Hi peku,
There are more than 100000 characters in this log, so i separated it into 2 posts.
[code]
OTScanIt2 logfile created on: 3/12/2009 1:05:35 PM - Run 1
OTScanIt2 by OldTimer - Version 1.0.8.0 Folder = C:\Documents and Settings\JsL\Desktop\OTScanIt2
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.34 Gb Available Physical Memory | 66.85% Memory free
3.85 Gb Paging File | 3.28 Gb Available in Paging File | 85.24% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 14.65 Gb Total Space | 6.31 Gb Free Space | 43.10% Space Free | Partition Type: NTFS
Drive D: | 183.60 Gb Total Space | 113.35 Gb Free Space | 61.74% Space Free | Partition Type: NTFS
Drive E: | 34.63 Gb Total Space | 29.18 Gb Free Space | 84.26% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: JISHI
Current User Name: JsL
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: On
File Age = 30 Days
[Processes - Safe List]
ad-watch.exe -> E:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe -> [2004/09/16 17:15:00 | 00,538,112 | ---- | M] (Lavasoft Sweden)
ati2evxx.exe -> %SystemRoot%\system32\Ati2evxx.exe -> [2006/03/21 23:48:54 | 00,405,504 | ---- | M] (ATI Technologies Inc.)
ati2evxx.exe -> %SystemRoot%\system32\Ati2evxx.exe -> [2006/03/21 23:48:54 | 00,405,504 | ---- | M] (ATI Technologies Inc.)
avgnsx.exe -> %ProgramFiles%\AVG\AVG8\avgnsx.exe -> [2009/03/04 02:31:31 | 00,594,200 | ---- | M] (AVG Technologies CZ, s.r.o.)
avgrsx.exe -> %ProgramFiles%\AVG\AVG8\avgrsx.exe -> [2009/03/04 02:31:31 | 00,485,144 | ---- | M] (AVG Technologies CZ, s.r.o.)
avgwdsvc.exe -> %ProgramFiles%\AVG\AVG8\avgwdsvc.exe -> [2009/03/04 02:31:30 | 00,298,264 | ---- | M] (AVG Technologies CZ, s.r.o.)
cli.exe -> %ProgramFiles%\ATI Technologies\ATI.ACE\cli.exe -> [2006/01/02 18:41:22 | 00,045,056 | ---- | M] (ATI Technologies Inc.)
cli.exe -> %ProgramFiles%\ATI Technologies\ATI.ACE\cli.exe -> [2006/01/02 18:41:22 | 00,045,056 | ---- | M] (ATI Technologies Inc.)
cli.exe -> %ProgramFiles%\ATI Technologies\ATI.ACE\cli.exe -> [2006/01/02 18:41:22 | 00,045,056 | ---- | M] (ATI Technologies Inc.)
explorer.exe -> %SystemRoot%\Explorer.EXE -> [2008/04/13 20:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation)
firefox.exe -> %ProgramFiles%\Mozilla Firefox\firefox.exe -> [2009/03/05 15:42:24 | 00,307,704 | ---- | M] (Mozilla Corporation)
hpwuschd2.exe -> %ProgramFiles%\HP\HP Software Update\HPWuSchd2.exe -> [2007/05/08 17:24:20 | 00,054,840 | ---- | M] (Hewlett-Packard)
hpzipm12.exe -> %SystemRoot%\system32\HPZipm12.exe -> [2007/08/09 03:27:52 | 00,073,728 | ---- | M] (HP)
inetinfo.exe -> %SystemRoot%\system32\inetsrv\inetinfo.exe -> [2008/04/13 20:12:22 | 00,015,360 | ---- | M] (Microsoft Corporation)
khalmnpr.exe -> %CommonProgramFiles%\Logitech\KhalShared\KHALMNPR.EXE -> [2007/04/11 16:32:22 | 00,056,080 | ---- | M] (Logitech Inc.)
mdm.exe -> %CommonProgramFiles%\Microsoft Shared\VS7DEBUG\MDM.EXE -> [2003/06/20 00:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation)
otscanit2.exe -> %UserProfile%\Desktop\OTScanIt2\OTScanIt2.exe -> [2009/02/19 11:15:40 | 00,489,984 | ---- | M] (OldTimer Tools)
setpoint.exe -> %ProgramFiles%\Logitech\SetPoint\SetPoint.exe -> [2007/04/23 05:00:00 | 00,692,224 | ---- | M] (Logitech Inc.)
smax4pnp.exe -> %ProgramFiles%\Analog Devices\Core\smax4pnp.exe -> [2005/05/19 21:11:06 | 00,925,696 | R--- | M] (Analog Devices, Inc.)
tcpsvcs.exe -> %SystemRoot%\system32\tcpsvcs.exe -> [2001/08/23 08:00:00 | 00,019,456 | ---- | M] (Microsoft Corporation)
wmiprvse.exe -> %SystemRoot%\system32\wbem\wmiprvse.exe -> [2008/04/13 20:12:40 | 00,218,112 | ---- | M] (Microsoft Corporation)
[Win32 Services - Safe List]
(6to4) IPv6 Helper Service [Win32_Shared | Auto | Running] -> %SystemRoot%\System32\6to4svc.dll -> [2008/04/13 20:11:48 | 00,100,352 | ---- | M] (Microsoft Corporation)
(aspnet_state) ASP.NET State Service [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -> [2004/07/15 02:49:26 | 00,032,768 | ---- | M] (Microsoft Corporation)
(Ati HotKey Poller) Ati HotKey Poller [Win32_Own | Auto | Running] -> %SystemRoot%\system32\Ati2evxx.exe -> [2006/03/21 23:48:54 | 00,405,504 | ---- | M] (ATI Technologies Inc.)
(ATI Smart) ATI Smart [Win32_Own | Auto | Stopped] -> %SystemRoot%\system32\ati2sgag.exe -> [2006/03/17 16:37:00 | 00,520,192 | ---- | M] ()
(avg8wd) AVG Free8 WatchDog [Win32_Own | Auto | Running] -> %ProgramFiles%\AVG\AVG8\avgwdsvc.exe -> [2009/03/04 02:31:30 | 00,298,264 | ---- | M] (AVG Technologies CZ, s.r.o.)
(Bonjour Service) ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> [2006/02/28 13:42:38 | 00,229,376 | ---- | M] (Apple Computer, Inc.)
(FLEXnet Licensing Service) FLEXnet Licensing Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -> [2009/02/24 22:46:35 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.)
(helpsvc) Help and Support [Win32_Shared | Auto | Running] -> %SystemRoot%\PCHealth\HelpCtr\Binaries\pchsvc.dll -> [2008/04/13 20:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation)
(IISADMIN) IIS Admin [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\inetsrv\inetinfo.exe -> [2008/04/13 20:12:22 | 00,015,360 | ---- | M] (Microsoft Corporation)
(LPDSVC) TCP/IP Print Server [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\tcpsvcs.exe -> [2001/08/23 08:00:00 | 00,019,456 | ---- | M] (Microsoft Corporation)
(MDM) Machine Debug Manager [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Microsoft Shared\VS7DEBUG\MDM.EXE -> [2003/06/20 00:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation)
(MSFtpsvc) FTP Publishing [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\inetsrv\inetinfo.exe -> [2008/04/13 20:12:22 | 00,015,360 | ---- | M] (Microsoft Corporation)
(ose) Office Source Engine [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Microsoft Shared\Source Engine\OSE.EXE -> [2003/07/28 13:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation)
(p2pgasvc) Peer Networking Group Authentication [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\p2pgasvc.dll -> [2008/04/13 20:12:02 | 00,105,472 | ---- | M] (Microsoft Corporation)
(Pml Driver HPZ12) Pml Driver HPZ12 [Win32_Own | Auto | Running] -> %SystemRoot%\system32\HPZipm12.exe -> [2007/08/09 03:27:52 | 00,073,728 | ---- | M] (HP)
(SimpTcp) Simple TCP/IP Services [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\tcpsvcs.exe -> [2001/08/23 08:00:00 | 00,019,456 | ---- | M] (Microsoft Corporation)
(SMTPSVC) Simple Mail Transfer Protocol (SMTP) [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\inetsrv\inetinfo.exe -> [2008/04/13 20:12:22 | 00,015,360 | ---- | M] (Microsoft Corporation)
(TuneUp.Defrag) TuneUp Drive Defrag Service [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\System32\TuneUpDefragService.exe -> [2009/02/09 18:49:16 | 00,355,584 | ---- | M] (TuneUp Software GmbH)
(UxTuneUp) TuneUp Theme Extension [Win32_Shared | Auto | Running] -> %SystemRoot%\System32\uxtuneup.dll -> [2008/05/29 10:28:54 | 00,028,416 | ---- | M] (TuneUp Software GmbH)
(W3SVC) World Wide Web Publishing [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\inetsrv\inetinfo.exe -> [2008/04/13 20:12:22 | 00,015,360 | ---- | M] (Microsoft Corporation)
[Driver Services - Safe List]
(ADIHdAudAddService) ADI UAA Function Driver for High Definition Audio Service [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ADIHdAud.sys -> [2005/10/05 05:21:10 | 00,141,312 | R--- | M] (Analog Devices, Inc.)
