Author Topic: NOt sure if i am affected by a virus or no (Read 1322 times)

neal2087 · « **on:** February 23, 2010, 05:25:11 AM »

i am not able to say if i am affected by any virus or no. but my pc has started to become slow ,i mean my windowsxp takes lot of time then usual to boot. i have removed all the programs from startup their are only 3 left now.

posting the lates hijack log file plzz tell me if i am affected by a virus or no

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:47:00 PM, on 2/23/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\WINDOWS\system32\FsUsbExService.Exe
C:\Program Files\Java\jre6\bin\jqs.exe
c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE
C:\oraclexe\app\oracle\product\10.2.0\server\BIN\tnslsnr.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Neal\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Neal\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\WINDOWS\system32\mdm.exe
C:\Documents and Settings\Neal\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Neal\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Neal\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Neal\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} (CPlayFirstTriJinxControl Object) - http://l.yimg.com/jh/games/web_games/playf...nx.1.0.0.55.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {775879E2-7309-4619-BB02-AADE41F4B690} (CPlayFirstdreamControl Object) - http://games.bigfishgames.com/en_dream-chr...web.1.0.0.9.cab
O16 - DPF: {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} (UnoCtrl Class) - http://zone.msn.com/bingame/zpagames/GAME_UNO1.cab60096.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...k.cab102118.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6481A62A-E5DF-460D-BA98-A4A7B8B89A94}: NameServer = 59.185.0.50,59.185.0.23
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FsUsbExService - Teruten - C:\WINDOWS\system32\FsUsbExService.Exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: OracleMTSRecoveryService - Oracle Corporation - C:\oraclexe\app\oracle\product\10.2.0\server\BIN\omtsreco.exe
O23 - Service: OracleServiceXE - Oracle Corporation - c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE
O23 - Service: OracleXEClrAgent - Unknown owner - C:\oraclexe\app\oracle\product\10.2.0\server\bin\OraClrAgnt.exe
O23 - Service: OracleXETNSListener - Unknown owner - C:\oraclexe\app\oracle\product\10.2.0\server\BIN\tnslsnr.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 6563 bytes

and also i am giving a screen shot of "my network place" window
i have marked one icon in that pic. it has started apearing all of a suddden it was never seen before and because of this my internet connections disconnects suddenly some times and it works fine after i restart my pc

guestolo · « **Reply #1 on:** February 23, 2010, 08:56:09 PM »

Let's take a closer look please

Download [color=\"#FF0000\"]OTL.exe[/color][/url] by OldTimer to your Desktop.

Close all windows and double click on OTL.exe to run it
Under the Custom Scan box paste this in, the contents in Blue

[color=\"#0000FF\"]netsvcs
msconfig
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
symmpi.sys
adp3132.sys
mv61xx.sys
/md5stop
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav [/color]

Click Run Scan and let the program run uninterrupted.
It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
You may need to use two posts to get it all.

NOTE: If you have trouble, or an error message trying to post the logs
Can you upload it to a reply box
In a Reply, select "Browse..." on the bottom right and then navigate to the file and select it
Then click "Upload"

neal2087 · « **Reply #2 on:** February 25, 2010, 09:17:32 AM »

its not allowing me to copy paste the file here so i have uploaded it her

OTL logfile created on: 2/25/2010 7:24:31 PM - Run 1
OTL by OldTimer - Version 3.1.30.2 Folder = C:\Documents and Settings\Neal\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

759.00 Mb Total Physical Memory | 508.00 Mb Available Physical Memory | 67.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 73.00% Paging File free
Paging file location(s): C:\pagefile.sys 1140 2280 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 18.65 Gb Total Space | 0.96 Gb Free Space | 5.15% Space Free | Partition Type: NTFS
Drive D: | 18.64 Gb Total Space | 0.02 Gb Free Space | 0.13% Space Free | Partition Type: NTFS
Drive E: | 18.64 Gb Total Space | 0.52 Gb Free Space | 2.80% Space Free | Partition Type: NTFS
Drive F: | 18.64 Gb Total Space | 0.18 Gb Free Space | 0.94% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SURYAVAN-40BA43
Current User Name: Neal
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

[color=\"#E56717\"]========== Processes (SafeList) ==========[/color]

PRC - [2010/02/25 19:10:03 | 000,549,888 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Neal\Desktop\OTL.exe
PRC - [2010/02/22 08:12:06 | 001,055,000 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/02/22 08:12:02 | 002,033,432 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/02/22 08:12:02 | 000,702,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/02/22 08:12:02 | 000,600,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/02/22 08:12:02 | 000,503,576 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/02/22 08:12:02 | 000,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2009/02/26 21:45:14 | 000,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/01/02 09:36:18 | 000,233,472 | ---- | M] (Teruten) -- C:\WINDOWS\system32\FsUsbExService.Exe
PRC - [2007/06/13 15:53:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/02/02 00:49:14 | 000,204,800 | ---- | M] () -- C:\oraclexe\app\oracle\product\10.2.0\server\BIN\TNSLSNR.EXE
PRC - [2006/02/02 00:43:44 | 059,064,320 | ---- | M] (Oracle Corporation) -- c:\oraclexe\app\oracle\product\10.2.0\server\BIN\oracle.exe
PRC - [2005/03/14 12:05:02 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2003/04/06 21:49:52 | 000,155,648 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxtray.exe
PRC - [2003/04/06 21:37:38 | 000,114,688 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\hkcmd.exe

[color=\"#E56717\"]========== Modules (SafeList) ==========[/color]

MOD - [2010/02/25 19:10:03 | 000,549,888 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Neal\Desktop\OTL.exe
MOD - [2006/08/25 21:15:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

[color=\"#E56717\"]========== Win32 Services (SafeList) ==========[/color]

SRV - [2010/02/22 08:12:02 | 000,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/01/26 10:02:28 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/12/17 16:37:52 | 000,067,360 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®
SRV - [2009/02/26 21:45:14 | 000,152,984 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/01/02 09:36:18 | 000,233,472 | ---- | M] (Teruten) [Auto | Running] -- C:\WINDOWS\system32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2006/10/27 00:47:54 | 000,065,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2006/10/26 19:49:34 | 000,441,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2006/10/26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006/02/02 00:51:06 | 000,045,056 | ---- | M] () [On_Demand | Stopped] -- C:\oraclexe\app\oracle\product\10.2.0\server\bin\OraClrAgnt.exe -- (OracleXEClrAgent)
SRV - [2006/02/02 00:49:14 | 000,204,800 | ---- | M] () [Auto | Running] -- C:\oraclexe\app\oracle\product\10.2.0\server\BIN\TNSLSNR.EXE -- (OracleXETNSListener)
SRV - [2006/02/02 00:47:28 | 000,057,616 | ---- | M] (Oracle Corporation) [On_Demand | Stopped] -- C:\oraclexe\app\oracle\product\10.2.0\server\BIN\omtsreco.exe -- (OracleMTSRecoveryService)
SRV - [2006/02/02 00:44:06 | 000,102,400 | ---- | M] () [Disabled | Stopped] -- c:\oraclexe\app\oracle\product\10.2.0\server\Bin\extjob.exe -- (OracleJobSchedulerXE)
SRV - [2006/02/02 00:43:44 | 059,064,320 | ---- | M] (Oracle Corporation) [Auto | Running] -- c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE -- (OracleServiceXE)
SRV - [2005/04/04 00:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2005/03/14 12:05:02 | 000,069,632 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [1998/06/06 00:00:00 | 000,034,036 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Visual Studio\COMMON\Tools\VS-Ent98\Vanalyzr\VARPC.EXE -- (Visual Studio Analyzer RPC bridge)

[color=\"#E56717\"]========== Driver Services (SafeList) ==========[/color]

DRV - [2010/02/22 08:12:39 | 000,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/02/22 08:12:38 | 000,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/02/22 08:12:37 | 000,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/02/19 12:34:39 | 000,078,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ialmkchw.sys -- ({D31A0762-0CEB-444e-ACFF-B049A1F6FE91}) Intel® Graphics Chipset (KCH)
DRV - [2009/01/02 09:36:18 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2008/08/14 07:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\adfs.sys -- (adfs)
DRV - [2007/11/13 15:55:53 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2007/05/02 11:11:18 | 000,109,704 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_mdm.sys -- (ss_mdm)
DRV - [2007/05/02 11:11:18 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_mdfl.sys -- (ss_mdfl)
DRV - [2007/05/02 11:11:16 | 000,083,592 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bus.sys -- (ss_bus) SAMSUNG Mobile USB Device 1.0 driver (WDM)
DRV - [2005/10/28 05:54:30 | 000,021,568 | ---- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HPZius12.sys -- (HPZius12)
DRV - [2005/10/28 05:54:29 | 000,016,496 | ---- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HPZipr12.sys -- (HPZipr12)
DRV - [2005/10/28 05:54:28 | 000,049,664 | ---- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HPZid412.sys -- (HPZid412)
DRV - [2005/09/23 23:18:32 | 000,171,520 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MarvinBus.sys -- (MarvinBus)
DRV - [2004/08/04 04:38:22 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2004/01/08 10:07:02 | 000,812,416 | ---- | M] (C-Media Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cmuda.sys -- (cmuda)
DRV - [2003/10/02 03:16:48 | 000,119,552 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\pnpshark.sys -- (pnpshark)
DRV - [2003/09/27 14:37:16 | 000,005,504 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\st3shark.sys -- (st3shark)
DRV - [2003/04/15 10:40:54 | 000,113,504 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ialmsbw.sys -- ({6080A529-897E-4629-A488-ABA0C29B635E}) Intel® Graphics Platform (SoftBIOS)
DRV - [2003/04/15 10:39:46 | 000,090,907 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ialmnt5.sys -- (ialm)
DRV - [2002/06/13 09:07:16 | 000,045,568 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\R8139n51.sys -- (rtl8139)
DRV - [2001/08/23 18:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)

[color=\"#E56717\"]========== Standard Registry (SafeList) ==========[/color]

[color=\"#E56717\"]========== Internet Explorer ==========[/color]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=\"#E56717\"]========== FireFox ==========[/color]

FF - prefs.js..browser.startup.homepage: "http://www.google.co.in/"
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.60
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:3.4.10
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.716

FF - HKLM\software\mozilla\Firefox\extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/02/22 08:12:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/02/19 17:19:47 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/02/19 17:19:47 | 000,000,000 | ---D | M]

[2009/02/26 20:00:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Neal\Application Data\Mozilla\Extensions
[2010/02/25 14:43:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Neal\Application Data\Mozilla\Firefox\Profiles\wks813ex.default\extensions
[2009/10/25 14:15:11 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Neal\Application Data\Mozilla\Firefox\Profiles\wks813ex.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/01/26 11:29:52 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Documents and Settings\Neal\Application Data\Mozilla\Firefox\Profiles\wks813ex.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010/01/31 23:47:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Neal\Application Data\Mozilla\Firefox\Profiles\wks813ex.default\extensions\[email protected]
[2010/02/25 14:43:54 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2001/08/23 18:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\NPSWF32_FlashUtil.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 36
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF FF [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} http://l.yimg.com/jh/games/web_games/playf...nx.1.0.0.55.cab (CPlayFirstTriJinxControl Object)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class)
O16 - DPF: {775879E2-7309-4619-BB02-AADE41F4B690} http://games.bigfishgames.com/en_dream-chr...web.1.0.0.9.cab (CPlayFirstdreamControl Object)
O16 - DPF: {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} http://zone.msn.com/bingame/zpagames/GAME_UNO1.cab60096.cab (UnoCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramework/v10/...k.cab102118.cab (MSN Games - Installer)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Neal\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Neal\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/03/15 14:23:25 | 000,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2008/11/05 07:23:15 | 000,000,000 | RHSD | M] - D:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2008/11/05 07:23:15 | 000,000,000 | RHSD | M] - E:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2008/11/05 07:23:15 | 000,000,000 | RHSD | M] - F:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{09bea7e0-2dd4-11de-b504-000b6aea30d5}\Shell\AUTOPlAy\comMaNd - "" = J:\drqi.exe -- File not found
O33 - MountPoints2\{09bea7e0-2dd4-11de-b504-000b6aea30d5}\Shell\AutoRun\command - "" = J:\drqi.exe -- File not found
O33 - MountPoints2\{09bea7e0-2dd4-11de-b504-000b6aea30d5}\Shell\exPLoRe\coMmANd - "" = J:\drqi.exe -- File not found
O33 - MountPoints2\{09bea7e0-2dd4-11de-b504-000b6aea30d5}\Shell\oPeN\commaND - "" = J:\drqi.exe -- File not found
O33 - MountPoints2\{54170e99-1247-11de-b4a8-000b6aea30d5}\Shell\AutoRun\command - "" = J:\AutoRun\AutoStart.exe -- File not found
O33 - MountPoints2\{54170e99-1247-11de-b4a8-000b6aea30d5}\Shell\Explore\Command - "" = J:\AutoRun\AutoStart.exe -- File not found
O33 - MountPoints2\{54170e99-1247-11de-b4a8-000b6aea30d5}\Shell\Open\Command - "" = J:\AutoRun\AutoStart.exe -- File not found
O33 - MountPoints2\{ce22347b-12eb-11de-b4a9-000b6aea30d5}\Shell\AutoRun\command - "" = I:\Setup.EXE -- File not found
O33 - MountPoints2\{ce22347b-12eb-11de-b4a9-000b6aea30d5}\Shell\explore\Command - "" = I:\Setup.EXE -- File not found
O33 - MountPoints2\{ce22347b-12eb-11de-b4a9-000b6aea30d5}\Shell\open\Command - "" = I:\Setup.EXE -- File not found
O33 - MountPoints2\{dc36e0d9-bc78-11de-b646-000b6aea30d5}\Shell\AutoRun\command - "" = I:\.\Docs\print.exe -- File not found
O33 - MountPoints2\{dc36e0d9-bc78-11de-b646-000b6aea30d5}\Shell\explore\command - "" = I:\.\\Docs\print.exe -- File not found
O33 - MountPoints2\{dc36e0d9-bc78-11de-b646-000b6aea30d5}\Shell\open\command - "" = I:\Docs\\print.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2009/02/26 19:28:02 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 0

