Author Topic: Making sure a virus is completely gone (Read 11193 times)

Jocan · « **on:** October 18, 2010, 05:51:49 PM »

Hello,

Yesterday my computer was attacked by a virus (I think it's called Antivirus Pro.) I used rKill, then exeHelper to stop pop-ups and then ran a scan with Malawarebytes and Superantispyware Free. Those found several infections and cleared them.

I think the virus is still on my computer. Google Chrome didn't work until I changed the proxy settings and Windows Security Alerts still says there's something wrong. I tried using ComboFix, but it doesn't work on my 64bit os (vista). Is there another scanner I can use to ensure the malware is completely gone?

Thanks so much!

harry 48 · « **Reply #1 on:** October 19, 2010, 04:51:13 AM »

go to below and post ALL 3 logs an expert will help you

http://www.computerhope.com/forum/index.php/topic,46313.0.html

Jocan · « **Reply #2 on:** October 19, 2010, 05:11:57 AM »

Here are my logs for SAS, MBAM and Hijack This. The first two are from when I first found the infections, I have run both scans since and found no more infections. The Hijack This scan is from right now.

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 10/17/2010 at 08:36 PM

Application Version : 4.44.1000

Core Rules Database Version : 5610
Trace Rules Database Version: 3422

Scan type : Complete Scan
Total Scan Time : 02:40:53

Memory items scanned : 602
Memory threats detected : 0
Registry items scanned : 12415
Registry threats detected : 14
File items scanned : 177548
File threats detected : 230

Trojan.Agent/Gen-Ertfor
   (x86) HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A3BA40A2-74F0-42BD-F434-00B15A2C8953}
   (x86) HKCR\CLSID\{A3BA40A2-74F0-42BD-F434-00B15A2C8953}
   (x86) HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A3BA40A2-74F0-42BD-F434-00B15A2C8953}

Rogue.AntiVirusPlus
   (x86) HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C2B5AAB8-2183-4BE7-81A6-F11493C45872}
   (x86) HKCR\CLSID\{C2B5AAB8-2183-4BE7-81A6-F11493C45872}
   (x86) HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C2B5AAB8-2183-4BE7-81A6-F11493C45872}
   (x86) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AntiVirus Plus
   (x86) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AntiVirus Plus#DisplayName
   (x86) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AntiVirus Plus#UninstallString
   (x86) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AntiVirus Plus#NoModify
   (x86) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AntiVirus Plus#NoRepair
   (x86) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AntiVirus Plus#DisplayIcon

Adware.Tracking Cookie
   C:\Users\Claire\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
   C:\Users\Claire\AppData\Roaming\Microsoft\Windows\Cookies\claire@2o7[2].txt
   C:\Users\Claire\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
   C:\Users\Claire\AppData\Roaming\Microsoft\Windows\Cookies\claire@apmebf[1].txt
   C:\Users\Claire\AppData\Roaming\Microsoft\Windows\Cookies\claire@mediaplex[2].txt
   C:\Users\Claire\AppData\Roaming\Microsoft\Windows\Cookies\claire@*censored*[2].txt
   C:\Users\Claire\AppData\Roaming\Microsoft\Windows\Cookies\claire@atdmt[2].txt
   C:\Users\Claire\AppData\Roaming\Microsoft\Windows\Cookies\claire@doubleclick[1].txt
   .doubleclick.net [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   ad.yieldmanager.com [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .revsci.net [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .zedo.com [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .zedo.com [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .invitemedia.com [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .zedo.com [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .advertising.com [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .atdmt.com [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .adxpose.com [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .chitika.net [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .specificclick.net [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   d.jambomedia.com [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .media6degrees.com [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .content.yieldmanager.com [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .adbrite.com [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .invitemedia.com [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .collective-media.net [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .collective-media.net [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .collective-media.net [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .collective-media.net [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .atdmt.com [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .zedo.com [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .fastclick.net [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .fastclick.net [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .fastclick.net [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .overture.com [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .2o7.net [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .timeinc.122.2o7.net [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .adserver.adtechus.com [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .revsci.net [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .bs.serving-sys.com [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .serving-sys.com [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .serving-sys.com [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .serving-sys.com [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .serving-sys.com [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .serving-sys.com [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .serving-sys.com [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .serving-sys.com [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .2o7.net [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .2o7.net [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .partypoker.com [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .ads.pointroll.com [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .pointroll.com [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .pointroll.com [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .ads.pointroll.com [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .ads.pointroll.com [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .ads.pointroll.com [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .ads.pointroll.com [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .ads.pointroll.com [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .ads.pointroll.com [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .game-advertising-online.com [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .hornymatches.com [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .hornymatches.com [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .hornymatches.com [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .harrenmedianetwork.com [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .adlegend.com [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .adlegend.com [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .overture.com [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .2o7.net [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .burstnet.com [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .burstnet.com [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .www.burstnet.com [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .tribalfusion.com [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   www.burstnet.com [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .realmedia.com [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .apmebf.com [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .mediaplex.com [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .mediaplex.com [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .interclick.com [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .interclick.com [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .invitemedia.com [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .tacoda.net [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .tacoda.net [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .kontera.com [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .kontera.com [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .kontera.com [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .tacoda.net [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .tacoda.net [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .tacoda.net [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .tacoda.net [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .tacoda.net [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .advertising.com [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .at.atwola.com [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .at.atwola.com [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .highbeam.122.2o7.net [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .imrworldwide.com [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .imrworldwide.com [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .advertising.com [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .network.realmedia.com [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .realmedia.com [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .realmedia.com [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .revsci.net [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .revsci.net [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .zedo.com [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .zedo.com [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .zedo.com [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .media6degrees.com [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .media6degrees.com [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .videoegg.adbureau.net [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .invitemedia.com [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .invitemedia.com [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .invitemedia.com [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .invitemedia.com [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .content.yieldmanager.com [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   ad.yieldmanager.com [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .statcounter.com [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   optimize.indieclick.com [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .revsci.net [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .adcentriconline.com [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .clicksor.com [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .clicksor.com [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .adbrite.com [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .adbrite.com [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .adbrite.com [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .media6degrees.com [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .media6degrees.com [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   user.lucidmedia.com [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   rts.pgmediaserve.com [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   rts.pgmediaserve.com [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   rts.pgmediaserve.com [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .advertising.com [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .advertising.com [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .advertising.com [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   ad.yieldmanager.com [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .clicksor.com [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .clicksor.com [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .adbrite.com [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .adbrite.com [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   ad.yieldmanager.com [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .myroitracking.com [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   ad.yieldmanager.com [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   ad.yieldmanager.com [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   ad.yieldmanager.com [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   ad.yieldmanager.com [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .server.cpmstar.com [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .server.cpmstar.com [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .adbrite.com [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .adbrite.com [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .adbrite.com [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .clicksor.com [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .clicksor.com [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   *Blocked Russian URL* [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .revsci.net [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .revsci.net [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .revsci.net [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .realmedia.com [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   network.realmedia.com [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   acvs.mediaonenetwork.net [ C:\Users\Claire\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\X88Y6HQZ ]
   bc.youporn.com [ C:\Users\Claire\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\X88Y6HQZ ]
   broadcast.piximedia.fr [ C:\Users\Claire\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\X88Y6HQZ ]
   cdn4.specificclick.net [ C:\Users\Claire\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\X88Y6HQZ ]
   cdn5.specificclick.net [ C:\Users\Claire\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\X88Y6HQZ ]
   cloud.video.unrulymedia.com [ C:\Users\Claire\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\X88Y6HQZ ]
   core.insightexpressai.com [ C:\Users\Claire\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\X88Y6HQZ ]
   ds.serving-sys.com [ C:\Users\Claire\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\X88Y6HQZ ]
   googleads.g.doubleclick.net [ C:\Users\Claire\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\X88Y6HQZ ]
   i.*adult URL* [ C:\Users\Claire\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\X88Y6HQZ ]
   ia.media-imdb.com [ C:\Users\Claire\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\X88Y6HQZ ]
   ictv-ic-ec.indieclicktv.com [ C:\Users\Claire\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\X88Y6HQZ ]
   indieclick.3janecdn.com [ C:\Users\Claire\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\X88Y6HQZ ]
   interclick.com [ C:\Users\Claire\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\X88Y6HQZ ]
   ismedia.exeter.ac.uk [ C:\Users\Claire\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\X88Y6HQZ ]
   m1.2mdn.net [ C:\Users\Claire\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\X88Y6HQZ ]
   media.amctv.com [ C:\Users\Claire\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\X88Y6HQZ ]
   media.entertonement.com [ C:\Users\Claire\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\X88Y6HQZ ]
   media.jambocast.com [ C:\Users\Claire\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\X88Y6HQZ ]
   media.mtvnservices.com [ C:\Users\Claire\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\X88Y6HQZ ]
   media.resulthost.org [ C:\Users\Claire\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\X88Y6HQZ ]
   media.scanscout.com [ C:\Users\Claire\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\X88Y6HQZ ]
   media.tattomedia.com [ C:\Users\Claire\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\X88Y6HQZ ]
   media.thewb.com [ C:\Users\Claire\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\X88Y6HQZ ]
   media01.kyte.tv [ C:\Users\Claire\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\X88Y6HQZ ]
   media1.break.com [ C:\Users\Claire\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\X88Y6HQZ ]
   msnbcmedia.msn.com [ C:\Users\Claire\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\X88Y6HQZ ]
   naiadsystems.com [ C:\Users\Claire\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\X88Y6HQZ ]
   objects.tremormedia.com [ C:\Users\Claire\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\X88Y6HQZ ]
   oddcast.com [ C:\Users\Claire\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\X88Y6HQZ ]
   s0.2mdn.net [ C:\Users\Claire\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\X88Y6HQZ ]
   secure-us.imrworldwide.com [ C:\Users\Claire\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\X88Y6HQZ ]
   serving-sys.com [ C:\Users\Claire\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\X88Y6HQZ ]
   static.2mdn.net [ C:\Users\Claire\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\X88Y6HQZ ]
   tracking.vendeeglobe.org [ C:\Users\Claire\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\X88Y6HQZ ]
   udn.specificclick.net [ C:\Users\Claire\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\X88Y6HQZ ]
   vidii.hardsextube.com [ C:\Users\Claire\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\X88Y6HQZ ]
   vitamine.networldmedia.net [ C:\Users\Claire\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\X88Y6HQZ ]
   www.pornhub.com [ C:\Users\Claire\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\X88Y6HQZ ]
   www.seventeen.com [ C:\Users\Claire\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\X88Y6HQZ ]
   wwwstatic.megaporn.com [ C:\Users\Claire\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\X88Y6HQZ ]
   .imrworldwide.com [ C:\Users\Claire\AppData\Roaming\Mozilla\Firefox\Profiles\x5yxlu9k.default\cookies.sqlite ]
   .imrworldwide.com [ C:\Users\Claire\AppData\Roaming\Mozilla\Firefox\Profiles\x5yxlu9k.default\cookies.sqlite ]
   eas.apm.emediate.eu [ C:\Users\Claire\AppData\Roaming\Mozilla\Firefox\Profiles\x5yxlu9k.default\cookies.sqlite ]
   .cgm.adbureau.net [ C:\Users\Claire\AppData\Roaming\Mozilla\Firefox\Profiles\x5yxlu9k.default\cookies.sqlite ]
   .lstat.youku.com [ C:\Users\Claire\AppData\Roaming\Mozilla\Firefox\Profiles\x5yxlu9k.default\cookies.sqlite ]
   .lstat.youku.com [ C:\Users\Claire\AppData\Roaming\Mozilla\Firefox\Profiles\x5yxlu9k.default\cookies.sqlite ]
   .apmebf.com [ C:\Users\Claire\AppData\Roaming\Mozilla\Firefox\Profiles\x5yxlu9k.default\cookies.sqlite ]
   .adcentriconline.com [ C:\Users\Claire\AppData\Roaming\Mozilla\Firefox\Profiles\x5yxlu9k.default\cookies.sqlite ]
   .statcounter.com [ C:\Users\Claire\AppData\Roaming\Mozilla\Firefox\Profiles\x5yxlu9k.default\cookies.sqlite ]
   ads.networldmedia.net [ C:\Users\Claire\AppData\Roaming\Mozilla\Firefox\Profiles\x5yxlu9k.default\cookies.sqlite ]
   ads.networldmedia.net [ C:\Users\Claire\AppData\Roaming\Mozilla\Firefox\Profiles\x5yxlu9k.default\cookies.sqlite ]
   .bellcan.adbureau.net [ C:\Users\Claire\AppData\Roaming\Mozilla\Firefox\Profiles\x5yxlu9k.default\cookies.sqlite ]
   .sympatico.112.2o7.net [ C:\Users\Claire\AppData\Roaming\Mozilla\Firefox\Profiles\x5yxlu9k.default\cookies.sqlite ]
   .at.atwola.com [ C:\Users\Claire\AppData\Roaming\Mozilla\Firefox\Profiles\x5yxlu9k.default\cookies.sqlite ]
   .ad.doubleclick.net [ C:\Users\Claire\AppData\Roaming\Mozilla\Firefox\Profiles\x5yxlu9k.default\cookies.sqlite ]
   uk.sitestat.com [ C:\Users\Claire\AppData\Roaming\Mozilla\Firefox\Profiles\x5yxlu9k.default\cookies.sqlite ]
   .collective-media.net [ C:\Users\Claire\AppData\Roaming\Mozilla\Firefox\Profiles\x5yxlu9k.default\cookies.sqlite ]
   .collective-media.net [ C:\Users\Claire\AppData\Roaming\Mozilla\Firefox\Profiles\x5yxlu9k.default\cookies.sqlite ]
   .collective-media.net [ C:\Users\Claire\AppData\Roaming\Mozilla\Firefox\Profiles\x5yxlu9k.default\cookies.sqlite ]
   .collective-media.net [ C:\Users\Claire\AppData\Roaming\Mozilla\Firefox\Profiles\x5yxlu9k.default\cookies.sqlite ]
   .doubleclick.net [ C:\Users\Claire\AppData\Roaming\Mozilla\Firefox\Profiles\x5yxlu9k.default\cookies.sqlite ]
   .bs.serving-sys.com [ C:\Users\Claire\AppData\Roaming\Mozilla\Firefox\Profiles\x5yxlu9k.default\cookies.sqlite ]
   .serving-sys.com [ C:\Users\Claire\AppData\Roaming\Mozilla\Firefox\Profiles\x5yxlu9k.default\cookies.sqlite ]
   .serving-sys.com [ C:\Users\Claire\AppData\Roaming\Mozilla\Firefox\Profiles\x5yxlu9k.default\cookies.sqlite ]
   .serving-sys.com [ C:\Users\Claire\AppData\Roaming\Mozilla\Firefox\Profiles\x5yxlu9k.default\cookies.sqlite ]
   .serving-sys.com [ C:\Users\Claire\AppData\Roaming\Mozilla\Firefox\Profiles\x5yxlu9k.default\cookies.sqlite ]
   .serving-sys.com [ C:\Users\Claire\AppData\Roaming\Mozilla\Firefox\Profiles\x5yxlu9k.default\cookies.sqlite ]
   .serving-sys.com [ C:\Users\Claire\AppData\Roaming\Mozilla\Firefox\Profiles\x5yxlu9k.default\cookies.sqlite ]
   .serving-sys.com [ C:\Users\Claire\AppData\Roaming\Mozilla\Firefox\Profiles\x5yxlu9k.default\cookies.sqlite ]
   .adserver.adtechus.com [ C:\Users\Claire\AppData\Roaming\Mozilla\Firefox\Profiles\x5yxlu9k.default\cookies.sqlite ]
   .tribalfusion.com [ C:\Users\Claire\AppData\Roaming\Mozilla\Firefox\Profiles\x5yxlu9k.default\cookies.sqlite ]
   .atdmt.com [ C:\Users\Claire\AppData\Roaming\Mozilla\Firefox\Profiles\x5yxlu9k.default\cookies.sqlite ]
   .atdmt.com [ C:\Users\Claire\AppData\Roaming\Mozilla\Firefox\Profiles\x5yxlu9k.default\cookies.sqlite ]

Malware.Trace
   (x86) HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer#idstrf [ 1-1CAAD9FC90E5730 ]
   (x86) HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer#idstrf [ 1-1CAAD9FC90E5730 ]