(AEAudioService) AEAudio Service [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\AEAudio.sys -> [2005/03/04 08:53:00 | 00,127,872 | R--- | M] (Andrea Electronics Corporation)
(AtcL001) NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Adapter [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\atl01_xp.sys -> [2006/07/18 21:52:18 | 00,034,048 | R--- | M] (Attansic Technology corporation.)
(ati2mtag) ati2mtag [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\ati2mtag.sys -> [2006/03/21 23:56:22 | 01,522,688 | ---- | M] (ATI Technologies Inc.)
(AvgLdx86) AVG Free AVI Loader Driver x86 [Kernel | System | Running] -> %SystemRoot%\System32\Drivers\avgldx86.sys -> [2009/03/04 02:31:39 | 00,325,640 | ---- | M] (AVG Technologies CZ, s.r.o.)
(AvgMfx86) AVG Free On-access Scanner Minifilter Driver x86 [File_System | System | Running] -> %SystemRoot%\System32\Drivers\avgmfx86.sys -> [2009/03/04 02:31:39 | 00,027,656 | ---- | M] (AVG Technologies CZ, s.r.o.)
(AvgTdiX) AVG Free8 Network Redirector [Kernel | System | Running] -> %SystemRoot%\System32\Drivers\avgtdix.sys -> [2009/03/04 02:31:44 | 00,107,912 | ---- | M] (AVG Technologies CZ, s.r.o.)
(HdAudAddService) Microsoft UAA Function Driver for High Definition Audio Service [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\HdAudio.sys -> [2004/10/27 16:21:30 | 00,145,920 | ---- | M] (Windows (R) Server 2003 DDK provider)
(HDAudBus) Microsoft UAA Bus Driver for High Definition Audio [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\HDAudBus.sys -> [2008/04/13 12:36:05 | 00,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider)
(HPZid412) IEEE-1284.4 Driver HPZid412 [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\DRIVERS\HPZid412.sys -> [2006/04/12 06:04:39 | 00,049,664 | R--- | M] (HP)
(HPZipr12) Print Class Driver for IEEE-1284.4 HPZipr12 [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\DRIVERS\HPZipr12.sys -> [2006/04/12 06:04:39 | 00,016,496 | R--- | M] (HP)
(HPZius12) USB to IEEE-1284.4 Translation Driver HPZius12 [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\DRIVERS\HPZius12.sys -> [2006/04/12 06:04:39 | 00,021,568 | ---- | M] (HP)
(L8042Kbd) Logitech SetPoint Keyboard Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\L8042Kbd.sys -> [2007/04/11 16:32:30 | 00,020,496 | ---- | M] (Logitech Inc.)
(L8042mou) SetPoint PS/2 Mouse Filter Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\L8042mou.Sys -> [2007/04/11 16:32:38 | 00,063,248 | ---- | M] (Logitech Inc.)
(LMouKE) SetPoint Mouse Filter Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\LMouKE.Sys -> [2007/04/11 16:33:06 | 00,079,376 | ---- | M] (Logitech Inc.)
(MTsensor) ATK0110 ACPI UTILITY [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\ASACPI.sys -> [2004/08/12 22:56:20 | 00,005,810 | R--- | M] ()
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\ptilink.sys -> [2001/08/23 08:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.)
(PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %SystemRoot%\System32\Drivers\PxHelp20.sys -> [2007/03/07 19:51:00 | 00,043,528 | ---- | M] (Sonic Solutions)
(SCDEmu) SCDEmu [Kernel | System | Running] -> %SystemRoot%\System32\drivers\scdemu.sys -> [2008/11/02 04:44:10 | 00,056,572 | ---- | M] (PowerISO Computing, Inc.)
(Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\DRIVERS\secdrv.sys -> [2008/04/13 12:39:15 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
(SenFiltService) SenFilt Service [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\Senfilt.sys -> [2005/08/11 01:49:28 | 00,393,088 | R--- | M] (Sensaura)
(Tcpip6) Microsoft IPv6 Protocol Driver [Kernel | System | Running] -> %SystemRoot%\system32\DRIVERS\tcpip6.sys -> [2008/06/20 07:08:27 | 00,225,856 | ---- | M] (Microsoft Corporation)
(usbaudio) USB Audio Driver (WDM) [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\usbaudio.sys -> [2008/04/13 14:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation)
[Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" ->
http://www.930930.com ->
HKEY_LOCAL_MACHINE\: Main\\"Default_Search_URL" ->
http://www.microsoft.com/isapi/redir.dl ... r=iesearch ->
HKEY_LOCAL_MACHINE\: Main\\"Default_Secondary_Page_URL" -> Reg Error: Invalid data type. ->
HKEY_LOCAL_MACHINE\: Main\\"Extensions Off Page" -> about:NoAdd-ons ->
HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> %SystemRoot%\system32\blank.htm ->
HKEY_LOCAL_MACHINE\: Main\\"Search Page" ->
http://www.microsoft.com/isapi/redir.dl ... r=iesearch ->
HKEY_LOCAL_MACHINE\: Main\\"Security Risk Page" -> about:SecurityRisk ->
HKEY_LOCAL_MACHINE\: Main\\"Start Page" ->
http://www.930930.com ->
HKEY_LOCAL_MACHINE\: Search\\"CustomizeSearch" ->
http://cache.lianmeng.com/googlego.php?sid=1008094 ->
HKEY_LOCAL_MACHINE\: Search\\"SearchAssistant" ->
http://cache.lianmeng.com/googlego.php?sid=1008094 ->
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> ->
HKEY_CURRENT_USER\: Main\\"Local Page" -> C:\WINDOWS\system32\blank.htm ->
HKEY_CURRENT_USER\: Main\\"Search Page" ->
http://www.microsoft.com/isapi/redir.dl ... r=iesearch ->
HKEY_CURRENT_USER\: Main\\"Start Page" -> about:blank ->
HKEY_CURRENT_USER\: SearchURL\\"provider" -> ->
HKEY_CURRENT_USER\: "ProxyEnable" -> 0 ->
HKEY_CURRENT_USER\: "ProxyOverride" -> *.local ->
< FireFox Settings [Default Profile] > -> C:\Documents and Settings\JsL\Application Data\Mozilla\FireFox\Profiles\vo4mjyd3.default\prefs.js ->
browser.startup.homepage_override.mstone -> "rv:1.9.0.7" ->
extensions.enabledItems -> {3f963a5b-e555-4543-90e2-c3908898db71}:8.0 ->
extensions.enabledItems -> {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.7 ->
< HOSTS File > (301855 bytes and 10456 lines) -> C:\WINDOWS\System32\drivers\etc\Hosts ->
First 25 entries...
