Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Blocked Websites

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Blocked Websites

Unread postby 2carrots » September 10th, 2010, 4:53 pm

Hi, Having problem with blocked site, decided to complete quick format and re-install XP (SP2)
Now that i have a fresh install, the problem is still there. installed various malware. e.g. mbam, SpywareTerminator, is360, IObit - reported no detection. But I'm still gettingthe block website problem.
Trend Micro as follow, would be grateful if there's any suggestions please.
Thx
Paul

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:51:14 PM, on 9/10/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\AVG\AVG9\avgchsvx.exe
D:\Program Files\AVG\AVG9\avgrsx.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\AVG\AVG9\avgcsrvx.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\svchost.exe
D:\Program Files\AVG\AVG9\avgwdsvc.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\system32\RUNDLL32.EXE
D:\PROGRA~1\AVG\AVG9\avgtray.exe
D:\Program Files\Analog Devices\Core\smax4pnp.exe
D:\Program Files\Analog Devices\SoundMAX\Smax4.exe
D:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\AVG\AVG9\avgemc.exe
D:\Program Files\AVG\AVG9\avgnsx.exe
D:\Program Files\AVG\AVG9\avgcsrvx.exe
D:\WINDOWS\System32\alg.exe
D:\WINDOWS\system32\wuauclt.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\Spyware Terminator\sp_rsser.exe
D:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe
D:\Program Files\Windows NT\Accessories\wordpad.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe
D:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG9_TRAY] D:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMAXPnP] D:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "D:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [Samsung PanelMgr] D:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe /autorun
O4 - HKLM\..\Run: [IObit Security 360] "D:\Program Files\IObit\IObit Security 360\IS360tray.exe" /autostart
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpywareTerminatorUpdate] "D:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe"
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - D:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - D:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - D:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - D:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: IS360service - IObit - D:\Program Files\IObit\IObit Security 360\IS360srv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - D:\Program Files\Spyware Terminator\sp_rsser.exe

--
End of file - 4168 bytes
2carrots
Active Member
 
Posts: 4
Joined: September 10th, 2010, 3:36 pm
Advertisement
Register to Remove

Re: Blocked Websites

Unread postby askey127 » September 12th, 2010, 7:19 am

Hi 2carrots,
You have some programs on there with questionable histories.
We are going to use AntiVir to see what is going on.
-----------------------------------------------
Download Antivir Free
Download AntiVir Free from here : http://www.softpedia.com/get/Antivirus/AntiVir-Personal-Edition.shtml
Save the Installer to your desktop, but don't run it yet.
-----------------------------------------------------------
Remove Registry items with HighjackThis. Start HijackThis. (Right-click and "Run as administrator" in Vista/Win7)
Click Do System Scan Only. When the Scan is complete, Check the following entries:
(Some of these lines may be missing)

O4 - HKLM\..\Run: [IObit Security 360] "D:\Program Files\IObit\IObit Security 360\IS360tray.exe" /autostart
O4 - HKCU\..\Run: [SpywareTerminatorUpdate] "D:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe"
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - D:\Program Files\AVG\AVG9\avgpp.dll
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - D:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - D:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: IS360service - IObit - D:\Program Files\IObit\IObit Security 360\IS360srv.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - D:\Program Files\Spyware Terminator\sp_rsser.exe

Make sure Every other window except HJT is closed (No other tabs showing in the bottom tray), and Click Fix Checked
Click the "X" in the upper right corner of the HiJackThis window to close it.
-----------------------------------------------------------
Remove Programs Using Control Panel
From Start, Settings, Control Panel or Start, Control Panel, click Add/Remove Programs.
Highlight each Entry, as follows, one by one, if it exists, and choose Remove :

IObit Security 360
IObit .. anything
AVG 9 Free
Spoyware Terminator

Take extra care in answering questions posed by any Uninstaller.
----------------------------------------------
Download and Run Temp File Cleaner (TFC.exe)
Download Temp File Cleaner and save it to your desktop.
Double click to run it.
If you have a lot of junk files to remove, it could take a while, so please be patient and let it finish.
When it's done, if it asks to Reboot, choose to do so. This will remove files that could not be removed while Windows was running.
After Restart, log back in to your usual account.
-----------------------------------------------
Run, Update, Scan with Antivir
Double Click the Avira Antivir Installer on your desktop, Install the program, Have it update itself, and run a full scan.
-----------------------------------------------
Get Last Avira Report
Right click the red umbrella icon in the system tray and click Start Antivir
In the left pane, click Overview, then click Reports
There wil be reports titled Update and reports titled Scan. Find the most recent report in the list titled Scan
Click on the Report File button, or Right click the report and choose Display Report.
The report contents will come up in Notepad. Highlight the entire report (Ctrl+A) and copy to the clipboard (Ctrl+C).
Paste the contents (Ctrl+V) into your next reply.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Blocked Websites

Unread postby 2carrots » September 12th, 2010, 6:53 pm

Many thank in advance, report as follow:

Avira AntiVir Personal
Report file date: 12 September 2010 23:51

Scanning for 2803359 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : Paul
Computer name : N-52643C1385FA4

Version information:
BUILD.DAT : 10.0.0.567 32097 Bytes 4/19/2010 15:07:00
AVSCAN.EXE : 10.0.3.0 433832 Bytes 4/1/2010 12:37:38
AVSCAN.DLL : 10.0.3.0 46440 Bytes 4/1/2010 12:57:04
LUKE.DLL : 10.0.2.3 104296 Bytes 3/7/2010 18:33:04
LUKERES.DLL : 10.0.0.1 12648 Bytes 2/10/2010 23:40:49
VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 09:05:36
VBASE001.VDF : 7.10.1.0 1372672 Bytes 11/19/2009 19:27:49
VBASE002.VDF : 7.10.3.1 3143680 Bytes 1/20/2010 17:37:42
VBASE003.VDF : 7.10.3.75 996864 Bytes 1/26/2010 16:37:42
VBASE004.VDF : 7.10.4.203 1579008 Bytes 3/5/2010 11:29:03
VBASE005.VDF : 7.10.6.82 2494464 Bytes 4/15/2010 22:45:19
VBASE006.VDF : 7.10.7.218 2294784 Bytes 6/2/2010 22:45:21
VBASE007.VDF : 7.10.9.165 4840960 Bytes 7/23/2010 22:45:27
VBASE008.VDF : 7.10.9.166 2048 Bytes 7/23/2010 22:45:27
VBASE009.VDF : 7.10.9.167 2048 Bytes 7/23/2010 22:45:27
VBASE010.VDF : 7.10.9.168 2048 Bytes 7/23/2010 22:45:27
VBASE011.VDF : 7.10.9.169 2048 Bytes 7/23/2010 22:45:27
VBASE012.VDF : 7.10.9.170 2048 Bytes 7/23/2010 22:45:27
VBASE013.VDF : 7.10.9.198 157696 Bytes 7/26/2010 22:45:27
VBASE014.VDF : 7.10.9.255 997888 Bytes 7/29/2010 22:45:29
VBASE015.VDF : 7.10.10.28 139264 Bytes 8/2/2010 22:45:29
VBASE016.VDF : 7.10.10.52 127488 Bytes 8/3/2010 22:45:29
VBASE017.VDF : 7.10.10.84 137728 Bytes 8/6/2010 22:45:29
VBASE018.VDF : 7.10.10.107 176640 Bytes 8/9/2010 22:45:30
VBASE019.VDF : 7.10.10.130 132608 Bytes 8/10/2010 22:45:30
VBASE020.VDF : 7.10.10.158 131072 Bytes 8/12/2010 22:45:31
VBASE021.VDF : 7.10.10.190 136704 Bytes 8/16/2010 22:45:31
VBASE022.VDF : 7.10.10.217 118272 Bytes 8/19/2010 22:45:31
VBASE023.VDF : 7.10.10.246 130048 Bytes 8/23/2010 22:45:32
VBASE024.VDF : 7.10.11.11 144896 Bytes 8/25/2010 22:45:32
VBASE025.VDF : 7.10.11.33 135168 Bytes 8/27/2010 22:45:33
VBASE026.VDF : 7.10.11.52 148992 Bytes 8/31/2010 22:45:33
VBASE027.VDF : 7.10.11.75 124928 Bytes 9/3/2010 22:45:33
VBASE028.VDF : 7.10.11.92 137728 Bytes 9/6/2010 22:45:33
VBASE029.VDF : 7.10.11.107 166400 Bytes 9/8/2010 22:45:34
VBASE030.VDF : 7.10.11.127 136704 Bytes 9/10/2010 22:45:34
VBASE031.VDF : 7.10.11.129 25088 Bytes 9/12/2010 22:45:34
Engineversion : 8.2.4.50
AEVDF.DLL : 8.1.2.1 106868 Bytes 9/12/2010 22:45:40
AESCRIPT.DLL : 8.1.3.44 1364346 Bytes 9/12/2010 22:45:40
AESCN.DLL : 8.1.6.1 127347 Bytes 9/12/2010 22:45:39
AESBX.DLL : 8.1.3.1 254324 Bytes 9/12/2010 22:45:41
AERDL.DLL : 8.1.8.2 614772 Bytes 9/12/2010 22:45:39
AEPACK.DLL : 8.2.3.5 471412 Bytes 9/12/2010 22:45:39
AEOFFICE.DLL : 8.1.1.8 201081 Bytes 9/12/2010 22:45:38
AEHEUR.DLL : 8.1.2.21 2883958 Bytes 9/12/2010 22:45:38
AEHELP.DLL : 8.1.13.3 242038 Bytes 9/12/2010 22:45:36
AEGEN.DLL : 8.1.3.20 397684 Bytes 9/12/2010 22:45:36
AEEMU.DLL : 8.1.2.0 393588 Bytes 9/12/2010 22:45:36
AECORE.DLL : 8.1.16.2 192887 Bytes 9/12/2010 22:45:35
AEBB.DLL : 8.1.1.0 53618 Bytes 9/12/2010 22:45:35
AVWINLL.DLL : 10.0.0.0 19304 Bytes 1/14/2010 12:03:38
AVPREF.DLL : 10.0.0.0 44904 Bytes 1/14/2010 12:03:35
AVREP.DLL : 10.0.0.8 62209 Bytes 2/18/2010 16:47:40
AVREG.DLL : 10.0.3.0 53096 Bytes 4/1/2010 12:35:46
AVSCPLR.DLL : 10.0.3.0 83816 Bytes 4/1/2010 12:39:51
AVARKT.DLL : 10.0.0.14 227176 Bytes 4/1/2010 12:22:13
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 1/26/2010 09:53:30
SQLITE3.DLL : 3.6.19.0 355688 Bytes 1/28/2010 12:57:58
AVSMTP.DLL : 10.0.0.17 63848 Bytes 3/16/2010 15:38:56
NETNT.DLL : 10.0.0.0 11624 Bytes 2/19/2010 14:41:00
RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 1/28/2010 13:10:20
RCTEXT.DLL : 10.0.53.0 97128 Bytes 4/9/2010 14:14:29

Configuration settings for the scan:
Jobname.............................: Short system scan after installation
Configuration file..................: d:\program files\avira\antivir desktop\setupprf.dat
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: off
Integrity checking of system files..: off
Scan all files......................: Intelligent file selection
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium

Start of the scan: 12 September 2010 23:51

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'notepad.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avconfig.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avshadow.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'setup.exe' - '1' Module(s) have been scanned
Scan process 'msiexec.exe' - '1' Module(s) have been scanned
Scan process 'presetup.exe' - '1' Module(s) have been scanned
Scan process 'avira_antivir_personal_en.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'avgcsrvx.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'avgcsrvx.exe' - '1' Module(s) have been scanned
Scan process 'avgnsx.exe' - '1' Module(s) have been scanned
Scan process 'avgam.exe' - '1' Module(s) have been scanned
Scan process 'avgemc.exe' - '1' Module(s) have been scanned
Scan process 'WUSB54GSv2.exe' - '1' Module(s) have been scanned
Scan process 'WLService.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'avgwdsvc.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'avgtray.exe' - '1' Module(s) have been scanned
Scan process 'RUNDLL32.EXE' - '1' Module(s) have been scanned
Scan process 'smax4pnp.exe' - '1' Module(s) have been scanned
Scan process 'Explorer.EXE' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'avgcsrvx.exe' - '1' Module(s) have been scanned
Scan process 'avgrsx.exe' - '1' Module(s) have been scanned
Scan process 'avgchsvx.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
Master boot sector HD2
[INFO] No virus was found!
Master boot sector HD3
[INFO] No virus was found!
Master boot sector HD4
[INFO] No virus was found!
Master boot sector HD5
[INFO] No virus was found!