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4865

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

17/10/2010 11:20:56 PM
mbam-log-2010-10-17 (23-20-56).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 297221
Time elapsed: 1 hour(s), 43 minute(s), 49 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\TOY5KNQ8OC (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\shomdkes (Antivirus.Action) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Users\Claire\AppData\Local\Temp\cbxbgyrcc\mrjbhpcyhsn.exe (Antivirus.Action) -> Quarantined and deleted successfully.
C:\Users\Claire\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O9V388LD\fnclbrhoy[1].exe (Antivirus.Action) -> Quarantined and deleted successfully.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:08:29 AM, on 19/10/2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18527)
Boot mode: Normal

Running processes:
C:\Program Files\ltmoh\ltmoh.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr .exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe
C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe
C:\Program Files (x86)\AVG\AVG8\avgtray.exe
C:\Program Files (x86)\iTunes\ituneshelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Users\Claire\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Claire\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Claire\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Claire\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Claire\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Claire\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Trend Micro\HijackThis\sniper.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:29775
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [cfFncEnabler.exe] cfFncEnabler.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] "C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~2\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [tscui] C:\Program Files (x86)\Bell Mobility\Mobile Connect Basic\tscui.exe
O4 - HKLM\..\Run: [MCStart] "C:\Program Files (x86)\Bell Mobility\Mobile Connect Basic\tscui.exe" /s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\MBAM.exe" /runcleanupscript
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\program files (x86)\windows live\messenger\msnmsgr .exe" /background
O4 - HKCU\..\Run: [Google Update] "C:\Users\Claire\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} (Infotl Control) - http://site.ebrary.com.cat1.lib.trentu.ca:8080/lib/ocultrent/support/plugins/ebraryRdr.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG8\avgpp.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Unknown owner - C:\Windows\system32\agr64svc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~2\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Gadget Service - TOSHIBA Corporation. - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files (x86)\iPod\bin\iPodService.exe
O23 - Service: Jumpstart Wifi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files (x86)\Jumpstart\jswpsapi.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NovaCore SDK Service (NvtlService) - Unknown owner - C:\Program Files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: SmartFaceVWatchSrv - Toshiba - C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files (x86)\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\Windows\system32\TODDSrv.exe (file missing)
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10575 bytes

Thanks so much!

harry 48 · « **Reply #3 on:** October 19, 2010, 05:38:53 AM »

ok , you will need to post new sas and mbam logs they are nearly 2 weeks out of date

Jocan · « **Reply #4 on:** October 19, 2010, 05:29:08 PM »

The previous log scans were from just 2 days ago when I found the virus, nevertheless here are todays scans:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4876

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

19/10/2010 7:21:35 PM
mbam-log-2010-10-19 (19-21-35).txt

Scan type: Quick scan
Objects scanned: 139417
Time elapsed: 6 minute(s), 19 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 10/19/2010 at 07:13 PM

Application Version : 4.44.1000

Core Rules Database Version : 5714
Trace Rules Database Version: 3526

Scan type : Quick Scan
Total Scan Time : 01:24:29

Memory items scanned : 622
Memory threats detected : 0
Registry items scanned : 1795
Registry threats detected : 0
File items scanned : 78379
File threats detected : 145

Adware.Tracking Cookie
   C:\Users\Claire\AppData\Roaming\Microsoft\Windows\Cookies\claire@atdmt[2].txt
   .collective-media.net [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .collective-media.net [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .collective-media.net [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .collective-media.net [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .doubleclick.net [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   ad.yieldmanager.com [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   ad.yieldmanager.com [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .content.yieldmanager.com [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .tradedoubler.com [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   ads.networldmedia.net [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .mediaplex.com [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .networldmedia.net [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .networldmedia.net [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .vitamine.networldmedia.net [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .realmedia.com [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .imrworldwide.com [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .imrworldwide.com [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .advertising.com [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .atdmt.com [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .atdmt.com [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .www.burstnet.com [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .burstnet.com [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   www.burstnet.com [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .network.realmedia.com [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .realmedia.com [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .realmedia.com [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .realmedia.com [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .realmedia.com [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .media6degrees.com [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .media6degrees.com [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .tribalfusion.com [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .burstnet.com [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   network.realmedia.com [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .cbspressexpress.com [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .cbspressexpress.com [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .cbspressexpress.com [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .revsci.net [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .pro-market.net [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .zedo.com [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .zedo.com [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .serving-sys.com [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .adbrite.com [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .adbrite.com [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .adbrite.com [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .adserver.keewurd.com [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   user.lucidmedia.com [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .media6degrees.com [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .serving-sys.com [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .serving-sys.com [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .serving-sys.com [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .serving-sys.com [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .serving-sys.com [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .serving-sys.com [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .bs.serving-sys.com [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .shared.rogersmedia.com [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .analytics.rogersmedia.com [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .rogersmedia.com [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .casalemedia.com [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .overture.com [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .advertising.com [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .yieldmanager.net [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .questionmarket.com [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .questionmarket.com [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .advertising.com [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .advertising.com [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .advertising.com [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .ads.pointroll.com [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .pointroll.com [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .pointroll.com [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .ads.pointroll.com [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .ads.pointroll.com [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .ads.pointroll.com [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .ads.pointroll.com [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .ads.pointroll.com [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .ads.pointroll.com [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .adxpose.com [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .media6degrees.com [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .adbrite.com [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .adecn.com [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .revsci.net [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .revsci.net [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .revsci.net [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .revsci.net [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .revsci.net [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   ads.networldmedia.net [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .2o7.net [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .apmebf.com [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .fastclick.net [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .zedo.com [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .zedo.com [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .zedo.com [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .zedo.com [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .fastclick.net [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .fastclick.net [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .fastclick.net [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .casalemedia.com [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .casalemedia.com [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .casalemedia.com [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .casalemedia.com [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .casalemedia.com [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .casalemedia.com [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .casalemedia.com [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .casalemedia.com [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .adbrite.com [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .adbrite.com [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .adbrite.com [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .adbrite.com [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .tradedoubler.com [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .mediaplex.com [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .vitamine.networldmedia.net [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   ad.yieldmanager.com [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   ad.yieldmanager.com [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .statcounter.com [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   optimize.indieclick.com [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .content.yieldmanager.com [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   ad.yieldmanager.com [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   ad.yieldmanager.com [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   ad.yieldmanager.com [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .tradedoubler.com [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .networldmedia.net [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   vitamine.networldmedia.net [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   vitamine.networldmedia.net [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .networldmedia.net [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .vitamine.networldmedia.net [ C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   ia.media-imdb.com [ C:\Users\Claire\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\X88Y6HQZ ]
   serving-sys.com [ C:\Users\Claire\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\X88Y6HQZ ]
   vitamine.networldmedia.net [ C:\Users\Claire\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\X88Y6HQZ ]
   .collective-media.net [ C:\Users\Claire\AppData\Roaming\Mozilla\Firefox\Profiles\x5yxlu9k.default\cookies.sqlite ]
   .collective-media.net [ C:\Users\Claire\AppData\Roaming\Mozilla\Firefox\Profiles\x5yxlu9k.default\cookies.sqlite ]
   .collective-media.net [ C:\Users\Claire\AppData\Roaming\Mozilla\Firefox\Profiles\x5yxlu9k.default\cookies.sqlite ]
   .collective-media.net [ C:\Users\Claire\AppData\Roaming\Mozilla\Firefox\Profiles\x5yxlu9k.default\cookies.sqlite ]
   .doubleclick.net [ C:\Users\Claire\AppData\Roaming\Mozilla\Firefox\Profiles\x5yxlu9k.default\cookies.sqlite ]
   .bs.serving-sys.com [ C:\Users\Claire\AppData\Roaming\Mozilla\Firefox\Profiles\x5yxlu9k.default\cookies.sqlite ]
   .serving-sys.com [ C:\Users\Claire\AppData\Roaming\Mozilla\Firefox\Profiles\x5yxlu9k.default\cookies.sqlite ]
   .serving-sys.com [ C:\Users\Claire\AppData\Roaming\Mozilla\Firefox\Profiles\x5yxlu9k.default\cookies.sqlite ]
   .serving-sys.com [ C:\Users\Claire\AppData\Roaming\Mozilla\Firefox\Profiles\x5yxlu9k.default\cookies.sqlite ]
   .serving-sys.com [ C:\Users\Claire\AppData\Roaming\Mozilla\Firefox\Profiles\x5yxlu9k.default\cookies.sqlite ]
   .serving-sys.com [ C:\Users\Claire\AppData\Roaming\Mozilla\Firefox\Profiles\x5yxlu9k.default\cookies.sqlite ]
   .serving-sys.com [ C:\Users\Claire\AppData\Roaming\Mozilla\Firefox\Profiles\x5yxlu9k.default\cookies.sqlite ]
   .serving-sys.com [ C:\Users\Claire\AppData\Roaming\Mozilla\Firefox\Profiles\x5yxlu9k.default\cookies.sqlite ]
   .atdmt.com [ C:\Users\Claire\AppData\Roaming\Mozilla\Firefox\Profiles\x5yxlu9k.default\cookies.sqlite ]
   .atdmt.com [ C:\Users\Claire\AppData\Roaming\Mozilla\Firefox\Profiles\x5yxlu9k.default\cookies.sqlite ]
   www.googleadservices.com [ C:\Users\Claire\AppData\Roaming\Mozilla\Firefox\Profiles\x5yxlu9k.default\cookies.sqlite ]
   .tribalfusion.com [ C:\Users\Claire\AppData\Roaming\Mozilla\Firefox\Profiles\x5yxlu9k.default\cookies.sqlite ]

Wow, there are a ton of adware tracking cookies! Are these all from the past 2 days since I ran the SAS scan? I haven't been visiting many websites because of this virus so I don't think I could have picked up this many in 2 days. Is this a sign that the virus is still on my computer?

I really appreciate any help!

SuperDave · « **Reply #5 on:** October 22, 2010, 12:42:14 PM »

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer. I am working under the guidance of one of the specialist of this forum so it may take a bit longer to process your logs.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*************************************
It appears that your Anti-Virus AVG is out-of-date. Please bring it up to date asap.
****************************************

Open HijackThis and select Do a system scan only

Place a check mark next to the following entries: (if there)

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:29775
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\MBAM.exe" /runcleanupscript

Important: Close all open windows except for HijackThis and then click Fix checked.

Once completed, exit HijackThis.

******************************
Download Security Check by screen317 from one of the following links and save it to your desktop.

Link 1
Link 2

* Unzip SecurityCheck.zip and a folder named Security Check should appear.
* Open the Security Check folder and double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.
*************************************
Download OTL to your Desktop

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Under the Custom Scan box paste this in

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
%systemroot%\*. /mp /s
c:\$recycle.bin\*.* /s
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
nvstor32.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
explorer.exe
svchost.exe
userinit.exe
qmgr.dll
ws2_32.dll
proquota.exe
imm32.dll
kernel32.dll
ndis.sys
autochk.exe
spoolsv.exe
xmlprov.dll
ntmssvc.dll
mswsock.dll
Beep.SYS
ntfs.sys
termsrv.dll
sfcfiles.dll
st3shark.sys
ahcix86.sys
srsvc.dll
nvrd32.sys
/md5stop
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time

Jocan · « **Reply #6 on:** October 22, 2010, 04:48:37 PM »

Hi Dave,

Thanks so much for you reply! Here are the results of those scans:

Results of screen317's Security Check version 0.99.5
Windows Vista (UAC is disabled!)
Out of date service pack!![/b]
Internet Explorer 7 Out of date!
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
AVG 8.5
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
HijackThis 2.0.2
Java(TM) 6 Update 20
Java(TM) 6 Update 6
Out of date Java installed!
Adobe Flash Player 10.1.82.76
Adobe Reader 8.1.2
Out of date Adobe Reader installed!
Mozilla Firefox (3.0.19) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent
Windows Defender MSASCui.exe
AVG avgwdsvc.exe
AVG avgtray.exe
Windows Defender MSASCui.exe
````````````````````````````````
DNS Vulnerability Check:
Request Timed Out (Wireless Internet connection/Disconnected Internet/Proxy?)

``````````End of Log````````````

OTL logfile created on: 22/10/2010 6:21:02 PM - Run 1
OTL by OldTimer - Version 3.2.16.0 Folder = C:\Users\Claire\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 48.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 73.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 216.33 Gb Total Space | 50.65 Gb Free Space | 23.41% Space Free | Partition Type: NTFS
Drive D: | 7.59 Gb Total Space | 7.53 Gb Free Space | 99.14% Space Free | Partition Type: NTFS

Computer Name: CLAIRE-PC | User Name: Claire | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days

========== Processes (SafeList) ==========

PRC - [2010/10/22 18:19:14 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Claire\Desktop\OTL.exe
PRC - [2010/07/09 09:08:24 | 002,048,352 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG8\avgtray.exe
PRC - [2009/09/07 08:41:41 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG8\avgwdsvc.exe
PRC - [2009/03/19 22:46:46 | 000,214,536 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\realplay.exe
PRC - [2009/03/02 15:38:26 | 000,040,448 | ---- | M] () -- C:\Program Files (x86)\Novatel Wireless\NovaCore\Server\NvtlSrvr.exe
PRC - [2008/07/18 23:39:30 | 000,083,312 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
PRC - [2008/05/08 13:11:58 | 004,787,712 | ---- | M] () -- C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
PRC - [2008/04/29 13:33:28 | 000,417,792 | ---- | M] (Chicony) -- C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
PRC - [2008/04/17 03:21:24 | 001,056,768 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
PRC - [2008/04/17 03:19:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2008/04/17 03:19:16 | 000,405,504 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
PRC - [2008/04/04 00:01:28 | 000,036,864 | ---- | M] (TOSHIBA Corporation.) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
PRC - [2008/01/20 22:49:12 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\conime.exe
PRC - [2007/01/09 02:23:04 | 000,191,552 | ---- | M] (Agere Systems) -- C:\Program Files\ltmoh\ltmoh.exe
PRC - [2006/08/23 19:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
PRC - [2005/07/15 17:48:33 | 000,479,232 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe

========== Modules (SafeList) ==========

MOD - [2010/10/22 18:19:14 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Claire\Desktop\OTL.exe
MOD - [2010/08/31 11:39:57 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll
MOD - [2008/01/20 22:50:15 | 002,085,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msi.dll
MOD - [2008/01/20 22:49:15 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\sfc_os.dll
MOD - [2006/11/02 05:46:13 | 000,004,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\sfc.dll
MOD - [2006/11/02 05:46:07 | 000,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msiltcfg.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/06/29 13:49:27 | 000,128,752 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2008/04/24 21:57:40 | 000,084,992 | ---- | M] (Toshiba) [On_Demand | Running] -- C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe -- (SmartFaceVWatchSrv)
SRV:64bit: - [2008/02/06 16:50:18 | 000,434,016 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2008/01/20 22:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2007/12/10 23:11:30 | 000,015,872 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\agr64svc.exe -- (AgereModemAudio)
SRV:64bit: - [2007/12/03 20:04:48 | 000,175,104 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe -- (TOSHIBA SMART Log Service)
SRV:64bit: - [2007/11/21 19:53:16 | 000,135,168 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/09/07 08:41:41 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG8\avgwdsvc.exe -- (avg8wd)
SRV - [2009/03/02 15:38:26 | 000,040,448 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe -- (NvtlService)
SRV - [2008/07/27 14:03:13 | 000,069,632 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/07/18 23:39:30 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2008/04/17 03:19:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2008/04/16 18:53:00 | 000,954,368 | ---- | M] (Atheros Communications, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Jumpstart\jswpsapi.exe -- (jswpsapi)
SRV - [2008/04/04 00:01:28 | 000,036,864 | ---- | M] (TOSHIBA Corporation.) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe -- (ConfigFree Gadget Service)
SRV - [2006/08/23 19:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)