127.0.0.1 localhost
127.0.0.1
http://www.007guard.com127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1
http://www.008k.com127.0.0.1 008k.com
127.0.0.1
http://www.00hq.com127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1
http://www.032439.com127.0.0.1 032439.com
127.0.0.1
http://www.0scan.com127.0.0.1 0scan.com
127.0.0.1
http://www.1000gratisproben.com127.0.0.1 1000gratisproben.com
127.0.0.1
http://www.1001namen.com127.0.0.1 1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1
http://www.100888290cs.com127.0.0.1 100sexlinks.com
127.0.0.1
http://www.100sexlinks.com127.0.0.1 10sek.com
127.0.0.1
http://www.10sek.com127.0.0.1
http://www.1-2005-search.com127.0.0.1 1-2005-search.com
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{01443AEC-0FD1-40fd-9C87-E93D1494C233} [HKLM] -> e:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll [ThunderAtOnce Class] -> [2008/12/24 13:54:36 | 00,142,600 | ---- | M] (Thunder Networking Technologies,LTD)
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [AcroIEHlprObj Class] -> [2004/12/14 02:56:50 | 00,063,136 | ---- | M] (Adobe Systems Incorporated)
{2F364306-AA45-47B5-9F9D-39A8B94E7EF7} [HKLM] -> E:\Program Files\FlashGet\Jccatch.dll [IeCatch5 Class] -> [2006/05/16 16:19:42 | 00,081,920 | ---- | M] (FlashGet)
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} [HKLM] -> %ProgramFiles%\AVG\AVG8\avgssie.dll [AVG Safe Search] -> [2009/03/04 02:31:31 | 01,078,552 | ---- | M] (AVG Technologies CZ, s.r.o.)
{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> E:\Program Files\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> [2009/01/26 16:31:02 | 01,879,896 | ---- | M] (Safer Networking Limited)
{889D2FEB-5411-4565-8998-1DD2C5261283} [HKLM] -> e:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll [Thunder Browser Helper] -> [2008/12/24 13:54:36 | 00,128,464 | ---- | M] (Thunder Networking Technologies,LTD)
{9030D464-4C02-4ABF-8ECC-5164760863C6} [HKLM] -> %CommonProgramFiles%\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [Windows Live Sign-in Helper] -> [2009/01/22 16:41:30 | 00,408,448 | ---- | M] (Microsoft Corporation)
{F156768E-81EF-470C-9057-481BA8380DBA} [HKLM] -> E:\Program Files\FlashGet\getflash.dll [gFlash Class] -> [2006/09/12 11:50:56 | 00,126,976 | ---- | M] ()
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
"{E0E899AB-F487-11D5-8D29-0050BA6940E3}" [HKLM] -> E:\Program Files\FlashGet\fgiebar.dll [FlashGet Bar] -> [2005/06/07 12:06:10 | 00,086,016 | ---- | M] (Amaze Soft)
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"ATICCC" -> %ProgramFiles%\ATI Technologies\ATI.ACE\cli.exe ["C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay] -> [2006/01/02 18:41:22 | 00,045,056 | ---- | M] (ATI Technologies Inc.)
"AWMON" -> E:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe ["E:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"] -> [2004/09/16 17:15:00 | 00,538,112 | ---- | M] (Lavasoft Sweden)
"CamWizard" -> %CommonProgramFiles%\Logitech\QCDRV\BIN\CamWizard.exe [C:\Program Files\Common Files\Logitech\QCDRV\BIN\CamWizard.exe] -> File not found
"CPM937d0ee6" -> %SystemRoot%\system32\wiwijadu.DLL [Rundll32.exe "c:\windows\system32\wiwijadu.dll",a] -> File not found
"High Definition Audio Property Page Shortcut" -> %SystemRoot%\system32\HDAShCut.exe [HDAShCut.exe] -> [2004/10/27 16:21:30 | 00,061,952 | ---- | M] (Windows (R) Server 2003 DDK provider)
"HP Software Update" -> %ProgramFiles%\HP\HP Software Update\HPWuSchd2.exe [C:\Program Files\HP\HP Software Update\HPWuSchd2.exe] -> [2007/05/08 17:24:20 | 00,054,840 | ---- | M] (Hewlett-Packard)
"IMJPMIG8.1" -> %SystemRoot%\IME\imjp8_1\IMJPMIG.EXE ["C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32] -> [2004/08/03 22:32:00 | 00,208,952 | ---- | M] (Microsoft Corporation)
"Logitech Hardware Abstraction Layer" -> %SystemRoot%\KHALMNPR.EXE [KHALMNPR.EXE] -> [2007/04/11 16:32:22 | 00,056,080 | ---- | M] (Logitech Inc.)
"LogitechRegisterVideoApplications" -> %ProgramFiles%\Logitech\Video\InstallHelper.exe ["C:\Program Files\Logitech\Video\InstallHelper.exe" /register /runnow] -> File not found
"LVCOMSX" -> %SystemRoot%\system32\LVCOMSX.EXE [C:\WINDOWS\system32\LVCOMSX.EXE] -> File not found
"NeroFilterCheck" -> %SystemRoot%\system32\NeroCheck.exe [C:\WINDOWS\system32\NeroCheck.exe] -> [2001/07/09 11:50:42 | 00,155,648 | ---- | M] (Ahead Software Gmbh)
"PHIME2002A" -> %SystemRoot%\system32\IME\TINTLGNT\TINTSETP.EXE [C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName] -> [2004/08/03 22:32:16 | 00,455,168 | ---- | M] (Microsoft Corporation)
"PHIME2002ASync" -> [C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC] -> File not found
"SoundMAXPnP" -> %ProgramFiles%\Analog Devices\Core\smax4pnp.exe [C:\Program Files\Analog Devices\Core\smax4pnp.exe] -> [2005/05/19 21:11:06 | 00,925,696 | R--- | M] (Analog Devices, Inc.)
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
%AllUsersProfile%\Start Menu\Programs\Startup\Logitech SetPoint.lnk -> %ProgramFiles%\Logitech\SetPoint\SetPoint.exe -> [2007/04/23 05:00:00 | 00,692,224 | ---- | M] (Logitech Inc.)