Start scanning boot sectors:

Starting to scan executable files (registry).
The registry was scanned ( '334' files ).



End of the scan: 12 September 2010 23:51
Used time: 00:28 Minute(s)

The scan has been done completely.

0 Scanned directories
813 Files were scanned
0 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
0 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
813 Files not concerned
3 Archives were scanned
0 Warnings
0 Notes
2carrots
Active Member
 
Posts: 4
Joined: September 10th, 2010, 3:36 pm

Re: Blocked Websites

Unread postby askey127 » September 12th, 2010, 7:06 pm

2carrots,
---------------------------------------------
Please download OTL.exe by OldTimer and save it to your desktop.
  • Double click on the icon to run it. For Vista or Win7, right click the icon and choose "Run as administrator".
  • Make sure all other windows are closed to let it run uninterrupted.
  • Copy the text in the code box below and paste it into the Custom Scans/Fixes box.
    Code: Select all
    netsvcs
    drivers32 
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg 
    %systemroot%\*.jpg 
    %systemroot%\*.png 
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.* 
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav 
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x 
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %PROGRAMFILES%\Internet Explorer\*.dat
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them as a reply. Use separate replies if more convenient.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Blocked Websites

Unread postby 2carrots » September 13th, 2010, 4:36 pm

Hi Askey,

OTL.txt as follow:

OTL logfile created on: 13/09/2010 21:30:55 - Run 3
OTL by OldTimer - Version 3.2.12.0 Folder = D:\Documents and Settings\Paul\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1,007.00 Mb Total Physical Memory | 563.00 Mb Available Physical Memory | 56.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): D:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = D: | %SystemRoot% = D:\WINDOWS | %ProgramFiles% = D:\Program Files
Drive C: | 147.25 Gb Total Space | 113.20 Gb Free Space | 76.87% Space Free | Partition Type: NTFS
Drive D: | 39.05 Gb Total Space | 33.11 Gb Free Space | 84.79% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive J: | 446.77 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
Drive K: | 930.86 Gb Total Space | 539.36 Gb Free Space | 57.94% Space Free | Partition Type: NTFS

Computer Name: N-52643C1385FA4
Current User Name: Paul
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/09/13 21:15:06 | 000,576,000 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\Paul\Desktop\OTL.exe
PRC - [2010/09/12 23:02:52 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- D:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/09/12 23:02:51 | 000,620,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- D:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/09/12 23:02:50 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- D:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/09/12 23:02:47 | 000,723,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- D:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/09/12 23:02:26 | 002,065,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- D:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/09/12 23:02:01 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- D:\Program Files\AVG\AVG9\avgemc.exe
PRC - [2010/09/12 23:01:56 | 000,842,592 | ---- | M] (AVG Technologies CZ, s.r.o.) -- D:\Program Files\AVG\AVG9\avgam.exe
PRC - [2010/09/12 23:01:54 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- D:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/04/01 13:33:19 | 000,267,432 | ---- | M] (Avira GmbH) -- D:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010/03/02 11:28:31 | 000,282,792 | ---- | M] (Avira GmbH) -- D:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/02/24 10:28:09 | 000,135,336 | ---- | M] (Avira GmbH) -- D:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010/01/14 22:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- D:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\explorer.exe
PRC - [2005/11/14 03:40:00 | 005,230,080 | ---- | M] (Linksys) -- D:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54GSv2.exe
PRC - [2005/05/20 02:11:06 | 000,925,696 | R--- | M] (Analog Devices, Inc.) -- D:\Program Files\Analog Devices\Core\smax4pnp.exe
PRC - [2004/02/06 22:56:14 | 000,041,025 | ---- | M] (GEMTEKS) -- D:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe


========== Modules (SafeList) ==========

MOD - [2010/09/13 21:15:06 | 000,576,000 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\Paul\Desktop\OTL.exe
MOD - [2008/04/14 05:40:22 | 000,110,592 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Running] -- D:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe WUSB54GSv2.exe -- (WUSB54GSv2SVC)
SRV - [2010/09/12 23:02:01 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- D:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2010/09/12 23:01:54 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- D:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/04/01 13:33:19 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- D:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/02/24 10:28:09 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- D:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- D:\WINDOWS\System32\drivers\EntDrv51.sys -- (EntDrv51)
DRV - [2010/09/12 23:03:52 | 000,052,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- D:\WINDOWS\System32\Drivers\avgrkx86.sys -- (AvgRkx86)
DRV - [2010/09/12 23:03:51 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- D:\WINDOWS\system32\drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/09/12 23:03:43 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- D:\WINDOWS\system32\drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/09/12 23:03:42 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- D:\WINDOWS\system32\drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/03/01 10:05:24 | 000,124,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- D:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2010/02/16 14:24:01 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- D:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/05/11 12:49:19 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- D:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009/05/11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- D:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/02/13 20:02:52 | 000,011,520 | R--- | M] (Western Digital Technologies) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2008/05/16 14:01:00 | 006,557,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2008/04/14 00:26:50 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\usb8023.sys -- (USB_RNDIS)
DRV - [2008/04/13 22:06:06 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2005/09/15 05:56:48 | 000,141,312 | R--- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV - [2005/08/11 06:49:28 | 000,393,088 | R--- | M] (Sensaura) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\senfilt.sys -- (SenFiltService)
DRV - [2005/07/29 10:11:04 | 000,012,928 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2005/07/29 10:11:02 | 000,034,048 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2004/08/13 03:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2003/09/25 22:15:32 | 000,015,872 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\GTNDIS5.sys -- (GTNDIS5)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2004/08/04 13:00:00 | 000,000,734 | ---- | M]) - D:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O4 - HKLM..\Run: [AVG9_TRAY] D:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [avgnt] D:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [IMJPMIG8.1] D:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] D:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] D:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] D:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PHIME2002A] D:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] D:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [SoundMAXPnP] D:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKCU..\Run: [BrowserChoice] D:\WINDOWS\System32\browserchoice.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupda ... 4326922620 (WUWebControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
O20 - HKLM Winlogon: Shell - (Explorer.exe) - D:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - D:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop WallPaper: D:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: D:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/09/03 21:31:06 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/06/18 22:12:18 | 000,000,088 | R--- | M] () - J:\autorun.inf -- [ UDF ]
O33 - MountPoints2\J\Shell - "" = AutoRun
O33 - MountPoints2\J\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\WD SmartWare.exe -- [2009/08/17 18:53:00 | 002,770,432 | R--- | M] (Western Digital)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - D:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - D:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - D:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - D:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - D:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - D:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - D:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - D:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - D:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17183584330711040)