========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ipinip.sys -- (IpInIp)
DRV:64bit: - [2010/02/17 14:23:05 | 000,014,920 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2010/02/17 14:23:05 | 000,012,360 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2009/09/07 08:41:49 | 000,033,416 | ---- | M] () [File_System | System | Running] -- C:\Windows\SysNative\Drivers\avgmfx64.sys -- (AvgMfx64)
DRV:64bit: - [2009/09/07 08:41:48 | 000,427,016 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\avgldx64.sys -- (AvgLdx64)
DRV:64bit: - [2009/09/07 08:41:44 | 000,133,640 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\avgtdia.sys -- (AvgTdiA)
DRV:64bit: - [2009/08/28 20:42:52 | 000,049,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2009/05/18 15:17:08 | 000,034,152 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008/12/19 12:26:38 | 000,255,488 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NWADIenum.sys -- (NWADI)
DRV:64bit: - [2008/12/04 10:57:32 | 000,213,248 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwusbser2.sys -- (NWUSBPort2)
DRV:64bit: - [2008/12/04 10:57:32 | 000,213,248 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwusbser.sys -- (NWUSBPort)
DRV:64bit: - [2008/12/04 10:57:32 | 000,213,248 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwusbmdm.sys -- (NWUSBModem)
DRV:64bit: - [2008/07/18 21:52:16 | 000,504,912 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\tos_sps64.sys -- (tos_sps64)
DRV:64bit: - [2008/07/07 12:23:56 | 000,025,600 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\NwUsbCdFil64.sys -- (NWUSBCDFIL64)
DRV:64bit: - [2008/06/12 06:51:36 | 007,911,840 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys -- (igfx)
DRV:64bit: - [2008/05/19 22:44:00 | 001,137,152 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\athrx.sys -- (athr)
DRV:64bit: - [2008/04/28 19:59:26 | 000,026,624 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\jswpslwfx.sys -- (JSWPSLWF)
DRV:64bit: - [2008/04/15 20:54:16 | 000,388,120 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\iaStor.sys -- (iaStor)
DRV:64bit: - [2008/04/14 22:05:42 | 000,161,792 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2008/04/02 20:27:18 | 000,065,024 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTSTOR64.SYS -- (RTSTOR)
DRV:64bit: - [2008/02/29 02:59:32 | 001,252,352 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2008/01/20 22:47:28 | 000,046,080 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2008/01/20 22:46:57 | 000,022,528 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2007/12/20 19:10:50 | 000,028,200 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\UVCFTR_S.SYS -- (UVCFTR)
DRV:64bit: - [2007/12/11 17:03:36 | 000,027,272 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2007/12/06 06:12:56 | 000,320,048 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP)
DRV:64bit: - [2007/11/09 17:00:30 | 000,026,968 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2007/06/14 14:57:54 | 000,041,280 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\PCASp50a64.sys -- (PCASp50a64)
DRV:64bit: - [2006/11/20 01:11:06 | 000,008,704 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\FwLnk.sys -- (FwLnk)
DRV:64bit: - [2006/09/18 17:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\Wbem\ntfs.mof -- (Ntfs)
DRV - [2009/03/02 15:39:08 | 000,041,280 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\PCASp50a64.sys -- (PCASp50a64)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.shoptoshiba.ca/welcome
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.shoptoshiba.ca/welcome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5.0.429
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files (x86)\AVG\AVG8\Firefox [2010/01/05 10:45:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/10/17 21:30:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/10/17 21:30:36 | 000,000,000 | ---D | M]

[2008/12/06 19:40:36 | 000,000,000 | ---D | M] -- C:\Users\Claire\AppData\Roaming\Mozilla\Extensions
[2010/10/17 17:42:32 | 000,000,000 | ---D | M] -- C:\Users\Claire\AppData\Roaming\Mozilla\Firefox\Profiles\x5yxlu9k.default\extensions
[2009/09/21 11:20:22 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Claire\AppData\Roaming\Mozilla\Firefox\Profiles\x5yxlu9k.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/10/17 16:41:05 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/06/08 11:58:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/06/08 11:57:54 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/02/18 21:27:55 | 000,001,538 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/02/18 21:27:55 | 000,000,947 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/02/18 21:27:55 | 000,000,759 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/02/18 21:27:55 | 000,000,831 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2006/09/18 17:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe ()
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe ()
O4:64bit: - HKLM..\Run: [LtMoh] C:\Program Files\ltmoh\ltmoh.exe (Agere Systems)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4:64bit: - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe (Google Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files (x86)\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)
O4 - HKLM..\Run: [cfFncEnabler.exe] File not found
O4 - HKLM..\Run: [MCStart] C:\Program Files (x86)\Bell Mobility\Mobile Connect Basic\tscui.exe (Bell)
O4 - HKLM..\Run: [NDSTray.exe] File not found
O4 - HKLM..\Run: [tscui] C:\Program Files (x86)\Bell Mobility\Mobile Connect Basic\tscui.exe (Bell)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - Reg Error: Value error. File not found
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} http://site.ebrary.com.cat1.lib.trentu.ca:8080/lib/ocultrent/support/plugins/ebraryRdr.cab (Infotl Control)
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab (Solitaire Showdown Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 10.0.0.2
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - Reg Error: Key error. File not found
O20:64bit: - AppInit_DLLs: (avgrssta.dll) - C:\Windows\SysNative\avgrssta.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll ()
O24 - Desktop WallPaper: C:\Users\Claire\Pictures\Tim Wynne-Jones IS NOT David Suzuki2.jpg
O24 - Desktop BackupWallPaper: C:\Users\Claire\Pictures\Tim Wynne-Jones IS NOT David Suzuki2.jpg
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{42fdd507-6446-11de-97fe-001e336c4c59}\Shell - "" = AutoRun
O33 - MountPoints2\{42fdd507-6446-11de-97fe-001e336c4c59}\Shell\AutoRun\command - "" = G:\AutoLaunch.exe -- File not found
O33 - MountPoints2\{50246a7d-487c-11df-8788-001e336c4c59}\Shell - "" = AutoRun
O33 - MountPoints2\{50246a7d-487c-11df-8788-001e336c4c59}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\{91181b92-7f60-11df-a571-001e336c4c59}\Shell\Auto\command - "" = F:\launcher.exe -- File not found
O33 - MountPoints2\{bca807ad-7a07-11df-b627-001e336c4c59}\Shell\Auto\command - "" = F:\launcher.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

SafeBootMin:64bit: !SASCORE - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (SUPERAntiSpyware.com)
SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PEVSystemStart - Service
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: procexp90.Sys - Driver
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PEVSystemStart - Service
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: procexp90.Sys - Driver
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet:64bit: !SASCORE - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (SUPERAntiSpyware.com)
SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PEVSystemStart - Service
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: procexp90.Sys - Driver
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PEVSystemStart - Service
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: procexp90.Sys - Driver
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX:64bit: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Windows Media Player 5.2
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm ()
Drivers32: msacm.dvacm - C:\Program Files (x86)\Common Files\Ulead Systems\vio\DVACM.acm (Ulead Systems, Inc.)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

========== Files/Folders - Created Within 90 Days ==========

[2010/10/22 18:19:02 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Claire\Desktop\OTL.exe
[2010/10/18 23:15:25 | 000,000,000 | R--D | C] -- C:\32788R22FWJFW
[2010/10/18 22:13:07 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/10/17 23:27:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2010/10/17 17:50:05 | 000,000,000 | ---D | C] -- C:\Users\Claire\AppData\Roaming\SUPERAntiSpyware.com
[2010/10/17 17:50:05 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010/10/17 17:50:00 | 000,000,000 | ---D | C] -- C:\ProgramData\!SASCORE
[2010/10/17 17:49:57 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/08/15 15:34:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Poladroid
[2010/08/12 23:48:31 | 000,000,000 | ---D | C] -- C:\Users\Claire\AppData\Roaming\Hoyle FaceCreator
[2010/08/12 23:48:30 | 000,000,000 | ---D | C] -- C:\Users\Claire\AppData\Roaming\Hoyle Card Games
[2010/08/12 23:47:56 | 000,000,000 | RH-D | C] -- C:\Users\Claire\AppData\Roaming\SecuROM
[2010/08/12 23:47:55 | 000,178,800 | ---- | C] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll
[2010/08/12 23:44:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Encore
[2010/07/30 12:13:03 | 000,000,000 | ---D | C] -- C:\Users\Claire\AppData\Roaming\U3
[2 C:\Users\Claire\Documents\*.tmp files -> C:\Users\Claire\Documents\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/10/22 18:19:14 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Claire\Desktop\OTL.exe
[2010/10/22 18:14:16 | 000,869,051 | ---- | M] () -- C:\Users\Claire\Desktop\SecurityCheck.exe
[2010/10/22 18:09:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/10/22 07:41:10 | 000,002,255 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/10/22 07:40:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3337527313-3042692976-367435044-1000UA.job
[2010/10/21 22:00:00 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\At23.job
[2010/10/21 21:40:11 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{4DA7B80F-1DE0-4AFF-87B4-A638EF97D42C}.job
[2010/10/21 19:00:00 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\At20.job
[2010/10/20 23:00:00 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\At24.job
[2010/10/20 22:02:59 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/10/20 22:02:59 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/10/20 21:00:00 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\At22.job
[2010/10/20 19:59:59 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\At21.job
[2010/10/20 06:59:59 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\At8.job
[2010/10/19 18:00:00 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\At19.job
[2010/10/19 17:46:49 | 066,570,953 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\incavi.avm
[2010/10/19 06:45:33 | 4156,555,264 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/18 23:14:36 | 003,880,194 | ---- | M] () -- C:\Users\Claire\Desktop\blackpudding.bat
[2010/10/18 22:13:28 | 000,005,184 | ---- | M] () -- C:\ProgramData\N360BUOptions.ini
[2010/10/18 02:00:00 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\At3.job
[2010/10/18 01:00:00 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\At2.job
[2010/10/18 00:02:00 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\At1.job
[2010/10/17 23:31:19 | 000,001,917 | ---- | M] () -- C:\Users\Claire\Desktop\HijackThis.lnk
[2010/10/17 23:30:54 | 000,001,007 | ---- | M] () -- C:\Users\Claire\Desktop\sniper.exe - Shortcut.lnk
[2010/10/17 17:50:00 | 000,001,767 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/10/17 17:00:00 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\At18.job
[2010/10/17 13:02:55 | 000,002,633 | ---- | M] () -- C:\Users\Claire\Desktop\Microsoft Office Word 2003.lnk
[2010/10/17 13:00:00 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\At14.job
[2010/10/17 12:54:38 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\At9.job
[2010/10/15 15:59:59 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\At17.job
[2010/10/15 15:40:00 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3337527313-3042692976-367435044-1000Core.job
[2010/10/15 14:00:01 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\At15.job
[2010/10/15 12:00:00 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\At13.job
[2010/10/15 10:59:59 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\At12.job
[2010/10/15 09:59:59 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\At11.job
[2010/10/14 09:00:00 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\At10.job
[2010/10/14 08:48:19 | 000,318,824 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/10/14 08:27:30 | 000,714,002 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/10/14 08:27:30 | 000,598,900 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/10/14 08:27:30 | 000,104,914 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/10/12 21:33:40 | 000,097,792 | ---- | M] () -- C:\Users\Claire\Documents\Resume - Claire Marble.doc
[2010/10/01 22:31:59 | 000,071,680 | ---- | M] () -- C:\Users\Claire\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/23 07:35:25 | 000,002,058 | ---- | M] () -- C:\Users\Claire\Desktop\Google Chrome.lnk
[2010/09/23 07:35:25 | 000,002,020 | ---- | M] () -- C:\Users\Claire\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/09/22 21:13:42 | 000,029,696 | ---- | M] () -- C:\Users\Claire\Documents\Celina's Letter.doc
[2010/09/21 14:59:59 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\At16.job
[2010/09/20 08:14:32 | 000,316,416 | ---- | M] () -- C:\Windows\SysNative\msshsq.dll
[2010/09/17 22:54:33 | 000,042,496 | ---- | M] () -- C:\Users\Claire\Documents\Another List.doc
[2010/09/17 18:02:18 | 000,073,728 | ---- | M] () -- C:\Users\Claire\Documents\Cover Letter and Resume - Claire Marble.doc
[2010/09/10 13:30:57 | 013,425,152 | ---- | M] () -- C:\Windows\SysNative\wmp.dll
[2010/09/10 11:52:05 | 008,147,968 | ---- | M] () -- C:\Windows\SysNative\wmploc.DLL
[2010/09/08 12:45:03 | 000,208,896 | ---- | M] () -- C:\Windows\SysNative\occache.dll
[2010/09/08 12:43:55 | 000,758,784 | ---- | M] () -- C:\Windows\SysNative\mshtmled.dll
[2010/09/08 12:43:53 | 000,590,848 | ---- | M] () -- C:\Windows\SysNative\msfeeds.dll
[2010/09/08 12:43:12 | 000,249,856 | ---- | M] () -- C:\Windows\SysNative\iepeers.dll
[2010/09/08 12:43:11 | 000,422,400 | ---- | M] () -- C:\Windows\SysNative\ieapfltr.dll
[2010/09/08 12:43:11 | 000,267,776 | ---- | M] () -- C:\Windows\SysNative\ieaksie.dll
[2010/09/08 12:43:11 | 000,086,528 | ---- | M] () -- C:\Windows\SysNative\ieencode.dll
[2010/09/08 11:26:20 | 000,485,376 | ---- | M] () -- C:\Windows\SysNative\html.iec
[2010/09/06 11:59:19 | 000,012,288 | ---- | M] () -- C:\Windows\SysNative\sscore.dll
[2010/09/06 11:57:48 | 000,017,920 | ---- | M] () -- C:\Windows\SysNative\netevent.dll
[2010/08/31 11:21:34 | 000,633,856 | ---- | M] () -- C:\Windows\SysNative\comctl32.dll
[2010/08/30 18:52:32 | 000,263,680 | ---- | M] () -- C:\Users\Claire\Documents\Simulation crosswords-backups.doc
[2010/08/26 12:27:46 | 000,189,952 | ---- | M] () -- C:\Windows\SysNative\t2embed.dll
[2010/08/20 11:56:01 | 001,090,048 | ---- | M] () -- C:\Windows\SysNative\wmpmde.dll
[2010/08/16 09:04:07 | 000,000,474 | ---- | M] () -- C:\Users\Claire\AppData\Roaming\Poladroid prefs.plist
[2010/08/15 15:34:53 | 000,000,987 | ---- | M] () -- C:\Users\Claire\Application Data\Microsoft\Internet Explorer\Quick Launch\Poladroid 9.6.0.lnk
[2010/08/15 15:34:53 | 000,000,963 | ---- | M] () -- C:\Users\Public\Desktop\Poladroid 0.9.6r0.lnk
[2010/08/15 07:54:27 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\At4.job
[2010/08/13 04:00:00 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\At5.job
[2010/08/12 23:47:55 | 000,178,800 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll
[2010/08/12 23:47:36 | 000,000,995 | ---- | M] () -- C:\Users\Public\Desktop\Hoyle Card Games 2008.lnk
[2010/08/02 06:00:00 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\At7.job
[2010/08/01 16:02:38 | 000,208,896 | ---- | M] () -- C:\Users\Claire\Documents\Simulation calculations.doc
[2 C:\Users\Claire\Documents\*.tmp files -> C:\Users\Claire\Documents\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/10/22 18:14:16 | 000,869,051 | ---- | C] () -- C:\Users\Claire\Desktop\SecurityCheck.exe
[2010/10/18 23:14:37 | 003,880,194 | ---- | C] () -- C:\Users\Claire\Desktop\blackpudding.bat
[2010/10/18 22:13:28 | 000,005,184 | ---- | C] () -- C:\ProgramData\N360BUOptions.ini
[2010/10/17 23:30:54 | 000,001,007 | ---- | C] () -- C:\Users\Claire\Desktop\sniper.exe - Shortcut.lnk
[2010/10/17 23:27:30 | 000,001,917 | ---- | C] () -- C:\Users\Claire\Desktop\HijackThis.lnk
[2010/10/17 17:50:00 | 000,001,767 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/10/17 17:40:14 | 4156,555,264 | -HS- | C] () -- C:\hiberfil.sys
[2010/10/14 08:33:27 | 000,316,416 | ---- | C] () -- C:\Windows\SysNative\msshsq.dll
[2010/10/13 18:10:38 | 001,923,584 | ---- | C] () -- C:\Windows\SysNative\ole32.dll
[2010/10/13 18:10:23 | 000,189,952 | ---- | C] () -- C:\Windows\SysNative\t2embed.dll
[2010/10/13 18:10:21 | 000,633,856 | ---- | C] () -- C:\Windows\SysNative\comctl32.dll
[2010/10/13 18:08:55 | 002,751,488 | ---- | C] () -- C:\Windows\SysNative\win32k.sys
[2010/10/13 18:08:45 | 013,425,152 | ---- | C] () -- C:\Windows\SysNative\wmp.dll
[2010/10/13 18:08:35 | 008,147,968 | ---- | C] () -- C:\Windows\SysNative\wmploc.DLL
[2010/10/13 18:07:18 | 007,015,424 | ---- | C] () -- C:\Windows\SysNative\ieframe.dll
[2010/10/13 18:07:15 | 005,692,928 | ---- | C] () -- C:\Windows\SysNative\mshtml.dll
[2010/10/13 18:07:12 | 000,590,848 | ---- | C] () -- C:\Windows\SysNative\msfeeds.dll
[2010/10/13 18:07:08 | 000,758,784 | ---- | C] () -- C:\Windows\SysNative\mshtmled.dll
[2010/10/13 18:07:01 | 001,426,944 | ---- | C] () -- C:\Windows\SysNative\urlmon.dll
[2010/10/13 18:06:58 | 001,129,984 | ---- | C] () -- C:\Windows\SysNative\mstime.dll
[2010/10/13 18:06:58 | 001,032,704 | ---- | C] () -- C:\Windows\SysNative\wininet.dll
[2010/10/13 18:06:56 | 000,267,776 | ---- | C] () -- C:\Windows\SysNative\ieaksie.dll
[2010/10/13 18:06:55 | 000,485,376 | ---- | C] () -- C:\Windows\SysNative\html.iec
[2010/10/13 18:06:54 | 000,249,856 | ---- | C] () -- C:\Windows\SysNative\iepeers.dll
[2010/10/13 18:06:53 | 000,480,256 | ---- | C] () -- C:\Windows\SysNative\iedkcs32.dll
[2010/10/13 18:06:53 | 000,375,296 | ---- | C] () -- C:\Windows\SysNative\iertutil.dll
[2010/10/13 18:06:53 | 000,208,896 | ---- | C] () -- C:\Windows\SysNative\occache.dll
[2010/10/13 18:06:52 | 000,086,528 | ---- | C] () -- C:\Windows\SysNative\ieencode.dll
[2010/10/13 18:06:51 | 000,032,256 | ---- | C] () -- C:\Windows\SysNative\jsproxy.dll
[2010/10/13 18:06:50 | 001,383,424 | ---- | C] () -- C:\Windows\SysNative\mshtml.tlb
[2010/10/13 18:06:49 | 000,422,400 | ---- | C] () -- C:\Windows\SysNative\ieapfltr.dll
[2010/10/13 18:06:33 | 000,461,824 | ---- | C] () -- C:\Windows\SysNative\drivers\srv.sys
[2010/10/13 18:06:33 | 000,179,712 | ---- | C] () -- C:\Windows\SysNative\srvsvc.dll
[2010/10/13 18:06:33 | 000,175,104 | ---- | C] () -- C:\Windows\SysNative\drivers\srv2.sys
[2010/10/13 18:06:33 | 000,144,896 | ---- | C] () -- C:\Windows\SysNative\drivers\srvnet.sys
[2010/10/13 18:06:32 | 000,017,920 | ---- | C] () -- C:\Windows\SysNative\netevent.dll
[2010/10/13 18:06:32 | 000,012,288 | ---- | C] () -- C:\Windows\SysNative\sscore.dll
[2010/10/13 18:06:28 | 000,343,040 | ---- | C] () -- C:\Windows\SysNative\schannel.dll
[2010/10/13 18:06:27 | 001,090,048 | ---- | C] () -- C:\Windows\SysNative\wmpmde.dll
[2010/09/28 17:28:03 | 000,002,048 | ---- | C] () -- C:\Windows\SysNative\tzres.dll
[2010/09/22 21:03:22 | 000,029,696 | ---- | C] () -- C:\Users\Claire\Documents\Celina's Letter.doc
[2010/09/14 20:24:46 | 000,295,424 | ---- | C] () -- C:\Windows\SysNative\MP4SDECD.DLL
[2010/09/14 20:24:44 | 000,267,776 | ---- | C] () -- C:\Windows\SysNative\spoolsv.exe
[2010/09/14 20:21:29 | 000,975,360 | ---- | C] () -- C:\Windows\SysNative\inetcomm.dll
[2010/09/14 20:21:19 | 000,622,080 | ---- | C] () -- C:\Windows\SysNative\usp10.dll
[2010/08/31 13:38:26 | 000,073,728 | ---- | C] () -- C:\Users\Claire\Documents\Cover Letter and Resume - Claire Marble.doc
[2010/08/30 23:07:14 | 000,097,792 | ---- | C] () -- C:\Users\Claire\Documents\Resume - Claire Marble.doc
[2010/08/17 13:17:03 | 000,263,680 | ---- | C] () -- C:\Users\Claire\Documents\Simulation crosswords-backups.doc
[2010/08/15 15:35:18 | 000,000,474 | ---- | C] () -- C:\Users\Claire\AppData\Roaming\Poladroid prefs.plist
[2010/08/15 15:34:53 | 000,000,987 | ---- | C] () -- C:\Users\Claire\Application Data\Microsoft\Internet Explorer\Quick Launch\Poladroid 9.6.0.lnk
[2010/08/15 15:34:53 | 000,000,963 | ---- | C] () -- C:\Users\Public\Desktop\Poladroid 0.9.6r0.lnk
[2010/08/12 23:47:36 | 000,000,995 | ---- | C] () -- C:\Users\Public\Desktop\Hoyle Card Games 2008.lnk
[2010/08/12 22:04:18 | 001,420,176 | ---- | C] () -- C:\Windows\SysNative\drivers\tcpip.sys
[2010/08/12 22:04:01 | 004,690,832 | ---- | C] () -- C:\Windows\SysNative\ntoskrnl.exe
[2010/08/12 22:03:55 | 000,050,688 | ---- | C] () -- C:\Windows\SysNative\rtutils.dll
[2010/08/12 22:03:45 | 001,875,456 | ---- | C] () -- C:\Windows\SysNative\msxml3.dll
[2010/08/04 18:55:46 | 012,898,304 | ---- | C] () -- C:\Windows\SysNative\shell32.dll
[2009/06/27 20:39:53 | 000,010,240 | ---- | C] () -- C:\Windows\SysWow64\vidx16.dll
[2009/06/27 20:38:13 | 000,000,891 | ---- | C] () -- C:\Windows\disney.ini
[2009/03/19 22:47:48 | 000,000,024 | ---- | C] () -- C:\Windows\cdplayer.ini
[2008/10/30 21:44:12 | 000,700,730 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2008/10/27 18:22:28 | 000,001,096 | ---- | C] () -- C:\Users\Claire\AppData\Roaming\wklnhst.dat
[2008/10/26 18:56:30 | 000,071,680 | ---- | C] () -- C:\Users\Claire\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/10/26 09:41:45 | 000,204,800 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeW7.dll
[2008/10/26 09:41:45 | 000,200,704 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeA6.dll
[2008/10/26 09:41:45 | 000,192,512 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeP6.dll
[2008/10/26 09:41:45 | 000,192,512 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeM6.dll
[2008/10/26 09:41:45 | 000,188,416 | ---- | C] () -- C:\Windows\SysWow64\IVIresizePX.dll
[2008/10/26 09:41:45 | 000,020,480 | ---- | C] () -- C:\Windows\SysWow64\IVIresize.dll
[2008/10/26 09:25:55 | 000,128,113 | ---- | C] () -- C:\Windows\SysWow64\csellang.ini
[2008/10/26 09:25:55 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\csellang.dll
[2008/10/26 09:25:55 | 000,007,671 | ---- | C] () -- C:\Windows\SysWow64\cseltbl.ini
[2008/10/26 09:24:28 | 000,000,680 | ---- | C] () -- C:\Users\Claire\AppData\Local\d3d9caps.dat
[2008/10/26 09:23:20 | 000,000,732 | ---- | C] () -- C:\Users\Claire\AppData\Local\d3d9caps64.dat
[2008/10/25 19:12:12 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/07/10 21:53:00 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2008/01/20 22:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2008/01/20 22:49:49 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2003/01/07 18:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\SysWow64\OUTLPERF.INI