< JsL Startup Folder > -> C:\Documents and Settings\JsL\Start Menu\Programs\Startup ->
< Software Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer ->
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
\\"dontdisplaylastusername" -> [0] -> File not found
\\"legalnoticecaption" -> [] -> File not found
\\"legalnoticetext" -> [] -> File not found
\\"shutdownwithoutlogon" -> [1] -> File not found
\\"undockwithoutlogon" -> [1] -> File not found
< CurrentVersion Policy Settings - Explorer [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [323] -> File not found
\\"NoStartBanner" -> [01 [binary data]] -> File not found
< CurrentVersion Policy Settings - System [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ ->
E&xport to Microsoft Excel -> E:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [res://E:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000] -> [2008/10/13 12:29:28 | 10,351,944 | ---- | M] (Microsoft Corporation)
使用网际快车下载 -> E:\Program Files\FlashGet\jc_link.htm [E:\Program Files\FlashGet\jc_link.htm] -> [2006/10/27 12:43:18 | 00,001,898 | ---- | M] ()
使用网际快车下载全部链接 -> E:\Program Files\FlashGet\jc_all.htm [E:\Program Files\FlashGet\jc_all.htm] -> [2000/02/06 12:06:06 | 00,000,575 | ---- | M] ()
使用迅雷下载 -> e:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm [e:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm] -> [2008/12/24 14:09:30 | 00,004,207 | ---- | M] ()
使用迅雷下载全部链接 -> e:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm [e:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm] -> [2008/12/24 14:09:30 | 00,001,673 | ---- | M] ()
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{09BA8F6D-CB54-424B-839C-C2A6C8E6B436}:Exec [HKLM] -> e:\Program Files\Thunder Network\Thunder\Thunder.exe [Button: 启动迅雷5] -> [2008/12/24 13:53:18 | 00,050,640 | ---- | M] (Thunder Networking Technologies,LTD)
{09BA8F6D-CB54-424B-839C-C2A6C8E6B436}:Exec [HKLM] -> e:\Program Files\Thunder Network\Thunder\Thunder.exe [Menu: 启动迅雷5] -> [2008/12/24 13:53:18 | 00,050,640 | ---- | M] (Thunder Networking Technologies,LTD)
{92780B25-18CC-41C8-B9BE-3C9C571A8263}:{FF059E31-CC5A-4E2E-BF3B-96E929D65503} [HKLM] -> E:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL [Button: Research] -> [2007/04/19 15:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation)
{D6E814A0-E0C5-11d4-8D29-0050BA6940E3}:Exec [HKLM] -> E:\Program Files\FlashGet\flashget.exe [Button: FlashGet] -> [2006/09/11 18:01:40 | 01,400,832 | ---- | M] (FlashGet.com)
{D6E814A0-E0C5-11d4-8D29-0050BA6940E3}:Exec [HKLM] -> E:\Program Files\FlashGet\flashget.exe [Menu: &FlashGet] -> [2006/09/11 18:01:40 | 01,400,832 | ---- | M] (FlashGet.com)
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> E:\Program Files\Spybot - Search & Destroy\SDHelper.dll [Menu: Spybot - Search & Destroy Configuration] -> [2009/01/26 16:31:02 | 01,879,896 | ---- | M] (Safer Networking Limited)
{e2e2dd38-d088-4134-82b7-f2ba38496583}:Exec [HKLM] -> %SystemRoot%\Network Diagnostic\xpnetdiag.exe [Menu: @xpsp3res.dll,-20001] -> [2008/04/13 14:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Button: Messenger] -> [2008/04/13 20:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Menu: Windows Messenger] -> [2008/04/13 20:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 20:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
PluginsPageFriendlyName -> Microsoft ActiveX Gallery ->
PluginsPage ->
http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s ->
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 5440 domain(s) found. ->
49 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found. ->
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 5441 domain(s) found. ->
48 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found. ->
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{17492023-C23A-453E-A040-C7C580BBF700} [HKLM] ->
http://download.microsoft.com/download/ ... ontrol.cab [Reg Error: Key error.] ->
{BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} [HKLM] ->
http://support.f-secure.com/ols/fscax.cab [F-Secure Online Scanner 3.3] ->
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{C7F82F92-340D-4926-ADF2-73A61F1064F4} -> () ->
{E081B11E-BBB9-48BA-9415-DAFCF333B83F} -> (Attansic L1 Gigabit Ethernet 10/100/1000Base-T Adapter) ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell ->
Explorer.exe -> %SystemRoot%\Explorer.exe -> [2008/04/13 20:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> ->
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
AtiExtEvent -> %SystemRoot%\system32\Ati2evxx.dll -> [2006/03/21 23:50:10 | 00,061,440 | ---- | M] (ATI Technologies Inc.)
avgrsstarter -> %SystemRoot%\system32\avgrsstx.dll -> [2009/03/04 02:31:44 | 00,010,520 | ---- | M] (AVG Technologies CZ, s.r.o.)
< SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad ->
"{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}" [HKLM] -> Reg Error: Key error. [SSODL] -> File not found
< Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List ->
"%windir%\Network Diagnostic\xpnetdiag.exe" -> C:\WINDOWS\Network Diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> [2008/04/13 14:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> [2008/04/13 20:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" -> C:\Program Files\Windows Live\Messenger\msnmsgr.exe [C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger] -> [2009/02/06 19:51:28 | 03,885,408 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" -> C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe [C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync] -> [2009/02/06 19:23:32 | 01,170,272 | ---- | M] (Microsoft Corporation)
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List ->
"%windir%\Network Diagnostic\xpnetdiag.exe" -> C:\WINDOWS\Network Diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> [2008/04/13 14:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> [2008/04/13 20:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation)
"C:\Program Files\AVG\AVG8\avgnsx.exe" -> C:\Program Files\AVG\AVG8\avgnsx.exe [C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe] -> [2009/03/04 02:31:31 | 00,594,200 | ---- | M] (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG8\avgupd.exe" -> C:\Program Files\AVG\AVG8\avgupd.exe [C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe] -> [2009/03/04 02:31:30 | 01,057,048 | ---- | M] (AVG Technologies CZ, s.r.o.)
"C:\Program Files\Bonjour\mDNSResponder.exe" -> C:\Program Files\Bonjour\mDNSResponder.exe [C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour] -> [2006/02/28 13:42:38 | 00,229,376 | ---- | M] (Apple Computer, Inc.)