========== Files/Folders - Created Within 90 Days ==========

[2010/09/13 21:14:58 | 000,576,000 | ---- | C] (OldTimer Tools) -- D:\Documents and Settings\Paul\Desktop\OTL.exe
[2010/09/13 03:06:03 | 000,000,000 | ---D | C] -- D:\WINDOWS\System32\KB905474
[2010/09/13 00:19:32 | 000,000,000 | ---D | C] -- D:\WINDOWS\System32\NtmsData
[2010/09/13 00:01:46 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Paul\Application Data\Macromedia
[2010/09/12 23:50:47 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Paul\Application Data\Avira
[2010/09/12 23:44:20 | 000,028,520 | ---- | C] (Avira GmbH) -- D:\WINDOWS\System32\drivers\ssmdrv.sys
[2010/09/12 23:44:19 | 000,124,784 | ---- | C] (Avira GmbH) -- D:\WINDOWS\System32\drivers\avipbb.sys
[2010/09/12 23:44:19 | 000,060,936 | ---- | C] (Avira GmbH) -- D:\WINDOWS\System32\drivers\avgntflt.sys
[2010/09/12 23:44:19 | 000,045,416 | ---- | C] (Avira GmbH) -- D:\WINDOWS\System32\drivers\avgntdd.sys
[2010/09/12 23:44:19 | 000,022,360 | ---- | C] (Avira GmbH) -- D:\WINDOWS\System32\drivers\avgntmgr.sys
[2010/09/12 23:44:18 | 000,000,000 | ---D | C] -- D:\Program Files\Avira
[2010/09/12 23:44:18 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\Avira
[2010/09/12 23:38:03 | 000,446,464 | ---- | C] (OldTimer Tools) -- D:\Documents and Settings\Paul\Desktop\TFC.exe
[2010/09/12 23:17:34 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Paul\Application Data\Malwarebytes
[2010/09/12 23:17:26 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- D:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/09/12 23:17:25 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- D:\WINDOWS\System32\drivers\mbam.sys
[2010/09/12 23:17:25 | 000,000,000 | ---D | C] -- D:\Program Files\Malwarebytes' Anti-Malware
[2010/09/12 23:17:25 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/09/12 23:16:43 | 006,153,384 | ---- | C] (Malwarebytes Corporation ) -- D:\Documents and Settings\Paul\Desktop\mbam-setup.exe
[2010/09/12 23:12:02 | 000,000,000 | ---D | C] -- D:\Program Files\Trend Micro
[2010/09/12 23:11:56 | 000,812,344 | ---- | C] (Trend Micro Inc.) -- D:\Documents and Settings\Paul\Desktop\HJTInstall.exe
[2010/09/12 23:09:31 | 000,000,000 | ---D | C] -- D:\WINDOWS\System32\appmgmt
[2010/09/12 23:03:53 | 000,012,536 | ---- | C] (AVG Technologies CZ, s.r.o.) -- D:\WINDOWS\System32\avgrsstx.dll
[2010/09/12 23:03:52 | 000,052,872 | ---- | C] (AVG Technologies CZ, s.r.o.) -- D:\WINDOWS\System32\drivers\avgrkx86.sys
[2010/09/12 23:03:49 | 000,243,024 | ---- | C] (AVG Technologies CZ, s.r.o.) -- D:\WINDOWS\System32\drivers\avgtdix.sys
[2010/09/12 23:03:42 | 000,216,400 | ---- | C] (AVG Technologies CZ, s.r.o.) -- D:\WINDOWS\System32\drivers\avgldx86.sys
[2010/09/12 23:03:40 | 000,029,584 | ---- | C] (AVG Technologies CZ, s.r.o.) -- D:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/09/12 23:03:33 | 000,000,000 | ---D | C] -- D:\WINDOWS\System32\drivers\Avg
[2010/09/12 23:00:13 | 000,000,000 | ---D | C] -- D:\Program Files\AVG
[2010/09/12 22:59:51 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\avg9
[2010/09/12 22:51:44 | 000,000,000 | -HSD | C] -- D:\Documents and Settings\Paul\IECompatCache
[2010/09/12 22:51:05 | 000,000,000 | -HSD | C] -- D:\Documents and Settings\Paul\PrivacIE
[2010/09/12 22:49:50 | 000,000,000 | -HSD | C] -- D:\Documents and Settings\Paul\IETldCache
[2010/09/12 22:47:18 | 000,000,000 | ---D | C] -- D:\WINDOWS\ie8updates
[2010/09/12 22:47:00 | 000,000,000 | ---D | C] -- D:\WINDOWS\WBEM
[2010/09/12 22:46:09 | 000,000,000 | -H-D | C] -- D:\WINDOWS\ie8
[2010/09/12 22:45:53 | 000,000,000 | -HSD | C] -- D:\RECYCLER
[2010/09/12 22:36:14 | 000,000,000 | ---D | C] -- D:\Program Files\Common Files\Cisco Systems
[2010/09/12 22:32:50 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2010/09/12 22:32:25 | 000,000,000 | ---D | C] -- D:\WINDOWS\System32\PreInstall
[2010/09/12 22:32:23 | 000,000,000 | -H-D | C] -- D:\WINDOWS\$hf_mig$
[2010/09/12 22:28:38 | 000,000,000 | -HSD | C] -- D:\Documents and Settings\Paul\UserData
[2010/09/12 22:28:30 | 000,000,000 | ---D | C] -- D:\WINDOWS\System32\SoftwareDistribution
[2010/09/12 22:22:24 | 000,015,872 | ---- | C] (Printing Communications Assoc., Inc. (PCAUSA)) -- D:\WINDOWS\System32\GTNDIS5.sys
[2010/09/12 22:22:23 | 000,000,000 | -H-D | C] -- D:\Program Files\InstallShield Installation Information
[2010/09/12 22:22:13 | 000,000,000 | ---D | C] -- D:\Program Files\Linksys Wireless-G USB Wireless Network Monitor
[2010/09/12 22:18:42 | 000,000,000 | ---D | C] -- D:\WINDOWS\nview
[2010/09/12 22:15:34 | 000,000,000 | -HSD | C] -- D:\WINDOWS\Installer
[2010/09/12 22:15:33 | 000,000,000 | ---D | C] -- D:\Program Files\Common Files\ODBC
[2010/09/12 22:15:28 | 000,000,000 | ---D | C] -- D:\Program Files\Common Files\SpeechEngines
[2010/09/12 22:15:27 | 000,000,000 | R--D | C] -- D:\Program Files
[2010/09/12 22:15:27 | 000,000,000 | ---D | C] -- D:\Program Files\Common Files\Microsoft Shared
[2010/09/12 22:15:27 | 000,000,000 | ---D | C] -- D:\Program Files\Common Files
[2010/09/12 22:14:55 | 000,000,000 | R--D | C] -- D:\Documents and Settings\All Users\Start Menu
[2010/09/12 22:14:55 | 000,000,000 | R--D | C] -- D:\Documents and Settings\All Users\Documents
[2010/09/12 22:14:55 | 000,000,000 | -H-D | C] -- D:\Documents and Settings\All Users\Templates
[2010/09/12 22:14:55 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Favorites
[2010/09/12 22:14:55 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Desktop
[2010/09/12 22:13:01 | 000,000,000 | ---D | C] -- D:\WINDOWS\System32\CatRoot2
[2010/09/12 22:13:01 | 000,000,000 | ---D | C] -- D:\WINDOWS\System32\CatRoot
[2010/09/12 22:12:55 | 000,000,000 | --SD | C] -- D:\Documents and Settings\All Users\Application Data\Microsoft
[2010/09/12 22:12:55 | 000,000,000 | RH-D | C] -- D:\Documents and Settings\All Users\Application Data
[2010/09/12 22:12:25 | 000,000,000 | ---D | C] -- D:\Documents and Settings
[2010/09/12 22:12:02 | 000,000,000 | ---D | C] -- D:\Program Files\Common Files\InstallShield
[2010/09/12 22:10:25 | 000,011,520 | R--- | C] (Western Digital Technologies) -- D:\WINDOWS\System32\drivers\wdcsam.sys
[2010/09/12 22:09:15 | 000,000,000 | ---D | C] -- D:\Program Files\Analog Devices
[2010/09/12 22:09:14 | 000,393,088 | R--- | C] (Sensaura) -- D:\WINDOWS\System32\drivers\senfilt.sys
[2010/09/12 22:08:00 | 000,000,000 | -HSD | C] -- D:\System Volume Information
[2010/09/12 22:05:26 | 000,000,000 | R-SD | C] -- D:\WINDOWS\Fonts
[2010/09/12 22:05:26 | 000,000,000 | RHSD | C] -- D:\WINDOWS\System32\dllcache
[2010/09/12 22:05:26 | 000,000,000 | R--D | C] -- D:\WINDOWS\Web
[2010/09/12 22:05:26 | 000,000,000 | -H-D | C] -- D:\WINDOWS\inf
[2010/09/12 22:05:26 | 000,000,000 | ---D | C] -- D:\WINDOWS\WinSxS
[2010/09/12 22:05:26 | 000,000,000 | ---D | C] -- D:\WINDOWS\System32\wins
[2010/09/12 22:05:26 | 000,000,000 | ---D | C] -- D:\WINDOWS
[2010/09/12 22:05:26 | 000,000,000 | ---D | C] -- D:\WINDOWS\System32\wbem
[2010/09/12 22:05:26 | 000,000,000 | ---D | C] -- D:\WINDOWS\System32\usmt
[2010/09/12 22:05:26 | 000,000,000 | ---D | C] -- D:\WINDOWS\twain_32
[2010/09/12 22:05:26 | 000,000,000 | ---D | C] -- D:\WINDOWS\Temp
[2010/09/12 22:05:26 | 000,000,000 | ---D | C] -- D:\WINDOWS\system32
[2010/09/12 22:05:26 | 000,000,000 | ---D | C] -- D:\WINDOWS\system
[2010/09/12 22:05:26 | 000,000,000 | ---D | C] -- D:\WINDOWS\System32\spool
[2010/09/12 22:05:26 | 000,000,000 | ---D | C] -- D:\WINDOWS\System32\ShellExt
[2010/09/12 22:05:26 | 000,000,000 | ---D | C] -- D:\WINDOWS\System32\Setup
[2010/09/12 22:05:26 | 000,000,000 | ---D | C] -- D:\WINDOWS\security
[2010/09/12 22:05:26 | 000,000,000 | ---D | C] -- D:\WINDOWS\Resources
[2010/09/12 22:05:26 | 000,000,000 | ---D | C] -- D:\WINDOWS\repair
[2010/09/12 22:05:26 | 000,000,000 | ---D | C] -- D:\WINDOWS\System32\ras
[2010/09/12 22:05:26 | 000,000,000 | ---D | C] -- D:\WINDOWS\Provisioning
[2010/09/12 22:05:26 | 000,000,000 | ---D | C] -- D:\WINDOWS\PeerNet
[2010/09/12 22:05:26 | 000,000,000 | ---D | C] -- D:\WINDOWS\pchealth
[2010/09/12 22:05:26 | 000,000,000 | ---D | C] -- D:\WINDOWS\System32\oobe
[2010/09/12 22:05:26 | 000,000,000 | ---D | C] -- D:\WINDOWS\System32\npp
[2010/09/12 22:05:26 | 000,000,000 | ---D | C] -- D:\WINDOWS\System32\mui
[2010/09/12 22:05:26 | 000,000,000 | ---D | C] -- D:\WINDOWS\mui
[2010/09/12 22:05:26 | 000,000,000 | ---D | C] -- D:\WINDOWS\msapps
[2010/09/12 22:05:26 | 000,000,000 | ---D | C] -- D:\WINDOWS\msagent
[2010/09/12 22:05:26 | 000,000,000 | ---D | C] -- D:\WINDOWS\Media