========== LOP Check ==========

[2010/10/19 19:42:24 | 000,000,000 | ---D | M] -- C:\Users\Claire\AppData\Roaming\Hoyle Card Games
[2010/08/12 23:49:33 | 000,000,000 | ---D | M] -- C:\Users\Claire\AppData\Roaming\Hoyle FaceCreator
[2009/06/27 20:45:27 | 000,000,000 | ---D | M] -- C:\Users\Claire\AppData\Roaming\Leadertech
[2008/10/27 18:22:29 | 000,000,000 | ---D | M] -- C:\Users\Claire\AppData\Roaming\Template
[2008/10/26 09:37:21 | 000,000,000 | ---D | M] -- C:\Users\Claire\AppData\Roaming\toshiba
[2010/10/18 00:02:00 | 000,000,392 | ---- | M] () -- C:\Windows\Tasks\At1.job
[2010/10/14 09:00:00 | 000,000,392 | ---- | M] () -- C:\Windows\Tasks\At10.job
[2010/10/15 09:59:59 | 000,000,392 | ---- | M] () -- C:\Windows\Tasks\At11.job
[2010/10/15 10:59:59 | 000,000,392 | ---- | M] () -- C:\Windows\Tasks\At12.job
[2010/10/15 12:00:00 | 000,000,392 | ---- | M] () -- C:\Windows\Tasks\At13.job
[2010/10/17 13:00:00 | 000,000,392 | ---- | M] () -- C:\Windows\Tasks\At14.job
[2010/10/15 14:00:01 | 000,000,392 | ---- | M] () -- C:\Windows\Tasks\At15.job
[2010/09/21 14:59:59 | 000,000,392 | ---- | M] () -- C:\Windows\Tasks\At16.job
[2010/10/15 15:59:59 | 000,000,392 | ---- | M] () -- C:\Windows\Tasks\At17.job
[2010/10/17 17:00:00 | 000,000,392 | ---- | M] () -- C:\Windows\Tasks\At18.job
[2010/10/19 18:00:00 | 000,000,392 | ---- | M] () -- C:\Windows\Tasks\At19.job
[2010/10/18 01:00:00 | 000,000,392 | ---- | M] () -- C:\Windows\Tasks\At2.job
[2010/10/21 19:00:00 | 000,000,392 | ---- | M] () -- C:\Windows\Tasks\At20.job
[2010/10/20 19:59:59 | 000,000,392 | ---- | M] () -- C:\Windows\Tasks\At21.job
[2010/10/20 21:00:00 | 000,000,392 | ---- | M] () -- C:\Windows\Tasks\At22.job
[2010/10/21 22:00:00 | 000,000,392 | ---- | M] () -- C:\Windows\Tasks\At23.job
[2010/10/20 23:00:00 | 000,000,392 | ---- | M] () -- C:\Windows\Tasks\At24.job
[2010/10/18 02:00:00 | 000,000,392 | ---- | M] () -- C:\Windows\Tasks\At3.job
[2010/08/15 07:54:27 | 000,000,392 | ---- | M] () -- C:\Windows\Tasks\At4.job
[2010/08/13 04:00:00 | 000,000,392 | ---- | M] () -- C:\Windows\Tasks\At5.job
[2010/06/26 05:00:00 | 000,000,392 | ---- | M] () -- C:\Windows\Tasks\At6.job
[2010/08/02 06:00:00 | 000,000,392 | ---- | M] () -- C:\Windows\Tasks\At7.job
[2010/10/20 06:59:59 | 000,000,392 | ---- | M] () -- C:\Windows\Tasks\At8.job
[2010/10/17 12:54:38 | 000,000,392 | ---- | M] () -- C:\Windows\Tasks\At9.job
[2010/10/18 23:20:02 | 000,032,578 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/10/21 21:40:11 | 000,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{4DA7B80F-1DE0-4AFF-87B4-A638EF97D42C}.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< %systemroot%\*. /mp /s >

< c:\$recycle.bin\*.* /s >
[2010/04/22 12:04:12 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$I0AZEFH.jpg
[2010/04/22 12:05:53 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$I0SLV11.jpg
[2010/04/20 15:47:50 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$I149R5T.m4v
[2010/04/20 15:47:50 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$I1UKN6L.m4v
[2010/07/11 18:17:48 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$I1UUKT9.m4a
[2010/04/20 15:47:51 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$I1V4I81.m4v
[2010/04/20 15:47:51 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$I1XDP2H.m4v
[2010/04/22 12:04:38 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-33375

Jocan · « **Reply #7 on:** October 22, 2010, 05:01:31 PM »