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (53765113575899136)

[color=\"#E56717\"]========== Files/Folders - Created Within 30 Days ==========[/color]

[2010/02/25 19:10:02 | 000,549,888 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Neal\Desktop\OTL.exe
[2010/02/23 14:39:37 | 000,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Neal\Desktop\HijackThis.exe
[2010/02/23 00:39:30 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Neal\Recent
[2010/02/22 19:36:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Neal\Desktop\New Folder
[2010/02/22 08:12:45 | 000,000,000 | -H-D | C] -- C:\$AVG
[2010/02/22 08:12:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/02/22 08:06:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010/02/19 23:36:56 | 000,155,648 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxres.dll
[2010/02/19 17:55:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Neal\Desktop\ringe tones
[2010/02/19 09:28:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Neal\Desktop\java
[2010/02/16 18:53:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Neal\Application Data\Help
[2010/02/16 18:53:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Neal\Local Settings\Application Data\Help
[2010/02/14 22:59:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Neal\Application Data\WinRAR
[2010/02/13 13:20:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Neal\Application Data\123 Free Solitaire
[2010/02/09 16:21:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Neal\Desktop\Pulse
[2010/02/07 17:17:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Neal\Desktop\AI practicals
[2010/02/04 10:39:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Neal\Desktop\flash
[2010/02/04 09:49:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Neal\Desktop\ARU
[2010/01/30 08:04:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2009/09/08 23:41:23 | 000,014,336 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\wmdmhelper.dll
[2009/09/08 23:41:22 | 000,712,704 | ---- | C] ( ) -- C:\Program Files\dtdr3260.dll
[2009/09/08 23:41:20 | 000,651,264 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\rjbres.dll
[2009/09/08 23:41:20 | 000,352,256 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\rjdlg.dll
[2009/09/08 23:41:20 | 000,139,264 | ---- | C] (Inner Media, Inc.) -- C:\Program Files\DUNZIP32.dll
[2009/09/08 23:41:20 | 000,036,352 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\ierjplug.dll
[2009/09/08 23:41:20 | 000,019,456 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\rjprog.dll
[2009/09/08 23:41:19 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\fixrjb.exe
[2009/09/08 23:41:18 | 000,081,920 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\tsasdk.dll
[2009/09/08 23:41:18 | 000,057,344 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\tpasdk.dll
[2009/09/08 23:41:18 | 000,041,472 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\mmcdda32.dll
[2009/09/08 23:41:18 | 000,019,456 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\tnetdtct.dll
[2009/09/08 23:41:13 | 000,032,768 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\rpwa3260.dll
[2009/09/08 23:41:12 | 000,043,056 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\rpshellsearch.dll
[2009/09/08 23:41:11 | 000,719,360 | ---- | C] (Microsoft Corporation) -- C:\Program Files\dbghelp.dll
[2009/09/08 23:41:11 | 000,329,312 | ---- | C] (RealPlayer) -- C:\Program Files\rpbrowserrecordplugin.dll
[2009/09/08 23:41:10 | 000,065,536 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\rjwmapln.dll
[2009/09/08 23:41:06 | 000,053,248 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\rpau3260.dll
[2009/09/08 23:40:59 | 000,112,168 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\rdsf3260.dll
[2009/09/08 23:40:59 | 000,086,016 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\rpplugprot.dll
[2009/09/08 23:40:59 | 000,063,016 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\rpshell.dll
[2009/09/08 23:40:54 | 000,009,216 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\rphelperapp.exe
[2009/09/08 23:40:54 | 000,007,168 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\realjbox.exe
[2009/09/08 23:40:21 | 000,222,728 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\realplay.exe
[2009/09/08 23:40:16 | 000,198,208 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RecordingManager.exe
[2009/03/17 16:18:47 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2009/03/10 18:35:28 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009/03/10 18:35:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009/03/05 21:37:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2009/03/05 19:10:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2003/10/02 03:16:48 | 000,119,552 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\pnpshark.sys
[2003/09/27 14:37:16 | 000,005,504 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\st3shark.sys
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[11 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[color=\"#E56717\"]========== Files - Modified Within 30 Days ==========[/color]

[2010/02/25 19:25:04 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{ADF632AE-5DE2-4116-A0E2-ED1ABD76752F}.job
[2010/02/25 19:19:24 | 006,029,312 | -H-- | M] () -- C:\Documents and Settings\Neal\NTUSER.DAT
[2010/02/25 19:10:03 | 000,549,888 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Neal\Desktop\OTL.exe
[2010/02/25 19:00:03 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Neal\Local Settings\Application Data\prvlcl.dat
[2010/02/25 18:52:00 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-515967899-651377827-725345543-1003UA.job
[2010/02/25 18:35:49 | 056,241,522 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/02/25 18:08:58 | 000,025,088 | ---- | M] () -- C:\Documents and Settings\Neal\Desktop\Pulse_2010.doc
[2010/02/25 14:08:10 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/02/25 14:05:49 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/02/25 14:05:46 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/02/25 00:43:34 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Neal\ntuser.ini
[2010/02/24 22:52:07 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-515967899-651377827-725345543-1003Core.job
[2010/02/24 08:31:32 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/02/23 16:17:07 | 000,000,049 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/02/23 15:52:08 | 000,056,522 | ---- | M] () -- C:\Documents and Settings\Neal\Desktop\internet gateway.JPG
[2010/02/23 14:39:38 | 000,401,720 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Neal\Desktop\HijackThis.exe
[2010/02/22 08:26:46 | 000,142,495 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2010/02/22 08:12:39 | 000,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/02/22 08:12:38 | 000,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/02/22 08:12:37 | 000,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/02/22 08:12:16 | 000,001,507 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 9.0.lnk
[2010/02/22 08:12:14 | 000,113,461 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2010/02/22 08:12:14 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/02/21 15:07:37 | 000,222,208 | ---- | M] () -- C:\Documents and Settings\Neal\Desktop\CSS.doc
[2010/02/21 13:18:50 | 000,218,624 | ---- | M] () -- C:\Documents and Settings\Neal\Desktop\HTML TAGS2.doc
[2010/02/21 12:30:26 | 000,024,576 | ---- | M] () -- C:\Documents and Settings\Neal\Desktop\syllabus for Mst.doc
[2010/02/21 12:30:07 | 000,410,112 | ---- | M] () -- C:\Documents and Settings\Neal\Desktop\Java Script.doc
[2010/02/21 11:36:44 | 000,215,552 | ---- | M] () -- C:\Documents and Settings\Neal\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/21 08:53:15 | 001,706,590 | ---- | M] () -- C:\Documents and Settings\Neal\Desktop\Samsung_C5212_UM.pdf
[2010/02/20 19:30:46 | 000,000,143 | ---- | M] () -- C:\WINDOWS\vbaddin.ini
[2010/02/20 10:41:19 | 009,684,878 | ---- | M] () -- C:\Documents and Settings\Neal\Desktop\lagan lagi-rahat fateh ali.flv
[2010/02/19 12:34:42 | 000,155,648 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxrtrk.lrc
[2010/02/19 12:34:42 | 000,033,335 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\drivers\wa301b.sys
[2010/02/19 12:34:41 | 000,163,840 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxrell.lrc
[2010/02/19 12:34:41 | 000,159,744 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxrptg.lrc
[2010/02/19 12:34:41 | 000,159,744 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxrptb.lrc
[2010/02/19 12:34:41 | 000,159,744 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxrplk.lrc
[2010/02/19 12:34:41 | 000,159,744 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxrnld.lrc
[2010/02/19 12:34:41 | 000,159,744 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxrita.lrc
[2010/02/19 12:34:41 | 000,159,744 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxrhun.lrc
[2010/02/19 12:34:41 | 000,159,744 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxrfrc.lrc
[2010/02/19 12:34:41 | 000,159,744 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxrfra.lrc
[2010/02/19 12:34:41 | 000,159,744 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxresp.lrc
[2010/02/19 12:34:41 | 000,155,648 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxrtha.lrc
[2010/02/19 12:34:41 | 000,155,648 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxrsve.lrc
[2010/02/19 12:34:41 | 000,155,648 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxrrus.lrc
[2010/02/19 12:34:41 | 000,155,648 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxrnor.lrc
[2010/02/19 12:34:41 | 000,155,648 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxrkor.lrc
[2010/02/19 12:34:41 | 000,155,648 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxrjpn.lrc
[2010/02/19 12:34:41 | 000,155,648 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxrheb.lrc
[2010/02/19 12:34:41 | 000,155,648 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxrfin.lrc
[2010/02/19 12:34:41 | 000,155,648 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxres.dll
[2010/02/19 12:34:41 | 000,155,648 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxrenu.lrc
[2010/02/19 12:34:41 | 000,155,648 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxreng.lrc
[2010/02/19 12:34:41 | 000,155,648 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxrdeu.lrc
[2010/02/19 12:34:41 | 000,155,648 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxrdan.lrc
[2010/02/19 12:34:41 | 000,155,648 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxrcsy.lrc
[2010/02/19 12:34:41 | 000,155,648 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxrarb.lrc
[2010/02/19 12:34:41 | 000,155,648 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxrara.lrc
[2010/02/19 12:34:41 | 000,058,021 | ---- | M] () -- C:\WINDOWS\System32\igfxhnor.lhp
[2010/02/19 12:34:40 | 000,094,208 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxcpl.cpl
[2010/02/19 12:34:40 | 000,090,112 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxext.exe
[2010/02/19 12:34:40 | 000,086,016 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxdo.dll
[2010/02/19 12:34:40 | 000,059,052 | ---- | M] () -- C:\WINDOWS\System32\igfxhcht.lhp
[2010/02/19 12:34:40 | 000,058,026 | ---- | M] () -- C:\WINDOWS\System32\igfxhdan.lhp
[2010/02/19 12:34:39 | 001,859,584 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\ialmgicd.dll
[2010/02/19 12:34:39 | 000,078,752 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\drivers\ialmkchw.sys
[2010/02/19 09:39:28 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 8.lnk
[2010/02/18 07:36:40 | 000,005,473 | ---- | M] () -- C:\Documents and Settings\Neal\Desktop\AI_8TILE.CPP
[2010/02/17 18:12:53 | 007,502,452 | ---- | M] () -- C:\Documents and Settings\Neal\Desktop\Bande-black friday.mp3
[2010/02/15 19:09:09 | 000,000,124 | ---- | M] () -- C:\WINDOWS\poolemup.ini
[2010/02/14 21:20:16 | 022,110,265 | ---- | M] () -- C:\Documents and Settings\Neal\Desktop\Kaka mala vachava.mp4
[2010/02/11 23:04:22 | 000,038,849 | ---- | M] () -- C:\Documents and Settings\Neal\Desktop\contacts.pdf
[2010/02/08 20:54:14 | 002,112,304 | -H-- | M] () -- C:\Documents and Settings\Neal\Local Settings\Application Data\IconCache.db
[2010/02/03 09:45:25 | 000,283,055 | ---- | M] () -- C:\Documents and Settings\Neal\Desktop\10.1.1.64.3010.pdf
[2010/02/03 09:01:40 | 000,078,879 | ---- | M] () -- C:\Documents and Settings\Neal\Desktop\Homework%202%20Adarsh%20Ramesh.pdf
[2010/02/03 07:55:06 | 000,095,172 | ---- | M] () -- C:\Documents and Settings\Neal\Desktop\AI tasks.pdf
[2010/02/02 23:00:32 | 061,038,916 | ---- | M] () -- C:\Documents and Settings\Neal\Desktop\Artificial Intelligence, A Modern Approach - 2nd Edition.pdf
[2010/02/02 14:11:12 | 000,043,008 | ---- | M] () -- C:\Documents and Settings\Neal\Desktop\ooad_proj(synopsis).doc
[2010/02/01 19:55:15 | 003,523,200 | ---- | M] () -- C:\Documents and Settings\Neal\Desktop\Apsara Aali.mp3
[2010/01/29 08:25:35 | 002,143,633 | ---- | M] () -- C:\Documents and Settings\Neal\Desktop\video.flv
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[11 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[color=\"#E56717\"]========== Files Created - No Company Name ==========[/color]

