Lite Codec Pack 4.7.5 (Full)"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1"Microsoft.Net.Client.3.5" = Microsoft .NET Framework Client Profile"Mozilla Firefox (3.5.19)" = Mozilla Firefox (3.5.19)"MPEG2 Codec(libmpeg2/mad)" = MPEG2 Codec(libmpeg2/mad)"Nero - Burning Rom!UninstallKey" = Nero 6 Ultra Edition"Toggle Downloader Adobe Photoshop" = Toggle Downloader Adobe Photoshop"Trojan Remover_is1" = Trojan Remover 6.8.2"Winamp" = Winamp"Winamp Toolbar" = Winamp Toolbar"Windows Media Format Runtime" = Windows Media Format Runtime"WinRAR archiver" = WinRAR archiver ========== Last 10 Event Log Errors ========== [ Application Events ]Error - 11/8/2010 3:21:53 PM | Computer Name = OWNER | Source = .NET Runtime Optimization Service | ID = 1101Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Failed to compile: System.ServiceModel, Version=3.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 . Error code = 0x80070002 Error - 5/24/2011 10:14:06 AM | Computer Name = OWNER | Source = crypt32 | ID = 131083Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. Error - 5/24/2011 10:14:06 AM | Computer Name = OWNER | Source = crypt32 | ID = 131083Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. Error - 5/24/2011 10:14:23 AM | Computer Name = OWNER | Source = crypt32 | ID = 131080Description = Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired. Error - 5/24/2011 10:14:24 AM | Computer Name = OWNER | Source = crypt32 | ID = 131083Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. Error - 5/24/2011 10:14:25 AM | Computer Name = OWNER | Source = crypt32 | ID = 131080Description = Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The specified server cannot perform the requested operation. Error - 5/28/2011 5:04:18 AM | Computer Name = OWNER | Source = crypt32 | ID = 131083Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. Error - 5/28/2011 5:04:18 AM | Computer Name = OWNER | Source = crypt32 | ID = 131083Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. Error - 8/17/2011 2:41:12 PM | Computer Name = OWNER | Source = crypt32 | ID = 131077Description = Failed auto update retrieval of third-party root certificate from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5.crt> with error: This operation returned because the timeout period expired. Error - 8/24/2011 9:34:50 AM | Computer Name = OWNER | Source = MsiInstaller | ID = 11722Description = Product: Microsoft WSE 3.0 Runtime -- Error 1722.There is a problem with this Windows Installer package. A program run as part of the setup did not finish as expected. Contact your support personnel or package vendor. Action RegisterRuntime, location: C:\WINDOWS\Installer\MSI14.tmp, command: INSTALL [ System Events ]Error - 5/6/2012 10:13:20 AM | Computer Name = OWNER | Source = Disk | ID = 262151Description = The device, \Device\Harddisk0\D, has a bad block. Error - 5/6/2012 10:13:23 AM | Computer Name = OWNER | Source = Disk | ID = 262151Description = The device, \Device\Harddisk0\D, has a bad block. Error - 5/6/2012 10:13:27 AM | Computer Name = OWNER | Source = Disk | ID = 262151Description = The device, \Device\Harddisk0\D, has a bad block. Error - 5/6/2012 10:13:31 AM | Computer Name = OWNER | Source = Disk | ID = 262151Description = The device, \Device\Harddisk0\D, has a bad block. Error - 5/6/2012 10:13:35 AM | Computer Name = OWNER | Source = Disk | ID = 262151Description = The device, \Device\Harddisk0\D, has a bad block. Error - 5/6/2012 10:13:39 AM | Computer Name = OWNER | Source = Disk | ID = 262151Description = The device, \Device\Harddisk0\D, has a bad block. Error - 5/6/2012 10:13:43 AM | Computer Name = OWNER | Source = Disk | ID = 262151Description = The device, \Device\Harddisk0\D, has a bad block. Error - 5/6/2012 10:13:47 AM | Computer Name = OWNER | Source = Disk | ID = 262151Description = The device, \Device\Harddisk0\D, has a bad block. Error - 5/6/2012 10:13:50 AM | Computer Name = OWNER | Source = Disk | ID = 262151Description = The device, \Device\Harddisk0\D, has a bad block. Error - 5/6/2012 10:13:54 AM | Computer Name = OWNER | Source = Disk | ID = 262151Description = The device, \Device\Harddisk0\D, has a bad block. < End of report > Цитирай Link to comment Сподели другаде More sharing options...
Препоръчан пост
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.