The rest of OTL and Extras

[2010/04/20 15:47:32 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$I26PACF.m4v
[2010/04/20 15:47:51 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$I2RSR1L.m4v
[2010/04/20 15:47:32 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$I2YN8TY.m4v
[2010/04/20 15:47:52 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$I31XT1J.m4v
[2010/04/30 07:10:59 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$I42CNZO.jpg
[2010/04/20 15:47:50 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$I45UZLI.m4v
[2010/10/18 23:03:30 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$I46QSWN.exe
[2010/10/18 23:03:21 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$I48SNVL.exe
[2010/04/20 15:47:32 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$I4BP24H.m4v
[2010/08/01 09:12:07 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$I4F50FC.jpg
[2010/04/22 12:04:46 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$I4LU46C.jpg
[2010/04/20 15:47:32 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$I4NFJ2O.m4v
[2010/04/22 12:06:31 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$I4PEYOJ.jpg
[2010/04/20 15:47:51 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$I4RU3P9.m4v
[2010/04/20 15:47:51 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$I4SED2Z.m4v
[2010/04/22 12:04:17 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$I4VCOQT.jpg
[2010/04/20 15:47:52 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$I503CPL.m4v
[2010/04/20 15:47:32 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$I53H4R1.m4v
[2010/04/20 15:47:32 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$I5GWJ3E.m4v
[2010/04/20 15:47:32 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$I5M4H0H.m4v
[2010/04/20 15:47:32 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$I5PPBN1.m4v
[2010/04/20 15:47:52 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$I5WVMEY.m4v
[2010/04/20 15:47:51 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$I5YVFPV.m4v
[2010/08/01 09:12:10 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$I6T0JLU.jpg
[2010/04/20 15:47:52 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$I7IETEZ.m4v
[2010/04/20 15:47:51 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$I7IXEE8.m4v
[2010/04/20 15:47:51 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$I7KINBQ.m4v
[2010/04/20 15:47:32 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$I7N27B2.m4v
[2010/07/01 18:01:47 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$I811MDQ.m4a
[2010/04/20 15:47:51 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$I8M6L9R.m4v
[2010/04/20 15:47:32 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$I8M9TJL.m4v
[2010/07/11 18:16:10 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$I8SQ53D.m4a
[2010/07/01 18:00:15 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$I91NQ0N.m4a
[2010/04/20 15:47:52 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$I9DUIR9.m4v
[2010/04/20 15:47:51 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$I9G9LZ8.m4v
[2010/04/20 15:47:52 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$I9K1REY.m4v
[2010/04/20 15:47:32 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$I9KCWQ1.m4v
[2010/04/20 15:47:32 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$I9LPXLT.m4v
[2010/04/20 15:47:32 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$I9PJU6L.m4v
[2010/04/20 15:47:32 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$I9ZFTIS.m4v
[2010/07/01 18:00:01 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$IA83NJQ.m4a
[2010/04/20 15:47:51 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$IA8N5OY.m4v
[2010/04/20 15:47:32 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$IAH2GP9.m4v
[2010/04/20 15:47:51 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$IAPGPU4.m4v
[2010/04/22 12:05:28 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$IAQBZEH.jpg
[2010/04/20 15:47:50 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$IAU5E81.m4v
[2010/10/17 17:01:00 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$IBDJUK5.lnk
[2010/04/20 15:47:32 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$IBNCYPY.m4v
[2010/04/20 15:47:32 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$IBSLDGB.m4v
[2010/04/20 15:47:32 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$IBXVMA2.m4v
[2010/04/20 15:47:51 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$IBZZ6KC.m4v
[2010/04/20 15:47:50 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$ICAR9V6.m4v
[2010/04/20 15:47:51 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$ICZJBM4.m4v
[2010/04/20 15:47:51 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$ICZL0XZ.m4v
[2010/04/20 15:47:32 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$IDBHBMS.m4v
[2010/10/18 23:11:15 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$IDDNYHD.bat
[2010/08/01 09:12:36 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$IDII7V5.jpg
[2010/04/20 15:47:51 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$IDPZ4UM.m4v
[2010/04/20 15:47:52 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$IDU6DWN.m4v
[2010/07/01 18:00:31 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$IE3BOWB.m4a
[2010/04/20 15:47:51 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$IE3GBL8.m4v
[2010/04/20 15:47:51 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$IEEXYY4.m4v
[2010/04/20 15:47:50 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$IET7MBS.m4v
[2010/04/20 15:47:31 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$IEY1SKB.m4v
[2010/04/20 15:47:32 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$IF79NAJ.m4v
[2010/04/20 15:47:31 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$IFS8QML.m4v
[2010/04/20 15:47:31 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$IG6RKOW.m4v
[2010/04/20 15:47:32 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$IG9TUI5.m4v
[2010/04/22 12:05:36 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$IGNAB3P.jpg
[2010/04/20 15:47:51 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$IH3LLY8.m4v
[2010/04/20 15:47:32 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$IH94MXR.m4v
[2010/04/20 15:47:51 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$IHQ0GRT.m4v
[2010/04/20 15:47:52 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$IIF3ZZ5.m4v
[2010/04/22 12:05:02 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$IIJIMAE.jpg
[2010/04/20 15:47:51 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$IISBNZX.m4v
[2010/04/20 15:47:32 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$IIU07V9.m4v
[2010/04/22 12:05:20 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$IJ4OQTO.jpg
[2010/04/22 12:05:08 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$IJLS0B7.jpg
[2010/04/20 15:47:51 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$IJN6R6O.m4v
[2010/04/20 15:47:51 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$IJS4XSZ.m4v
[2010/04/20 15:47:32 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$IK9J0KR.m4v
[2010/04/20 15:47:51 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$IKDRLO4.m4v
[2010/04/20 15:47:51 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$IKG2RCH.m4v
[2010/04/22 12:06:23 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$IKGIO3X.jpg
[2010/04/20 15:47:32 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$IKUHSZR.m4v
[2010/04/20 15:47:51 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$IKWCNCR.m4v
[2010/04/20 15:47:32 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$IL7DIHJ.m4v
[2010/04/20 15:47:32 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$ILO94MB.m4v
[2010/04/22 12:04:02 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$ILXRHQY.jpg
[2010/04/30 07:11:02 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$ILZKTBT.jpg
[2010/07/11 18:14:38 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$IM4BIBD.m4a
[2010/04/20 15:47:52 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$IM6UJ1T.m4v
[2010/04/20 15:47:32 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$IM6X1AF.m4v
[2010/04/20 15:47:32 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$IM9MCDN.m4v
[2010/04/30 07:11:06 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$IMIXHZQ.jpg
[2010/10/18 23:13:27 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$IMUG9MJ.lnk
[2010/07/01 18:01:16 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$IMW65W9.m4a
[2010/04/20 15:47:32 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$IN3TZ1T.m4v
[2010/04/20 15:47:50 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$INRGY8M.m4v
[2010/04/20 15:47:51 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$IOAU449.m4v
[2010/04/20 15:47:32 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$IOBRIO2.m4v
[2010/04/20 15:47:50 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$IOWW2L6.m4v
[2010/04/20 15:47:32 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$IP6NX94.m4v
[2010/04/20 15:47:51 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$IPEZBO8.m4v
[2010/04/20 15:47:50 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$IQ0Q5MH.m4v
[2010/04/22 12:04:50 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$IQKY9GI.jpg
[2010/04/20 15:47:52 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$IR26UT7.m4v
[2010/04/20 15:47:32 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$IR7DPX2.m4v
[2010/04/20 15:47:32 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$IS3MHET.m4v
[2010/04/20 15:47:51 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$IS4NP7L.m4v
[2010/04/22 12:05:23 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$ISNLEJE.jpg
[2010/04/20 15:47:32 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$ISQPY8Q.m4v
[2010/04/20 15:47:51 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$IST267Z.m4v
[2010/04/20 15:47:51 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$ISV5REV.m4v
[2010/10/18 23:10:36 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$ISVR6IF.lnk
[2010/04/20 15:47:51 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$IT6GBZI.m4v
[2010/04/20 15:47:51 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$ITWZWFC.m4v
[2010/04/20 15:47:51 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$IUT16ZY.m4v
[2010/04/20 15:47:52 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$IUW07CB.m4v
[2010/04/20 15:47:50 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$IV1V00F.m4v
[2010/04/20 15:47:51 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$IV2QEBD.m4v
[2010/04/20 15:47:51 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$IV8SZDT.m4v
[2010/04/22 12:06:03 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$IVDBLX5.jpg
[2010/04/20 15:47:32 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$IVHP6HH.m4v
[2010/04/20 15:47:52 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$IVTTC2R.m4v
[2010/04/20 15:47:32 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$IW0VPSV.m4v
[2010/04/20 15:47:32 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$IW6NS2K.m4v
[2010/04/20 15:47:51 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$IW73OC1.m4v
[2010/04/20 15:47:52 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$IX3J7OY.m4v
[2010/04/22 12:06:06 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$IXMQ5AC.jpg
[2010/04/20 15:47:51 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$IXNQV71.m4v
[2010/04/20 15:47:51 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$IXOQ3AZ.m4v
[2010/04/20 15:47:51 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$IXRZT4X.m4v
[2010/04/20 15:47:52 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$IY1OQYQ.m4v
[2010/07/01 18:01:40 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$IYN5FPB.m4a
[2010/04/22 12:05:50 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$IYNA9O8.jpg
[2010/04/20 15:47:31 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$IYQCPIY.m4v
[2010/10/18 23:03:25 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$IYWXUKO.exe
[2010/04/22 12:05:12 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$IYZ9XGQ.jpg
[2010/04/20 15:47:32 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$IZ64HL4.m4v
[2010/04/20 15:47:51 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$IZ8QO1C.m4v
[2010/04/20 15:47:50 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$IZD7AM6.m4v
[2010/07/01 18:01:31 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$IZJS531.m4a
[2010/04/20 15:47:32 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$IZOQ99C.m4v
[2010/04/20 15:47:32 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$IZU6AK8.m4v
[2010/04/13 12:16:02 | 000,035,556 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$R0AZEFH.jpg
[2010/04/21 15:17:29 | 000,032,085 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$R0SLV11.jpg
[2010/01/25 23:04:32 | 057,993,326 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$R149R5T.m4v
[2010/01/19 00:01:05 | 066,051,024 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$R1UKN6L.m4v
[2010/07/11 14:47:33 | 004,278,060 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$R1UUKT9.m4a
[2010/02/09 21:03:51 | 086,247,928 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$R1V4I81.m4v
[2010/01/26 20:52:23 | 066,289,124 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$R1XDP2H.m4v
[2010/04/14 13:06:17 | 000,031,390 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$R20RW2L.jpg
[2010/02/12 15:40:20 | 000,637,429 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$R26PACF.m4v
[2010/02/20 18:25:34 | 080,226,057 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$R2RSR1L.m4v
[2010/04/14 17:15:10 | 195,023,223 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$R2YN8TY.m4v
[2010/04/05 17:42:32 | 076,949,684 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$R31XT1J.m4v
[2010/04/30 07:09:05 | 000,027,563 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$R42CNZO.jpg
[2010/01/23 09:35:15 | 074,295,124 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$R45UZLI.m4v
[2010/10/18 06:51:23 | 003,879,667 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$R46QSWN.exe
[2010/10/18 06:59:39 | 003,879,667 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$R48SNVL.exe
[2010/04/06 12:04:08 | 157,858,139 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$R4BP24H.m4v
[2010/06/08 09:36:57 | 000,033,994 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$R4F50FC.jpg
[2010/04/14 13:53:36 | 000,031,224 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$R4LU46C.jpg
[2010/03/20 00:54:25 | 207,282,428 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$R4NFJ2O.m4v
[2010/04/21 15:17:42 | 000,031,913 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$R4PEYOJ.jpg
[2010/02/03 22:14:02 | 076,494,789 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$R4RU3P9.m4v
[2010/03/08 23:01:12 | 085,825,239 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$R4SED2Z.m4v
[2010/04/13 12:16:09 | 000,036,232 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$R4VCOQT.jpg
[2010/04/15 06:55:55 | 069,704,469 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$R503CPL.m4v
[2010/04/01 11:45:12 | 195,382,441 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$R53H4R1.m4v
[2010/03/01 11:25:30 | 132,438,150 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$R5GWJ3E.m4v
[2010/04/15 14:23:43 | 165,613,893 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$R5M4H0H.m4v
[2010/03/14 12:21:26 | 192,626,176 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$R5PPBN1.m4v
[2010/03/29 23:29:29 | 073,806,415 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$R5WVMEY.m4v
[2010/01/28 20:39:23 | 082,830,953 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$R5YVFPV.m4v
[2010/06/08 09:37:01 | 000,034,212 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$R6T0JLU.jpg
[2010/03/26 20:46:26 | 064,152,080 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$R7IETEZ.m4v
[2010/03/12 11:29:48 | 067,278,049 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$R7IXEE8.m4v
[2010/03/08 10:29:32 | 089,795,724 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$R7KINBQ.m4v
[2010/02/09 16:45:09 | 160,654,101 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$R7N27B2.m4v
[2010/06/25 21:23:48 | 008,431,386 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$R811MDQ.m4a
[2010/02/24 20:04:53 | 059,719,765 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$R8M6L9R.m4v
[2010/03/11 11:38:15 | 203,528,361 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$R8M9TJL.m4v
[2010/07/11 17:36:56 | 003,271,838 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$R8SQ53D.m4a
[2010/06/25 21:21:43 | 008,176,418 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$R91NQ0N.m4a
[2010/04/06 09:17:47 | 096,890,154 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$R9DUIR9.m4v
[2010/03/05 20:27:56 | 068,933,101 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$R9G9LZ8.m4v
[2010/04/16 08:01:40 | 096,775,195 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$R9K1REY.m4v
[2010/03/29 15:51:58 | 193,325,878 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$R9KCWQ1.m4v
[2010/03/24 13:41:29 | 198,078,744 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$R9LPXLT.m4v
[2010/03/05 19:44:13 | 200,691,402 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$R9PJU6L.m4v
[2010/02/08 17:04:17 | 200,165,765 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$R9ZFTIS.m4v
[2010/06/25 21:27:01 | 009,104,530 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$RA83NJQ.m4a
[2010/02/26 15:30:45 | 087,329,704 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$RA8N5OY.m4v
[2010/03/02 11:20:15 | 198,899,048 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$RAH2GP9.m4v
[2010/02/11 22:01:14 | 083,161,501 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$RAPGPU4.m4v
[2010/04/14 16:06:04 | 000,030,132 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$RAQBZEH.jpg
[2010/01/15 21:52:08 | 107,583,784 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$RAU5E81.m4v
[2010/10/17 16:36:27 | 000,000,859 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$RBDJUK5.lnk
[2010/03/15 19:59:46 | 201,134,922 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$RBNCYPY.m4v
[2010/03/13 11:52:31 | 192,770,982 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$RBSLDGB.m4v
[2010/02/10 12:24:35 | 192,858,539 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$RBXVMA2.m4v
[2010/03/26 08:43:09 | 082,124,811 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$RBZZ6KC.m4v
[2010/01/09 18:04:48 | 065,505,406 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$RCAR9V6.m4v
[2010/02/22 22:36:34 | 074,076,460 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$RCZJBM4.m4v
[2010/03/19 21:25:06 | 089,254,989 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$RCZL0XZ.m4v
[2010/03/30 17:08:13 | 191,692,279 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$RDBHBMS.m4v
[2010/10/18 23:04:37 | 003,880,194 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$RDDNYHD.bat
[2010/07/16 10:39:00 | 000,031,027 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$RDII7V5.jpg
[2010/03/10 09:19:03 | 073,580,625 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$RDPZ4UM.m4v
[2010/04/10 15:07:32 | 083,650,995 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$RDU6DWN.m4v
[2010/06/25 21:23:22 | 010,601,802 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$RE3BOWB.m4a
[2010/02/27 16:03:06 | 085,523,053 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$RE3GBL8.m4v
[2010/03/16 10:29:59 | 066,908,757 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$REEXYY4.m4v
[2010/01/13 20:50:45 | 081,503,175 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$RET7MBS.m4v
[2010/02/01 20:23:50 | 206,815,585 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$REY1SKB.m4v
[2010/04/05 17:44:07 | 150,400,027 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$RF79NAJ.m4v
[2010/02/03 14:03:32 | 193,356,678 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$RFS8QML.m4v
[2010/02/04 11:41:28 | 188,170,739 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$RG6RKOW.m4v
[2010/02/05 11:41:21 | 199,630,548 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$RG9TUI5.m4v
[2010/04/14 16:05:32 | 000,029,951 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$RGNAB3P.jpg
[2010/03/03 02:59:34 | 080,239,262 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$RH3LLY8.m4v
[2010/03/04 18:40:42 | 180,959,245 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$RH94MXR.m4v
[2010/02/04 20:15:54 | 084,867,926 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$RHQ0GRT.m4v
[2010/04/13 23:42:59 | 092,818,968 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$RIF3ZZ5.m4v
[2010/04/14 13:06:26 | 000,030,462 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$RIJIMAE.jpg
[2010/03/18 08:24:20 | 085,478,126 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$RISBNZX.m4v
[2010/04/17 09:10:21 | 193,669,383 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$RIU07V9.m4v
[2010/04/14 16:05:49 | 000,030,045 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$RJ4OQTO.jpg
[2010/04/14 16:05:35 | 000,029,408 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$RJLS0B7.jpg
[2010/03/16 21:23:38 | 062,540,260 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$RJN6R6O.m4v
[2010/03/18 20:15:21 | 087,058,457 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$RJS4XSZ.m4v
[2010/04/08 16:44:47 | 191,530,709 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$RK9J0KR.m4v
[2010/02/02 22:54:20 | 076,089,222 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$RKDRLO4.m4v
[2010/02/08 21:41:42 | 077,700,953 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$RKG2RCH.m4v
[2010/04/22 12:02:29 | 000,028,017 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$RKGIO3X.jpg
[2010/03/10 13:57:56 | 195,269,093 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$RKUHSZR.m4v
[2010/02/06 01:09:22 | 077,182,789 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$RKWCNCR.m4v
[2010/03/18 00:55:03 | 177,800,061 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$RL7DIHJ.m4v
[2010/03/18 20:23:18 | 197,429,097 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$RLO94MB.m4v
[2010/04/13 10:59:54 | 000,038,150 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$RLXRHQY.jpg
[2010/04/30 07:09:10 | 000,026,549 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$RLZKTBT.jpg
[2010/07/11 14:24:00 | 005,994,815 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$RM4BIBD.m4a
[2010/04/07 19:42:12 | 067,326,257 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$RM6UJ1T.m4v
[2010/03/31 12:08:09 | 186,494,580 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$RM6X1AF.m4v
[2010/03/22 10:31:22 | 200,024,496 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$RM9MCDN.m4v
[2010/04/30 07:09:14 | 000,026,516 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$RMIXHZQ.jpg
[2010/10/18 23:05:59 | 000,000,590 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$RMUG9MJ.lnk
[2010/06/25 21:24:47 | 011,324,259 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$RMW65W9.m4a
[2010/04/07 10:21:03 | 205,873,341 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$RN3TZ1T.m4v
[2010/01/20 00:52:50 | 076,196,065 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$RNRGY8M.m4v
[2010/02/10 20:48:04 | 092,276,057 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$ROAU449.m4v
[2010/03/23 10:37:33 | 200,149,269 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$ROBRIO2.m4v
[2010/01/11 20:19:16 | 072,830,871 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$ROWW2L6.m4v
[2010/04/09 16:43:10 | 170,218,980 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$RP6NX94.m4v
[2010/03/22 20:26:15 | 079,020,356 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$RPEZBO8.m4v
[2010/01/13 08:55:57 | 088,633,401 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$RQ0Q5MH.m4v
[2010/04/14 13:53:30 | 000,031,210 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$RQKY9GI.jpg
[2010/04/14 00:56:53 | 087,689,166 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$RR26UT7.m4v
[2010/03/08 16:27:17 | 191,126,132 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$RR7DPX2.m4v
[2010/03/09 15:51:01 | 206,355,838 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$RS3MHET.m4v
[2010/02/24 09:51:17 | 082,512,118 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$RS4NP7L.m4v
[2010/04/14 16:05:52 | 000,029,644 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$RSNLEJE.jpg
[2010/03/16 10:33:45 | 192,905,381 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$RSQPY8Q.m4v
[2010/02/13 01:53:20 | 080,706,253 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$RST267Z.m4v
[2010/03/04 18:30:23 | 092,950,292 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$RSV5REV.m4v
[2010/10/18 23:10:10 | 000,000,590 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$RSVR6IF.lnk
[2010/03/02 09:36:39 | 081,415,880 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$RT6GBZI.m4v
[2010/03/23 20:24:27 | 080,180,072 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$RTWZWFC.m4v
[2010/03/10 20:21:22 | 083,044,374 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$RUT16ZY.m4v
[2010/04/07 11:33:57 | 079,868,490 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$RUW07CB.m4v
[2010/01/14 20:20:23 | 086,869,735 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$RV1V00F.m4v
[2010/03/24 23:36:17 | 052,124,147 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$RV2QEBD.m4v
[2010/02/19 17:52:58 | 080,435,760 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$RV8SZDT.m4v
[2010/04/21 15:17:52 | 000,031,834 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$RVDBLX5.jpg
[2010/03/25 16:31:39 | 200,437,352 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$RVHP6HH.m4v
[2010/03/31 12:06:42 | 089,120,643 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$RVTTC2R.m4v
[2010/04/12 10:29:28 | 183,115,175 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$RW0VPSV.m4v
[2010/04/13 10:48:27 | 182,248,432 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$RW6NS2K.m4v
[2010/02/01 21:26:32 | 079,414,239 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$RW73OC1.m4v
[2010/03/31 19:05:03 | 079,041,522 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$RX3J7OY.m4v
[2010/04/21 15:18:31 | 000,030,764 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$RXMQ5AC.jpg
[2010/03/13 09:59:23 | 084,023,182 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$RXNQV71.m4v
[2010/02/01 10:40:47 | 073,168,169 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$RXOQ3AZ.m4v
[2010/02/16 09:01:54 | 079,048,912 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$RXRZT4X.m4v
[2010/04/08 20:24:22 | 076,866,941 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$RY1OQYQ.m4v
[2010/06/25 21:24:11 | 007,098,563 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$RYN5FPB.m4a
[2010/04/21 15:17:25 | 000,032,079 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$RYNA9O8.jpg
[2010/02/02 11:36:49 | 178,372,948 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$RYQCPIY.m4v
[2010/10/18 06:54:16 | 003,879,667 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$RYWXUKO.exe
[2010/04/14 16:05:43 | 000,030,360 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$RYZ9XGQ.jpg
[2010/03/26 22:51:14 | 201,408,005 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$RZ64HL4.m4v
[2010/02/20 18:04:06 | 059,238,563 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$RZ8QO1C.m4v
[2010/01/21 21:59:14 | 070,442,565 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$RZD7AM6.m4v
[2010/06/25 21:22:47 | 009,204,289 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$RZJS531.m4a
[2010/04/19 13:22:27 | 193,874,124 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$RZOQ99C.m4v
[2010/03/03 17:32:45 | 194,237,665 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\$RZU6AK8.m4v
[2008/10/26 09:23:49 | 000,000,129 | -HS- | M] () -- c:\$recycle.bin\S-1-5-21-3337527313-3042692976-367435044-1000\desktop.ini