[2010/02/25 18:08:51 | 000,025,088 | ---- | C] () -- C:\Documents and Settings\Neal\Desktop\Pulse_2010.doc
[2010/02/24 08:31:30 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2010/02/24 07:58:16 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Neal\Local Settings\Application Data\prvlcl.dat
[2010/02/23 15:52:08 | 000,056,522 | ---- | C] () -- C:\Documents and Settings\Neal\Desktop\internet gateway.JPG
[2010/02/22 08:12:16 | 000,001,507 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 9.0.lnk
[2010/02/21 12:59:59 | 000,218,624 | ---- | C] () -- C:\Documents and Settings\Neal\Desktop\HTML TAGS2.doc
[2010/02/21 12:30:01 | 000,410,112 | ---- | C] () -- C:\Documents and Settings\Neal\Desktop\Java Script.doc
[2010/02/21 11:58:43 | 000,024,576 | ---- | C] () -- C:\Documents and Settings\Neal\Desktop\syllabus for Mst.doc
[2010/02/21 08:53:15 | 001,706,590 | ---- | C] () -- C:\Documents and Settings\Neal\Desktop\Samsung_C5212_UM.pdf
[2010/02/20 10:39:51 | 009,684,878 | ---- | C] () -- C:\Documents and Settings\Neal\Desktop\lagan lagi-rahat fateh ali.flv
[2010/02/19 09:28:29 | 000,005,473 | ---- | C] () -- C:\Documents and Settings\Neal\Desktop\AI_8TILE.CPP
[2010/02/14 23:03:23 | 022,110,265 | ---- | C] () -- C:\Documents and Settings\Neal\Desktop\Kaka mala vachava.mp4
[2010/02/13 13:10:49 | 000,000,124 | ---- | C] () -- C:\WINDOWS\poolemup.ini
[2010/02/11 23:04:21 | 000,038,849 | ---- | C] () -- C:\Documents and Settings\Neal\Desktop\contacts.pdf
[2010/02/11 07:22:19 | 000,103,936 | ---- | C] () -- C:\Documents and Settings\Neal\Desktop\8 Queens.doc
[2010/02/11 07:22:19 | 000,044,032 | ---- | C] () -- C:\Documents and Settings\Neal\Desktop\Aapki ek muskurahat NE hamarey hosh udaa diye.doc
[2010/02/10 19:53:37 | 007,502,452 | ---- | C] () -- C:\Documents and Settings\Neal\Desktop\Bande-black friday.mp3
[2010/02/05 23:12:14 | 000,222,208 | ---- | C] () -- C:\Documents and Settings\Neal\Desktop\CSS.doc
[2010/02/03 09:45:08 | 000,283,055 | ---- | C] () -- C:\Documents and Settings\Neal\Desktop\10.1.1.64.3010.pdf
[2010/02/03 09:01:40 | 000,078,879 | ---- | C] () -- C:\Documents and Settings\Neal\Desktop\Homework%202%20Adarsh%20Ramesh.pdf
[2010/02/03 07:09:23 | 000,095,172 | ---- | C] () -- C:\Documents and Settings\Neal\Desktop\AI tasks.pdf
[2010/02/02 22:55:31 | 061,038,916 | ---- | C] () -- C:\Documents and Settings\Neal\Desktop\Artificial Intelligence, A Modern Approach - 2nd Edition.pdf
[2010/02/01 22:03:58 | 000,043,008 | ---- | C] () -- C:\Documents and Settings\Neal\Desktop\ooad_proj(synopsis).doc
[2010/02/01 19:53:27 | 003,523,200 | ---- | C] () -- C:\Documents and Settings\Neal\Desktop\Apsara Aali.mp3
[2010/01/29 08:25:20 | 002,143,633 | ---- | C] () -- C:\Documents and Settings\Neal\Desktop\video.flv
[2009/12/29 00:29:25 | 000,202,576 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2009/10/30 07:47:03 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\redmonnt.dll
[2009/09/08 23:41:19 | 000,002,851 | ---- | C] () -- C:\Program Files\cdroms.cfg
[2009/09/08 23:41:13 | 000,119,808 | ---- | C] () -- C:\Program Files\waiting.avi
[2009/09/08 23:41:13 | 000,057,762 | ---- | C] () -- C:\Program Files\howto.chm
[2009/09/08 23:41:13 | 000,040,154 | ---- | C] () -- C:\Program Files\realplay.chm
[2009/09/08 23:41:13 | 000,027,278 | ---- | C] () -- C:\Program Files\frw.bmp
[2009/09/08 23:41:13 | 000,016,296 | ---- | C] () -- C:\Program Files\realtfon.fon
[2009/09/08 23:41:12 | 000,001,209 | ---- | C] () -- C:\Program Files\flvplay.swf
[2009/09/08 23:41:06 | 000,053,098 | ---- | C] () -- C:\Program Files\presets.rnx
[2009/09/08 23:41:06 | 000,046,253 | ---- | C] () -- C:\Program Files\RealNetworks License.html
[2009/09/08 23:41:06 | 000,046,253 | ---- | C] () -- C:\Program Files\playrlic.html
[2009/09/08 23:41:06 | 000,043,844 | ---- | C] () -- C:\Program Files\RealNetworks License.txt
[2009/09/08 23:41:06 | 000,043,844 | ---- | C] () -- C:\Program Files\playrlic.txt
[2009/09/08 23:41:05 | 000,000,480 | ---- | C] () -- C:\Program Files\keys.dat
[2009/09/08 23:41:02 | 000,804,957 | ---- | C] () -- C:\Program Files\normal.vs
[2009/09/08 23:41:02 | 000,061,495 | ---- | C] () -- C:\Program Files\ssimages.vs
[2009/09/08 23:41:00 | 000,102,400 | ---- | C] () -- C:\Program Files\HXAudioDeviceHook.dll
[2009/09/08 23:40:58 | 000,001,030 | ---- | C] () -- C:\Program Files\autoplaylist.dat
[2009/09/08 23:40:58 | 000,000,050 | ---- | C] () -- C:\Program Files\strs23.dat
[2009/09/08 23:40:58 | 000,000,013 | ---- | C] () -- C:\Program Files\strs26.dat
[2009/09/08 23:40:21 | 000,001,166 | ---- | C] () -- C:\Program Files\realplay.exe.manifest
[2009/09/08 23:40:21 | 000,000,716 | ---- | C] () -- C:\Program Files\CinemasterVideo.4.3.manifest
[2009/09/08 23:40:21 | 000,000,572 | ---- | C] () -- C:\Program Files\CinemasterAudio.4.3.manifest
[2009/09/08 23:40:20 | 000,023,558 | ---- | C] () -- C:\Program Files\freeoffers.ico
[2009/09/08 23:40:20 | 000,017,846 | ---- | C] () -- C:\Program Files\videotest.rm
[2009/09/08 23:40:20 | 000,000,221 | ---- | C] () -- C:\Program Files\subscription.rnx
[2009/09/08 23:40:20 | 000,000,177 | ---- | C] () -- C:\Program Files\freeoffers.rnx
[2009/09/08 23:40:16 | 000,000,685 | ---- | C] () -- C:\Program Files\RecordingManager.exe.manifest
[2009/08/24 00:18:04 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll
[2009/08/24 00:18:04 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys
[2009/08/24 00:17:46 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Neal\Application Data\$_hpcst$.hpc
[2009/08/24 00:15:33 | 000,028,160 | ---- | C] () -- C:\Program Files\1033.MST
[2009/08/24 00:15:33 | 000,013,660 | ---- | C] () -- C:\Program Files\0x0409.ini
[2009/08/24 00:15:20 | 078,668,288 | ---- | C] () -- C:\Program Files\Samsung New PC Studio.msi
[2009/08/22 05:22:07 | 000,000,185 | ---- | C] () -- C:\WINDOWS\mdm.ini
[2009/06/28 19:03:16 | 000,000,049 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/04/10 14:26:04 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\qtmlClient.dll
[2009/04/10 14:26:04 | 000,002,289 | ---- | C] () -- C:\WINDOWS\Graffiti5.2Pin.ini
[2009/03/17 18:20:29 | 000,000,636 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/03/02 05:04:11 | 000,000,221 | ---- | C] () -- C:\WINDOWS\NCLogConfig.ini
[2009/03/01 15:08:26 | 000,002,441 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2009/02/27 00:46:54 | 000,215,552 | ---- | C] () -- C:\Documents and Settings\Neal\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/02/26 23:14:59 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/02/26 23:14:59 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2009/02/26 23:14:55 | 000,755,027 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/02/26 23:14:55 | 000,159,839 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/02/26 23:14:52 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/02/26 23:14:52 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009/02/26 19:41:48 | 000,000,092 | ---- | C] () -- C:\WINDOWS\CMISETUP.INI
[2009/02/26 19:41:48 | 000,000,026 | ---- | C] () -- C:\WINDOWS\CMCDPLAY.INI
[2009/02/26 19:41:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Wininit.ini
[2009/02/26 19:41:47 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\cmirmdrv.dll
[2009/02/26 19:41:43 | 000,028,672 | ---- | C] () -- C:\WINDOWS\CMIRmDriver.dll
[2009/02/26 19:39:44 | 000,002,661 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2009/02/26 19:39:43 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2008/08/26 00:06:13 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2007/10/25 17:26:10 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2006/06/02 03:40:25 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2003/10/02 02:20:48 | 000,061,952 | ---- | C] () -- C:\WINDOWS\daemon.dll
[2001/07/06 16:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[1998/06/10 00:00:00 | 000,015,120 | ---- | C] () -- C:\WINDOWS\System32\REPUTIL.DLL
[1998/05/18 00:00:00 | 000,014,017 | ---- | C] () -- C:\WINDOWS\JAUTOEXP.INI
[1998/04/24 00:00:00 | 000,000,218 | ---- | C] () -- C:\WINDOWS\FRONTPG.INI

[color=\"#E56717\"]========== Custom Scans ==========[/color]

[color=\"#A23BEC\"]< %SYSTEMDRIVE%\*.exe >[/color]

[color=\"#A23BEC\"]< MD5 for: AGP440.SYS >[/color]
[2004/08/04 01:35:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys

[color=\"#A23BEC\"]< MD5 for: ATAPI.SYS >[/color]
[2004/08/04 01:35:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 23:29:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys

[color=\"#A23BEC\"]< MD5 for: EVENTLOG.DLL >[/color]
[2004/08/04 01:26:44 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2004/08/04 01:26:44 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\eventlog.dll

[color=\"#A23BEC\"]< MD5 for: NETLOGON.DLL >[/color]
[2009/02/07 00:16:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009/02/07 00:16:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[2004/08/04 01:26:46 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2004/08/04 01:26:46 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\netlogon.dll

[color=\"#A23BEC\"]< MD5 for: SCECLI.DLL >[/color]
[2004/08/04 01:26:46 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\dllcache\scecli.dll
[2004/08/04 01:26:46 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\scecli.dll

[color=\"#A23BEC\"]< %systemroot%\*. /mp /s >[/color]

[color=\"#A23BEC\"]< %systemroot%\system32\*.dll /lockedfiles >[/color]
[11 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

[color=\"#A23BEC\"]< %systemroot%\Tasks\*.job /lockedfiles >[/color]

[color=\"#A23BEC\"]< %systemroot%\system32\drivers\*.sys /lockedfiles >[/color]

[color=\"#A23BEC\"]< %systemroot%\System32\config\*.sav >[/color]
[2009/02/27 00:45:15 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2009/02/27 00:45:15 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2009/02/27 00:45:15 | 000,872,448 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
< End of report >

neal2087 · « **Reply #3 on:** February 25, 2010, 09:19:43 AM »

this is the second file extras.txt

OTL Extras logfile created on: 2/25/2010 7:24:31 PM - Run 1
OTL by OldTimer - Version 3.1.30.2 Folder = C:\Documents and Settings\Neal\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

759.00 Mb Total Physical Memory | 508.00 Mb Available Physical Memory | 67.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 73.00% Paging File free
Paging file location(s): C:\pagefile.sys 1140 2280 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 18.65 Gb Total Space | 0.96 Gb Free Space | 5.15% Space Free | Partition Type: NTFS
Drive D: | 18.64 Gb Total Space | 0.02 Gb Free Space | 0.13% Space Free | Partition Type: NTFS
Drive E: | 18.64 Gb Total Space | 0.52 Gb Free Space | 2.80% Space Free | Partition Type: NTFS
Drive F: | 18.64 Gb Total Space | 0.18 Gb Free Space | 0.94% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SURYAVAN-40BA43
Current User Name: Neal
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

[color=\"#E56717\"]========== Extra Registry (SafeList) ==========[/color]

[color=\"#E56717\"]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- C:\Documents and Settings\Neal\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.)