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe [C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe] -> [2006/02/15 11:37:26 | 00,147,511 | R--- | M] (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe [C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe] -> [2006/04/21 00:42:18 | 00,063,064 | ---- | M] (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe [C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe] -> [2006/04/21 01:13:30 | 00,231,000 | ---- | M] (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" -> C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe [C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe] -> [2006/04/20 22:28:12 | 00,040,960 | ---- | M] (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" -> C:\Program Files\HP\Digital Imaging\bin\hposid01.exe [C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe] -> [2006/04/21 00:43:46 | 00,087,640 | ---- | M] (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe [C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe] -> [2006/04/21 01:06:26 | 00,181,848 | ---- | M] (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe [C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe] -> [2006/02/16 23:49:52 | 01,085,440 | R--- | M] (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe [C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe] -> [2006/02/19 06:29:46 | 00,139,264 | ---- | M] (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe [C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe] -> [2006/02/17 01:19:34 | 00,192,512 | ---- | M] ()
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe [C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe] -> [2006/02/19 06:24:52 | 00,239,320 | ---- | M] (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe] -> [2006/02/19 05:21:22 | 00,288,472 | ---- | M] (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe [C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe] -> [2006/04/21 01:13:00 | 00,456,280 | ---- | M] (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" -> C:\Program Files\Windows Live\Messenger\msnmsgr.exe [C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger] -> [2009/02/06 19:51:28 | 03,885,408 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" -> C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe [C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync] -> [2009/02/06 19:23:32 | 01,170,272 | ---- | M] (Microsoft Corporation)
"E:\Program Files\Counter Strike Condition Zero\czero.exe" -> E:\Program Files\Counter Strike Condition Zero\czero.exe [E:\Program Files\Counter Strike Condition Zero\czero.exe:*:Enabled:Condition Zero Launcher] -> [2004/03/20 05:54:04 | 00,086,016 | ---- | M] (Valve)
"E:\Program Files\Garena\Garena.exe" -> E:\Program Files\Garena\Garena.exe [E:\Program Files\Garena\Garena.exe:*:Enabled:Garena] -> [2009/01/31 18:24:56 | 03,316,496 | ---- | M] (Garena Interactive PTE LTD)
"E:\Program Files\Thunder Network\Thunder\Program\Thunder5.exe" -> E:\Program Files\Thunder Network\Thunder\Program\Thunder5.exe [E:\Program Files\Thunder Network\Thunder\Program\Thunder5.exe:*:Enabled:Thunder] -> [2009/01/12 20:45:56 | 02,381,264 | ---- | M] (Thunder Networking Technologies,LTD)
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot ->
"AlternateShell" -> cmd.exe ->
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 ->
"DisplayName" -> CD-ROM Driver ->
"ImagePath" -> %SystemRoot%\system32\DRIVERS\cdrom.sys [system32\DRIVERS\cdrom.sys] -> [2008/04/13 14:40:46 | 00,062,976 | ---- | M] (Microsoft Corporation)
< Drives with AutoRun files > -> ->
C:\AUTOEXEC.BAT [] -> %SystemDrive%\AUTOEXEC.BAT [ NTFS ] -> [2009/02/09 03:29:43 | 00,000,000 | ---- | M] ()
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 ->
[Files/Folders - Created Within 30 Days]
3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp ->
pakegafi -> %SystemRoot%\System32\pakegafi -> [2099/01/01 12:00:00 | 00,006,456 | -H-- | C] ()
OTScanIt2 -> %UserProfile%\Desktop\OTScanIt2 -> [2009/03/12 13:04:28 | 00,000,000 | ---D | C]
OTScanIt2.exe -> %UserProfile%\Desktop\OTScanIt2.exe -> [2009/03/12 13:03:50 | 00,661,370 | ---- | C] ()
fsaua.data -> %SystemDrive%\fsaua.data -> [2009/03/10 22:43:36 | 00,000,000 | ---D | C]
RECYCLER -> %SystemDrive%\RECYCLER -> [2009/03/10 07:32:52 | 00,000,000 | -HSD | C]
_OTMoveIt -> %SystemDrive%\_OTMoveIt -> [2009/03/10 07:32:51 | 00,000,000 | ---D | C]
OTMoveIt3.exe -> %UserProfile%\Desktop\OTMoveIt3.exe -> [2009/03/10 07:32:00 | 00,348,160 | ---- | C] (OldTimer Tools)
Malwarebytes -> %AppData%\Malwarebytes -> [2009/03/10 07:24:08 | 00,000,000 | ---D | C]
mbam.sys -> %SystemRoot%\System32\drivers\mbam.sys -> [2009/03/10 07:24:07 | 00,015,504 | ---- | C] (Malwarebytes Corporation)
Malwarebytes' Anti-Malware.lnk -> %AllUsersProfile%\Desktop\Malwarebytes' Anti-Malware.lnk -> [2009/03/10 07:24:07 | 00,000,696 | ---- | C] ()
mbamswissarmy.sys -> %SystemRoot%\System32\drivers\mbamswissarmy.sys -> [2009/03/10 07:24:05 | 00,038,496 | ---- | C] (Malwarebytes Corporation)
Malwarebytes -> %AllUsersProfile%\Application Data\Malwarebytes -> [2009/03/10 07:24:04 | 00,000,000 | ---D | C]
Malwarebytes' Anti-Malware -> %ProgramFiles%\Malwarebytes' Anti-Malware -> [2009/03/10 07:24:03 | 00,000,000 | ---D | C]
mbam-setup.exe -> %UserProfile%\Desktop\mbam-setup.exe -> [2009/03/10 07:23:35 | 02,876,720 | ---- | C] (Malwarebytes Corporation )
temp -> %SystemRoot%\temp -> [2009/03/09 20:02:21 | 00,000,000 | ---D | C]
SWXCACLS.exe -> %SystemRoot%\SWXCACLS.exe -> [2009/03/09 19:59:39 | 00,212,480 | ---- | C] (SteelWerX)
SWREG.exe -> %SystemRoot%\SWREG.exe -> [2009/03/09 19:59:39 | 00,161,792 | ---- | C] (SteelWerX)
SWSC.exe -> %SystemRoot%\SWSC.exe -> [2009/03/09 19:59:39 | 00,136,704 | ---- | C] (SteelWerX)
sed.exe -> %SystemRoot%\sed.exe -> [2009/03/09 19:59:39 | 00,098,816 | ---- | C] ()
fdsv.exe -> %SystemRoot%\fdsv.exe -> [2009/03/09 19:59:39 | 00,089,504 | ---- | C] (Smallfrogs Studio)
grep.exe -> %SystemRoot%\grep.exe -> [2009/03/09 19:59:39 | 00,080,412 | ---- | C] ()
zip.exe -> %SystemRoot%\zip.exe -> [2009/03/09 19:59:39 | 00,068,096 | ---- | C] ()
VFIND.exe -> %SystemRoot%\VFIND.exe -> [2009/03/09 19:59:39 | 00,049,152 | ---- | C] ()
NIRCMD.exe -> %SystemRoot%\NIRCMD.exe -> [2009/03/09 19:59:39 | 00,029,696 | ---- | C] (NirSoft)
ComboFix -> %SystemDrive%\ComboFix -> [2009/03/09 19:59:35 | 00,000,000 | ---D | C]
Qoobox -> %SystemDrive%\Qoobox -> [2009/03/09 19:59:33 | 00,000,000 | ---D | C]
ComboFix.exe -> %UserProfile%\Desktop\ComboFix.exe -> [2009/03/09 19:54:50 | 02,933,448 | R--- | C] ()
Quests.html -> %UserProfile%\Desktop\Quests.html -> [2009/03/06 20:37:26 | 00,150,423 | ---- | C] ()
HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk -> [2009/03/05 17:51:58 | 00,001,734 | ---- | C] ()
Trend Micro -> %ProgramFiles%\Trend Micro -> [2009/03/05 17:51:56 | 00,000,000 | ---D | C]
HJTInstall.exe -> %UserProfile%\Desktop\HJTInstall.exe -> [2009/03/05 17:51:46 | 00,812,344 | ---- | C] (Trend Micro Inc.)
Boot.bak -> %SystemDrive%\Boot.bak -> [2009/03/05 16:29:18 | 00,000,211 | ---- | C] ()
cmldr -> %SystemDrive%\cmldr -> [2009/03/05 16:29:16 | 00,260,272 | ---- | C] ()
cmdcons -> %SystemDrive%\cmdcons -> [2009/03/05 16:29:16 | 00,000,000 | RHSD | C]
ERDNT -> %SystemRoot%\ERDNT -> [2009/03/05 16:28:10 | 00,000,000 | ---D | C]
wininit.ini -> %SystemRoot%\wininit.ini -> [2009/03/04 10:43:25 | 00,000,122 | ---- | C] ()
$AVG8.VAULT$ -> %SystemDrive%\$AVG8.VAULT$ -> [2009/03/04 02:37:06 | 00,000,000 | -H-D | C]
avgtdix.sys -> %SystemRoot%\System32\drivers\avgtdix.sys -> [2009/03/04 02:31:44 | 00,107,912 | ---- | C] (AVG Technologies CZ, s.r.o.)
avgrsstx.dll -> %SystemRoot%\System32\avgrsstx.dll -> [2009/03/04 02:31:44 | 00,010,520 | ---- | C] (AVG Technologies CZ, s.r.o.)
avgldx86.sys -> %SystemRoot%\System32\drivers\avgldx86.sys -> [2009/03/04 02:31:39 | 00,325,640 | ---- | C] (AVG Technologies CZ, s.r.o.)
avgmfx86.sys -> %SystemRoot%\System32\drivers\avgmfx86.sys -> [2009/03/04 02:31:39 | 00,027,656 | ---- | C] (AVG Technologies CZ, s.r.o.)