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

< MD5 for: AGP440.SYS >
[2008/03/25 23:53:12 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=18369BF8FD59C22E4C12ABD2A3A5AB2D -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6000.20800_none_14d4e8ca930556b0\AGP440.sys
[2008/03/24 23:56:03 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=82EB67122D92A53BBBC33FC731682E10 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6001.22142_none_1691e66e904a8cec\AGP440.sys
[2008/01/20 22:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_163188bf770e4ab0\AGP440.sys
[2008/01/20 22:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_181d01cb743015fc\AGP440.sys

< MD5 for: ATAPI.SYS >
[2008/01/20 22:46:50 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\atapi.sys
[2008/03/12 02:55:44 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=5EB9EF6EEC5D873E94992095A1719BF6 -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.22134_none_39c3f1ccf31998cb\atapi.sys
[2009/04/11 03:15:00 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\SoftwareDistribution\Download\61da130e21aad3387c2fa3ca1d469de3\amd64_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_3b423ca9d7090b1e\atapi.sys
[2008/03/12 02:53:06 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=F988BB0690CD660318037908E9B8DBF7 -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18034_none_393a5501d9fbf901\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2009/04/11 02:27:20 | 000,643,072 | ---- | M] (Microsoft Corporation) MD5=10761177A6EBE45843F443E99509F5E7 -- C:\Windows\SoftwareDistribution\Download\61da130e21aad3387c2fa3ca1d469de3\x86_microsoft-windows-autochk_31bf3856ad364e35_6.0.6002.18005_none_e3df6655bee2ee3b\autochk.exe
[2008/01/20 22:50:26 | 000,642,560 | ---- | M] (Microsoft Corporation) MD5=2FC5BE79B51714B479809358E4908FC3 -- C:\Windows\SysWOW64\autochk.exe
[2008/01/20 22:50:26 | 000,642,560 | ---- | M] (Microsoft Corporation) MD5=2FC5BE79B51714B479809358E4908FC3 -- C:\Windows\SysWOW64\autochk.exe
[2008/01/20 22:50:26 | 000,642,560 | ---- | M] (Microsoft Corporation) MD5=2FC5BE79B51714B479809358E4908FC3 -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.0.6001.18000_none_e1f3ed49c1c122ef\autochk.exe
[2009/04/11 03:09:58 | 000,734,720 | ---- | M] (Microsoft Corporation) MD5=E24D4475713CB382A720D003BDDA9628 -- C:\Windows\SoftwareDistribution\Download\61da130e21aad3387c2fa3ca1d469de3\amd64_microsoft-windows-autochk_31bf3856ad364e35_6.0.6002.18005_none_3ffe01d977405f71\autochk.exe
[2008/01/20 22:49:38 | 000,733,696 | ---- | M] (Microsoft Corporation) MD5=F74203F70337352EEABADAE16A05EAEA -- C:\Windows\winsxs\amd64_microsoft-windows-autochk_31bf3856ad364e35_6.0.6001.18000_none_3e1288cd7a1e9425\autochk.exe

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 07:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_424bc4aceb06de1c\cngaudit.dll
[2006/11/02 05:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll
[2006/11/02 05:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll
[2006/11/02 05:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: EXPLORER.EXE >
[2008/10/29 02:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_b5f700fe698beb14\explorer.exe
[2008/10/29 02:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\SysWOW64\explorer.exe
[2008/10/29 02:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\SysWOW64\explorer.exe
[2008/10/29 02:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_b7eb106e66a7ac19\explorer.exe
[2008/10/29 02:15:50 | 003,087,360 | ---- | M] (Microsoft Corporation) MD5=50514057C28A74BAC2BD04B7B990D615 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_aba256ac352b2919\explorer.exe
[2008/10/29 23:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_b8583e9d7fda0512\explorer.exe
[2009/04/11 03:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\SoftwareDistribution\Download\61da130e21aad3387c2fa3ca1d469de3\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_afbebba22f3bab41\explorer.exe
[2008/10/27 22:30:12 | 003,086,848 | ---- | M] (Microsoft Corporation) MD5=72B9990E45C25AA3C75C4FB50A9D6CE0 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_ac5266dd4e2b0a41\explorer.exe
[2008/10/29 02:49:22 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=BBD8E74F23D7605CB0CDB57A1B25D826 -- C:\Windows\explorer.exe
[2008/10/29 02:49:22 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=BBD8E74F23D7605CB0CDB57A1B25D826 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_ad96661c3246ea1e\explorer.exe
[2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SoftwareDistribution\Download\61da130e21aad3387c2fa3ca1d469de3\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_ba1365f4639c6d3c\explorer.exe
[2008/10/30 01:30:07 | 003,081,216 | ---- | M] (Microsoft Corporation) MD5=E404A65EF890140410E9F3D405841C95 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_ae03944b4b794317\explorer.exe
[2008/10/27 22:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_b6a7112f828bcc3c\explorer.exe
[2008/01/20 22:48:44 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=F6D765FB6B457542D954682F50C26E4F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_add342963219dff5\explorer.exe
[2008/01/20 22:49:23 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_b827ece8667aa1f0\explorer.exe

< MD5 for: IASTOR.SYS >
[2008/04/15 20:54:16 | 000,388,120 | ---- | M] (Intel Corporation) MD5=8D58627FEF3F8767665D9F4DC91CBD97 -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
[2008/04/15 20:53:44 | 000,312,344 | ---- | M] (Intel Corporation) MD5=DB0CC620B27A928D968C1A1E9CD9CB87 -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver\IaStor.sys

< MD5 for: IASTORV.SYS >
[2008/01/20 22:46:59 | 000,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_0b2fedfc40256bc5\iaStorV.sys

< MD5 for: IMM32.DLL >
[2009/04/11 03:11:15 | 000,163,840 | ---- | M] (Microsoft Corporation) MD5=62C15795629FA290656C6A7E5CD25F52 -- C:\Windows\SoftwareDistribution\Download\61da130e21aad3387c2fa3ca1d469de3\amd64_microsoft-windows-imm32_31bf3856ad364e35_6.0.6002.18005_none_ba6032a62fea3984\imm32.dll
[2009/04/11 02:26:43 | 000,116,224 | ---- | M] (Microsoft Corporation) MD5=B8FBE5F40B09F5D20E1E5CCFEF893D62 -- C:\Windows\SoftwareDistribution\Download\61da130e21aad3387c2fa3ca1d469de3\wow64_microsoft-windows-imm32_31bf3856ad364e35_6.0.6002.18005_none_c4b4dcf8644afb7f\imm32.dll
[2008/01/20 22:49:24 | 000,116,224 | ---- | M] (Microsoft Corporation) MD5=CA3091655E2257B3E3EA86F79A696C56 -- C:\Windows\SysWOW64\imm32.dll
[2008/01/20 22:49:24 | 000,116,224 | ---- | M] (Microsoft Corporation) MD5=CA3091655E2257B3E3EA86F79A696C56 -- C:\Windows\SysWOW64\imm32.dll
[2008/01/20 22:49:24 | 000,116,224 | ---- | M] (Microsoft Corporation) MD5=CA3091655E2257B3E3EA86F79A696C56 -- C:\Windows\winsxs\wow64_microsoft-windows-imm32_31bf3856ad364e35_6.0.6001.18000_none_c2c963ec67293033\imm32.dll
[2008/01/20 22:48:44 | 000,163,840 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\amd64_microsoft-windows-imm32_31bf3856ad364e35_6.0.6001.18000_none_b874b99a32c86e38\imm32.dll

< MD5 for: KERNEL32.DLL >
[2009/02/13 03:24:13 | 001,233,920 | ---- | M] (Microsoft Corporation) MD5=08E8EF6A8D18BD1D89896903DCD103D2 -- C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6000.21010_none_ee74eaec2aa8523e\kernel32.dll
[2008/01/20 22:48:14 | 001,213,952 | ---- | M] (Microsoft Corporation) MD5=1122C8BE4BC4F392598A9543DC1014E0 -- C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6001.18000_none_efdc80c50ea8f9e4\kernel32.dll
[2009/02/13 03:47:27 | 001,233,408 | ---- | M] (Microsoft Corporation) MD5=1A5CE3CDE414ED758D4E1616F422C20B -- C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6000.16820_none_ede0a61311929b23\kernel32.dll
[2009/02/13 04:19:50 | 000,858,112 | ---- | M] (Microsoft Corporation) MD5=1B5BE39A927C36B3162ADA23B6CA001E -- C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6001.22376_none_fa751df65c5ab198\kernel32.dll
[2009/02/13 04:54:16 | 001,210,880 | ---- | M] (Microsoft Corporation) MD5=2EEE45C483BA534A84CACC9D8001FE0E -- C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6001.22376_none_f02073a427f9ef9d\kernel32.dll
[2009/02/13 03:16:20 | 000,841,216 | ---- | M] (Microsoft Corporation) MD5=4118366CDDA655F8AEDB20CD03DEBAE9 -- C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6000.21010_none_f8c9953e5f091439\kernel32.dll
[2009/02/13 03:25:34 | 000,840,704 | ---- | M] (Microsoft Corporation) MD5=444A00544B4EDFEDD8FCCD281EDE3ED4 -- C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6000.16820_none_f835506545f35d1e\kernel32.dll
[2008/01/20 22:48:58 | 000,855,552 | ---- | M] (Microsoft Corporation) MD5=799EEDF377F3B72DB30192AD9FD3C7F3 -- C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6001.18000_none_fa312b174309bbdf\kernel32.dll
[2009/04/11 03:11:15 | 001,217,536 | ---- | M] (Microsoft Corporation) MD5=A1489655AB04BBB5290C3FC274D33E57 -- C:\Windows\SoftwareDistribution\Download\61da130e21aad3387c2fa3ca1d469de3\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6002.18005_none_f1c7f9d10bcac530\kernel32.dll
[2009/04/11 02:26:44 | 000,858,112 | ---- | M] (Microsoft Corporation) MD5=A5830F679B5B38AE9700A72087178745 -- C:\Windows\SoftwareDistribution\Download\61da130e21aad3387c2fa3ca1d469de3\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6002.18005_none_fc1ca423402b872b\kernel32.dll
[2009/02/13 04:47:47 | 000,855,552 | ---- | M] (Microsoft Corporation) MD5=D4902D1DC60CB71197EFE4474A582841 -- C:\Windows\SysWOW64\kernel32.dll
[2009/02/13 04:47:47 | 000,855,552 | ---- | M] (Microsoft Corporation) MD5=D4902D1DC60CB71197EFE4474A582841 -- C:\Windows\SysWOW64\kernel32.dll
[2009/02/13 04:47:47 | 000,855,552 | ---- | M] (Microsoft Corporation) MD5=D4902D1DC60CB71197EFE4474A582841 -- C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6001.18215_none_fa2b6069430d50d1\kernel32.dll
[2009/02/13 04:57:39 | 001,208,832 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6001.18215_none_efd6b6170eac8ed6\kernel32.dll

< MD5 for: MSWSOCK.DLL >
[2008/01/20 22:50:56 | 000,304,128 | ---- | M] (Microsoft Corporation) MD5=66306D7E90650EBE667811C1AF010BAC -- C:\Windows\winsxs\amd64_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.0.6001.18000_none_1471f289e5a92fc4\mswsock.dll
[2009/04/11 02:28:22 | 000,223,232 | ---- | M] (Microsoft Corporation) MD5=8617350C9B590B63E620881092751BCB -- C:\Windows\SoftwareDistribution\Download\61da130e21aad3387c2fa3ca1d469de3\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.0.6002.18005_none_ba3ed0122a6d89da\mswsock.dll
[2008/01/20 22:48:39 | 000,223,232 | ---- | M] (Microsoft Corporation) MD5=89FD0595EEA4E505CABEFCF7008F2612 -- C:\Windows\SysWOW64\mswsock.dll
[2008/01/20 22:48:39 | 000,223,232 | ---- | M] (Microsoft Corporation) MD5=89FD0595EEA4E505CABEFCF7008F2612 -- C:\Windows\SysWOW64\mswsock.dll
[2008/01/20 22:48:39 | 000,223,232 | ---- | M] (Microsoft Corporation) MD5=89FD0595EEA4E505CABEFCF7008F2612 -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.0.6001.18000_none_b85357062d4bbe8e\mswsock.dll
[2009/04/11 03:11:16 | 000,304,128 | ---- | M] (Microsoft Corporation) MD5=BB08D93011B82883EC33C7707A9627BE -- C:\Windows\SoftwareDistribution\Download\61da130e21aad3387c2fa3ca1d469de3\amd64_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.0.6002.18005_none_165d6b95e2cafb10\mswsock.dll

< MD5 for: NDIS.SYS >
[2008/01/20 22:50:38 | 000,739,384 | ---- | M] (Microsoft Corporation) MD5=2A2EE457AF36C5C9A6808C768BD3A12B -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.0.6001.18000_none_03e5c74ad46c7e4e\ndis.sys
[2009/04/11 03:15:34 | 000,738,264 | ---- | M] (Microsoft Corporation) MD5=65950E07329FCEE8E6516B17C8D0ABB6 -- C:\Windows\SoftwareDistribution\Download\61da130e21aad3387c2fa3ca1d469de3\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.0.6002.18005_none_05d14056d18e499a\ndis.sys