[color=\"#E56717\"]========== Shell Spawning ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[color=\"#E56717\"]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"5353:TCP" = 5353:TCP:*:Enabled:Adobe CSI CS4

[color=\"#E56717\"]========== Authorized Applications List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Google\Google Talk\googletalk.exe" = C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk -- (Google)
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- File not found
"C:\Program Files\AVG\AVG8\avgnsx.exe" = C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe -- File not found
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:ÂµTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" = C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4 -- (Adobe Systems Incorporated)
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)

[color=\"#E56717\"]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{05C56753-F144-44BC-BA67-83CC5DBF395C}" = F300
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0BF5FBE7-3907-4A1F-9E48-8B66E52850D6}" = TrayApp
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{1E1F1E70-14D8-4380-8652-BD1A895A7D65}" = Status
"{2168245A-B5AD-40D8-A641-48E3E070B5B6}" = Adobe Flash CS4 STI-en
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{23B35809-5E4A-4F14-8332-1CDEDDFAC089}" = CP_Package_Variety2
"{24BEBF2E-73F3-4599-840B-EDC612CCDD0D}" = Destinations
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(tm) 6 Update 11
"{2DF9A978-DEA1-4433-805D-66790FC28C62}" = DAEMON Tools
"{31263605-FC84-4787-B847-BA445B147E24}" = ScannerCopy
"{32A3A4F4-B792-11D6-A78A-00B0D0150060}" = J2SE Development Kit 5.0 Update 6
"{34F3FCF1-817B-4D61-B6AF-19D9486AFEA0}" = Unload
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{4041C245-7099-4C96-9738-5EBC23827B3C}" = BufferChm
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4BE53DB2-C1F2-44D1-A9AB-1630BA7F2AF1}" = SolutionCenter
"{522D1D79-9C0A-4361-91F8-2AFF8EC6C2E1}" = CP_Package_Variety1
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68763C27-235D-4165-A961-FDEA228CE504}" = AiOSoftwareNPI
"{6AA003BF-73E5-4911-ADB7-71DD5674DDD4}" = Oracle Data Provider for .NET Help
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{71D9B000-CD43-4DE9-9729-49434415B8F7}" = F300Trb
"{736C803C-DD3B-4015-BC51-AFB9E67B9076}" = Readme
"{793D1D88-6141-43DE-BE58-59BCE31B4090}" = Adobe Flash CS4 Extension - Flash Lite STI en
"{7E7B7865-6C80-4373-8BC1-C2EB9431F9DE}" = ProductContextNPI
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics Driver
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90510409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Visio Professional 2003
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{97AA0C55-AFAD-4126-B21C-F1318FB6DADA}" = RTLSetup for Realtek RTL8139/810x Family NIC 3.00
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AAA11090-6E99-4655-AAF5-57EB5F677D0C}" = MarketResearch
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.1
"{AF7E85DC-317C-47F5-810E-B82EE093A612}" = Samsung New PC Studio USB Driver Installer
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B57F2FF0-5A25-4332-B503-4592B370C02F}" = CP_Package_Variety3
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BF4E9ED0-EF26-4A4C-A123-6A6A1ABEE411}" = DocProc
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C6812939-B117-48E6-A3BA-1709C14A3C8C}" = Scan
"{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA
"{C98E8D9D-21DE-4F87-A9B7-142BB89840FC}" = Toolbox
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D7CAE58E-26DE-49B7-A75D-EAEDF76726BE}" = HP Photosmart Essential
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{DEBB2986-15B0-4D28-95FA-5C966A396589}" = HPProductAssistant
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E5966E4C-0A93-4F59-A981-BD3173D4799F}" = F300_Help
"{E5A8DDAB-AE80-48C6-A75B-D0FAB83B299D}" = HP PSC & OfficeJet 6.1.A
"{E5FCED12-3E77-4C0E-A305-5AEB38A52A70}" = AdobeColorCommonSetCMYK
"{EC2715CE-C182-483C-84CC-81D7D914CF14}" = WebReg
"{ECFDD6BD-E0C0-41CC-A171-E6D6AF4C0E93}" = HP Software Update
"{EED50C97-C79E-4149-BD82-7C5A22437708}" = Adobe Setup
"{F0BC0F9E-C4A8-485C-93ED-424DB9EA3F75}" = Oracle Database 10g Express Edition
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{F6076EF9-08E1-442F-B6A2-BFB61B295A14}" = Fax_CDA
"{F6E99614-F042-4459-82B7-8B38B2601356}" = Adobe Flash CS4
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}" = NewCopy_CDA
"6194C28A8F62DD817EA1B918E6E46E806A21B452" = Windows Driver Package - MobileTop (sshpmdm) Modem (02/23/2007 2.5.0.0)
"65B6FE5418CE28F4D72543FB2D964C3CEC83F161" = Windows Driver Package - MobileTop (sshpusb) USB (02/23/2007 2.5.0.0)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_a68eec966ce913ddaa63251dc82ed31" = Adobe Flash CS4 Professional
"AVG9Uninstall" = AVG Free 9.0
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3
"AVS4YOU Video Converter 6_is1" = AVS Video Converter 6
"CCleaner" = CCleaner
"C-Media Audio" = C-Media 3D Audio
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FreePDF_XP" = FreePDF XP (Remove only)
"GPL Ghostscript 8.62" = GPL Ghostscript 8.62
"GPL Ghostscript Fonts" = GPL Ghostscript Fonts
"HijackThis" = HijackThis 2.0.2
"HP Imaging Device Functions" = HP Imaging Device Functions 6.1
"HP Solution Center & Imaging Support Tools" = HP Solution Center and Imaging Support Tools 6.1
"HPExtendedCapabilities" = HP Extended Capabilities 6.1
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"InstallShield_{AF7E85DC-317C-47F5-810E-B82EE093A612}" = Samsung New PC Studio USB Driver Installer
"InstallShield_{F0BC0F9E-C4A8-485C-93ED-424DB9EA3F75}" = Oracle Database 10g Express Edition
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.3.4 (Full)
"Kundli for Windows (Professional Edition)" = Kundli for Windows (Professional Edition)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.

" = Mozilla Firefox (3.5.

"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MsJavaVM" = Microsoft VM for Java
"Nero - Burning Rom!UninstallKey" = Nero OEM
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"RealPlayer 12.0" = RealPlayer
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"Video Converter 3" = Video Converter 3
"Visual Studio 6.0 Enterprise Edition" = Microsoft Visual Studio 6.0 Enterprise Edition
"VLC media player" = VLC media player 1.0.2
"WebPost" = Microsoft Web Publishing Wizard 1.53
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Messenger" = Yahoo! Messenger
"YInstHelper" = Yahoo! Install Manager

[color=\"#E56717\"]========== HKEY_CURRENT_USER Uninstall List ==========[/color]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"uTorrent" = ÂµTorrent

[color=\"#E56717\"]========== Last 10 Event Log Errors ==========[/color]

[ Application Events ]
Error - 12/1/2009 12:07:33 AM | Computer Name = SURYAVAN-40BA43 | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.3156, faulting
module avisplitter.ax, version 1.0.0.9, fault address 0x000220b4.

Error - 12/19/2009 3:33:30 PM | Computer Name = SURYAVAN-40BA43 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.1.3622, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 12/22/2009 10:47:35 AM | Computer Name = SURYAVAN-40BA43 | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.3156, faulting
module avisplitter.ax, version 1.0.0.9, fault address 0x000220b4.

Error - 12/22/2009 10:47:42 AM | Computer Name = SURYAVAN-40BA43 | Source = Application Error | ID = 1001
Description = Fault bucket 608323740.

Error - 12/22/2009 10:47:56 AM | Computer Name = SURYAVAN-40BA43 | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.3156, faulting
module avisplitter.ax, version 1.0.0.9, fault address 0x000220b4.

Error - 12/22/2009 10:49:09 AM | Computer Name = SURYAVAN-40BA43 | Source = Application Error | ID = 1001
Description = Fault bucket 608323740.

Error - 12/26/2009 5:47:20 AM | Computer Name = SURYAVAN-40BA43 | Source = Application Error | ID = 1000
Description = Faulting application coolplayer.exe, version 0.0.0.0, faulting module
coolplayer.exe, version 0.0.0.0, fault address 0x00001d09.

[ Application Events ]
Error - 12/1/2009 12:07:33 AM | Computer Name = SURYAVAN-40BA43 | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.3156, faulting
module avisplitter.ax, version 1.0.0.9, fault address 0x000220b4.

Error - 12/19/2009 3:33:30 PM | Computer Name = SURYAVAN-40BA43 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.1.3622, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 12/22/2009 10:47:35 AM | Computer Name = SURYAVAN-40BA43 | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.3156, faulting
module avisplitter.ax, version 1.0.0.9, fault address 0x000220b4.

Error - 12/22/2009 10:47:42 AM | Computer Name = SURYAVAN-40BA43 | Source = Application Error | ID = 1001
Description = Fault bucket 608323740.

Error - 12/22/2009 10:47:56 AM | Computer Name = SURYAVAN-40BA43 | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.3156, faulting
module avisplitter.ax, version 1.0.0.9, fault address 0x000220b4.

Error - 12/22/2009 10:49:09 AM | Computer Name = SURYAVAN-40BA43 | Source = Application Error | ID = 1001
Description = Fault bucket 608323740.

Error - 12/26/2009 5:47:20 AM | Computer Name = SURYAVAN-40BA43 | Source = Application Error | ID = 1000
Description = Faulting application coolplayer.exe, version 0.0.0.0, faulting module
coolplayer.exe, version 0.0.0.0, fault address 0x00001d09.

[ OSession Events ]
Error - 6/23/2009 2:00:40 AM | Computer Name = SURYAVAN-40BA43 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 77
seconds with 60 seconds of active time. This session ended with a crash.

Error - 11/12/2009 5:46:40 PM | Computer Name = SURYAVAN-40BA43 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 17
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 2/17/2010 9:24:35 PM | Computer Name = SURYAVAN-40BA43 | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.nist.gov,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 2/17/2010 9:24:35 PM | Computer Name = SURYAVAN-40BA43 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 2/17/2010 9:39:34 PM | Computer Name = SURYAVAN-40BA43 | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.nist.gov,0x1'. NtpClient will try the DNS lookup
again in 30 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 2/17/2010 9:39:34 PM | Computer Name = SURYAVAN-40BA43 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 29 minutes. NtpClient has no source of accurate
time.

Error - 2/19/2010 1:58:17 PM | Computer Name = SURYAVAN-40BA43 | Source = Service Control Manager | ID = 7034
Description = The OracleXETNSListener service terminated unexpectedly. It has done
this 1 time(s).

Error - 2/19/2010 1:59:12 PM | Computer Name = SURYAVAN-40BA43 | Source = Service Control Manager | ID = 7034
Description = The FsUsbExService service terminated unexpectedly. It has done this
1 time(s).

Error - 2/19/2010 1:59:17 PM | Computer Name = SURYAVAN-40BA43 | Source = Service Control Manager | ID = 7034
Description = The Java Quick Starter service terminated unexpectedly. It has done
this 1 time(s).

Error - 2/19/2010 1:59:32 PM | Computer Name = SURYAVAN-40BA43 | Source = Service Control Manager | ID = 7034
Description = The Pml Driver HPZ12 service terminated unexpectedly. It has done
this 1 time(s).

Error - 2/21/2010 2:26:35 AM | Computer Name = SURYAVAN-40BA43 | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC000007F'
while processing the file 'desktop.ini' on the volume 'HarddiskVolume3'. It has
stopped monitoring the volume.

Error - 2/23/2010 2:19:59 PM | Computer Name = SURYAVAN-40BA43 | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC000007F'
while processing the file 'desktop.ini' on the volume 'HarddiskVolume3'. It has
stopped monitoring the volume.

< End of report >

guestolo · « **Reply #4 on:** February 26, 2010, 09:00:06 PM »

Download ComboFix from Only the link below

[color=\"#0000FF\"]Link [/color]
[color=\"#FF0000\"]Save it ONLY to your Desktop[/color]

--------------------------------------------------------------------
[color=\"#2E8B57\"]Temporarily Disable your AntiVirus/AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with this tool
[/color]

AVG9:
To disable the Resident Shield, please:

* Open AVG User Interface.
* Double-click on the Resident Shield.
* Un-tick the option Resident Shield active.
* Save the changes.

Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

[color=\"#2e8b57\"]**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
[/color]

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply

NOTE: Do not mouseclick inside ComboFix window as it's running, it may cause it to stall
ComboFix will/may run again on startup, it will prompt that it's creating a log
This process could take up to 10 minutes, let it run uninterrupted please

Reenable protection with AVG

neal2087 · « **Reply #5 on:** March 01, 2010, 12:35:52 AM »

my pc crashes when combo fix reaches to25th or 26th stage and it restarts and after restart winows says your system recovered from a very serious error ........

guestolo · « **Reply #6 on:** March 01, 2010, 01:11:56 AM »

Try rebooting into safe mode and try ComboFix again
If you can get it to run, that would be helpful, if you can't get it to run in safe mode
That info would also be helpful

neal2087 · « **Reply #7 on:** March 01, 2010, 05:39:25 AM »

[quote name=\'guestolo\' post=\'468217\' date=\'Mar 1 2010, 11:41 AM\']Try rebooting into safe mode and try ComboFix again
If you can get it to run, that would be helpful, if you can't get it to run in safe mode
That info would also be helpful[/quote]

done this and it worked

This is the combofix log file

ComboFix 10-02-27.04 - Neal 03/01/2010 15:50:34.4.1 - x86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.759.592 [GMT 5.5:30]
Running from: c:\documents and settings\Neal\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\audio\music\mainmenumusic.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\audio\sfx\areabomb.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\audio\sfx\beetlezap.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\audio\sfx\bonusrow.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\audio\sfx\bonustimer.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\audio\sfx\bucketfilled.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\audio\sfx\clearpyramid.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\audio\sfx\cleartriangle1a.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\audio\sfx\cleartriangle1b.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\audio\sfx\cleartriangle1c.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\audio\sfx\cleartriangle2a.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\audio\sfx\cleartriangle2b.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\audio\sfx\cleartriangle2c.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\audio\sfx\colorchain.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\audio\sfx\dialogbox.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\audio\sfx\drumbeat.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\audio\sfx\fillrow.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\audio\sfx\gateopen.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\audio\sfx\helptip.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\audio\sfx\powerup.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\audio\sfx\rotateboardleft.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\audio\sfx\timerup.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\audio\sfx\warning.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\audio\sfx\warning2.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\backgrounds\artifacts-bb.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\backgrounds\bar.jpg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\backgrounds\chamber0.jpg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\backgrounds\chamber1.jpg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\backgrounds\circledoor.jpg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\backgrounds\full_screen_dialog.jpg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\backgrounds\global-hs-bb_large.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\backgrounds\global-hs-bb_small.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\backgrounds\help-bb_large.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\backgrounds\help-bb_small.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\backgrounds\hexfield.jpg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\backgrounds\hidden-artifact_icon.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\backgrounds\large_dialog.jpg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\backgrounds\local-hs-bb.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\backgrounds\mainmenu.jpg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\backgrounds\small_dialog.jpg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\backgrounds\textfield.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\backgrounds\trifield.jpg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\beetles\beetlehover1.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\beetles\beetlehover2.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\beetles\beetlehover3.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\beetles\beetlehover4.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\beetles\beetleshock1.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\beetles\beetleshock2.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\beetles\beetleshock3.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\beetles\beetleshock4.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\beetles\beetletatoo.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\beetles\dirt.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\beetles\scarabpost.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\beetles\scarabpostovr.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\beetles\tritop.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\arrowdown_down.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\arrowdown_over.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\arrowdown_up.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\arrowleft_down.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\arrowleft_over.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\arrowleft_up.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\arrowright_down.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\arrowright_over.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\arrowright_up.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\arrowup_down.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\arrowup_over.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\arrowup_up.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\bluearrowleft_down.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\bluearrowleft_over.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\bluearrowleft_up.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\bluearrowright_down.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\bluearrowright_over.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\bluearrowright_up.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\checkdown.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\checkup.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\long_button_down.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\long_button_over.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\long_button_up.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\orange-button_down.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\orange-button_over.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\orange-button_up.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\rotleft_down.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\rotleft_over.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\rotleft_up.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\rotright_down.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\rotright_over.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\rotright_up.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\simplebutton_down.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\simplebutton_over.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\simplebutton_up.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\sliderknob.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\sliderknobover.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\sliderrail.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\characters\anwar\look\pl0001.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\characters\bast\look\bl0001.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\characters\kristine\look\kl0001.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\crackedstopper.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\cursor.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\doorlights.txt
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\fonts\jackarmstrong.mvec
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\fonts\lithos.mvec
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\greybomb.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\helptips\arrowkeys.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\helptips\helptip.jpg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\levels\levels.dat
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\models\disk.mesh
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\models\equilateraltriangle.mesh
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\models\flattri.mesh
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\models\pyramid.mesh
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\models\quad.mesh
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\models\rotatingpyramid.mesh
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\models\scarabpanel.mesh
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\p1icon.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\scenes\page1-0.xml
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\scenes\page1-1.xml
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\scenes\panel1-0-1.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\scenes\panel1-1-1.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\scorecloud.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\setup.xml
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\sfx\areashockwave.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\sfx\bolt_1.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\sfx\bolt_2.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\sfx\bolt_3.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\sfx\bolt_4.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\sfx\bolt_starter.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\sfx\bolt_tail.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\sfx\flash.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\sfx\rubble.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\sfx\smoke.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\sfx\smoke2.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\sfx\smoke3.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\splash\playfirst_logo.jpg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\statues\statue0\snake_dirty.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\statues\statue1\arm01_dirty.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\statues\statue1\mask01_1.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\statues\statue1\statue01_dirty.jpg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\stopper.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\timer.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\timerglow.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\timericon.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\tm.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\trails\mouseblue1.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\trails\mouseblue2.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\trails\mouseblue3.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\trails\mousegreen1.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\trails\mousegreen2.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\trails\mousegreen3.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\trails\mousered1.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\trails\mousered2.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\trails\mousered3.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\trails\mouseyellow1.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\trails\mouseyellow2.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\trails\mouseyellow3.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\areabomb.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\areabombrollover.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\blue.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\bluerollover.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\boardfill.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\brick.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\brick1.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\brick2.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\brick3.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\bricktip.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\clearanim\cleared1.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\clearanim\cleared2.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\clearanim\cleared3.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\clearanim\cleared4.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\clearanim\cleared5.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\clearanim\cleared6.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\eye1.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\eye2.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\eye3.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\eye4.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\green.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\greenrollover.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\plain_tri-blue.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\plain_tri-bluerollover.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\plain_tri-green.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\plain_tri-greenrollover.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\plain_tri-red.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\plain_tri-redrollover.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\plain_tri-yellow.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\plain_tri-yellowrollover.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\red.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\redrollover.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\wild.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\wildrollover.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\yellow.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\yellowrollover.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\upsell\image0.jpg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\upsell\image1.jpg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\upsell\image2.jpg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\upsell\image3.jpg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\urns\bluebucket.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\urns\buckettriangle.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\urns\chainlink.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\urns\chaintip.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\urns\genericbucket.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\urns\greenbucket.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\urns\redbucket.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\urns\smallblue.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\urns\smallgreen.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\urns\smallred.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\urns\smallyellow.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\urns\urnglow.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\urns\urnplatform.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\urns\yellowbucket.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\warning.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\screens\error.lua
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\screens\game.lua
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\screens\gameover.lua
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\screens\hiscore.lua
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\screens\hiscoreinfo.lua
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\screens\hiscoresubmit.lua
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\screens\instructions.lua
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\screens\leveldesign.lua
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\screens\levelover.lua
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\screens\mainarcade.lua
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\screens\mainconfirm.lua
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\screens\maincontinue.lua
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\screens\maingames.lua
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\screens\mainpuzzle.lua
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\screens\maphelptip.lua
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\screens\options.lua
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\screens\pause.lua
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\screens\quitconfirm.lua
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\screens\start.lua
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\screens\storyplayer.lua
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\screens\style.lua
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\screens\upsell.lua
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\strings.xml
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\TriJinx.exe
c:\windows\system32\kr_done1

.
((((((((((((((((((((((((( Files Created from 2010-02-01 to 2010-03-01 )))))))))))))))))))))))))))))))
.

2010-02-27 02:04 . 2010-02-27 02:04 -------- d-----w- c:\program files\Adobe Media Player
2010-02-25 19:52 . 2010-02-25 19:52 -------- d-----w- c:\documents and settings\Neal\dwhelper
2010-02-25 19:24 . 2010-02-27 02:06 -------- d-----w- c:\program files\StreamboxVcrSuite2
2010-02-25 15:09 . 2010-02-25 18:25 737280 ----a-w- c:\windows\iun6002.exe
2010-02-25 15:08 . 2010-02-25 18:46 -------- d-----w- c:\program files\Replay AV 8
2010-02-24 02:28 . 2010-03-01 06:29 0 ----a-w- c:\documents and settings\Neal\Local Settings\Application Data\prvlcl.dat
2010-02-22 02:42 . 2010-02-22 02:49 -------- d-----w- C:\$AVG
2010-02-22 02:42 . 2010-02-22 02:42 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-02-19 18:06 . 2010-02-19 07:04 155648 ----a-w- c:\windows\system32\igfxres.dll
2010-02-16 13:23 . 2010-02-16 13:23 -------- d-----w- c:\documents and settings\Neal\Local Settings\Application Data\Help
2010-02-13 07:50 . 2010-02-16 13:13 -------- d-----w- c:\documents and settings\Neal\Application Data\123 Free Solitaire

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-26 20:50 . 2009-10-15 02:20 -------- d-----w- c:\documents and settings\Neal\Application Data\vlc
2010-02-25 20:08 . 2009-06-02 09:35 -------- d-----w- c:\documents and settings\Neal\Application Data\dvdcss
2010-02-25 19:24 . 2009-02-26 19:47 -------- d-----w- c:\documents and settings\Neal\Application Data\uTorrent
2010-02-23 10:26 . 2009-03-10 16:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-23 10:26 . 2009-03-31 23:15 5115823 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-02-22 02:42 . 2009-02-26 19:44 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-02-22 02:42 . 2009-02-26 19:44 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-02-22 02:42 . 2009-02-26 19:44 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-02-22 02:42 . 2009-02-26 19:44 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-02-22 02:42 . 2009-02-26 19:44 -------- d-----w- c:\program files\AVG
2010-02-21 14:58 . 2009-05-13 13:50 -------- d-----w- c:\documents and settings\Neal\Application Data\Image Zone Express
2010-02-20 05:46 . 2010-01-30 02:34 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-02-20 05:44 . 2010-01-30 02:34 38784 ----a-w- c:\documents and settings\Default User\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-02-20 05:44 . 2010-01-30 02:16 38784 ----a-w- c:\documents and settings\Neal\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-02-19 07:04 . 2009-02-26 14:12 33335 ----a-w- c:\windows\system32\drivers\wa301b.sys
2010-02-19 07:04 . 2009-02-26 14:12 90112 ----a-w- c:\windows\system32\igfxext.exe
2010-02-19 07:04 . 2009-02-26 14:12 86016 ----a-w- c:\windows\system32\igfxdo.dll
2010-02-19 07:04 . 2009-02-26 14:12 78752 ----a-w- c:\windows\system32\drivers\ialmkchw.sys
2010-02-19 07:04 . 2009-02-26 14:12 1859584 ----a-w- c:\windows\system32\ialmgicd.dll
2010-01-26 06:19 . 2010-01-26 04:53 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2010-01-26 06:03 . 2010-01-26 05:59 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-01-26 05:59 . 2010-01-26 05:59 -------- d-----w- c:\program files\NOS
2010-01-26 04:46 . 2009-03-01 06:06 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-26 04:32 . 2010-01-26 04:32 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2010-01-07 10:37 . 2009-03-10 16:16 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 10:37 . 2009-03-10 16:16 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-31 16:14 . 2004-08-03 18:14 352640 ------w- c:\windows\system32\drivers\srv.sys
2009-12-28 18:59 . 2009-12-28 18:59 202576 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-12-21 19:14 . 2004-08-03 19:56 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-17 11:07 . 2010-01-26 05:59 31936 ----a-w- c:\documents and settings\Neal\Application Data\Mozilla\Firefox\Profiles\wks813ex.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
2009-12-17 11:07 . 2010-01-26 05:59 29344 ----a-w- c:\documents and settings\Neal\Application Data\Mozilla\Firefox\Profiles\wks813ex.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\chrome\content\getPlusPlus_Adobe_reg.exe
2009-12-16 12:58 . 2009-02-26 13:53 343040 ------w- c:\windows\system32\mspaint.exe
2009-12-14 07:35 . 2004-08-03 19:56 33280 ------w- c:\windows\system32\csrsrv.dll
2009-12-04 14:41 . 2004-08-03 18:15 453760 ------w- c:\windows\system32\drivers\mrxsmb.sys
2009-09-08 18:10 . 2009-09-08 18:10 86016 ----a-w- c:\program files\rpplugprot.dll
2009-08-23 18:43 . 2009-08-23 18:45 78668288 ----a-w- c:\program files\Samsung New PC Studio.msi
2009-08-23 18:43 . 2009-08-23 18:45 28160 ----a-w- c:\program files\1033.MST
2009-08-23 18:43 . 2009-08-23 18:45 13660 ----a-w- c:\program files\0x0409.ini
2005-07-14 18:31 . 2006-05-24 16:37 27648 --sha-w- c:\windows\system32\AVSredirect.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2003-04-06 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2003-04-06 114688]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2006-10-04 53760]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-02-22 02:42 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4

R0 pnpshark;pnpshark;c:\windows\system32\drivers\pnpshark.sys [10/2/2003 3:16 AM 119552]
R0 st3shark;st3shark;c:\windows\system32\drivers\st3shark.sys [9/27/2003 2:37 PM 5504]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2/27/2009 1:14 AM 333192]
S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2/27/2009 1:14 AM 360584]
S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2/22/2010 8:12 AM 285392]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [8/24/2009 12:18 AM 233472]
S2 OracleServiceXE;OracleServiceXE;c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE XE --> c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE XE [?]
S2 OracleXETNSListener;OracleXETNSListener;c:\oraclexe\app\oracle\product\10.2.0\server\BIN\TNSLSNR.EXE [2/2/2006 12:49 AM 204800]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [8/24/2009 12:18 AM 36608]
S4 OracleJobSchedulerXE;OracleJobSchedulerXE;c:\oraclexe\app\oracle\product\10.2.0\server\Bin\extjob.exe XE --> c:\oraclexe\app\oracle\product\10.2.0\server\Bin\extjob.exe XE [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2010-02-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-515967899-651377827-725345543-1003Core.job
- c:\documents and settings\Neal\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-02-26 19:52]

2010-03-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-515967899-651377827-725345543-1003UA.job
- c:\documents and settings\Neal\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-02-26 19:52]

2010-03-01 c:\windows\Tasks\User_Feed_Synchronization-{ADF632AE-5DE2-4116-A0E2-ED1ABD76752F}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 23:01]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {6481A62A-E5DF-460D-BA98-A4A7B8B89A94} = 59.185.0.50,59.185.0.23
DPF: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} - hxxp://l.yimg.com/jh/games/web_games/playfirst/trijinx/TriJinx.1.0.0.55.cab
DPF: {775879E2-7309-4619-BB02-AADE41F4B690} - hxxp://games.bigfishgames.com/en_dream-chronicles/online/dreamweb.1.0.0.9.cab
FF - ProfilePath - c:\documents and settings\Neal\Application Data\Mozilla\Firefox\Profiles\wks813ex.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.in/
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\Neal\Application Data\Mozilla\Firefox\Profiles\wks813ex.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
FF - plugin: c:\documents and settings\Neal\Local Settings\Application Data\Google\Update\1.2.183.17\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-01 15:59
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x839F7F00]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf765afc3
\Driver\ACPI -> ACPI.sys @ 0xf75cdcb8
\Driver\atapi -> 0x839f7f00
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0084
ParseProcedure -> ntoskrnl.exe @ 0x8056f07e
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0084
ParseProcedure -> ntoskrnl.exe @ 0x8056f07e
Warning: possible MBR rootkit infection !
user & kernel MBR OK

**************************************************************************
.
Completion time: 2010-03-01 16:02:11
ComboFix-quarantined-files.txt 2010-03-01 10:31
ComboFix2.txt 2009-03-10 13:16

Pre-Run: 1,122,963,456 bytes free
Post-Run: 1,113,018,368 bytes free

- - End Of File - - 8D02215506D251F12B5910610EF450F6

guestolo · « **Reply #8 on:** March 01, 2010, 09:20:16 PM »

Can you do the following
You have CCleaner installed, can you run it to clean temp files,etc....