incavi.avm -> %SystemRoot%\System32\drivers\Avg\incavi.avm -> [2009/03/04 02:31:36 | 34,005,013 | ---- | C] ()
avi7.avg -> %SystemRoot%\System32\drivers\Avg\avi7.avg -> [2009/03/04 02:31:36 | 06,061,540 | ---- | C] ()
miniavi.avg -> %SystemRoot%\System32\drivers\Avg\miniavi.avg -> [2009/03/04 02:31:36 | 00,401,372 | ---- | C] ()
microavi.avg -> %SystemRoot%\System32\drivers\Avg\microavi.avg -> [2009/03/04 02:31:36 | 00,033,747 | ---- | C] ()
Avg -> %SystemRoot%\System32\drivers\Avg -> [2009/03/04 02:31:36 | 00,000,000 | ---D | C]
AVG -> %ProgramFiles%\AVG -> [2009/03/04 02:31:29 | 00,000,000 | ---D | C]
avg8 -> %AllUsersProfile%\Application Data\avg8 -> [2009/03/04 02:31:28 | 00,000,000 | ---D | C]
nscompat.tlb -> %SystemRoot%\System32\nscompat.tlb -> [2009/02/24 23:37:36 | 00,023,392 | ---- | C] ()
amcompat.tlb -> %SystemRoot%\System32\amcompat.tlb -> [2009/02/24 23:37:36 | 00,016,832 | ---- | C] ()
spmsg.dll -> %SystemRoot%\System32\spmsg.dll -> [2009/02/24 23:22:38 | 00,017,272 | ---- | C] (Microsoft Corporation)
Windows Media Connect 2 -> %ProgramFiles%\Windows Media Connect 2 -> [2009/02/24 23:22:15 | 00,000,000 | ---D | C]
MsftWdf_user_01_00_00.Wdf -> %SystemRoot%\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf -> [2009/02/24 23:19:33 | 00,000,000 | -H-- | C] ()
UMDF -> %SystemRoot%\System32\drivers\UMDF -> [2009/02/24 23:19:30 | 00,000,000 | ---D | C]
Version Cue -> D:\My Documents\Version Cue -> [2009/02/24 23:04:56 | 00,000,000 | ---D | C]
FLEXnet -> %AllUsersProfile%\Application Data\FLEXnet -> [2009/02/24 23:02:04 | 00,000,000 | ---D | C]
ALM -> %AllUsersProfile%\Application Data\ALM -> [2009/02/24 22:52:28 | 00,000,000 | ---D | C]
Bonjour -> %ProgramFiles%\Bonjour -> [2009/02/24 22:51:42 | 00,000,000 | ---D | C]
Macrovision Shared -> %CommonProgramFiles%\Macrovision Shared -> [2009/02/24 22:46:35 | 00,000,000 | ---D | C]
AdobeUM -> %AppData%\AdobeUM -> [2009/02/18 23:50:04 | 00,000,000 | ---D | C]
Ahead -> %UserProfile%\Local Settings\Application Data\Ahead -> [2009/02/16 20:58:23 | 00,000,000 | ---D | C]
pid.PNF -> %SystemRoot%\System32\pid.PNF -> [2009/02/14 15:09:51 | 00,004,444 | ---- | C] ()
Office Genuine Advantage -> %AllUsersProfile%\Application Data\Office Genuine Advantage -> [2009/02/14 15:02:56 | 00,000,000 | ---D | C]
SSH Secure File Transfer Client.lnk -> %AllUsersProfile%\Desktop\SSH Secure File Transfer Client.lnk -> [2009/02/13 21:53:25 | 00,001,931 | ---- | C] ()
SSH Secure Shell Client.lnk -> %AllUsersProfile%\Desktop\SSH Secure Shell Client.lnk -> [2009/02/13 21:53:25 | 00,000,985 | ---- | C] ()
SSH Communications Security -> %ProgramFiles%\SSH Communications Security -> [2009/02/13 21:53:25 | 00,000,000 | ---D | C]
SSH -> %AppData%\SSH -> [2009/02/13 21:13:09 | 00,000,000 | ---D | C]
Microsoft CAPICOM 2.1.0.2 -> %ProgramFiles%\Microsoft CAPICOM 2.1.0.2 -> [2009/02/11 01:35:25 | 00,000,000 | ---D | C]
MSXML 4.0 -> %ProgramFiles%\MSXML 4.0 -> [2009/02/11 01:32:45 | 00,000,000 | ---D | C]
HP Product Assistant -> %AllUsersProfile%\Application Data\HP Product Assistant -> [2009/02/10 18:29:41 | 00,000,000 | ---D | C]
mucltui.dll -> %SystemRoot%\System32\mucltui.dll -> [2009/02/10 17:47:07 | 00,268,648 | ---- | C] (Microsoft Corporation)
muweb.dll -> %SystemRoot%\System32\muweb.dll -> [2009/02/10 17:47:07 | 00,208,744 | ---- | C] (Microsoft Corporation)
mucltui.dll.mui -> %SystemRoot%\System32\mucltui.dll.mui -> [2009/02/10 17:47:07 | 00,027,496 | ---- | C] (Microsoft Corporation)
[Files/Folders - Modified Within 30 Days]
3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp ->
1 C:\Documents and Settings\JsL\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\JsL\Local Settings\Temp\*.tmp ->
OTScanIt2.exe -> %UserProfile%\Desktop\OTScanIt2.exe -> [2009/03/12 13:03:51 | 00,661,370 | ---- | M] ()
incavi.avm -> %SystemRoot%\System32\drivers\Avg\incavi.avm -> [2009/03/12 13:02:02 | 34,005,013 | ---- | M] ()
microavi.avg -> %SystemRoot%\System32\drivers\Avg\microavi.avg -> [2009/03/12 13:02:02 | 00,033,747 | ---- | M] ()
Perflib_Perfdata_f20.dat -> %UserProfile%\Local Settings\Temp\Perflib_Perfdata_f20.dat -> [2009/03/12 13:01:11 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_f28.dat -> %UserProfile%\Local Settings\Temp\Perflib_Perfdata_f28.dat -> [2009/03/12 13:01:10 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_97c.dat -> %UserProfile%\Local Settings\Temp\Perflib_Perfdata_97c.dat -> [2009/03/12 13:00:57 | 00,016,384 | ---- | M] ()
1-Click Maintenance.job -> %SystemRoot%\tasks\1-Click Maintenance.job -> [2009/03/12 13:00:42 | 00,000,482 | ---- | M] ()
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [2009/03/12 13:00:33 | 00,000,006 | -H-- | M] ()
bootstat.dat -> %SystemRoot%\bootstat.dat -> [2009/03/12 13:00:31 | 00,002,048 | --S- | M] ()
NTUSER.DAT -> %UserProfile%\NTUSER.DAT -> [2009/03/12 03:59:39 | 06,553,600 | ---- | M] ()
ntuser.ini -> %UserProfile%\ntuser.ini -> [2009/03/12 03:59:39 | 00,000,178 | -HS- | M] ()
IconCache.db -> %UserProfile%\Local Settings\Application Data\IconCache.db -> [2009/03/12 03:59:28 | 04,798,396 | -H-- | M] ()
FNTCACHE.DAT -> %SystemRoot%\System32\FNTCACHE.DAT -> [2009/03/11 23:13:42 | 01,572,664 | ---- | M] ()
imsins.BAK -> %SystemRoot%\imsins.BAK -> [2009/03/11 23:11:50 | 00,001,374 | ---- | M] ()
qmgr1.dat -> %AllUsersProfile%\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [2009/03/11 23:10:50 | 00,005,747 | ---- | M] ()
qmgr0.dat -> %AllUsersProfile%\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [2009/03/11 23:10:50 | 00,005,333 | ---- | M] ()
perf.dat -> %UserProfile%\Local Settings\Temp\OnlineScanner\Anti-Virus\perf.dat -> [2009/03/11 00:49:50 | 00,000,128 | ---- | M] ()
fsusscr.dll -> %UserProfile%\Local Settings\Temp\OnlineScanner\updates\mlcwin\fsusscr.dll -> [2009/03/10 23:00:17 | 00,928,392 | ---- | M] (F-Secure Corporation)
fsusscr.dll -> %UserProfile%\Local Settings\Temp\OnlineScanner\Anti-Virus\fsusscr.dll -> [2009/03/10 23:00:17 | 00,928,392 | ---- | M] (F-Secure Corporation)
fsmart.dll -> %UserProfile%\Local Settings\Temp\OnlineScanner\updates\mlcwin\fsmart.dll -> [2009/03/10 23:00:17 | 00,147,456 | ---- | M] (F-Secure Corporation)
fsmart.dll -> %UserProfile%\Local Settings\Temp\OnlineScanner\Anti-Virus\fsmart.dll -> [2009/03/10 23:00:17 | 00,147,456 | ---- | M] (F-Secure Corporation)
fssm32.exe -> %UserProfile%\Local Settings\Temp\OnlineScanner\updates\fsav_beta\fssm32.exe -> [2009/03/10 23:00:11 | 00,561,280 | ---- | M] (F-Secure Corp.)