< MD5 for: NETLOGON.DLL >
[2008/01/20 22:51:03 | 000,716,800 | ---- | M] (Microsoft Corporation) MD5=5D0A4891F8CD0E9E64FF57A6A34044F5 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_59d652c6f057598d\netlogon.dll
[2009/04/11 02:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SoftwareDistribution\Download\61da130e21aad3387c2fa3ca1d469de3\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_6616762521d9e6d4\netlogon.dll
[2009/04/11 03:11:16 | 000,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\SoftwareDistribution\Download\61da130e21aad3387c2fa3ca1d469de3\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_5bc1cbd2ed7924d9\netlogon.dll
[2008/01/20 22:48:28 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\SysWOW64\netlogon.dll
[2008/01/20 22:48:28 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\SysWOW64\netlogon.dll
[2008/01/20 22:48:28 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_642afd1924b81b88\netlogon.dll

< MD5 for: NTFS.SYS >
[2009/04/11 03:15:34 | 001,515,496 | ---- | M] (Microsoft Corporation) MD5=BAC869DFB98E499BA4D9BB1FB43270E1 -- C:\Windows\SoftwareDistribution\Download\61da130e21aad3387c2fa3ca1d469de3\amd64_microsoft-windows-ntfs_31bf3856ad364e35_6.0.6002.18005_none_047b3e4cd26ad615\ntfs.sys
[2008/01/20 22:50:39 | 001,540,152 | ---- | M] (Microsoft Corporation) MD5=FE86BA5AC3B50E2CA911E9C60C07B638 -- C:\Windows\winsxs\amd64_microsoft-windows-ntfs_31bf3856ad364e35_6.0.6001.18000_none_028fc540d5490ac9\ntfs.sys

< MD5 for: NTMSSVC.DLL >
[2008/01/20 22:52:05 | 000,521,216 | ---- | M] (Microsoft Corporation) MD5=96E310EC2BB1FC55FA4D32839AA990A2 -- C:\Windows\winsxs\amd64_microsoft-windows-r..emanagement-service_31bf3856ad364e35_6.0.6001.18000_none_6a5ccd73c670213d\ntmssvc.dll

< MD5 for: NVSTOR.SYS >
[2008/01/20 22:46:54 | 000,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_95f95eab775c159d\nvstor.sys

< MD5 for: PROQUOTA.EXE >
[2006/11/02 07:16:03 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=98559F204D7547D50176CEE965B623A1 -- C:\Windows\winsxs\amd64_microsoft-windows-proquota_31bf3856ad364e35_6.0.6000.16386_none_81aed15f4dd7884b\proquota.exe
[2006/11/02 05:45:33 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=C31AE90F24870B9A51655C36A9EB4BF3 -- C:\Windows\SysWOW64\proquota.exe
[2006/11/02 05:45:33 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=C31AE90F24870B9A51655C36A9EB4BF3 -- C:\Windows\SysWOW64\proquota.exe
[2006/11/02 05:45:33 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=C31AE90F24870B9A51655C36A9EB4BF3 -- C:\Windows\winsxs\x86_microsoft-windows-proquota_31bf3856ad364e35_6.0.6000.16386_none_259035db957a1715\proquota.exe

< MD5 for: QMGR.DLL >
[2009/04/11 03:11:22 | 001,081,856 | ---- | M] (Microsoft Corporation) MD5=6D316F4859634071CC25C4FD4589AD2C -- C:\Windows\SoftwareDistribution\Download\61da130e21aad3387c2fa3ca1d469de3\amd64_microsoft-windows-bits-client_31bf3856ad364e35_6.0.6002.18005_none_819ad97caef1480e\qmgr.dll
[2008/01/20 22:50:12 | 001,082,368 | ---- | M] (Microsoft Corporation) MD5=D896A0D43F8AB81ECB1FC6C24DECFD58 -- C:\Windows\winsxs\amd64_microsoft-windows-bits-client_31bf3856ad364e35_6.0.6001.18000_none_7faf6070b1cf7cc2\qmgr.dll

< MD5 for: SCECLI.DLL >
[2008/01/20 22:50:28 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\SysWOW64\scecli.dll
[2008/01/20 22:50:28 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\SysWOW64\scecli.dll
[2008/01/20 22:50:28 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_9e812831c5d9a243\scecli.dll
[2008/01/20 22:49:49 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=35F1DD99F9903BC267C2AF16B09F9BF7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_942c7ddf9178e048\scecli.dll
[2009/04/11 02:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SoftwareDistribution\Download\61da130e21aad3387c2fa3ca1d469de3\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_a06ca13dc2fb6d8f\scecli.dll
[2009/04/11 03:11:23 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows\SoftwareDistribution\Download\61da130e21aad3387c2fa3ca1d469de3\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_9617f6eb8e9aab94\scecli.dll

< MD5 for: SPOOLSV.EXE >
[2010/08/17 10:54:44 | 000,273,920 | ---- | M] (Microsoft Corporation) MD5=439017BE66398AB809D81B3AE8393883 -- C:\Windows\winsxs\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.0.6002.22468_none_34a17b8490538c82\spoolsv.exe
[2010/08/17 10:02:18 | 000,270,848 | ---- | M] (Microsoft Corporation) MD5=7F59AA690212241B398D6DBE4071EE3C -- C:\Windows\winsxs\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.0.6001.22743_none_32cba802932180c9\spoolsv.exe
[2010/08/17 10:04:48 | 000,267,776 | ---- | M] (Microsoft Corporation) MD5=92E6738D25C2123BE9515C0EAC0776CD -- C:\Windows\winsxs\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.0.6001.18511_none_3260788179ed5d57\spoolsv.exe
[2008/01/20 22:49:35 | 000,267,264 | ---- | M] (Microsoft Corporation) MD5=E6519A9E756D74DC51C697BA62162F51 -- C:\Windows\winsxs\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.0.6001.18000_none_326a3ea579e6364c\spoolsv.exe
[2009/04/11 03:10:56 | 000,268,288 | ---- | M] (Microsoft Corporation) MD5=EADA445EAEDD1D7DF4C5EB42B3612729 -- C:\Windows\SoftwareDistribution\Download\61da130e21aad3387c2fa3ca1d469de3\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.0.6002.18005_none_3455b7b177080198\spoolsv.exe
[2010/08/17 10:54:20 | 000,273,920 | ---- | M] (Microsoft Corporation) MD5=F66FF751E7EFC816D266977939EF5DC3 -- C:\Windows\winsxs\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.0.6002.18294_none_33f36be77751de08\spoolsv.exe

< MD5 for: SVCHOST.EXE >
[2008/01/20 22:48:05 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\SysWOW64\svchost.exe
[2008/01/20 22:48:05 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\SysWOW64\svchost.exe
[2008/01/20 22:48:05 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe
[2008/01/20 22:50:24 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=CDA9F1373805AF88F6FA4F2064BBA24D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_11d9f524bdab2f1b\svchost.exe

< MD5 for: TERMSRV.DLL >
[2009/04/11 03:11:26 | 000,547,328 | ---- | M] (Microsoft Corporation) MD5=5CDD30BC217082DAC71A9878D9BFD566 -- C:\Windows\SoftwareDistribution\Download\61da130e21aad3387c2fa3ca1d469de3\amd64_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.0.6002.18005_none_eca9565809c353e4\termsrv.dll
[2008/01/20 22:48:12 | 000,546,816 | ---- | M] (Microsoft Corporation) MD5=F870A5589D6A94B426EFB13689023946 -- C:\Windows\winsxs\amd64_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.0.6001.18000_none_eabddd4c0ca18898\termsrv.dll

< MD5 for: USERINIT.EXE >
[2008/01/20 22:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SysWOW64\userinit.exe
[2008/01/20 22:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SysWOW64\userinit.exe
[2008/01/20 22:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2008/01/20 22:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_384755998a0d6941\userinit.exe

< MD5 for: WS2_32.DLL >
[2008/01/20 22:50:35 | 000,179,200 | ---- | M] (Microsoft Corporation) MD5=B304D47D5744BA20FCB99FB8B2C07B0B -- C:\Windows\SysWOW64\ws2_32.dll
[2008/01/20 22:50:35 | 000,179,200 | ---- | M] (Microsoft Corporation) MD5=B304D47D5744BA20FCB99FB8B2C07B0B -- C:\Windows\SysWOW64\ws2_32.dll
[2008/01/20 22:50:35 | 000,179,200 | ---- | M] (Microsoft Corporation) MD5=B304D47D5744BA20FCB99FB8B2C07B0B -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.0.6001.18000_none_f2b7b0c2ce5605c4\ws2_32.dll
[2008/01/20 22:50:35 | 000,179,200 | ---- | M] (Microsoft Corporation) MD5=B304D47D5744BA20FCB99FB8B2C07B0B -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.0.6002.18005_none_f4a329cecb77d110\ws2_32.dll
[2009/04/11 03:11:31 | 000,264,704 | ---- | M] (Microsoft Corporation) MD5=BAB10B35E2D5EE0DC3DE05A177C52C50 -- C:\Windows\SoftwareDistribution\Download\61da130e21aad3387c2fa3ca1d469de3\amd64_microsoft-windows-w..nfrastructur

Jocan · « **Reply #8 on:** October 22, 2010, 05:08:18 PM »

And still more:

[2009/04/11 03:11:31 | 000,264,704 | ---- | M] (Microsoft Corporation) MD5=BAB10B35E2D5EE0DC3DE05A177C52C50 -- C:\Windows\SoftwareDistribution\Download\61da130e21aad3387c2fa3ca1d469de3\amd64_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.0.6002.18005_none_50c1c55283d54246\ws2_32.dll
[2008/01/20 22:49:45 | 000,265,216 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.0.6001.18000_none_4ed64c4686b376fa\ws2_32.dll

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< End of report >

OTL Extras logfile created on: 22/10/2010 6:21:02 PM - Run 1
OTL by OldTimer - Version 3.2.16.0 Folder = C:\Users\Claire\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 48.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 73.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 216.33 Gb Total Space | 50.65 Gb Free Space | 23.41% Space Free | Partition Type: NTFS
Drive D: | 7.59 Gb Total Space | 7.53 Gb Free Space | 99.14% Space Free | Partition Type: NTFS

Computer Name: CLAIRE-PC | User Name: Claire | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" ()
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l ()
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

========== System Restore Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
"DisableSR" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
"DisableSR" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{31C4C1A3-020F-457A-99D2-CE6D94788C5A}" = lport=2869 | protocol=6 | dir=in | app=system |
"{9A9B3540-9BBF-4915-BB83-2A1C9DD766B0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{CA54C986-66E0-483B-BDD8-041A535BE939}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03B31BCC-EF40-4D24-B582-0558F1BD4EBB}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{04F0D45E-1633-4490-9D8B-156A22F1E8D2}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{08948AF0-34BA-4B5F-8D40-C33DE2C1250A}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{092F50BA-9492-4BC7-8C35-D4B7CA327B46}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{0A23DD29-C77C-4C37-93FE-8AA8EADBA753}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{11613780-B5FA-49E0-A06C-8237EE6F599E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{17F8C889-4789-48CA-8763-4E9D12E0440D}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{22342106-4D6C-48CD-AC20-0C280E41F729}" = protocol=6 | dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe |
"{2462038C-27EA-4604-94CA-7BBC60D475DA}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{326ABC6E-ADBD-4C2F-A3E5-DA961D2C7477}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{402364D5-3D4D-40C4-B749-C83CB69254BA}" = dir=in | app=c:\program files (x86)\avg\avg8\avgupd.exe |
"{45481F48-B279-4B51-AA52-70198750A107}" = protocol=17 | dir=in | app=c:\users\claire\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{4731B851-4204-4257-8F85-12E2E0A34C27}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{494EB139-1E3B-49EB-AC3C-F5B4F64F763C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{51B36161-53F1-4313-88F9-A07E200330B3}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{54E41104-6A06-46E2-8885-8BA368A870E0}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{55276187-B79E-4BA1-9590-EEC67FA32A54}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{568B1705-687B-4DEB-940A-5C6793FDF4A3}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{58A6DB97-CD02-4D1D-93AC-0D11B3D22ABF}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{5C6AFE17-27F3-48F4-85DB-480EB2E2BAC8}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{676CE07B-D80C-4B74-95A8-1FA86299BDF2}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{6D63FB98-3627-431A-8A05-0A923C063F0D}" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{70BD1F7C-CE3D-400E-BBF3-A4D95D3535BC}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{729E360B-8D1D-4FC7-82CA-C80A651A624D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{81EA307C-B3BE-4C28-ABE9-4251FEF40461}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{8EAC767F-C8EC-4ECA-A93C-7F2CB013628A}" = protocol=17 | dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe |
"{949A970B-9A9D-4278-B145-471DBDA165D4}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{9CB30C9C-DD95-4F6E-A89D-F57750628966}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{A31F1A39-11EE-4AC6-A597-5674F5FEB528}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{A3E0A19F-4ECA-427C-A649-80F7B1507697}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{A5215EBE-E357-4D30-BC86-CD22E36A6CE0}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{B30FCFEB-81F4-470D-8324-696448A7A5EB}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{B3DAA298-4D03-4CF0-B1DF-2A1DA2D2EED0}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{B4FF2DC6-6468-441D-98F0-F963AF46B713}" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{BA0FC3F5-8148-43FE-B49F-257EACF9C000}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{C216BFDA-A2C2-4D76-B099-484F0093F67A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{C9AEAA96-5C1C-41C4-86FC-67CB817D8F35}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{E7ED75F5-2142-4849-A13E-E23C46D158BE}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{F4902358-B992-4816-A323-C4E7379AB511}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{F909207D-3A19-4415-86BE-41916826889E}" = dir=in | app=c:\program files (x86)\avg\avg8\avgnsa.exe |
"{FBE7CBA0-94AD-4592-B86B-6C4BFBE859B8}" = protocol=6 | dir=in | app=c:\users\claire\appdata\local\google\google talk plugin\googletalkplugin.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9EFC40E3-5F31-4F75-8445-286273F74D8E}" = Apple Mobile Device Support
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Disc Creator
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{C9C243B9-03BD-44BA-A592-AB09630AE2D2}" = iTunes
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DAE239CE-EB9D-4EB3-B0D4-528D6BAA48FD}" = Bonjour
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"D27D7E9318CFA89EDDE8D448B507A8EB725F5A5 2" = Windows Driver Package - TOSHIBA (FwLnk) System (11/19/2006 1.0.0.3)
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TOSHIBA Software Modem" = TOSHIBA Software Modem

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{021C4C4F-C93C-4425-BFFD-C2D16776BFAE}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}" = Google Gmail Notifier
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{07BB4D84-BE7E-45ED-B145-9A474700F590}" = Mobile Broadband Generic Drivers
"{0D5D0BEE-FBA9-4928-A50D-6CDFAB827755}" = TOSHIBA ConfigFree
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{145E18EC-4BBB-4A0C-9381-564ABB871FE9}" = Mobile Connect Basic
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1B87C40B-A60B-4EF3-9A68-706CF4B69978}" = TOSHIBA Assist
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{2883F6F5-0509-43F3-868C-D50330DD9DD3}" = TOSHIBA Hardware Setup
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java(TM) 6 Update 6
"{37C866E4-AA67-4725-9E95-A39968DD7960}" = Camera Assistant Software for Toshiba
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B1E87C3-00DE-4898-8E39-E390AAEF2391}" = TOSHIBA Supervisor Password
"{4C3F3228-13BE-41D0-A782-3DDE7CB2479A}" = CD/DVD Drive Acoustic Silencer
"{58F58158-8DFE-31DA-AC1F-7E5D89A0F74F}" = Google Talk Plugin
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B9C32DB-DBCD-45A8-B901-3A92A99A2474}" = InstallVC90Support
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C5766F2-81D9-4B5A-8AD5-A8BD6361EF0A}" = Hoyle Card Games
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{B0BCDCBD-863D-4CAB-BF68-8D1F6B1BDC13}" = Atheros Wi-Fi Protected Setup Library
"{B49DDCCE-BF8E-4A4C-8503-6DA24BF49D06}" = NovaCore SDK Installer
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C53D16CC-E56F-47B8-906E-70AAF8EABB4F}" = Toshiba Registration
"{CB84F0F2-927B-458D-9DC5-87832E3DC653}" = GearDrvs
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E8FF78D0-4D1C-4B2D-AC80-670F135F5461}" = Poladroid
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AVG8Uninstall" = AVG 8.5
"HijackThis" = HijackThis 2.0.2
"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mobile Broadband Generic Drivers" = Mobile Broadband Generic Drivers
"Mozilla Firefox (3.0.19)" = Mozilla Firefox (3.0.19)
"OnlinePlay" = OnlinePlay 1.0
"RealPlayer 6.0" = RealPlayer
"RollerCoaster Tycoon Setup" = Roll
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinLiveSuite_Wave3" = Windows Live Essentials

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 17/10/2010 1:03:24 PM | Computer Name = Claire-PC | Source = WinMgmt | ID = 10
Description =

Error - 17/10/2010 2:53:15 PM | Computer Name = Claire-PC | Source = Application Error | ID = 1000
Description = Faulting application chrome.exe, version 0.0.0.0, time stamp 0x4c98293e,
faulting module chrome.dll, version 6.0.472.63, time stamp 0x4c982907, exception
code 0x80000003, fault offset 0x000c958c, process id 0x75c, application start time
0x01cb6e2c8da2f07a.