You also have MalwareBytes Anti-Malware installed

Can you open it and click on the Update tab, Check for Updates
If an update is found, it will download and install the latest version.
Click on the Scanner tab, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

One more scanner:
Can you again temporarily disable AVG realtime protection:
Go to the following link [color=\"#0000FF\"]ESET Online Scanner[/color][/url]
Note: You will need to use Internet Explorer for this scan

Tick the box next to YES, I accept the Terms of Use
Click Start
When asked, allow the ActiveX control to install
Click Start
Make sure that the options Remove found threats and the option Scan unwanted applications is checked
Click Scan (This scan can take awhile, so please be patient)
Once the scan is completed, you may close the window
Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
Copy and paste that log as a reply to this topic

With the above 2 logs, can you reopen OTL.exe and click on Run Scan
When it's done, post the new log that opens

neal2087 · « **Reply #9 on:** March 05, 2010, 09:30:48 PM »

Malwarebytes' Anti-Malware 1.44
Database version: 3817
Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

3/3/2010 7:13:04 AM
mbam-log-2010-03-03 (07-13-04).txt

Scan type: Quick Scan
Objects scanned: 128787
Time elapsed: 6 minute(s), 59 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
------------------------------------------------------------------------------------

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=ef65d09394357f45a33a93ee15166f31
# end=stopped
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-03-03 02:17:35
# local_time=2010-03-03 07:47:35 (+0530, India Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1024 16777175 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=13490
# found=0
# cleaned=0
# scan_time=986
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=ef65d09394357f45a33a93ee15166f31
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-03-05 07:45:16
# local_time=2010-03-06 01:15:16 (+0530, India Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1024 16777175 100 0 172831 172831 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=110264
# found=12
# cleaned=12
# scan_time=5565
E:\e\shutdown express\shutdownexpert_trial.exe probably unknown NewHeur_PE virus (deleted - quarantined) 00000000000000000000000000000000 C
E:\praveen setups\PC DJ Mixing Software\PCDJ.exe multiple threats (deleted - quarantined) 00000000000000000000000000000000 C
F:\Movies f\Learning Environment\Content.htm HTML/Iframe.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C
F:\Movies f\Learning Environment\Header.htm HTML/Iframe.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C
F:\Movies f\Learning Environment\Index.htm HTML/Iframe.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C
F:\Movies f\Learning Environment\options.htm HTML/Iframe.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C
F:\Movies f\Learning Environment\Schema.htm HTML/Iframe.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C
F:\Movies f\Learning Environment\Transformed.htm HTML/Iframe.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C
F:\Movies f\Learning Environment\XPath.htm HTML/Iframe.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C
F:\Movies f\Learning Environment\INDEX_FILES\Content.htm HTML/Iframe.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C
F:\Movies f\Learning Environment\INDEX_FILES\Header.htm HTML/Iframe.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C
F:\Movies f\Learning Environment\INDEX_FILES\Options.htm HTML/Iframe.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C

OTL.exe log files latter

neal2087 · « **Reply #10 on:** March 05, 2010, 09:32:37 PM »

otl.exe log
their is not extras file generated this time

OTL logfile created on: 3/6/2010 7:50:20 AM - Run 3
OTL by OldTimer - Version 3.1.30.2 Folder = C:\Documents and Settings\Neal\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

759.00 Mb Total Physical Memory | 190.00 Mb Available Physical Memory | 25.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 63.00% Paging File free
Paging file location(s): C:\pagefile.sys 1140 2280 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 18.65 Gb Total Space | 0.86 Gb Free Space | 4.61% Space Free | Partition Type: NTFS
Drive D: | 18.64 Gb Total Space | 0.67 Gb Free Space | 3.57% Space Free | Partition Type: NTFS
Drive E: | 18.64 Gb Total Space | 1.21 Gb Free Space | 6.50% Space Free | Partition Type: NTFS
Drive F: | 18.64 Gb Total Space | 0.18 Gb Free Space | 0.94% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SURYAVAN-40BA43
Current User Name: Neal
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

[color=\"#E56717\"]========== Processes (SafeList) ==========[/color]

PRC - [2010/02/25 19:10:03 | 000,549,888 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Neal\Desktop\OTL.exe
PRC - [2010/02/22 08:12:06 | 001,055,000 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/02/22 08:12:02 | 002,033,432 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/02/22 08:12:02 | 000,702,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/02/22 08:12:02 | 000,600,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/02/22 08:12:02 | 000,503,576 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/02/22 08:12:02 | 000,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/02/19 17:19:38 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/02/26 21:45:14 | 000,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/01/02 09:36:18 | 000,233,472 | ---- | M] (Teruten) -- C:\WINDOWS\system32\FsUsbExService.Exe
PRC - [2007/06/13 15:53:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/02/02 00:49:14 | 000,204,800 | ---- | M] () -- C:\oraclexe\app\oracle\product\10.2.0\server\BIN\TNSLSNR.EXE
PRC - [2006/02/02 00:43:44 | 059,064,320 | ---- | M] (Oracle Corporation) -- c:\oraclexe\app\oracle\product\10.2.0\server\BIN\oracle.exe
PRC - [2005/03/14 12:05:02 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2004/08/04 01:26:58 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe
PRC - [2003/04/06 21:49:52 | 000,155,648 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxtray.exe
PRC - [2003/04/06 21:37:38 | 000,114,688 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\hkcmd.exe

[color=\"#E56717\"]========== Modules (SafeList) ==========[/color]

MOD - [2010/02/25 19:10:03 | 000,549,888 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Neal\Desktop\OTL.exe
MOD - [2006/08/25 21:15:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

[color=\"#E56717\"]========== Win32 Services (SafeList) ==========[/color]

SRV - [2010/02/22 08:12:02 | 000,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/01/26 10:02:28 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/12/17 16:37:52 | 000,067,360 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®
SRV - [2009/02/26 21:45:14 | 000,152,984 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/01/02 09:36:18 | 000,233,472 | ---- | M] (Teruten) [Auto | Running] -- C:\WINDOWS\system32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2006/10/27 00:47:54 | 000,065,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2006/10/26 19:49:34 | 000,441,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2006/10/26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006/02/02 00:51:06 | 000,045,056 | ---- | M] () [On_Demand | Stopped] -- C:\oraclexe\app\oracle\product\10.2.0\server\bin\OraClrAgnt.exe -- (OracleXEClrAgent)
SRV - [2006/02/02 00:49:14 | 000,204,800 | ---- | M] () [Auto | Running] -- C:\oraclexe\app\oracle\product\10.2.0\server\BIN\TNSLSNR.EXE -- (OracleXETNSListener)
SRV - [2006/02/02 00:47:28 | 000,057,616 | ---- | M] (Oracle Corporation) [On_Demand | Stopped] -- C:\oraclexe\app\oracle\product\10.2.0\server\BIN\omtsreco.exe -- (OracleMTSRecoveryService)
SRV - [2006/02/02 00:44:06 | 000,102,400 | ---- | M] () [Disabled | Stopped] -- c:\oraclexe\app\oracle\product\10.2.0\server\Bin\extjob.exe -- (OracleJobSchedulerXE)
SRV - [2006/02/02 00:43:44 | 059,064,320 | ---- | M] (Oracle Corporation) [Auto | Running] -- c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE -- (OracleServiceXE)
SRV - [2005/04/04 00:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2005/03/14 12:05:02 | 000,069,632 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [1998/06/06 00:00:00 | 000,034,036 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Visual Studio\COMMON\Tools\VS-Ent98\Vanalyzr\VARPC.EXE -- (Visual Studio Analyzer RPC bridge)

[color=\"#E56717\"]========== Driver Services (SafeList) ==========[/color]

DRV - [2010/02/22 08:12:39 | 000,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/02/22 08:12:38 | 000,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/02/22 08:12:37 | 000,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/02/19 12:34:39 | 000,078,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ialmkchw.sys -- ({D31A0762-0CEB-444e-ACFF-B049A1F6FE91}) Intel® Graphics Chipset (KCH)
DRV - [2009/01/02 09:36:18 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2008/08/14 07:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\adfs.sys -- (adfs)
DRV - [2007/11/13 15:55:53 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2007/05/02 11:11:18 | 000,109,704 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_mdm.sys -- (ss_mdm)
DRV - [2007/05/02 11:11:18 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_mdfl.sys -- (ss_mdfl)
DRV - [2007/05/02 11:11:16 | 000,083,592 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bus.sys -- (ss_bus) SAMSUNG Mobile USB Device 1.0 driver (WDM)
DRV - [2005/10/28 05:54:30 | 000,021,568 | ---- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HPZius12.sys -- (HPZius12)
DRV - [2005/10/28 05:54:29 | 000,016,496 | ---- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HPZipr12.sys -- (HPZipr12)
DRV - [2005/10/28 05:54:28 | 000,049,664 | ---- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HPZid412.sys -- (HPZid412)
DRV - [2005/09/23 23:18:32 | 000,171,520 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MarvinBus.sys -- (MarvinBus)
DRV - [2005/02/16 13:36:18 | 000,018,816 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\APLMp50.sys -- (APLMp50)
DRV - [2004/08/04 04:38:22 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2004/08/03 23:29:52 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2004/01/08 10:07:02 | 000,812,416 | ---- | M] (C-Media Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cmuda.sys -- (cmuda)
DRV - [2003/10/02 03:16:48 | 000,119,552 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\pnpshark.sys -- (pnpshark)
DRV - [2003/09/27 14:37:16 | 000,005,504 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\st3shark.sys -- (st3shark)
DRV - [2003/04/15 10:40:54 | 000,113,504 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ialmsbw.sys -- ({6080A529-897E-4629-A488-ABA0C29B635E}) Intel® Graphics Platform (SoftBIOS)
DRV - [2003/04/15 10:39:46 | 000,090,907 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ialmnt5.sys -- (ialm)
DRV - [2002/06/13 09:07:16 | 000,045,568 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\R8139n51.sys -- (rtl8139)
DRV - [2001/08/23 18:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)

[color=\"#E56717\"]========== Standard Registry (SafeList) ==========[/color]

[color=\"#E56717\"]========== Internet Explorer ==========[/color]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=\"#E56717\"]========== FireFox ==========[/color]

FF - prefs.js..browser.startup.homepage: "http://www.google.co.in/"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.716
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.60
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:3.5.10

FF - HKLM\software\mozilla\Firefox\extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/02/22 08:12:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/02/19 17:19:47 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/02/19 17:19:47 | 000,000,000 | ---D | M]

[2009/02/26 20:00:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Neal\Application Data\Mozilla\Extensions
[2010/03/06 00:08:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Neal\Application Data\Mozilla\Firefox\Profiles\wks813ex.default\extensions
[2009/10/25 14:15:11 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Neal\Application Data\Mozilla\Firefox\Profiles\wks813ex.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/02/26 01:20:32 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Neal\Application Data\Mozilla\Firefox\Profiles\wks813ex.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/01/26 11:29:52 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Documents and Settings\Neal\Application Data\Mozilla\Firefox\Profiles\wks813ex.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010/03/04 10:22:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Neal\Application Data\Mozilla\Firefox\Profiles\wks813ex.default\extensions\[email protected]
[2010/03/06 00:08:54 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2001/08/23 18:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} http://l.yimg.com/jh/games/web_games/playf...nx.1.0.0.55.cab (CPlayFirstTriJinxControl Object)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {775879E2-7309-4619-BB02-AADE41F4B690} http://games.bigfishgames.com/en_dream-chr...web.1.0.0.9.cab (CPlayFirstdreamControl Object)
O16 - DPF: {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} http://zone.msn.com/bingame/zpagames/GAME_UNO1.cab60096.cab (UnoCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramework/v10/...k.cab102118.cab (MSN Games - Installer)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Neal\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Neal\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/03/15 14:23:25 | 000,000,000 | R--D | M] - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2008/11/05 07:23:15 | 000,000,000 | R--D | M] - D:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2008/11/05 07:23:15 | 000,000,000 | R--D | M] - E:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2008/11/05 07:23:15 | 000,000,000 | R--D | M] - F:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2009/02/26 19:28:02 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 0