[2010/09/12 22:05:26 | 000,000,000 | ---D | C] -- D:\WINDOWS\java
[2010/09/12 22:05:26 | 000,000,000 | ---D | C] -- D:\WINDOWS\System32\inetsrv
[2010/09/12 22:05:26 | 000,000,000 | ---D | C] -- D:\WINDOWS\System32\IME
[2010/09/12 22:05:26 | 000,000,000 | ---D | C] -- D:\WINDOWS\ime
[2010/09/12 22:05:26 | 000,000,000 | ---D | C] -- D:\WINDOWS\System32\icsxml
[2010/09/12 22:05:26 | 000,000,000 | ---D | C] -- D:\WINDOWS\System32\ias
[2010/09/12 22:05:26 | 000,000,000 | ---D | C] -- D:\WINDOWS\Help
[2010/09/12 22:05:26 | 000,000,000 | ---D | C] -- D:\WINDOWS\System32\export
[2010/09/12 22:05:26 | 000,000,000 | ---D | C] -- D:\WINDOWS\System32\drivers\etc
[2010/09/12 22:05:26 | 000,000,000 | ---D | C] -- D:\WINDOWS\ehome
[2010/09/12 22:05:26 | 000,000,000 | ---D | C] -- D:\WINDOWS\System32\drivers
[2010/09/12 22:05:26 | 000,000,000 | ---D | C] -- D:\WINDOWS\Driver Cache
[2010/09/12 22:05:26 | 000,000,000 | ---D | C] -- D:\WINDOWS\System32\drivers\disdn
[2010/09/12 22:05:26 | 000,000,000 | ---D | C] -- D:\WINDOWS\System32\dhcp
[2010/09/12 22:05:26 | 000,000,000 | ---D | C] -- D:\WINDOWS\Debug
[2010/09/12 22:05:26 | 000,000,000 | ---D | C] -- D:\WINDOWS\Cursors
[2010/09/12 22:05:26 | 000,000,000 | ---D | C] -- D:\WINDOWS\Connection Wizard
[2010/09/12 22:05:26 | 000,000,000 | ---D | C] -- D:\WINDOWS\System32\config
[2010/09/12 22:05:26 | 000,000,000 | ---D | C] -- D:\WINDOWS\Config
[2010/09/12 22:05:26 | 000,000,000 | ---D | C] -- D:\WINDOWS\AppPatch
[2010/09/12 22:05:26 | 000,000,000 | ---D | C] -- D:\WINDOWS\addins
[2010/09/12 22:05:26 | 000,000,000 | ---D | C] -- D:\WINDOWS\System32\3com_dmi
[2010/09/12 22:05:26 | 000,000,000 | ---D | C] -- D:\WINDOWS\System32\3076
[2010/09/12 22:05:26 | 000,000,000 | ---D | C] -- D:\WINDOWS\System32\2052
[2010/09/12 22:05:26 | 000,000,000 | ---D | C] -- D:\WINDOWS\System32\1054
[2010/09/12 22:05:26 | 000,000,000 | ---D | C] -- D:\WINDOWS\System32\1042
[2010/09/12 22:05:26 | 000,000,000 | ---D | C] -- D:\WINDOWS\System32\1041
[2010/09/12 22:05:26 | 000,000,000 | ---D | C] -- D:\WINDOWS\System32\1037
[2010/09/12 22:05:26 | 000,000,000 | ---D | C] -- D:\WINDOWS\System32\1033
[2010/09/12 22:05:26 | 000,000,000 | ---D | C] -- D:\WINDOWS\System32\1031
[2010/09/12 22:05:26 | 000,000,000 | ---D | C] -- D:\WINDOWS\System32\1028
[2010/09/12 22:05:26 | 000,000,000 | ---D | C] -- D:\WINDOWS\System32\1025
[2010/09/12 21:58:59 | 000,000,000 | ---D | C] -- D:\WINDOWS\Prefetch
[2010/09/12 21:53:30 | 000,000,000 | ---D | C] -- D:\WINDOWS\System32\scripting
[2010/09/12 21:53:30 | 000,000,000 | ---D | C] -- D:\WINDOWS\l2schemas
[2010/09/12 21:53:30 | 000,000,000 | ---D | C] -- D:\WINDOWS\System32\en-us
[2010/09/12 21:53:29 | 000,000,000 | ---D | C] -- D:\WINDOWS\System32\en
[2010/09/12 21:53:29 | 000,000,000 | ---D | C] -- D:\WINDOWS\System32\bits
[2010/09/12 21:52:27 | 000,000,000 | ---D | C] -- D:\WINDOWS\ServicePackFiles
[2010/09/12 21:50:56 | 000,000,000 | ---D | C] -- D:\WINDOWS\network diagnostic
[2010/09/12 21:49:42 | 000,000,000 | ---D | C] -- D:\WINDOWS\System32\ReinstallBackups
[2010/09/12 21:47:52 | 000,000,000 | -H-D | C] -- D:\WINDOWS\$NtServicePackUninstall$
[2010/09/12 21:43:48 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Paul\Local Settings\Application Data\Western Digital
[2010/09/12 21:42:07 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Paul\Application Data\Identities
[2010/09/12 21:42:06 | 000,000,000 | -H-D | C] -- D:\Program Files\Uninstall Information
[2010/09/12 21:42:03 | 000,000,000 | R--D | C] -- D:\Documents and Settings\Paul\My Documents\My Pictures
[2010/09/12 21:42:03 | 000,000,000 | R--D | C] -- D:\Documents and Settings\Paul\My Documents\My Music
[2010/09/12 21:41:49 | 000,000,000 | --SD | C] -- D:\Documents and Settings\Paul\Application Data\Microsoft
[2010/09/12 21:41:49 | 000,000,000 | RH-D | C] -- D:\Documents and Settings\Paul\SendTo
[2010/09/12 21:41:49 | 000,000,000 | RH-D | C] -- D:\Documents and Settings\Paul\Recent
[2010/09/12 21:41:49 | 000,000,000 | RH-D | C] -- D:\Documents and Settings\Paul\Application Data
[2010/09/12 21:41:49 | 000,000,000 | R--D | C] -- D:\Documents and Settings\Paul\Start Menu
[2010/09/12 21:41:49 | 000,000,000 | R--D | C] -- D:\Documents and Settings\Paul\My Documents
[2010/09/12 21:41:49 | 000,000,000 | R--D | C] -- D:\Documents and Settings\Paul\Favorites
[2010/09/12 21:41:49 | 000,000,000 | -HSD | C] -- D:\Documents and Settings\Paul\Cookies
[2010/09/12 21:41:49 | 000,000,000 | -H-D | C] -- D:\Documents and Settings\Paul\Templates
[2010/09/12 21:41:49 | 000,000,000 | -H-D | C] -- D:\Documents and Settings\Paul\PrintHood
[2010/09/12 21:41:49 | 000,000,000 | -H-D | C] -- D:\Documents and Settings\Paul\NetHood
[2010/09/12 21:41:49 | 000,000,000 | -H-D | C] -- D:\Documents and Settings\Paul\Local Settings
[2010/09/12 21:41:49 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Paul\Local Settings\Application Data\Microsoft
[2010/09/12 21:41:49 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Paul\Desktop
[2010/09/12 21:41:10 | 000,000,000 | ---D | C] -- D:\WINDOWS\SoftwareDistribution
[2010/09/12 21:41:08 | 000,000,000 | --SD | C] -- D:\WINDOWS\System32\Microsoft
[2010/09/12 21:41:08 | 000,000,000 | --SD | C] -- D:\Documents and Settings\LocalService\Application Data\Microsoft
[2010/09/12 21:41:08 | 000,000,000 | ---D | C] -- D:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2010/09/12 21:40:51 | 000,000,000 | ---D | C] -- D:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010/09/12 21:40:50 | 000,000,000 | --SD | C] -- D:\Documents and Settings\NetworkService\Application Data\Microsoft
[2010/09/12 21:39:32 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- D:\WINDOWS\System32\dllcache\rwia330.dll
[2010/09/12 21:39:31 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- D:\WINDOWS\System32\dllcache\rwia001.dll
[2010/09/12 21:38:43 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- D:\WINDOWS\System32\dllcache\cap7146.sys
[2010/09/12 21:38:12 | 000,000,000 | ---D | C] -- D:\WINDOWS\System32\xircom
[2010/09/12 21:38:12 | 000,000,000 | ---D | C] -- D:\Program Files\xerox
[2010/09/12 21:38:12 | 000,000,000 | ---D | C] -- D:\Program Files\microsoft frontpage
[2010/09/12 21:36:56 | 000,000,000 | -HSD | C] -- D:\Documents and Settings\All Users\DRM
[2010/09/12 21:36:48 | 000,000,000 | --SD | C] -- D:\WINDOWS\Downloaded Program Files
[2010/09/12 21:36:48 | 000,000,000 | R--D | C] -- D:\WINDOWS\Offline Web Pages
[2010/09/12 21:36:38 | 000,000,000 | -H-D | C] -- D:\Program Files\WindowsUpdate
[2010/09/12 21:36:13 | 000,000,000 | ---D | C] -- D:\WINDOWS\System32\DirectX
[2010/09/12 21:35:25 | 000,000,000 | ---D | C] -- D:\Program Files\Common Files\Services
[2010/09/12 21:35:21 | 000,000,000 | --SD | C] -- D:\WINDOWS\Tasks
[2010/09/12 21:35:19 | 000,000,000 | ---D | C] -- D:\Program Files\Common Files\MSSoap
[2010/09/12 21:35:12 | 000,000,000 | ---D | C] -- D:\WINDOWS\srchasst
[2010/09/12 21:35:10 | 000,000,000 | ---D | C] -- D:\WINDOWS\System32\Macromed
[2010/09/12 21:34:57 | 000,000,000 | ---D | C] -- D:\Program Files\Movie Maker
[2010/09/12 21:34:44 | 000,000,000 | ---D | C] -- D:\WINDOWS\System32\Restore
[2010/09/12 21:34:37 | 000,000,000 | ---D | C] -- D:\Program Files\NetMeeting
[2010/09/12 21:34:32 | 000,000,000 | ---D | C] -- D:\Program Files\Outlook Express
[2010/09/12 21:34:21 | 000,000,000 | ---D | C] -- D:\Program Files\Common Files\System
[2010/09/12 21:34:19 | 000,000,000 | ---D | C] -- D:\Program Files\Internet Explorer
[2010/09/12 21:34:18 | 000,000,000 | R--D | C] -- D:\Documents and Settings\All Users\Documents\My Pictures
[2010/09/12 21:33:52 | 000,000,000 | ---D | C] -- D:\Program Files\ComPlus Applications
[2010/09/12 21:33:46 | 000,000,000 | ---D | C] -- D:\WINDOWS\Registration
[2010/09/12 21:33:40 | 000,000,000 | R--D | C] -- D:\Documents and Settings\All Users\Documents\My Music
[2010/09/12 21:33:40 | 000,000,000 | ---D | C] -- D:\Program Files\Windows Media Player
[2010/09/12 21:33:40 | 000,000,000 | ---D | C] -- D:\Program Files\Online Services
[2010/09/12 21:33:34 | 000,000,000 | ---D | C] -- D:\Program Files\Messenger
[2010/09/12 21:33:30 | 000,000,000 | ---D | C] -- D:\Program Files\MSN Gaming Zone
[2010/09/12 21:32:43 | 000,000,000 | ---D | C] -- D:\Program Files\MSN
[2010/09/12 21:32:40 | 000,000,000 | ---D | C] -- D:\Program Files\Windows NT
[2010/09/12 21:32:35 | 000,000,000 | ---D | C] -- D:\WINDOWS\System32\MsDtc
[2010/09/12 21:32:32 | 000,000,000 | ---D | C] -- D:\WINDOWS\System32\Com
[2010/09/12 21:32:17 | 000,000,000 | R--D | C] -- D:\Documents and Settings\All Users\Documents\My Videos