Error - 17/10/2010 4:16:31 PM | Computer Name = Claire-PC | Source = WinMgmt | ID = 10
Description =

Error - 17/10/2010 4:39:33 PM | Computer Name = Claire-PC | Source = WinMgmt | ID = 10
Description =

Error - 17/10/2010 4:58:43 PM | Computer Name = Claire-PC | Source = WinMgmt | ID = 10
Description =

Error - 17/10/2010 5:14:23 PM | Computer Name = Claire-PC | Source = WinMgmt | ID = 10
Description =

Error - 17/10/2010 5:17:06 PM | Computer Name = Claire-PC | Source = EventSystem | ID = 4609
Description =

Error - 17/10/2010 5:18:14 PM | Computer Name = Claire-PC | Source = WinMgmt | ID = 10
Description =

Error - 17/10/2010 5:41:24 PM | Computer Name = Claire-PC | Source = WinMgmt | ID = 10
Description =

Error - 17/10/2010 9:30:43 PM | Computer Name = Claire-PC | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 17/10/2010 11:24:18 PM | Computer Name = Claire-PC | Source = DCOM | ID = 10016
Description =

Error - 18/10/2010 6:44:02 AM | Computer Name = Claire-PC | Source = HTTP | ID = 15016
Description =

Error - 18/10/2010 6:45:18 AM | Computer Name = Claire-PC | Source = DCOM | ID = 10016
Description =

Error - 18/10/2010 5:34:33 PM | Computer Name = Claire-PC | Source = HTTP | ID = 15016
Description =

Error - 18/10/2010 5:35:46 PM | Computer Name = Claire-PC | Source = DCOM | ID = 10016
Description =

Error - 18/10/2010 10:26:23 PM | Computer Name = Claire-PC | Source = HTTP | ID = 15016
Description =

Error - 18/10/2010 10:27:38 PM | Computer Name = Claire-PC | Source = DCOM | ID = 10016
Description =

Error - 19/10/2010 6:45:41 AM | Computer Name = Claire-PC | Source = HTTP | ID = 15016
Description =

Error - 19/10/2010 6:46:55 AM | Computer Name = Claire-PC | Source = DCOM | ID = 10016
Description =

Error - 19/10/2010 10:33:56 PM | Computer Name = Claire-PC | Source = Service Control Manager | ID = 7011
Description =

< End of report >

Phew! That is a lot of results! I hope it's okay that I put them in several posts, I guess they exceeded the word limits. Please let me know what to do next.

Thanks again!

SuperDave · « **Reply #9 on:** October 22, 2010, 07:35:34 PM »

It is imperative that you bring your AVG anti-virus program up to date. Also, please turn on your Windows Updates and download Service Pack 2

Update Your Java (JRE)

Old versions of Java have vulnerabilities that malware can use to infect your system.

First Verify your Java Version

If there are any other version(s) installed then update now.

Get the new version (if needed)

If your version is out of date install the newest version of the Sun Java Runtime Environment.

Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Be sure to close ALL open web browsers before starting the installation.

Remove any old versions

1. Download JavaRa and unzip the file to your Desktop.
2. Open JavaRA.exe and choose Remove Older Versions
3. Once complete exit JavaRA.
4. Run CCleaner.

Additional Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.
***********************************
Please download the newest version of Adobe Acrobat Reader from Adobe.com

Before installing: it is important to remove older versions of Acrobat Reader since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs.
Search in the list for all previous installed versions of Adobe Acrobat Reader. Uninstall/Remove each of them.

Once old versions are gone, please install the newest version.
***************************************************
* Open OTL
* Copy and Paste the following text in the codebox into the Custom Scans/Fixes window.

Code: [Select]

:OTL

:files 
C:\Windows\tasks\At23.job
C:\Windows\tasks\At20.job
C:\Windows\tasks\At24.job
C:\Windows\tasks\At22.job
C:\Windows\tasks\At21.job
C:\Windows\tasks\At8.job
C:\Windows\tasks\At19.job
C:\Windows\tasks\At3.job
C:\Windows\tasks\At2.job
C:\Windows\tasks\At1.job
C:\Windows\tasks\At18.job
C:\Windows\tasks\At14.job
C:\Windows\tasks\At9.job
C:\Windows\tasks\At17.job
C:\Windows\tasks\At15.job
C:\Windows\tasks\At13.job
C:\Windows\tasks\At12.job
C:\Windows\tasks\At11.job
C:\Windows\tasks\At10.job
C:\Windows\tasks\At16.job
C:\Windows\tasks\At4.job
C:\Windows\tasks\At5.job
C:\Windows\tasks\At7.job
C:\Windows\Tasks\At1.job
C:\Windows\Tasks\At10.job
C:\Windows\Tasks\At11.job
C:\Windows\Tasks\At12.job
C:\Windows\Tasks\At13.job
C:\Windows\Tasks\At14.job
C:\Windows\Tasks\At15.job
C:\Windows\Tasks\At16.job
C:\Windows\Tasks\At17.job
C:\Windows\Tasks\At18.job
C:\Windows\Tasks\At19.job
C:\Windows\Tasks\At2.job
C:\Windows\Tasks\At20.job
C:\Windows\Tasks\At21.job
C:\Windows\Tasks\At22.job
C:\Windows\Tasks\At23.job
C:\Windows\Tasks\At24.job
C:\Windows\Tasks\At3.job
C:\Windows\Tasks\At4.job
C:\Windows\Tasks\At5.job
C:\Windows\Tasks\At6.job
C:\Windows\Tasks\At7.job
C:\Windows\Tasks\At8.job
C:\Windows\Tasks\At9.job

:COMMANDS
[resethosts]
[purity]
[clearrestorepoints]
[emptytemp]
[start explorer]

* Click Run Fix
* OTLI2 may ask to reboot the machine. Please do so if asked.
* Click OK
* A report will open. Copy and Paste that report in your next reply.
***********************************
Please run another Security Check and post the log.

Jocan · « **Reply #10 on:** October 23, 2010, 01:07:35 PM »

Hello Dave,

Thanks for all your help. I followed your instructions and downloaded the new versions of AVG, Java and Adobe. I also downloaded Service Pack 2 but I haven't installed it yet because I want to backup my files first and I don't have any dvds right now. I'll get some today. I did run the JavaRa remover but I noticed it still says I have old versions of Java. I'm not sure how to turn Windows Updates on; from what I see they are already on.

Below are the logs from Security Check and OTL. Please let me know what my next step is.

Thanks so much for your time, help and patience!

Results of screen317's Security Check version 0.99.5
Windows Vista (UAC is disabled!)
Out of date service pack!![/b]
Internet Explorer 7 Out of date!
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
HijackThis 2.0.2
CCleaner
Java(TM) 6 Update 22
Out of date Java installed!
Adobe Reader 9.4.0
Mozilla Firefox (3.0.19) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent
Windows Defender MSASCui.exe
AVG avgwdsvc.exe
AVG avgtray.exe
Windows Defender MSASCui.exe
````````````````````````````````
DNS Vulnerability Check:
Request Timed Out (Wireless Internet connection/Disconnected Internet/Proxy?)

``````````End of Log````````````

All processes killed
========== OTL ==========
========== FILES ==========
C:\Windows\tasks\At23.job moved successfully.
C:\Windows\tasks\At20.job moved successfully.
C:\Windows\tasks\At24.job moved successfully.
C:\Windows\tasks\At22.job moved successfully.
C:\Windows\tasks\At21.job moved successfully.
C:\Windows\tasks\At8.job moved successfully.
C:\Windows\tasks\At19.job moved successfully.
C:\Windows\tasks\At3.job moved successfully.
C:\Windows\tasks\At2.job moved successfully.
C:\Windows\tasks\At1.job moved successfully.
C:\Windows\tasks\At18.job moved successfully.
C:\Windows\tasks\At14.job moved successfully.
C:\Windows\tasks\At9.job moved successfully.
C:\Windows\tasks\At17.job moved successfully.
C:\Windows\tasks\At15.job moved successfully.
C:\Windows\tasks\At13.job moved successfully.
C:\Windows\tasks\At12.job moved successfully.
C:\Windows\tasks\At11.job moved successfully.
C:\Windows\tasks\At10.job moved successfully.
C:\Windows\tasks\At16.job moved successfully.
C:\Windows\tasks\At4.job moved successfully.
C:\Windows\tasks\At5.job moved successfully.
C:\Windows\tasks\At7.job moved successfully.
File\Folder C:\Windows\Tasks\At1.job not found.
File\Folder C:\Windows\Tasks\At10.job not found.
File\Folder C:\Windows\Tasks\At11.job not found.
File\Folder C:\Windows\Tasks\At12.job not found.
File\Folder C:\Windows\Tasks\At13.job not found.
File\Folder C:\Windows\Tasks\At14.job not found.
File\Folder C:\Windows\Tasks\At15.job not found.
File\Folder C:\Windows\Tasks\At16.job not found.
File\Folder C:\Windows\Tasks\At17.job not found.
File\Folder C:\Windows\Tasks\At18.job not found.
File\Folder C:\Windows\Tasks\At19.job not found.
File\Folder C:\Windows\Tasks\At2.job not found.
File\Folder C:\Windows\Tasks\At20.job not found.
File\Folder C:\Windows\Tasks\At21.job not found.
File\Folder C:\Windows\Tasks\At22.job not found.
File\Folder C:\Windows\Tasks\At23.job not found.
File\Folder C:\Windows\Tasks\At24.job not found.
File\Folder C:\Windows\Tasks\At3.job not found.
File\Folder C:\Windows\Tasks\At4.job not found.
File\Folder C:\Windows\Tasks\At5.job not found.
C:\Windows\Tasks\At6.job moved successfully.
File\Folder C:\Windows\Tasks\At7.job not found.
File\Folder C:\Windows\Tasks\At8.job not found.
File\Folder C:\Windows\Tasks\At9.job not found.
========== COMMANDS ==========
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
HOSTS file reset successfully
Error: Unable to interpret <[clearrestorepoints]> in the current context!

[EMPTYTEMP]

User: All Users

User: Claire
->Temp folder emptied: 5356444 bytes
->Temporary Internet Files folder emptied: 3912198 bytes
->Java cache emptied: 26421444 bytes
->FireFox cache emptied: 44235131 bytes
->Google Chrome cache emptied: 43101446 bytes
->Flash cache emptied: 288517 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56504 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 302 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 118.00 mb

OTL by OldTimer - Version 3.2.16.0 log created on 10232010_134457

Files\Folders moved on Reboot...
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UO25Q1PF\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PYE0YS5Q\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GP20STRG\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5OR6FM9L\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\desktop.ini scheduled to be moved on reboot.

Registry entries deleted on Reboot...

SuperDave · « **Reply #11 on:** October 23, 2010, 01:24:36 PM »

Quote

dvds right now

Good idea to use RW's. A bit more expensive but reusable.

Quote

I'm not sure how to turn Windows Updates on

Check out this site to learn about Updates. If it is turned on, something is blocking the updates. SP2 has been out for some time.

I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
•Click the

button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

Click on to download the ESET Smart Installer. Save it to your desktop.
Double click on the icon on your desktop.

•Check

•Click the

button.
•Accept any security warnings from your browser.
•Check

•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push

•Push

, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the

button.
•Push

A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

Jocan · « **Reply #12 on:** October 23, 2010, 09:18:38 PM »

Hi Dave,

Thanks for your quick reply. I used the ESET scanner but it did not find any threats. Here is the log:

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=7.00.6000.16386 (vista_rtm.061101-2205)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=4ed8dd172ac5d44e8b06e6812173ca74
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-10-23 09:12:49
# local_time=2010-10-23 05:12:49 (-0500, Eastern Daylight Time)
# country="Canada"
# lang=1033
# osver=6.0.6001 NT Service Pack 1
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1024 16777215 100 0 0 0 0 0
# compatibility_mode=5892 16776574 100 100 0 124461180 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=156106
# found=0
# cleaned=0
# scan_time=5895

Does this mean I am in the clear, or is it still too early to get excited?

Thanks again!

SuperDave · « **Reply #13 on:** October 24, 2010, 11:00:34 AM »

Quote

Does this mean I am in the clear, or is it still too early to get excited?

It's looking good now. How's your computer running? Let's do some clean-up.
You can uninstall HJT. You may keep SAS and MBAM, if you wish. Update them and run them on a regular basis.

To remove all of the tools we used and the files and folders they created do the following:
Double click OTL.exe.

Click the CleanUp button.
Select Yes when the "Begin cleanup Process?" prompt appears.
If you are prompted to Reboot during the cleanup, select Yes.
The tool will delete itself once it finishes.

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.
****************************************
Clean out your temporary internet files and temp files.

Download TFC by OldTimer to your desktop.

Double-click TFC.exe to run it.

Note: If you are running on Vista, right-click on the file and choose Run As Administrator

TFC will close all programs when run, so make sure you have saved all your work before you begin.

* Click the Start button to begin the cleaning process.
* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
* Please let TFC run uninterrupted until it is finished.

Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.

*********************************
To turn off Windows XP System Restore:

NOTE: These instructions assume that you are using the default Windows XP Start Menu and have not changed to the Classic Start menu. To re-enable the default menu, right-click Start, click Properties, click Start menu (not Classic) and then click OK.

1. Click Start.
2. Right-click the My Computer icon, and then click Properties.
3. Click the System Restore tab.
4. Check "Turn off System Restore" or "Turn off System Restore on all drives"
5. Click Apply.
6. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this.
7. Click OK.
8. Restart the computer and follow the instructions in the next section to turn on System Restore.

To turn on Windows XP System Restore:

1. Click Start.
2. Right-click My Computer, and then click Properties.
3. Click the System Restore tab.
4. Uncheck "Turn off System Restore" or "Turn off System Restore on all drives."
5. Click Apply, and then click OK.
This will give you a new, clean Restore point.
******************************************
Use the Secunia Software Inspector to check for out of date software.

•Click Start Now

•Check the box next to Enable thorough system inspection.

•Click Start

•Allow the scan to finish and scroll down to see if any updates are needed.
•Update anything listed.
.
----------

Go to Microsoft Windows Update and get all critical updates.

----------

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly.
Safe Surfing!

Jocan · « **Reply #14 on:** October 24, 2010, 01:34:31 PM »

Hi Dave,

Everything seems to be running well now!

I really can't thank you enough for all your help. You are seriously such a hero for helping out all the stressed and oblivious people on here.

I really appreciate your time and expertise!

Computer Hope Forum

News:

Author Topic: Making sure a virus is completely gone (Read 11193 times)

Jocan

Making sure a virus is completely gone

harry 48

Re: Making sure a virus is completely gone

Jocan

Re: Making sure a virus is completely gone

harry 48

Re: Making sure a virus is completely gone

Jocan

Re: Making sure a virus is completely gone

SuperDave

Re: Making sure a virus is completely gone

Jocan

Re: Making sure a virus is completely gone

Jocan

Re: Making sure a virus is completely gone

Jocan

Re: Making sure a virus is completely gone

SuperDave

Re: Making sure a virus is completely gone

Jocan

Re: Making sure a virus is completely gone

SuperDave

Re: Making sure a virus is completely gone

Jocan

Re: Making sure a virus is completely gone

SuperDave

Re: Making sure a virus is completely gone

Jocan

Re: Making sure a virus is completely gone