fssm32.exe -> %UserProfile%\Local Settings\Temp\OnlineScanner\Anti-Virus\fssm32.exe -> [2009/03/10 23:00:11 | 00,561,280 | ---- | M] (F-Secure Corp.)
fm4av.dll -> %UserProfile%\Local Settings\Temp\OnlineScanner\updates\fsav_beta\fm4av.dll -> [2009/03/10 23:00:11 | 00,482,448 | ---- | M] ()
fm4av.dll -> %UserProfile%\Local Settings\Temp\OnlineScanner\Anti-Virus\fm4av.dll -> [2009/03/10 23:00:11 | 00,482,448 | ---- | M] ()
fsgk32.exe -> %UserProfile%\Local Settings\Temp\OnlineScanner\updates\fsav_beta\fsgk32.exe -> [2009/03/10 23:00:11 | 00,440,960 | ---- | M] (F-Secure Corp.)
fsgk32.exe -> %UserProfile%\Local Settings\Temp\OnlineScanner\Anti-Virus\fsgk32.exe -> [2009/03/10 23:00:11 | 00,440,960 | ---- | M] (F-Secure Corp.)
AVPFPI0.dll -> %UserProfile%\Local Settings\Temp\OnlineScanner\updates\fsav_beta\AVPFPI0.dll -> [2009/03/10 23:00:11 | 00,154,304 | ---- | M] (Kaspersky Lab)
AVPFPI0.dll -> %UserProfile%\Local Settings\Temp\OnlineScanner\Anti-Virus\AVPFPI0.dll -> [2009/03/10 23:00:11 | 00,154,304 | ---- | M] (Kaspersky Lab)
fsepx32.dll -> %UserProfile%\Local Settings\Temp\OnlineScanner\updates\fsav_beta\fsepx32.dll -> [2009/03/10 23:00:11 | 00,150,144 | ---- | M] (F-Secure Corporation)
fsepx32.dll -> %UserProfile%\Local Settings\Temp\OnlineScanner\Anti-Virus\fsepx32.dll -> [2009/03/10 23:00:11 | 00,150,144 | ---- | M] (F-Secure Corporation)
fpinor.dll -> %UserProfile%\Local Settings\Temp\OnlineScanner\updates\fsav_beta\fpinor.dll -> [2009/03/10 23:00:11 | 00,120,456 | ---- | M] (F-Secure Corporation)
fpinor.dll -> %UserProfile%\Local Settings\Temp\OnlineScanner\Anti-Virus\fpinor.dll -> [2009/03/10 23:00:11 | 00,120,456 | ---- | M] (F-Secure Corporation)
fsuss.dll -> %UserProfile%\Local Settings\Temp\OnlineScanner\updates\fsav_beta\fsuss.dll -> [2009/03/10 23:00:11 | 00,113,288 | ---- | M] (F-Secure Corporation)
fsuss.dll -> %UserProfile%\Local Settings\Temp\OnlineScanner\Anti-Virus\fsuss.dll -> [2009/03/10 23:00:11 | 00,113,288 | ---- | M] (F-Secure Corporation)
fsgkiapi.dll -> %UserProfile%\Local Settings\Temp\OnlineScanner\updates\fsav_beta\fsgkiapi.dll -> [2009/03/10 23:00:11 | 00,100,456 | ---- | M] (F-Secure Corp.)
fsgkiapi.dll -> %UserProfile%\Local Settings\Temp\OnlineScanner\Anti-Virus\fsgkiapi.dll -> [2009/03/10 23:00:11 | 00,100,456 | ---- | M] (F-Secure Corp.)
avpproxy.dll -> %UserProfile%\Local Settings\Temp\OnlineScanner\updates\fsav_beta\avpproxy.dll -> [2009/03/10 23:00:11 | 00,084,672 | ---- | M] (F-Secure Corporation)
avpproxy.dll -> %UserProfile%\Local Settings\Temp\OnlineScanner\Anti-Virus\avpproxy.dll -> [2009/03/10 23:00:11 | 00,084,672 | ---- | M] (F-Secure Corporation)
fsbl.dll -> %UserProfile%\Local Settings\Temp\OnlineScanner\updates\fsav_beta\fsbl.dll -> [2009/03/10 23:00:11 | 00,068,224 | ---- | M] (F-Secure Corporation)
fsbl.dll -> %UserProfile%\Local Settings\Temp\OnlineScanner\Anti-Virus\fsbl.dll -> [2009/03/10 23:00:11 | 00,068,224 | ---- | M] (F-Secure Corporation)
fsedb.dat -> %UserProfile%\Local Settings\Temp\OnlineScanner\updates\hydrawin\fsedb.dat -> [2009/03/10 22:59:58 | 02,304,026 | ---- | M] ()
fsedb.dat -> %UserProfile%\Local Settings\Temp\OnlineScanner\Anti-Virus\fsedb.dat -> [2009/03/10 22:59:58 | 02,304,026 | ---- | M] ()
fsecr32.dll -> %UserProfile%\Local Settings\Temp\OnlineScanner\updates\hydrawin\fsecr32.dll -> [2009/03/10 22:59:58 | 01,079,944 | ---- | M] (F-Secure Corporation)
fsecr32.dll -> %UserProfile%\Local Settings\Temp\OnlineScanner\Anti-Virus\fsecr32.dll -> [2009/03/10 22:59:58 | 01,079,944 | ---- | M] (F-Secure Corporation)
fsupdllb.dat -> %UserProfile%\Local Settings\Temp\OnlineScanner\updates\hydrawin\fsupdllb.dat -> [2009/03/10 22:59:58 | 00,422,594 | ---- | M] ()
fsupdllb.dat -> %UserProfile%\Local Settings\Temp\OnlineScanner\Anti-Virus\fsupdllb.dat -> [2009/03/10 22:59:58 | 00,422,594 | ---- | M] ()
fsblu.dll -> %UserProfile%\Local Settings\Temp\OnlineScanner\updates\ols_bl\fsblu.dll -> [2009/03/10 22:59:27 | 00,731,784 | ---- | M] (F-Secure Corporation)
fsbld.dll -> %UserProfile%\Local Settings\Temp\OnlineScanner\Anti-Virus\fsbld.dll -> [2009/03/10 22:59:27 | 00,731,784 | ---- | M] (F-Secure Corporation)
fssubmit.dll -> %UserProfile%\Local Settings\Temp\OnlineScanner\updates\ols_33_bin\fssubmit.dll -> [2009/03/10 22:59:21 | 00,651,264 | ---- | M] (F-Secure Corporation)
fssubmit.dll -> %UserProfile%\Local Settings\Temp\OnlineScanner\Anti-Virus\fssubmit.dll -> [2009/03/10 22:59:21 | 00,651,264 | ---- | M] (F-Secure Corporation)
Nse_w32.dll -> %UserProfile%\Local Settings\Temp\OnlineScanner\updates\ols_30_pegdb\Nse_w32.dll -> [2009/03/10 22:59:13 | 00,588,856 | ---- | M] (Norman ASA)
Nse_w32.dll -> %UserProfile%\Local Settings\Temp\OnlineScanner\Anti-Virus\Nse_w32.dll -> [2009/03/10 22:59:13 | 00,588,856 | ---- | M] (Norman ASA)
ext.dat -> %UserProfile%\Local Settings\Temp\OnlineScanner\updates\avmisc\ext.dat -> [2009/03/10 22:58:36 | 00,000,449 | ---- | M] ()
ext.dat -> %UserProfile%\Local Settings\Temp\OnlineScanner\Anti-Virus\ext.dat -> [2009/03/10 22:58:36 | 00,000,449 | ---- | M] ()
sae.dat -> %UserProfile%\Local Settings\Temp\OnlineScanner\updates\avmisc\sae.dat -> [2009/03/10 22:58:35 | 00,000,243 | ---- | M] ()