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (53765113575899136)

[color=\"#E56717\"]========== Files/Folders - Created Within 30 Days ==========[/color]

[2010/03/05 22:41:00 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Neal\Recent
[2010/03/03 07:26:09 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/03/02 18:36:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Neal\Application Data\AVG9
[2010/03/02 00:40:42 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/03/01 16:02:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/02/27 07:34:11 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe Media Player
[2010/02/27 01:17:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Neal\Desktop\My photos
[2010/02/26 01:22:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Neal\dwhelper
[2010/02/26 00:54:39 | 000,000,000 | ---D | C] -- C:\Program Files\StreamboxVcrSuite2
[2010/02/25 20:39:40 | 000,737,280 | ---- | C] (Indigo Rose Corporation) -- C:\WINDOWS\iun6002.exe
[2010/02/25 20:38:18 | 000,000,000 | ---D | C] -- C:\Program Files\Replay AV 8
[2010/02/25 19:10:02 | 000,549,888 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Neal\Desktop\OTL.exe
[2010/02/23 14:39:37 | 000,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Neal\Desktop\HijackThis.exe
[2010/02/22 19:36:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Neal\Desktop\New Folder
[2010/02/22 08:12:45 | 000,000,000 | ---D | C] -- C:\$AVG
[2010/02/22 08:12:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/02/22 08:06:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010/02/19 23:36:56 | 000,155,648 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxres.dll
[2010/02/19 17:55:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Neal\Desktop\ringe tones
[2010/02/19 09:28:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Neal\Desktop\java & Internet techno
[2010/02/16 18:53:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Neal\Application Data\Help
[2010/02/16 18:53:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Neal\Local Settings\Application Data\Help
[2010/02/14 22:59:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Neal\Application Data\WinRAR
[2010/02/13 13:20:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Neal\Application Data\123 Free Solitaire
[2010/02/09 16:21:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Neal\Desktop\Pulse
[2010/02/07 17:17:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Neal\Desktop\AI practicals
[2010/02/04 10:39:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Neal\Desktop\flash
[2009/09/08 23:41:23 | 000,014,336 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\wmdmhelper.dll
[2009/09/08 23:41:22 | 000,712,704 | ---- | C] ( ) -- C:\Program Files\
[2009/09/08 23:41:20 | 000,651,264 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\rjbres.dll
[2009/09/08 23:41:20 | 000,352,256 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\rjdlg.dll
[2009/09/08 23:41:20 | 000,139,264 | ---- | C] (Inner Media, Inc.) -- C:\Program Files\DUNZIP32.dll
[2009/09/08 23:41:20 | 000,036,352 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\ierjplug.dll
[2009/09/08 23:41:20 | 000,019,456 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\rjprog.dll
[2009/09/08 23:41:19 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\fixrjb.exe
[2009/09/08 23:41:18 | 000,081,920 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\tsasdk.dll
[2009/09/08 23:41:18 | 000,057,344 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\tpasdk.dll
[2009/09/08 23:41:18 | 000,041,472 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\mmcdda32.dll
[2009/09/08 23:41:18 | 000,019,456 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\tnetdtct.dll
[2009/09/08 23:41:13 | 000,032,768 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\rpwa3260.dll
[2009/09/08 23:41:12 | 000,043,056 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\rpshellsearch.dll
[2009/09/08 23:41:11 | 000,719,360 | ---- | C] (Microsoft Corporation) -- C:\Program Files\dbghelp.dll
[2009/09/08 23:41:11 | 000,329,312 | ---- | C] (RealPlayer) -- C:\Program Files\rpbrowserrecordplugin.dll
[2009/09/08 23:41:10 | 000,065,536 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\rjwmapln.dll
[2009/09/08 23:41:06 | 000,053,248 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\rpau3260.dll
[2009/09/08 23:40:59 | 000,112,168 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\rdsf3260.dll
[2009/09/08 23:40:59 | 000,086,016 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\rpplugprot.dll
[2009/09/08 23:40:59 | 000,063,016 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\rpshell.dll
[2009/09/08 23:40:54 | 000,009,216 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\rphelperapp.exe
[2009/09/08 23:40:54 | 000,007,168 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\realjbox.exe
[2009/09/08 23:40:21 | 000,222,728 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\realplay.exe
[2009/09/08 23:40:16 | 000,198,208 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RecordingManager.exe
[2009/03/17 16:18:47 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2009/03/10 18:35:28 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009/03/10 18:35:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009/03/05 21:37:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2009/03/05 19:10:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2003/10/02 03:16:48 | 000,119,552 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\pnpshark.sys
[2003/09/27 14:37:16 | 000,005,504 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\st3shark.sys
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[11 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[color=\"#E56717\"]========== Files - Modified Within 30 Days ==========[/color]

[2010/03/06 07:24:49 | 000,001,146 | ---- | M] () -- C:\Documents and Settings\Neal\Desktop\eset.text
[2010/03/06 06:57:04 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-515967899-651377827-725345543-1003UA.job
[2010/03/06 05:17:02 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{ADF632AE-5DE2-4116-A0E2-ED1ABD76752F}.job
[2010/03/05 22:43:39 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/03/05 22:43:08 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/03/05 22:43:04 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/03/05 22:41:26 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Neal\ntuser.ini
[2010/03/05 22:41:25 | 006,029,312 | -H-- | M] () -- C:\Documents and Settings\Neal\NTUSER.DAT
[2010/03/05 22:12:03 | 056,740,234 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/03/05 02:59:43 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Neal\Local Settings\Application Data\prvlcl.dat
[2010/03/04 22:06:31 | 000,217,600 | ---- | M] () -- C:\Documents and Settings\Neal\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/03 19:57:21 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-515967899-651377827-725345543-1003Core.job
[2010/03/02 19:22:36 | 000,010,875 | ---- | M] () -- C:\Documents and Settings\Neal\Desktop\signature paper.docx
[2010/03/02 15:13:46 | 000,020,480 | ---- | M] () -- C:\Documents and Settings\Neal\Desktop\Pulse_2010.doc
[2010/03/01 22:19:39 | 001,172,454 | ---- | M] () -- C:\Documents and Settings\Neal\My Documents\0136042597.pdf
[2010/03/01 21:54:25 | 000,570,656 | ---- | M] () -- C:\Documents and Settings\Neal\Desktop\10.1.1.90.6491.pdf
[2010/03/01 20:09:00 | 000,001,126 | ---- | M] () -- C:\Documents and Settings\Neal\Desktop\BINARYTR.C
[2010/03/01 18:38:32 | 000,696,876 | ---- | M] () -- C:\Documents and Settings\Neal\Desktop\hw02_s.pdf
[2010/03/01 18:38:26 | 000,262,000 | ---- | M] () -- C:\Documents and Settings\Neal\Desktop\Bettering Manhattan Distance heuristic.pdf
[2010/03/01 15:59:20 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/03/01 10:29:00 | 003,874,477 | R--- | M] () -- C:\Documents and Settings\Neal\Desktop\ComboFix.exe
[2010/02/27 07:56:48 | 000,000,049 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/02/25 23:55:27 | 000,737,280 | ---- | M] (Indigo Rose Corporation) -- C:\WINDOWS\iun6002.exe
[2010/02/25 19:10:03 | 000,549,888 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Neal\Desktop\OTL.exe
[2010/02/23 14:39:38 | 000,401,720 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Neal\Desktop\HijackThis.exe
[2010/02/22 08:26:46 | 000,142,495 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2010/02/22 08:12:39 | 000,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/02/22 08:12:38 | 000,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/02/22 08:12:37 | 000,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/02/22 08:12:16 | 000,001,507 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 9.0.lnk
[2010/02/22 08:12:14 | 000,113,461 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2010/02/22 08:12:14 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/02/21 08:53:15 | 001,706,590 | ---- | M] () -- C:\Documents and Settings\Neal\Desktop\Samsung_C5212_UM.pdf
[2010/02/20 19:30:46 | 000,000,143 | ---- | M] () -- C:\WINDOWS\vbaddin.ini
[2010/02/20 10:41:19 | 009,684,878 | ---- | M] () -- C:\Documents and Settings\Neal\Desktop\lagan lagi-rahat fateh ali.flv
[2010/02/19 12:34:42 | 000,155,648 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxrtrk.lrc
[2010/02/19 12:34:42 | 000,033,335 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\drivers\wa301b.sys
[2010/02/19 12:34:41 | 000,163,840 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxrell.lrc
[2010/02/19 12:34:41 | 000,159,744 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxrptg.lrc
[2010/02/19 12:34:41 | 000,159,744 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxrptb.lrc
[2010/02/19 12:34:41 | 000,159,744 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxrplk.lrc
[2010/02/19 12:34:41 | 000,159,744 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxrnld.lrc
[2010/02/19 12:34:41 | 000,159,744 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxrita.lrc
[2010/02/19 12:34:41 | 000,159,744 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxrhun.lrc
[2010/02/19 12:34:41 | 000,159,744 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxrfrc.lrc
[2010/02/19 12:34:41 | 000,159,744 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxrfra.lrc
[2010/02/19 12:34:41 | 000,159,744 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxresp.lrc
[2010/02/19 12:34:41 | 000,155,648 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxrtha.lrc
[2010/02/19 12:34:41 | 000,155,648 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxrsve.lrc
[2010/02/19 12:34:41 | 000,155,648 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxrrus.lrc
[2010/02/19 12:34:41 | 000,155,648 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxrnor.lrc
[2010/02/19 12:34:41 | 000,155,648 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxrkor.lrc
[2010/02/19 12:34:41 | 000,155,648 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxrjpn.lrc
[2010/02/19 12:34:41 | 000,155,648 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxrheb.lrc
[2010/02/19 12:34:41 | 000,155,648 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxrfin.lrc
[2010/02/19 12:34:41 | 000,155,648 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxres.dll
[2010/02/19 12:34:41 | 000,155,648 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxrenu.lrc
[2010/02/19 12:34:41 | 000,155,648 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxreng.lrc
[2010/02/19 12:34:41 | 000,155,648 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxrdeu.lrc
[2010/02/19 12:34:41 | 000,155,648 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxrdan.lrc
[2010/02/19 12:34:41 | 000,155,648 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxrcsy.lrc
[2010/02/19 12:34:41 | 000,155,648 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxrarb.lrc
[2010/02/19 12:34:41 | 000,155,648 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxrara.lrc
[2010/02/19 12:34:41 | 000,058,021 | ---- | M] () -- C:\WINDOWS\System32\igfxhnor.lhp
[2010/02/19 12:34:40 | 000,094,208 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxcpl.cpl
[2010/02/19 12:34:40 | 000,090,112 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxext.exe
[2010/02/19 12:34:40 | 000,086,016 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxdo.dll
[2010/02/19 12:34:40 | 000,059,052 | ---- | M] () -- C:\WINDOWS\System32\igfxhcht.lhp
[2010/02/19 12:34:40 | 000,058,026 | ---- | M] () -- C:\WINDOWS\System32\igfxhdan.lhp
[2010/02/19 12:34:39 | 001,859,584 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\ialmgicd.dll
[2010/02/19 12:34:39 | 000,078,752 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\drivers\ialmkchw.sys
[2010/02/19 09:39:28 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 8.lnk
[2010/02/17 18:12:53 | 007,502,452 | ---- | M] () -- C:\Documents and Settings\Neal\Desktop\Bande-black friday.mp3
[2010/02/15 19:09:09 | 000,000,124 | ---- | M] () -- C:\WINDOWS\poolemup.ini
[2010/02/14 21:20:16 | 022,110,265 | ---- | M] () -- C:\Documents and Settings\Neal\Desktop\Kaka mala vachava.mp4
[2010/02/11 23:04:22 | 000,038,849 | ---- | M] () -- C:\Documents and Settings\Neal\Desktop\contacts.pdf
[2010/02/08 20:54:14 | 002,112,304 | -H-- | M] () -- C:\Documents and Settings\Neal\Local Settings\Application Data\IconCache.db
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[11 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[color=\"#E56717\"]========== Files Created - No Company Name ==========[/color]