========== Files - Modified Within 90 Days ==========

[2010/09/13 21:17:05 | 064,580,852 | ---- | M] () -- D:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/09/13 21:15:06 | 000,576,000 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\Paul\Desktop\OTL.exe
[2010/09/13 21:12:28 | 000,000,260 | ---- | M] () -- D:\WINDOWS\tasks\WGASetup.job
[2010/09/13 21:11:51 | 000,186,097 | ---- | M] () -- D:\WINDOWS\System32\nvapps.xml
[2010/09/13 21:11:43 | 000,000,006 | -H-- | M] () -- D:\WINDOWS\tasks\SA.DAT
[2010/09/13 21:11:38 | 000,002,048 | --S- | M] () -- D:\WINDOWS\bootstat.dat
[2010/09/13 07:07:15 | 001,048,576 | -H-- | M] () -- D:\Documents and Settings\Paul\NTUSER.DAT
[2010/09/13 07:07:15 | 000,000,178 | -HS- | M] () -- D:\Documents and Settings\Paul\ntuser.ini
[2010/09/13 07:07:08 | 004,279,638 | -H-- | M] () -- D:\Documents and Settings\Paul\Local Settings\Application Data\IconCache.db
[2010/09/13 03:28:18 | 000,311,604 | ---- | M] () -- D:\WINDOWS\System32\perfh009.dat
[2010/09/13 03:28:18 | 000,039,992 | ---- | M] () -- D:\WINDOWS\System32\perfc009.dat
[2010/09/13 03:28:17 | 000,356,120 | ---- | M] () -- D:\WINDOWS\System32\PerfStringBackup.INI
[2010/09/13 03:24:04 | 000,001,503 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\Browser Choice.lnk
[2010/09/13 03:23:42 | 000,097,456 | ---- | M] () -- D:\WINDOWS\System32\FNTCACHE.DAT
[2010/09/13 03:07:06 | 000,001,374 | ---- | M] () -- D:\WINDOWS\imsins.BAK
[2010/09/12 23:44:30 | 000,001,707 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2010/09/12 23:39:19 | 000,446,464 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\Paul\Desktop\TFC.exe
[2010/09/12 23:34:56 | 044,089,904 | ---- | M] () -- D:\Documents and Settings\Paul\Desktop\avira_antivir_personal_en.exe
[2010/09/12 23:17:30 | 000,000,696 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/12 23:17:02 | 006,153,384 | ---- | M] (Malwarebytes Corporation ) -- D:\Documents and Settings\Paul\Desktop\mbam-setup.exe
[2010/09/12 23:12:04 | 000,001,734 | ---- | M] () -- D:\Documents and Settings\Paul\Desktop\HijackThis.lnk
[2010/09/12 23:11:59 | 000,812,344 | ---- | M] (Trend Micro Inc.) -- D:\Documents and Settings\Paul\Desktop\HJTInstall.exe
[2010/09/12 23:03:56 | 000,001,507 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\AVG 9.0.lnk
[2010/09/12 23:03:55 | 000,012,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- D:\WINDOWS\System32\avgrsstx.dll
[2010/09/12 23:03:52 | 000,052,872 | ---- | M] (AVG Technologies CZ, s.r.o.) -- D:\WINDOWS\System32\drivers\avgrkx86.sys
[2010/09/12 23:03:51 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) -- D:\WINDOWS\System32\drivers\avgtdix.sys
[2010/09/12 23:03:43 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- D:\WINDOWS\System32\drivers\avgldx86.sys
[2010/09/12 23:03:42 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- D:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/09/12 23:03:40 | 000,113,461 | ---- | M] () -- D:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2010/09/12 22:50:21 | 000,020,456 | ---- | M] () -- D:\Documents and Settings\Paul\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/09/12 22:49:59 | 000,000,815 | ---- | M] () -- D:\Documents and Settings\Paul\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/09/12 22:44:53 | 000,000,512 | ---- | M] () -- D:\WINDOWS\randseed.rnd
[2010/09/12 22:32:50 | 000,002,206 | ---- | M] () -- D:\WINDOWS\System32\wpa.dbl
[2010/09/12 22:21:45 | 000,001,413 | ---- | M] () -- D:\WINDOWS\System32\WLAN.INI
[2010/09/12 22:15:27 | 000,000,231 | ---- | M] () -- D:\WINDOWS\system.ini
[2010/09/12 22:10:57 | 000,019,280 | ---- | M] () -- D:\WINDOWS\Ascd_tmp.ini
[2010/09/12 21:59:42 | 000,316,640 | ---- | M] () -- D:\WINDOWS\WMSysPr9.prx
[2010/09/12 21:42:14 | 000,000,079 | ---- | M] () -- D:\Documents and Settings\Paul\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2010/09/12 21:40:54 | 000,008,192 | ---- | M] () -- D:\WINDOWS\REGLOCS.OLD
[2010/09/12 21:40:05 | 000,000,261 | ---- | M] () -- D:\WINDOWS\System32\$winnt$.inf
[2010/09/12 21:37:51 | 000,002,577 | ---- | M] () -- D:\WINDOWS\System32\CONFIG.NT
[2010/09/12 21:37:51 | 000,000,477 | ---- | M] () -- D:\WINDOWS\win.ini
[2010/09/12 21:37:51 | 000,000,000 | ---- | M] () -- D:\WINDOWS\control.ini
[2010/09/12 21:37:42 | 000,023,392 | ---- | M] () -- D:\WINDOWS\System32\nscompat.tlb
[2010/09/12 21:37:42 | 000,016,832 | ---- | M] () -- D:\WINDOWS\System32\amcompat.tlb
[2010/09/12 21:37:34 | 000,004,161 | ---- | M] () -- D:\WINDOWS\ODBCINST.INI
[2010/09/12 21:36:48 | 000,000,488 | RH-- | M] () -- D:\WINDOWS\System32\WindowsLogon.manifest
[2010/09/12 21:36:48 | 000,000,488 | RH-- | M] () -- D:\WINDOWS\System32\logonui.exe.manifest
[2010/09/12 21:36:43 | 000,000,749 | RH-- | M] () -- D:\WINDOWS\System32\wuaucpl.cpl.manifest
[2010/09/12 21:36:43 | 000,000,749 | RH-- | M] () -- D:\WINDOWS\WindowsShell.Manifest
[2010/09/12 21:36:43 | 000,000,749 | RH-- | M] () -- D:\WINDOWS\System32\sapi.cpl.manifest
[2010/09/12 21:36:43 | 000,000,749 | RH-- | M] () -- D:\WINDOWS\System32\nwc.cpl.manifest
[2010/09/12 21:36:43 | 000,000,749 | RH-- | M] () -- D:\WINDOWS\System32\ncpa.cpl.manifest
[2010/09/12 21:36:43 | 000,000,749 | RH-- | M] () -- D:\WINDOWS\System32\cdplayer.exe.manifest
[2010/09/12 21:33:59 | 000,021,640 | ---- | M] () -- D:\WINDOWS\System32\emptyregdb.dat
[2010/09/12 21:33:50 | 000,000,037 | ---- | M] () -- D:\WINDOWS\vbaddin.ini
[2010/09/12 21:33:50 | 000,000,036 | ---- | M] () -- D:\WINDOWS\vb.ini