sae.dat -> %UserProfile%\Local Settings\Temp\OnlineScanner\Anti-Virus\sae.dat -> [2009/03/10 22:58:35 | 00,000,243 | ---- | M] ()
sai.dat -> %UserProfile%\Local Settings\Temp\OnlineScanner\updates\avmisc\sai.dat -> [2009/03/10 22:58:34 | 00,001,348 | ---- | M] ()
sai.dat -> %UserProfile%\Local Settings\Temp\OnlineScanner\Anti-Virus\sai.dat -> [2009/03/10 22:58:34 | 00,001,348 | ---- | M] ()
OTMoveIt3.exe -> %UserProfile%\Desktop\OTMoveIt3.exe -> [2009/03/10 07:32:00 | 00,348,160 | ---- | M] (OldTimer Tools)
Malwarebytes' Anti-Malware.lnk -> %AllUsersProfile%\Desktop\Malwarebytes' Anti-Malware.lnk -> [2009/03/10 07:24:07 | 00,000,696 | ---- | M] ()
mbam-setup.exe -> %UserProfile%\Desktop\mbam-setup.exe -> [2009/03/10 07:23:38 | 02,876,720 | ---- | M] (Malwarebytes Corporation )
system.ini -> %SystemRoot%\system.ini -> [2009/03/09 20:01:14 | 00,000,227 | ---- | M] ()
ComboFix.exe -> %UserProfile%\Desktop\ComboFix.exe -> [2009/03/09 19:54:53 | 02,933,448 | R--- | M] ()
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %UserProfile%\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2009/03/09 01:45:41 | 00,023,552 | ---- | M] ()
PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI -> [2009/03/08 14:59:52 | 00,512,626 | ---- | M] ()
perfh009.dat -> %SystemRoot%\System32\perfh009.dat -> [2009/03/08 14:59:52 | 00,433,512 | ---- | M] ()
perfc009.dat -> %SystemRoot%\System32\perfc009.dat -> [2009/03/08 14:59:52 | 00,070,696 | ---- | M] ()
wpa.dbl -> %SystemRoot%\System32\wpa.dbl -> [2009/03/08 14:55:36 | 00,002,262 | ---- | M] ()
Quests.html -> %UserProfile%\Desktop\Quests.html -> [2009/03/06 20:37:26 | 00,150,423 | ---- | M] ()
HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk -> [2009/03/05 17:51:58 | 00,001,734 | ---- | M] ()
HJTInstall.exe -> %UserProfile%\Desktop\HJTInstall.exe -> [2009/03/05 17:51:47 | 00,812,344 | ---- | M] (Trend Micro Inc.)
hosts -> %SystemRoot%\System32\drivers\etc\hosts -> [2009/03/05 17:03:50 | 00,301,855 | R--- | M] ()
win.ini -> %SystemRoot%\win.ini -> [2009/03/05 16:53:39 | 00,000,638 | ---- | M] ()
boot.ini -> %SystemDrive%\boot.ini -> [2009/03/05 16:53:39 | 00,000,281 | RHS- | M] ()
wininit.ini -> %SystemRoot%\wininit.ini -> [2009/03/05 16:52:20 | 00,000,122 | ---- | M] ()
hosts.20090305-160349.backup -> %SystemRoot%\System32\drivers\etc\hosts.20090305-160349.backup -> [2009/03/05 16:31:58 | 00,000,027 | ---- | M] ()
Boot.bak -> %SystemDrive%\Boot.bak -> [2009/03/05 15:38:58 | 00,000,211 | ---- | M] ()
cid_store.dat -> %SystemRoot%\System32\cid_store.dat -> [2009/03/05 14:24:06 | 00,002,841 | ---- | M] ()
xlhcc.dat -> %SystemRoot%\System32\xlhcc.dat -> [2009/03/05 14:22:54 | 00,000,026 | ---- | M] ()
pakegafi -> %SystemRoot%\System32\pakegafi -> [2009/03/04 05:33:14 | 00,006,456 | -H-- | M] ()
avgtdix.sys -> %SystemRoot%\System32\drivers\avgtdix.sys -> [2009/03/04 02:31:44 | 00,107,912 | ---- | M] (AVG Technologies CZ, s.r.o.)
avgrsstx.dll -> %SystemRoot%\System32\avgrsstx.dll -> [2009/03/04 02:31:44 | 00,010,520 | ---- | M] (AVG Technologies CZ, s.r.o.)
avgldx86.sys -> %SystemRoot%\System32\drivers\avgldx86.sys -> [2009/03/04 02:31:39 | 00,325,640 | ---- | M] (AVG Technologies CZ, s.r.o.)
avgmfx86.sys -> %SystemRoot%\System32\drivers\avgmfx86.sys -> [2009/03/04 02:31:39 | 00,027,656 | ---- | M] (AVG Technologies CZ, s.r.o.)
avi7.avg -> %SystemRoot%\System32\drivers\Avg\avi7.avg -> [2009/03/04 02:31:36 | 06,061,540 | ---- | M] ()
miniavi.avg -> %SystemRoot%\System32\drivers\Avg\miniavi.avg -> [2009/03/04 02:31:36 | 00,401,372 | ---- | M] ()
NeroDigital.ini -> %SystemRoot%\NeroDigital.ini -> [2009/03/04 02:18:02 | 00,000,116 | ---- | M] ()
nscompat.tlb -> %SystemRoot%\System32\nscompat.tlb -> [2009/02/24 23:37:36 | 00,023,392 | ---- | M] ()
amcompat.tlb -> %SystemRoot%\System32\amcompat.tlb -> [2009/02/24 23:37:36 | 00,016,832 | ---- | M] ()
WMSysPr9.prx -> %SystemRoot%\WMSysPr9.prx -> [2009/02/24 23:20:47 | 00,316,640 | ---- | M] ()
MsftWdf_user_01_00_00.Wdf -> %SystemRoot%\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf -> [2009/02/24 23:19:33 | 00,000,000 | -H-- | M] ()
GDIPFONTCACHEV1.DAT -> %UserProfile%\Local Settings\Application Data\GDIPFONTCACHEV1.DAT -> [2009/02/24 23:02:54 | 00,072,304 | ---- | M] ()
opa11.dat -> %AllUsersProfile%\Application Data\Microsoft\OFFICE\DATA\opa11.dat -> [2009/02/16 14:21:08 | 00,008,206 | ---- | M] ()
pid.PNF -> %SystemRoot%\System32\pid.PNF -> [2009/02/14 15:09:51 | 00,004,444 | ---- | M] ()
SSH Secure File Transfer Client.lnk -> %AllUsersProfile%\Desktop\SSH Secure File Transfer Client.lnk -> [2009/02/13 21:53:25 | 00,001,931 | ---- | M] ()
SSH Secure Shell Client.lnk -> %AllUsersProfile%\Desktop\SSH Secure Shell Client.lnk -> [2009/02/13 21:53:25 | 00,000,985 | ---- | M] ()
mbamswissarmy.sys -> %SystemRoot%\System32\drivers\mbamswissarmy.sys -> [2009/02/11 10:19:42 | 00,038,496 | ---- | M] (Malwarebytes Corporation)
mbam.sys -> %SystemRoot%\System32\drivers\mbam.sys -> [2009/02/11 10:19:34 | 00,015,504 | ---- | M] (Malwarebytes Corporation)
daas_s.dll -> %UserProfile%\Local Settings\Temp\OnlineScanner\Anti-Virus\daas_s.dll -> [2008/02/27 15:59:28 | 00,495,616 | ---- | M] (F-Secure Corporation)