[2010/03/06 07:24:49 | 000,001,146 | ---- | C] () -- C:\Documents and Settings\Neal\Desktop\eset.text
[2010/03/02 19:22:35 | 000,010,875 | ---- | C] () -- C:\Documents and Settings\Neal\Desktop\signature paper.docx
[2010/03/01 22:19:39 | 001,172,454 | ---- | C] () -- C:\Documents and Settings\Neal\My Documents\0136042597.pdf
[2010/03/01 21:52:38 | 000,570,656 | ---- | C] () -- C:\Documents and Settings\Neal\Desktop\10.1.1.90.6491.pdf
[2010/03/01 18:44:29 | 000,001,126 | ---- | C] () -- C:\Documents and Settings\Neal\Desktop\BINARYTR.C
[2010/03/01 18:38:31 | 000,696,876 | ---- | C] () -- C:\Documents and Settings\Neal\Desktop\hw02_s.pdf
[2010/03/01 18:38:26 | 000,262,000 | ---- | C] () -- C:\Documents and Settings\Neal\Desktop\Bettering Manhattan Distance heuristic.pdf
[2010/03/01 10:40:44 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/03/01 10:40:44 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/03/01 10:28:43 | 003,874,477 | R--- | C] () -- C:\Documents and Settings\Neal\Desktop\ComboFix.exe
[2010/02/25 18:08:51 | 000,020,480 | ---- | C] () -- C:\Documents and Settings\Neal\Desktop\Pulse_2010.doc
[2010/02/24 07:58:16 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Neal\Local Settings\Application Data\prvlcl.dat
[2010/02/22 08:12:16 | 000,001,507 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 9.0.lnk
[2010/02/21 08:53:15 | 001,706,590 | ---- | C] () -- C:\Documents and Settings\Neal\Desktop\Samsung_C5212_UM.pdf
[2010/02/20 10:39:51 | 009,684,878 | ---- | C] () -- C:\Documents and Settings\Neal\Desktop\lagan lagi-rahat fateh ali.flv
[2010/02/14 23:03:23 | 022,110,265 | ---- | C] () -- C:\Documents and Settings\Neal\Desktop\Kaka mala vachava.mp4
[2010/02/13 13:10:49 | 000,000,124 | ---- | C] () -- C:\WINDOWS\poolemup.ini
[2010/02/11 23:04:21 | 000,038,849 | ---- | C] () -- C:\Documents and Settings\Neal\Desktop\contacts.pdf
[2010/02/11 07:22:19 | 000,103,936 | ---- | C] () -- C:\Documents and Settings\Neal\Desktop\8 Queens.doc
[2010/02/11 07:22:19 | 000,044,032 | ---- | C] () -- C:\Documents and Settings\Neal\Desktop\Aapki ek muskurahat NE hamarey hosh udaa diye.doc
[2010/02/10 19:53:37 | 007,502,452 | ---- | C] () -- C:\Documents and Settings\Neal\Desktop\Bande-black friday.mp3
[2009/12/29 00:29:25 | 000,202,576 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2009/10/30 07:47:03 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\redmonnt.dll
[2009/09/08 23:41:19 | 000,002,851 | ---- | C] () -- C:\Program Files\cdroms.cfg
[2009/09/08 23:41:13 | 000,119,808 | ---- | C] () -- C:\Program Files\waiting.avi
[2009/09/08 23:41:13 | 000,057,762 | ---- | C] () -- C:\Program Files\howto.chm
[2009/09/08 23:41:13 | 000,040,154 | ---- | C] () -- C:\Program Files\realplay.chm
[2009/09/08 23:41:13 | 000,027,278 | ---- | C] () -- C:\Program Files\frw.bmp
[2009/09/08 23:41:13 | 000,016,296 | ---- | C] () -- C:\Program Files\realtfon.fon
[2009/09/08 23:41:12 | 000,001,209 | ---- | C] () -- C:\Program Files\flvplay.swf
[2009/09/08 23:41:06 | 000,053,098 | ---- | C] () -- C:\Program Files\presets.rnx
[2009/09/08 23:41:06 | 000,046,253 | ---- | C] () -- C:\Program Files\RealNetworks License.html
[2009/09/08 23:41:06 | 000,046,253 | ---- | C] () -- C:\Program Files\playrlic.html
[2009/09/08 23:41:06 | 000,043,844 | ---- | C] () -- C:\Program Files\RealNetworks License.txt
[2009/09/08 23:41:06 | 000,043,844 | ---- | C] () -- C:\Program Files\playrlic.txt
[2009/09/08 23:41:05 | 000,000,480 | ---- | C] () -- C:\Program Files\keys.dat
[2009/09/08 23:41:02 | 000,804,957 | ---- | C] () -- C:\Program Files\normal.vs
[2009/09/08 23:41:02 | 000,061,495 | ---- | C] () -- C:\Program Files\ssimages.vs
[2009/09/08 23:41:00 | 000,102,400 | ---- | C] () -- C:\Program Files\HXAudioDeviceHook.dll
[2009/09/08 23:40:58 | 000,001,030 | ---- | C] () -- C:\Program Files\autoplaylist.dat
[2009/09/08 23:40:58 | 000,000,050 | ---- | C] () -- C:\Program Files\strs23.dat
[2009/09/08 23:40:58 | 000,000,013 | ---- | C] () -- C:\Program Files\strs26.dat
[2009/09/08 23:40:21 | 000,001,166 | ---- | C] () -- C:\Program Files\realplay.exe.manifest
[2009/09/08 23:40:21 | 000,000,716 | ---- | C] () -- C:\Program Files\CinemasterVideo.4.3.manifest
[2009/09/08 23:40:21 | 000,000,572 | ---- | C] () -- C:\Program Files\CinemasterAudio.4.3.manifest
[2009/09/08 23:40:20 | 000,023,558 | ---- | C] () -- C:\Program Files\freeoffers.ico
[2009/09/08 23:40:20 | 000,017,846 | ---- | C] () -- C:\Program Files\videotest.rm
[2009/09/08 23:40:20 | 000,000,221 | ---- | C] () -- C:\Program Files\subscription.rnx
[2009/09/08 23:40:20 | 000,000,177 | ---- | C] () -- C:\Program Files\freeoffers.rnx
[2009/09/08 23:40:16 | 000,000,685 | ---- | C] () -- C:\Program Files\RecordingManager.exe.manifest
[2009/08/24 00:18:04 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll
[2009/08/24 00:18:04 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys
[2009/08/24 00:17:46 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Neal\Application Data\$_hpcst$.hpc
[2009/08/24 00:15:33 | 000,028,160 | ---- | C] () -- C:\Program Files\1033.MST
[2009/08/24 00:15:33 | 000,013,660 | ---- | C] () -- C:\Program Files\0x0409.ini
[2009/08/24 00:15:20 | 078,668,288 | ---- | C] () -- C:\Program Files\Samsung New PC Studio.msi
[2009/08/22 05:22:07 | 000,000,185 | ---- | C] () -- C:\WINDOWS\mdm.ini
[2009/06/28 19:03:16 | 000,000,049 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/04/10 14:26:04 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\qtmlClient.dll
[2009/04/10 14:26:04 | 000,002,289 | ---- | C] () -- C:\WINDOWS\Graffiti5.2Pin.ini
[2009/03/17 18:20:29 | 000,000,636 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/03/02 05:04:11 | 000,000,221 | ---- | C] () -- C:\WINDOWS\NCLogConfig.ini
[2009/03/01 15:08:26 | 000,002,441 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2009/02/27 00:46:54 | 000,217,600 | ---- | C] () -- C:\Documents and Settings\Neal\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/02/26 23:14:59 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/02/26 23:14:59 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2009/02/26 23:14:55 | 000,755,027 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/02/26 23:14:55 | 000,159,839 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/02/26 23:14:52 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/02/26 23:14:52 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009/02/26 19:41:48 | 000,000,092 | ---- | C] () -- C:\WINDOWS\CMISETUP.INI
[2009/02/26 19:41:48 | 000,000,026 | ---- | C] () -- C:\WINDOWS\CMCDPLAY.INI
[2009/02/26 19:41:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Wininit.ini
[2009/02/26 19:41:47 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\cmirmdrv.dll
[2009/02/26 19:41:43 | 000,028,672 | ---- | C] () -- C:\WINDOWS\CMIRmDriver.dll
[2009/02/26 19:39:44 | 000,002,661 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2009/02/26 19:39:43 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2008/08/26 00:06:13 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2007/10/25 17:26:10 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2006/06/03 02:45:44 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\LDecVorbis.dll
[2006/06/02 03:40:25 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2006/05/24 22:07:27 | 000,027,648 | -HS- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2006/02/24 14:11:59 | 000,438,272 | ---- | C] () -- C:\WINDOWS\System32\OpenQuicktimeLib.dll
[2006/02/24 14:11:59 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\libfaac.dll
[2006/02/23 22:06:20 | 001,798,144 | ---- | C] () -- C:\WINDOWS\System32\ltmm_n.dll
[2006/02/23 22:06:20 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\LMOggSpl.dll
[2006/02/23 22:06:20 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\LMOggMux.dll
[2003/10/02 02:20:48 | 000,061,952 | ---- | C] () -- C:\WINDOWS\daemon.dll
[2001/07/06 16:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[1998/06/10 00:00:00 | 000,015,120 | ---- | C] () -- C:\WINDOWS\System32\REPUTIL.DLL
[1998/05/18 00:00:00 | 000,014,017 | ---- | C] () -- C:\WINDOWS\JAUTOEXP.INI
[1998/04/24 00:00:00 | 000,000,218 | ---- | C] () -- C:\WINDOWS\FRONTPG.INI

[color=\"#E56717\"]========== Custom Scans ==========[/color]

[color=\"#A23BEC\"]< %SYSTEMDRIVE%\*.exe >[/color]

[color=\"#A23BEC\"]< MD5 for: AGP440.SYS >[/color]
[2004/08/04 01:35:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys

[color=\"#A23BEC\"]< MD5 for: ATAPI.SYS >[/color]
[2004/08/04 01:35:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 23:29:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys

[color=\"#A23BEC\"]< MD5 for: EVENTLOG.DLL >[/color]
[2004/08/04 01:26:44 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2004/08/04 01:26:44 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2004/08/04 01:26:44 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\eventlog.dll

[color=\"#A23BEC\"]< MD5 for: NETLOGON.DLL >[/color]
[2009/02/07 00:16:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009/02/07 00:16:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[2004/08/04 01:26:46 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2004/08/04 01:26:46 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2004/08/04 01:26:46 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\netlogon.dll

[color=\"#A23BEC\"]< MD5 for: SCECLI.DLL >[/color]
[2004/08/04 01:26:46 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2004/08/04 01:26:46 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\dllcache\scecli.dll
[2004/08/04 01:26:46 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\scecli.dll

[color=\"#A23BEC\"]< %systemroot%\*. /mp /s >[/color]

[color=\"#A23BEC\"]< %systemroot%\system32\*.dll /lockedfiles >[/color]
[11 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

[color=\"#A23BEC\"]< %systemroot%\Tasks\*.job /lockedfiles >[/color]

[color=\"#A23BEC\"]< %systemroot%\system32\drivers\*.sys /lockedfiles >[/color]

[color=\"#A23BEC\"]< %systemroot%\System32\config\*.sav >[/color]
[2009/02/27 00:45:15 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2009/02/27 00:45:15 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2009/02/27 00:45:15 | 000,872,448 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
< End of report >

guestolo · « **Reply #11 on:** March 06, 2010, 01:20:04 PM »

Go to START>>RUN>>Copy and paste the next command then hit OK

[color=\"#FF0000\"]ComboFix /uninstall[/color]

This will uninstall ComboFix and it's components

Some of your software is outdated and insecure
I suggest that you do the following:
Close down all browser windows
Access your Add and Remove programs and uninstall the following
Javaâ„¢ 6 Update 11
J2SE Development Kit 5.0 Update 6
Microsoft VM for Java
Adobe Reader 8.2.1

Open OTL.exe and click on the Cleanup button
Follow the prompts, reboot your computer when prompted
If not prompted to reboot, do so manually anyways

Back in Windows
[color=\"blue\"]Updating Java:[/color]

Download the latest version of Java Runtime Environment (JRE) .
Scroll down to where it says "JDK 6 Update 18 (JDK or JRE)".
Click the "Download JRE" button to the right.
In the Window that opens, select Windows,>>Check the "agree" box and click Continue.
Click on the link to download Windows Offline Installation and save to your desktop.
Then from your desktop double-click on jre-6u18-windows-i586.exe that you downloaded to install the newest version.

UPDATING Adobe Reader:
Go to the following link
http://get.adobe.com/reader/
Untick any option for additonal toolbar or other software, you just need Adobe Reader
Save the installer to desktop then run it
After you have successfully installed the new Adobe Reader
with AR open click on HELP>>Check for Updates
Just to ensure that Adobe Reader is right up to date

Do a fresh Scan and save logfile with Hijackthis and post it's new contents
Let me know how things are now running

TheTechGuide Forum

News:

Author Topic: NOt sure if i am affected by a virus or no (Read 1322 times)

neal2087

NOt sure if i am affected by a virus or no

guestolo

NOt sure if i am affected by a virus or no

neal2087

NOt sure if i am affected by a virus or no

neal2087

NOt sure if i am affected by a virus or no

guestolo

NOt sure if i am affected by a virus or no

neal2087

NOt sure if i am affected by a virus or no

guestolo

NOt sure if i am affected by a virus or no

neal2087

NOt sure if i am affected by a virus or no

guestolo

NOt sure if i am affected by a virus or no

neal2087

NOt sure if i am affected by a virus or no

neal2087

NOt sure if i am affected by a virus or no

guestolo

NOt sure if i am affected by a virus or no