========== Files Created - No Company Name ==========

[2010/09/13 03:24:04 | 000,001,503 | ---- | C] () -- D:\Documents and Settings\All Users\Desktop\Browser Choice.lnk
[2010/09/13 03:06:03 | 000,000,260 | ---- | C] () -- D:\WINDOWS\tasks\WGASetup.job
[2010/09/12 23:44:30 | 000,001,707 | ---- | C] () -- D:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2010/09/12 23:34:55 | 044,089,904 | ---- | C] () -- D:\Documents and Settings\Paul\Desktop\avira_antivir_personal_en.exe
[2010/09/12 23:17:30 | 000,000,696 | ---- | C] () -- D:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/12 23:12:04 | 000,001,734 | ---- | C] () -- D:\Documents and Settings\Paul\Desktop\HijackThis.lnk
[2010/09/12 23:03:55 | 000,001,507 | ---- | C] () -- D:\Documents and Settings\All Users\Desktop\AVG 9.0.lnk
[2010/09/12 23:03:39 | 000,113,461 | ---- | C] () -- D:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2010/09/12 23:03:33 | 064,580,852 | ---- | C] () -- D:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/09/12 22:36:37 | 000,000,512 | ---- | C] () -- D:\WINDOWS\randseed.rnd
[2010/09/12 22:28:43 | 000,173,568 | ---- | C] () -- D:\WINDOWS\System32\dllcache\chtskf.dll
[2010/09/12 22:28:41 | 000,175,104 | ---- | C] () -- D:\WINDOWS\System32\dllcache\pintlcsa.dll
[2010/09/12 22:28:36 | 000,059,392 | ---- | C] () -- D:\WINDOWS\System32\dllcache\imscinst.exe
[2010/09/12 22:28:34 | 000,196,665 | ---- | C] () -- D:\WINDOWS\System32\dllcache\imjpinst.exe
[2010/09/12 22:28:32 | 001,158,818 | ---- | C] () -- D:\WINDOWS\System32\korwbrkr.lex
[2010/09/12 22:28:32 | 001,158,818 | ---- | C] () -- D:\WINDOWS\System32\dllcache\korwbrkr.lex
[2010/09/12 22:28:32 | 000,002,060 | ---- | C] () -- D:\WINDOWS\System32\noise.jpn
[2010/09/12 22:28:32 | 000,001,486 | ---- | C] () -- D:\WINDOWS\System32\noise.kor
[2010/09/12 22:28:22 | 000,211,938 | ---- | C] () -- D:\WINDOWS\System32\lcphrase.tbl
[2010/09/12 22:28:22 | 000,146,126 | ---- | C] () -- D:\WINDOWS\System32\array30.tab
[2010/09/12 22:28:22 | 000,110,566 | ---- | C] () -- D:\WINDOWS\System32\arphr.tbl
[2010/09/12 22:28:22 | 000,043,242 | ---- | C] () -- D:\WINDOWS\System32\phoncode.tbl
[2010/09/12 22:28:22 | 000,024,114 | ---- | C] () -- D:\WINDOWS\System32\lcptr.tbl
[2010/09/12 22:28:22 | 000,018,600 | ---- | C] () -- D:\WINDOWS\System32\arrayhw.tab
[2010/09/12 22:28:22 | 000,016,312 | ---- | C] () -- D:\WINDOWS\System32\arptr.tbl
[2010/09/12 22:28:22 | 000,004,071 | ---- | C] () -- D:\WINDOWS\System32\phon.tbl
[2010/09/12 22:28:22 | 000,002,714 | ---- | C] () -- D:\WINDOWS\System32\phonptr.tbl
[2010/09/12 22:28:22 | 000,000,700 | ---- | C] () -- D:\WINDOWS\System32\dayiptr.tbl
[2010/09/12 22:28:22 | 000,000,520 | ---- | C] () -- D:\WINDOWS\System32\dayiphr.tbl
[2010/09/12 22:28:21 | 000,195,618 | ---- | C] () -- D:\WINDOWS\System32\dllcache\c_10002.nls
[2010/09/12 22:28:21 | 000,195,618 | ---- | C] () -- D:\WINDOWS\System32\c_10002.nls
[2010/09/12 22:28:21 | 000,116,285 | ---- | C] () -- D:\WINDOWS\System32\msdayi.tbl
[2010/09/12 22:28:21 | 000,082,172 | ---- | C] () -- D:\WINDOWS\System32\dllcache\bopomofo.nls
[2010/09/12 22:28:21 | 000,082,172 | ---- | C] () -- D:\WINDOWS\System32\bopomofo.nls
[2010/09/12 22:28:21 | 000,066,728 | ---- | C] () -- D:\WINDOWS\System32\dllcache\big5.nls
[2010/09/12 22:28:21 | 000,066,728 | ---- | C] () -- D:\WINDOWS\System32\big5.nls
[2010/09/12 22:28:21 | 000,044,370 | ---- | C] () -- D:\WINDOWS\System32\acode.tbl
[2010/09/12 22:28:21 | 000,044,370 | ---- | C] () -- D:\WINDOWS\System32\a234.tbl
[2010/09/12 22:28:21 | 000,001,460 | ---- | C] () -- D:\WINDOWS\System32\a15.tbl
[2010/09/12 22:28:20 | 000,016,254 | ---- | C] () -- D:\WINDOWS\System32\PINTLPAE.HLP
[2010/09/12 22:28:20 | 000,014,821 | ---- | C] () -- D:\WINDOWS\System32\PINTLPAD.HLP
[2010/09/12 22:28:15 | 001,223,500 | ---- | C] () -- D:\WINDOWS\System32\WINZM.MB
[2010/09/12 22:28:14 | 001,783,864 | ---- | C] () -- D:\WINDOWS\System32\WINPY.MB
[2010/09/12 22:28:14 | 001,564,868 | ---- | C] () -- D:\WINDOWS\System32\WINSP.MB
[2010/09/12 22:28:13 | 000,173,602 | ---- | C] () -- D:\WINDOWS\System32\dllcache\c_10008.nls
[2010/09/12 22:28:13 | 000,173,602 | ---- | C] () -- D:\WINDOWS\System32\c_10008.nls
[2010/09/12 22:28:13 | 000,083,748 | ---- | C] () -- D:\WINDOWS\System32\prcp.nls
[2010/09/12 22:28:13 | 000,083,748 | ---- | C] () -- D:\WINDOWS\System32\dllcache\prcp.nls
[2010/09/12 22:28:13 | 000,083,748 | ---- | C] () -- D:\WINDOWS\System32\prc.nls
[2010/09/12 22:28:13 | 000,083,748 | ---- | C] () -- D:\WINDOWS\System32\dllcache\prc.nls
[2010/09/12 22:28:10 | 000,134,339 | ---- | C] () -- D:\WINDOWS\System32\dllcache\imekr.lex
[2010/09/12 22:28:10 | 000,108,827 | ---- | C] () -- D:\WINDOWS\System32\dllcache\hanja.lex
[2010/09/12 22:28:04 | 000,189,986 | ---- | C] () -- D:\WINDOWS\System32\dllcache\c_1361.nls
[2010/09/12 22:28:04 | 000,189,986 | ---- | C] () -- D:\WINDOWS\System32\c_1361.nls
[2010/09/12 22:28:04 | 000,177,698 | ---- | C] () -- D:\WINDOWS\System32\dllcache\c_10003.nls
[2010/09/12 22:28:04 | 000,177,698 | ---- | C] () -- D:\WINDOWS\System32\c_10003.nls
[2010/09/12 22:28:03 | 000,047,066 | ---- | C] () -- D:\WINDOWS\System32\ksc.nls
[2010/09/12 22:28:03 | 000,047,066 | ---- | C] () -- D:\WINDOWS\System32\dllcache\ksc.nls
[2010/09/12 22:27:58 | 013,463,552 | ---- | C] () -- D:\WINDOWS\System32\dllcache\hwxjpn.dll
[2010/09/12 22:27:32 | 000,180,770 | ---- | C] () -- D:\WINDOWS\System32\dllcache\c_20932.nls
[2010/09/12 22:27:32 | 000,180,770 | ---- | C] () -- D:\WINDOWS\System32\c_20932.nls
[2010/09/12 22:27:32 | 000,177,698 | ---- | C] () -- D:\WINDOWS\System32\dllcache\c_20949.nls
[2010/09/12 22:27:32 | 000,177,698 | ---- | C] () -- D:\WINDOWS\System32\c_20949.nls
[2010/09/12 22:27:32 | 000,173,602 | ---- | C] () -- D:\WINDOWS\System32\dllcache\c_20936.nls
[2010/09/12 22:27:32 | 000,173,602 | ---- | C] () -- D:\WINDOWS\System32\c_20936.nls
[2010/09/12 22:27:31 | 000,180,258 | ---- | C] () -- D:\WINDOWS\System32\dllcache\c_20000.nls
[2010/09/12 22:27:31 | 000,180,258 | ---- | C] () -- D:\WINDOWS\System32\c_20000.nls
[2010/09/12 22:27:31 | 000,162,850 | ---- | C] () -- D:\WINDOWS\System32\dllcache\c_10001.nls
[2010/09/12 22:27:31 | 000,162,850 | ---- | C] () -- D:\WINDOWS\System32\c_10001.nls
[2010/09/12 22:27:31 | 000,066,082 | ---- | C] () -- D:\WINDOWS\System32\dllcache\c_21027.nls
[2010/09/12 22:27:31 | 000,066,082 | ---- | C] () -- D:\WINDOWS\System32\c_21027.nls
[2010/09/12 22:27:31 | 000,066,082 | ---- | C] () -- D:\WINDOWS\System32\dllcache\c_20290.nls
[2010/09/12 22:27:31 | 000,066,082 | ---- | C] () -- D:\WINDOWS\System32\c_20290.nls
[2010/09/12 22:27:31 | 000,028,288 | ---- | C] () -- D:\WINDOWS\System32\xjis.nls
[2010/09/12 22:27:31 | 000,028,288 | ---- | C] () -- D:\WINDOWS\System32\dllcache\xjis.nls
[2010/09/12 22:22:24 | 000,094,208 | ---- | C] () -- D:\WINDOWS\System32\GTW32N50.dll
[2010/09/12 22:22:24 | 000,031,930 | ---- | C] () -- D:\WINDOWS\System32\GTNDIS3.VXD
[2010/09/12 22:22:24 | 000,007,423 | ---- | C] () -- D:\WINDOWS\System32\WUSB54GSv2.cat
[2010/09/12 22:22:24 | 000,007,419 | ---- | C] () -- D:\WINDOWS\System32\WUSB54GS.cat
[2010/09/12 22:22:23 | 000,651,264 | ---- | C] () -- D:\WINDOWS\System32\libeay32.dll
[2010/09/12 22:22:23 | 000,147,456 | ---- | C] () -- D:\WINDOWS\System32\ssleay32.dll
[2010/09/12 22:21:45 | 000,001,413 | ---- | C] () -- D:\WINDOWS\System32\WLAN.INI
[2010/09/12 22:18:43 | 000,186,097 | ---- | C] () -- D:\WINDOWS\System32\nvapps.xml
[2010/09/12 22:18:42 | 000,018,070 | ---- | C] () -- D:\WINDOWS\System32\nvdisp.nvu
[2010/09/12 22:15:36 | 000,001,374 | ---- | C] () -- D:\WINDOWS\imsins.BAK
[2010/09/12 22:15:30 | 001,685,606 | ---- | C] () -- D:\WINDOWS\System32\dllcache\sam.spd
[2010/09/12 22:15:30 | 000,000,888 | ---- | C] () -- D:\WINDOWS\System32\dllcache\sam.sdf
[2010/09/12 22:15:29 | 000,643,717 | ---- | C] () -- D:\WINDOWS\System32\dllcache\ltts1033.lxa
[2010/09/12 22:15:29 | 000,605,050 | ---- | C] () -- D:\WINDOWS\System32\dllcache\r1033tts.lxa
[2010/09/12 22:15:26 | 000,066,082 | ---- | C] () -- D:\WINDOWS\System32\dllcache\c_28603.nls
[2010/09/12 22:15:26 | 000,066,082 | ---- | C] () -- D:\WINDOWS\System32\c_28603.nls
[2010/09/12 22:15:24 | 000,066,082 | ---- | C] () -- D:\WINDOWS\System32\dllcache\c_28599.nls
[2010/09/12 22:15:24 | 000,066,082 | ---- | C] () -- D:\WINDOWS\System32\c_28599.nls
[2010/09/12 22:15:23 | 000,066,594 | ---- | C] () -- D:\WINDOWS\System32\dllcache\c_857.nls
[2010/09/12 22:15:23 | 000,066,594 | ---- | C] () -- D:\WINDOWS\System32\c_857.nls
[2010/09/12 22:15:23 | 000,066,082 | ---- | C] () -- D:\WINDOWS\System32\dllcache\c_10081.nls
[2010/09/12 22:15:23 | 000,066,082 | ---- | C] () -- D:\WINDOWS\System32\c_10081.nls
[2010/09/12 22:15:20 | 000,066,082 | ---- | C] () -- D:\WINDOWS\System32\dllcache\c_28595.nls
[2010/09/12 22:15:20 | 000,066,082 | ---- | C] () -- D:\WINDOWS\System32\C_28595.NLS
[2010/09/12 22:15:20 | 000,066,082 | ---- | C] () -- D:\WINDOWS\System32\dllcache\c_10017.nls
[2010/09/12 22:15:20 | 000,066,082 | ---- | C] () -- D:\WINDOWS\System32\c_10017.nls
[2010/09/12 22:15:20 | 000,066,082 | ---- | C] () -- D:\WINDOWS\System32\dllcache\c_10007.nls
[2010/09/12 22:15:20 | 000,066,082 | ---- | C] () -- D:\WINDOWS\System32\c_10007.nls
[2010/09/12 22:15:17 | 000,066,082 | ---- | C] () -- D:\WINDOWS\System32\dllcache\c_875.nls
[2010/09/12 22:15:17 | 000,066,082 | ---- | C] () -- D:\WINDOWS\System32\c_875.nls
[2010/09/12 22:15:17 | 000,066,082 | ---- | C] () -- D:\WINDOWS\System32\dllcache\c_28597.nls
[2010/09/12 22:15:17 | 000,066,082 | ---- | C] () -- D:\WINDOWS\System32\C_28597.NLS
[2010/09/12 22:15:17 | 000,066,082 | ---- | C] () -- D:\WINDOWS\System32\dllcache\c_10006.nls
[2010/09/12 22:15:17 | 000,066,082 | ---- | C] () -- D:\WINDOWS\System32\c_10006.nls
[2010/09/12 22:15:16 | 000,066,594 | ---- | C] () -- D:\WINDOWS\System32\dllcache\c_869.nls
[2010/09/12 22:15:16 | 000,066,594 | ---- | C] () -- D:\WINDOWS\System32\c_869.nls
[2010/09/12 22:15:16 | 000,066,594 | ---- | C] () -- D:\WINDOWS\System32\dllcache\c_737.nls
[2010/09/12 22:15:16 | 000,066,594 | ---- | C] () -- D:\WINDOWS\System32\c_737.nls
[2010/09/12 22:15:14 | 000,066,594 | ---- | C] () -- D:\WINDOWS\System32\dllcache\c_866.nls
[2010/09/12 22:15:14 | 000,066,594 | ---- | C] () -- D:\WINDOWS\System32\c_866.nls
[2010/09/12 22:15:14 | 000,066,594 | ---- | C] () -- D:\WINDOWS\System32\dllcache\c_855.nls
[2010/09/12 22:15:14 | 000,066,594 | ---- | C] () -- D:\WINDOWS\System32\c_855.nls
[2010/09/12 22:15:14 | 000,066,082 | ---- | C] () -- D:\WINDOWS\System32\dllcache\c_28594.nls
[2010/09/12 22:15:14 | 000,066,082 | ---- | C] () -- D:\WINDOWS\System32\C_28594.NLS
[2010/09/12 22:15:11 | 000,066,594 | ---- | C] () -- D:\WINDOWS\System32\dllcache\c_852.nls
[2010/09/12 22:15:11 | 000,066,594 | ---- | C] () -- D:\WINDOWS\System32\c_852.nls
[2010/09/12 22:15:11 | 000,066,082 | ---- | C] () -- D:\WINDOWS\System32\dllcache\c_10082.nls
[2010/09/12 22:15:11 | 000,066,082 | ---- | C] () -- D:\WINDOWS\System32\c_10082.nls
[2010/09/12 22:15:11 | 000,066,082 | ---- | C] () -- D:\WINDOWS\System32\dllcache\c_10029.nls
[2010/09/12 22:15:11 | 000,066,082 | ---- | C] () -- D:\WINDOWS\System32\c_10029.nls
[2010/09/12 22:15:11 | 000,066,082 | ---- | C] () -- D:\WINDOWS\System32\dllcache\c_10010.nls
[2010/09/12 22:15:11 | 000,066,082 | ---- | C] () -- D:\WINDOWS\System32\c_10010.nls
[2010/09/12 22:15:09 | 000,066,082 | ---- | C] () -- D:\WINDOWS\System32\dllcache\c_20127.nls
[2010/09/12 22:15:09 | 000,066,082 | ---- | C] () -- D:\WINDOWS\System32\c_20127.nls
[2010/09/12 22:15:04 | 000,001,688 | ---- | C] () -- D:\WINDOWS\System32\AUTOEXEC.NT
[2010/09/12 22:13:16 | 000,797,189 | ---- | C] () -- D:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2010/09/12 22:13:16 | 000,399,645 | ---- | C] () -- D:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2010/09/12 22:13:16 | 000,037,484 | ---- | C] () -- D:\WINDOWS\System32\dllcache\MW770.CAT
[2010/09/12 22:13:16 | 000,013,472 | ---- | C] () -- D:\WINDOWS\System32\dllcache\HPCRDP.CAT
[2010/09/12 22:13:16 | 000,008,574 | ---- | C] () -- D:\WINDOWS\System32\dllcache\IASNT4.CAT
[2010/09/12 22:13:16 | 000,007,382 | ---- | C] () -- D:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2010/09/12 22:13:16 | 000,007,334 | ---- | C] () -- D:\WINDOWS\System32\dllcache\wmerrenu.cat
[2010/09/12 22:13:15 | 001,042,903 | ---- | C] () -- D:\WINDOWS\System32\dllcache\SP2.CAT
[2010/09/12 22:12:49 | 000,003,632 | ---- | C] () -- D:\WINDOWS\System32\nvnrm.nvu
[2010/09/12 22:12:46 | 000,001,348 | R--- | C] () -- D:\WINDOWS\System32\nvsmb.nvu
[2010/09/12 22:12:24 | 000,097,456 | ---- | C] () -- D:\WINDOWS\System32\FNTCACHE.DAT
[2010/09/12 22:11:34 | 000,000,261 | ---- | C] () -- D:\WINDOWS\System32\$winnt$.inf
[2010/09/12 22:11:21 | 000,810,056 | R--- | C] () -- D:\WINDOWS\System32\alert.bmp
[2010/09/12 22:11:21 | 000,000,150 | R--- | C] () -- D:\WINDOWS\System32\raidmgmt.ini
[2010/09/12 21:53:45 | 000,613,334 | ---- | C] () -- D:\WINDOWS\System32\dllcache\wmplayer.chm
[2010/09/12 21:53:45 | 000,343,204 | ---- | C] () -- D:\WINDOWS\System32\dllcache\wmpaud7.wav
[2010/09/12 21:53:45 | 000,343,204 | ---- | C] () -- D:\WINDOWS\System32\dllcache\wmpaud6.wav
[2010/09/12 21:53:45 | 000,172,196 | ---- | C] () -- D:\WINDOWS\System32\dllcache\wmpaud9.wav
[2010/09/12 21:53:45 | 000,172,196 | ---- | C] () -- D:\WINDOWS\System32\dllcache\wmpaud8.wav
[2010/09/12 21:53:45 | 000,172,196 | ---- | C] () -- D:\WINDOWS\System32\dllcache\wmpaud3.wav
[2010/09/12 21:53:45 | 000,086,196 | ---- | C] () -- D:\WINDOWS\System32\dllcache\wmpaud5.wav
[2010/09/12 21:53:45 | 000,086,180 | ---- | C] () -- D:\WINDOWS\System32\dllcache\wmpaud4.wav
[2010/09/12 21:53:45 | 000,067,374 | ---- | C] () -- D:\WINDOWS\System32\dllcache\wmplayer.adm
[2010/09/12 21:53:45 | 000,023,195 | ---- | C] () -- D:\WINDOWS\System32\dllcache\wmplay.chm
[2010/09/12 21:53:45 | 000,010,457 | ---- | C] () -- D:\WINDOWS\System32\dllcache\wmptour.hta
[2010/09/12 21:53:45 | 000,001,771 | ---- | C] () -- D:\WINDOWS\System32\dllcache\wmptour.css
[2010/09/12 21:53:45 | 000,000,855 | ---- | C] () -- D:\WINDOWS\System32\dllcache\wmpocm.inf
[2010/09/12 21:53:45 | 000,000,420 | ---- | C] () -- D:\WINDOWS\System32\dllcache\wmploc.js
[2010/09/12 21:53:44 | 000,572,557 | ---- | C] () -- D:\WINDOWS\System32\dllcache\rtuner.wmv
[2010/09/12 21:53:44 | 000,375,519 | ---- | C] () -- D:\WINDOWS\System32\dllcache\nuskin.wmv
[2010/09/12 21:53:44 | 000,354,468 | ---- | C] () -- D:\WINDOWS\System32\dllcache\wmpaud1.wav
[2010/09/12 21:53:44 | 000,300,969 | ---- | C] () -- D:\WINDOWS\System32\dllcache\viz.wmv
[2010/09/12 21:53:44 | 000,086,180 | ---- | C] () -- D:\WINDOWS\System32\dllcache\wmpaud2.wav
[2010/09/12 21:53:44 | 000,077,307 | ---- | C] () -- D:\WINDOWS\System32\dllcache\plyr_err.chm
[2010/09/12 21:53:44 | 000,066,725 | ---- | C] () -- D:\WINDOWS\System32\dllcache\revert.wmz
[2010/09/12 21:53:44 | 000,029,070 | ---- | C] () -- D:\WINDOWS\System32\dllcache\wmp.inf
[2010/09/12 21:53:44 | 000,023,829 | ---- | C] () -- D:\WINDOWS\System32\dllcache\tourbg.gif
[2010/09/12 21:53:44 | 000,017,489 | ---- | C] () -- D:\WINDOWS\System32\dllcache\videobg.gif
[2010/09/12 21:53:44 | 000,017,272 | ---- | C] () -- D:\WINDOWS\System32\dllcache\wmdm.inf
[2010/09/12 21:53:44 | 000,008,677 | ---- | C] () -- D:\WINDOWS\System32\dllcache\wm7.gif
[2010/09/12 21:53:44 | 000,007,892 | ---- | C] () -- D:\WINDOWS\System32\dllcache\wm9.gif
[2010/09/12 21:53:44 | 000,007,636 | ---- | C] () -- D:\WINDOWS\System32\dllcache\wm2.gif
[2010/09/12 21:53:44 | 000,007,369 | ---- | C] () -- D:\WINDOWS\System32\dllcache\wm4.gif
[2010/09/12 21:53:44 | 000,006,769 | ---- | C] () -- D:\WINDOWS\System32\dllcache\wmfsdk.inf
[2010/09/12 21:53:44 | 000,006,241 | ---- | C] () -- D:\WINDOWS\System32\dllcache\wm3.gif
[2010/09/12 21:53:44 | 000,006,060 | ---- | C] () -- D:\WINDOWS\System32\dllcache\wm6.gif
[2010/09/12 21:53:44 | 000,005,789 | ---- | C] () -- D:\WINDOWS\System32\dllcache\wm1.gif
[2010/09/12 21:53:44 | 000,005,290 | ---- | C] () -- D:\WINDOWS\System32\dllcache\vidsamp.gif
[2010/09/12 21:53:44 | 000,004,193 | ---- | C] () -- D:\WINDOWS\System32\dllcache\wm8.gif
[2010/09/12 21:53:44 | 000,003,187 | ---- | C] () -- D:\WINDOWS\System32\dllcache\tour.js
[2010/09/12 21:53:44 | 000,002,477 | ---- | C] () -- D:\WINDOWS\System32\dllcache\wm5.gif
[2010/09/12 21:53:44 | 000,002,469 | ---- | C] () -- D:\WINDOWS\System32\dllcache\tplay.gif
[2010/09/12 21:53:44 | 000,002,450 | ---- | C] () -- D:\WINDOWS\System32\dllcache\tpause.gif
[2010/09/12 21:53:44 | 000,002,375 | ---- | C] () -- D:\WINDOWS\System32\dllcache\tplayh.gif
[2010/09/12 21:53:44 | 000,002,371 | ---- | C] () -- D:\WINDOWS\System32\dllcache\tpauseh.gif
[2010/09/12 21:53:44 | 000,001,477 | ---- | C] () -- D:\WINDOWS\System32\dllcache\plylst6.wpl
[2010/09/12 21:53:44 | 000,001,477 | ---- | C] () -- D:\WINDOWS\System32\dllcache\plylst5.wpl
[2010/09/12 21:53:44 | 000,001,474 | ---- | C] () -- D:\WINDOWS\System32\dllcache\plylst3.wpl
[2010/09/12 21:53:44 | 000,001,451 | ---- | C] () -- D:\WINDOWS\System32\dllcache\plylst12.wpl
[2010/09/12 21:53:44 | 000,001,448 | ---- | C] () -- D:\WINDOWS\System32\dllcache\plylst4.wpl
[2010/09/12 21:53:44 | 000,001,398 | ---- | C] () -- D:\WINDOWS\System32\dllcache\taon.gif
[2010/09/12 21:53:44 | 000,001,380 | ---- | C] () -- D:\WINDOWS\System32\dllcache\taonh.gif
[2010/09/12 21:53:44 | 000,001,380 | ---- | C] () -- D:\WINDOWS\System32\dllcache\taoff.gif
[2010/09/12 21:53:44 | 000,001,367 | ---- | C] () -- D:\WINDOWS\System32\dllcache\taoffh.gif
[2010/09/12 21:53:44 | 000,001,250 | ---- | C] () -- D:\WINDOWS\System32\dllcache\plylst1.wpl
[2010/09/12 21:53:44 | 000,001,148 | ---- | C] () -- D:\WINDOWS\System32\dllcache\snd.htm
[2010/09/12 21:53:44 | 000,001,049 | ---- | C] () -- D:\WINDOWS\System32\dllcache\plylst2.wpl
[2010/09/12 21:53:44 | 000,001,046 | ---- | C] () -- D:\WINDOWS\System32\dllcache\plylst7.wpl
[2010/09/12 21:53:44 | 000,001,036 | ---- | C] () -- D:\WINDOWS\System32\dllcache\plylst8.wpl
[2010/09/12 21:53:44 | 000,000,908 | ---- | C] () -- D:\WINDOWS\System32\dllcache\skins.inf
[2010/09/12 21:53:44 | 000,000,789 | ---- | C] () -- D:\WINDOWS\System32\dllcache\plylst11.wpl
[2010/09/12 21:53:44 | 000,000,787 | ---- | C] () -- D:\WINDOWS\System32\dllcache\plylst10.wpl
[2010/09/12 21:53:44 | 000,000,784 | ---- | C] () -- D:\WINDOWS\System32\dllcache\plylst9.wpl
[2010/09/12 21:53:44 | 000,000,783 | ---- | C] () -- D:\WINDOWS\System32\dllcache\plylst13.wpl
[2010/09/12 21:53:44 | 000,000,775 | ---- | C] () -- D:\WINDOWS\System32\dllcache\plylst14.wpl
[2010/09/12 21:53:44 | 000,000,733 | ---- | C] () -- D:\WINDOWS\System32\dllcache\plylst15.wpl
[2010/09/12 21:53:43 | 000,457,607 | ---- | C] () -- D:\WINDOWS\System32\dllcache\mdlib.wmv
[2010/09/12 21:53:43 | 000,381,425 | ---- | C] () -- D:\WINDOWS\System32\dllcache\copycd.wmv
[2010/09/12 21:53:43 | 000,184,959 | ---- | C] () -- D:\WINDOWS\System32\dllcache\compact.wmz
[2010/09/12 21:53:43 | 000,097,117 | ---- | C] () -- D:\WINDOWS\System32\dllcache\mplayer2.hlp
[2010/09/12 21:53:43 | 000,022,060 | ---- | C] () -- D:\WINDOWS\System32\dllcache\npds.zip
[2010/09/12 21:53:43 | 000,018,286 | ---- | C] () -- D:\WINDOWS\System32\dllcache\mplayer2.inf
[2010/09/12 21:53:43 | 000,009,585 | ---- | C] () -- D:\WINDOWS\System32\dllcache\controls.css
[2010/09/12 21:53:43 | 000,008,298 | ---- | C] () -- D:\WINDOWS\System32\dllcache\contents.htm
[2010/09/12 21:53:43 | 000,006,878 | ---- | C] () -- D:\WINDOWS\System32\dllcache\controls.js
[2010/09/12 21:53:43 | 000,005,971 | ---- | C] () -- D:\WINDOWS\System32\dllcache\events.js
[2010/09/12 21:53:43 | 000,002,778 | ---- | C] () -- D:\WINDOWS\System32\dllcache\mplogoh.gif
[2010/09/12 21:53:43 | 000,002,545 | ---- | C] () -- D:\WINDOWS\System32\dllcache\mplogo.gif
[2010/09/12 21:53:43 | 000,001,885 | ---- | C] () -- D:\WINDOWS\System32\dllcache\mplayer2.cnt
[2010/09/12 21:53:43 | 000,000,999 | ---- | C] () -- D:\WINDOWS\System32\dllcache\bktrh.gif
[2010/09/12 21:53:43 | 000,000,773 | ---- | C] () -- D:\WINDOWS\System32\dllcache\cnth.gif
[2010/09/12 21:53:43 | 000,000,773 | ---- | C] () -- D:\WINDOWS\System32\dllcache\cnt.gif
[2010/09/12 21:53:43 | 000,000,772 | ---- | C] () -- D:\WINDOWS\System32\dllcache\cntd.gif
[2010/09/12 21:53:43 | 000,000,760 | ---- | C] () -- D:\WINDOWS\System32\dllcache\cloapph.gif
[2010/09/12 21:53:43 | 000,000,717 | ---- | C] () -- D:\WINDOWS\System32\dllcache\cloapp.gif
[2010/09/12 21:53:43 | 000,000,403 | ---- | C] () -- D:\WINDOWS\System32\dllcache\npdrmv2.zip
[2010/09/12 21:50:56 | 000,129,045 | ---- | C] () -- D:\WINDOWS\System32\drivers\cxthsfs2.cty
[2010/09/12 21:50:56 | 000,064,352 | ---- | C] () -- D:\WINDOWS\System32\drivers\ativmc20.cod
[2010/09/12 21:50:55 | 000,067,866 | ---- | C] () -- D:\WINDOWS\System32\drivers\netwlan5.img
[2010/09/12 21:46:34 | 000,019,280 | ---- | C] () -- D:\WINDOWS\Ascd_tmp.ini
[2010/09/12 21:46:32 | 000,005,810 | R--- | C] () -- D:\WINDOWS\System32\drivers\ASACPI.sys
[2010/09/12 21:46:24 | 000,005,824 | ---- | C] () -- D:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2010/09/12 21:42:14 | 000,000,079 | ---- | C] () -- D:\Documents and Settings\Paul\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2010/09/12 21:42:06 | 000,000,815 | ---- | C] () -- D:\Documents and Settings\Paul\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/09/12 21:41:50 | 000,001,024 | -H-- | C] () -- D:\Documents and Settings\Paul\ntuser.dat.LOG
[2010/09/12 21:41:50 | 000,000,178 | -HS- | C] () -- D:\Documents and Settings\Paul\ntuser.ini
[2010/09/12 21:41:49 | 001,048,576 | -H-- | C] () -- D:\Documents and Settings\Paul\NTUSER.DAT
[2010/09/12 21:40:54 | 000,008,192 | ---- | C] () -- D:\WINDOWS\REGLOCS.OLD
[2010/09/12 21:40:05 | 000,002,048 | --S- | C] () -- D:\WINDOWS\bootstat.dat
[2010/09/12 21:38:43 | 000,066,594 | ---- | C] () -- D:\WINDOWS\System32\dllcache\c_864.nls
[2010/09/12 21:38:43 | 000,066,082 | ---- | C] () -- D:\WINDOWS\System32\dllcache\c_870.nls
[2010/09/12 21:38:42 | 000,066,594 | ---- | C] () -- D:\WINDOWS\System32\dllcache\c_862.nls
[2010/09/12 21:38:42 | 000,066,594 | ---- | C] () -- D:\WINDOWS\System32\dllcache\c_858.nls
[2010/09/12 21:38:42 | 000,066,594 | ---- | C] () -- D:\WINDOWS\System32\dllcache\c_720.nls
[2010/09/12 21:38:42 | 000,066,082 | ---- | C] () -- D:\WINDOWS\System32\dllcache\c_708.nls
[2010/09/12 21:38:42 | 000,066,082 | ---- | C] () -- D:\WINDOWS\System32\dllcache\c_28596.nls
[2010/09/12 21:38:42 | 000,066,082 | ---- | C] () -- D:\WINDOWS\System32\dllcache\c_21025.nls
[2010/09/12 21:38:41 | 000,066,082 | ---- | C] () -- D:\WINDOWS\System32\dllcache\c_20924.nls
[2010/09/12 21:38:41 | 000,066,082 | ---- | C] () -- D:\WINDOWS\System32\dllcache\c_20880.nls
[2010/09/12 21:38:41 | 000,066,082 | ---- | C] () -- D:\WINDOWS\System32\dllcache\c_20871.nls
[2010/09/12 21:38:41 | 000,066,082 | ---- | C] () -- D:\WINDOWS\System32\dllcache\c_20838.nls
[2010/09/12 21:38:41 | 000,066,082 | ---- | C] () -- D:\WINDOWS\System32\dllcache\c_20833.nls
[2010/09/12 21:38:41 | 000,066,082 | ---- | C] () -- D:\WINDOWS\System32\dllcache\c_20424.nls
[2010/09/12 21:38:41 | 000,066,082 | ---- | C] () -- D:\WINDOWS\System32\dllcache\c_20423.nls
[2010/09/12 21:38:41 | 000,066,082 | ---- | C] () -- D:\WINDOWS\System32\dllcache\c_20420.nls
[2010/09/12 21:38:41 | 000,066,082 | ---- | C] () -- D:\WINDOWS\System32\dllcache\c_20297.nls
[2010/09/12 21:38:40 | 000,066,082 | ---- | C] () -- D:\WINDOWS\System32\dllcache\c_20285.nls
[2010/09/12 21:38:40 | 000,066,082 | ---- | C] () -- D:\WINDOWS\System32\dllcache\c_20284.nls
[2010/09/12 21:38:40 | 000,066,082 | ---- | C] () -- D:\WINDOWS\System32\dllcache\c_20280.nls
[2010/09/12 21:38:40 | 000,066,082 | ---- | C] () -- D:\WINDOWS\System32\dllcache\c_20278.nls
[2010/09/12 21:38:40 | 000,066,082 | ---- | C] () -- D:\WINDOWS\System32\dllcache\c_20277.nls
[2010/09/12 21:38:40 | 000,066,082 | ---- | C] () -- D:\WINDOWS\System32\dllcache\c_20273.nls
[2010/09/12 21:38:40 | 000,066,082 | ---- | C] () -- D:\WINDOWS\System32\dllcache\c_20269.nls
[2010/09/12 21:38:40 | 000,066,082 | ---- | C] () -- D:\WINDOWS\System32\dllcache\c_20108.nls
[2010/09/12 21:38:40 | 000,066,082 | ---- | C] () -- D:\WINDOWS\System32\dllcache\c_20107.nls
[2010/09/12 21:38:39 | 000,187,938 | ---- | C] () -- D:\WINDOWS\System32\dllcache\c_20005.nls
[2010/09/12 21:38:39 | 000,186,402 | ---- | C] () -- D:\WINDOWS\System32\dllcache\c_20001.nls
[2010/09/12 21:38:39 | 000,185,378 | ---- | C] () -- D:\WINDOWS\System32\dllcache\c_20003.nls
[2010/09/12 21:38:39 | 000,180,258 | ---- | C] () -- D:\WINDOWS\System32\dllcache\c_20004.nls
[2010/09/12 21:38:39 | 000,173,602 | ---- | C] () -- D:\WINDOWS\System32\dllcache\c_20002.nls
[2010/09/12 21:38:39 | 000,066,082 | ---- | C] () -- D:\WINDOWS\System32\dllcache\c_20106.nls
[2010/09/12 21:38:39 | 000,066,082 | ---- | C] () -- D:\WINDOWS\System32\dllcache\c_20105.nls
[2010/09/12 21:38:38 | 000,066,082 | ---- | C] () -- D:\WINDOWS\System32\dllcache\c_1149.nls
[2010/09/12 21:38:38 | 000,066,082 | ---- | C] () -- D:\WINDOWS\System32\dllcache\c_1148.nls
[2010/09/12 21:38:38 | 000,066,082 | ---- | C] () -- D:\WINDOWS\System32\dllcache\c_1147.nls
[2010/09/12 21:38:38 | 000,066,082 | ---- | C] () -- D:\WINDOWS\System32\dllcache\c_1146.nls
[2010/09/12 21:38:38 | 000,066,082 | ---- | C] () -- D:\WINDOWS\System32\dllcache\c_1145.nls
[2010/09/12 21:38:38 | 000,066,082 | ---- | C] () -- D:\WINDOWS\System32\dllcache\c_1144.nls
[2010/09/12 21:38:38 | 000,066,082 | ---- | C] () -- D:\WINDOWS\System32\dllcache\c_1143.nls
[2010/09/12 21:38:38 | 000,066,082 | ---- | C] () -- D:\WINDOWS\System32\dllcache\c_1142.nls
[2010/09/12 21:38:38 | 000,066,082 | ---- | C] () -- D:\WINDOWS\System32\dllcache\c_1141.nls
[2010/09/12 21:38:37 | 000,066,082 | ---- | C] () -- D:\WINDOWS\System32\dllcache\c_1140.nls
[2010/09/12 21:38:37 | 000,066,082 | ---- | C] () -- D:\WINDOWS\System32\dllcache\c_1047.nls
[2010/09/12 21:38:37 | 000,066,082 | ---- | C] () -- D:\WINDOWS\System32\dllcache\c_10021.nls
[2010/09/12 21:38:37 | 000,066,082 | ---- | C] () -- D:\WINDOWS\System32\dllcache\c_10005.nls
[2010/09/12 21:38:37 | 000,066,082 | ---- | C] () -- D:\WINDOWS\System32\dllcache\c_10004.nls
[2010/09/12 21:37:51 | 000,002,577 | ---- | C] () -- D:\WINDOWS\System32\CONFIG.NT
[2010/09/12 21:37:42 | 000,023,392 | ---- | C] () -- D:\WINDOWS\System32\nscompat.tlb
[2010/09/12 21:37:42 | 000,016,832 | ---- | C] () -- D:\WINDOWS\System32\amcompat.tlb
[2010/09/12 21:37:41 | 000,316,640 | ---- | C] () -- D:\WINDOWS\WMSysPr9.prx
[2010/09/12 21:36:48 | 000,000,488 | RH-- | C] () -- D:\WINDOWS\System32\WindowsLogon.manifest
[2010/09/12 21:36:48 | 000,000,488 | RH-- | C] () -- D:\WINDOWS\System32\logonui.exe.manifest
[2010/09/12 21:36:43 | 000,000,749 | RH-- | C] () -- D:\WINDOWS\System32\wuaucpl.cpl.manifest
[2010/09/12 21:36:43 | 000,000,749 | RH-- | C] () -- D:\WINDOWS\WindowsShell.Manifest
[2010/09/12 21:36:43 | 000,000,749 | RH-- | C] () -- D:\WINDOWS\System32\sapi.cpl.manifest
[2010/09/12 21:36:43 | 000,000,749 | RH-- | C] () -- D:\WINDOWS\System32\nwc.cpl.manifest
[2010/09/12 21:36:43 | 000,000,749 | RH-- | C] () -- D:\WINDOWS\System32\ncpa.cpl.manifest
[2010/09/12 21:36:43 | 000,000,749 | RH-- | C] () -- D:\WINDOWS\System32\cdplayer.exe.manifest
[2010/09/12 21:36:25 | 004,399,505 | ---- | C] () -- D:\WINDOWS\System32\dllcache\nls302en.lex
[2010/09/12 21:35:38 | 000,048,680 | -HS- | C] () -- D:\WINDOWS\winnt256.bmp
[2010/09/12 21:35:38 | 000,048,680 | -HS- | C] () -- D:\WINDOWS\winnt.bmp
[2010/09/12 21:35:28 | 000,000,984 | ---- | C] () -- D:\WINDOWS\System32\dllcache\srframe.mmf
[2010/09/12 21:33:59 | 000,021,640 | ---- | C] () -- D:\WINDOWS\System32\emptyregdb.dat
[2010/09/12 21:33:12 | 000,065,832 | ---- | C] () -- D:\WINDOWS\Santa Fe Stucco.bmp
[2010/09/12 21:33:12 | 000,026,680 | ---- | C] () -- D:\WINDOWS\River Sumida.bmp
[2010/09/12 21:33:12 | 000,017,362 | ---- | C] () -- D:\WINDOWS\Rhododendron.bmp
[2010/09/12 21:33:12 | 000,009,522 | ---- | C] () -- D:\WINDOWS\Zapotec.bmp
[2010/09/12 21:33:11 | 000,065,978 | ---- | C] () -- D:\WINDOWS\Soap Bubbles.bmp
[2010/09/12 21:33:11 | 000,065,954 | ---- | C] () -- D:\WINDOWS\Prairie Wind.bmp
[2010/09/12 21:33:11 | 000,026,582 | ---- | C] () -- D:\WINDOWS\Greenstone.bmp
[2010/09/12 21:33:11 | 000,017,336 | ---- | C] () -- D:\WINDOWS\Gone Fishing.bmp
[2010/09/12 21:33:11 | 000,017,062 | ---- | C] () -- D:\WINDOWS\Coffee Bean.bmp
[2010/09/12 21:33:11 | 000,016,730 | ---- | C] () -- D:\WINDOWS\FeatherTexture.bmp
[2010/09/12 21:33:11 | 000,001,272 | ---- | C] () -- D:\WINDOWS\Blue Lace 16.bmp
[2010/09/12 21:33:10 | 000,093,702 | ---- | C] () -- D:\WINDOWS\System32\subrange.uce
[2010/09/12 21:33:10 | 000,060,458 | ---- | C] () -- D:\WINDOWS\System32\ideograf.uce
[2010/09/12 21:33:10 | 000,024,006 | ---- | C] () -- D:\WINDOWS\System32\gb2312.uce
[2010/09/12 21:33:10 | 000,022,984 | ---- | C] () -- D:\WINDOWS\System32\bopomofo.uce
[2010/09/12 21:33:10 | 000,016,740 | ---- | C] () -- D:\WINDOWS\System32\shiftjis.uce
[2010/09/12 21:33:10 | 000,012,876 | ---- | C] () -- D:\WINDOWS\System32\korean.uce
[2010/09/12 21:33:10 | 000,008,484 | ---- | C] () -- D:\WINDOWS\System32\kanji_2.uce
[2010/09/12 21:33:10 | 000,006,948 | ---- | C] () -- D:\WINDOWS\System32\kanji_1.uce
[2010/09/12 21:33:08 | 000,003,286 | ---- | C] () -- D:\WINDOWS\System32\tslabels.h
[2010/09/12 21:33:08 | 000,001,161 | ---- | C] () -- D:\WINDOWS\System32\usrlogon.cmd
[2010/09/12 21:33:06 | 000,000,768 | ---- | C] () -- D:\WINDOWS\System32\msdtcprf.h
[2010/09/12 21:32:59 | 000,063,488 | ---- | C] () -- D:\WINDOWS\System32\wmimgmt.msc
[2008/05/16 14:01:00 | 001,703,936 | ---- | C] () -- D:\WINDOWS\System32\nvwdmcpl.dll
[2008/05/16 14:01:00 | 001,486,848 | ---- | C] () -- D:\WINDOWS\System32\nview.dll
[2008/05/16 14:01:00 | 001,019,904 | ---- | C] () -- D:\WINDOWS\System32\nvwimg.dll
[2008/05/16 14:01:00 | 000,466,944 | ---- | C] () -- D:\WINDOWS\System32\nvshell.dll
[2008/05/16 14:01:00 | 000,286,720 | ---- | C] () -- D:\WINDOWS\System32\nvnt4cpl.dll

========== LOP Check ==========

[2010/09/12 23:00:13 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\avg9
[2010/09/13 21:12:28 | 000,000,260 | ---- | M] () -- D:\WINDOWS\Tasks\WGASetup.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2010/09/13 21:11:36 | 1610,612,736 | -HS- | M] () -- D:\pagefile.sys
[2010/09/13 21:11:50 | 000,002,812 | ---- | M] () -- D:\SMax.log
[2010/09/12 22:14:52 | 000,002,812 | ---- | M] () -- D:\SMax.log.bak

< %systemroot%\Fonts\*.com >

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2010/09/12 21:37:23 | 000,000,067 | -HS- | M] () -- D:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2010/09/12 22:11:36 | 000,094,208 | ---- | M] () -- D:\WINDOWS\system32\config\default.sav
[2010/09/12 22:11:36 | 000,659,456 | ---- | M] () -- D:\WINDOWS\system32\config\software.sav
[2010/09/12 22:11:36 | 000,917,504 | ---- | M] () -- D:\WINDOWS\system32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2010/09/12 21:54:00 | 000,000,272 | -HS- | M] () -- D:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2010/09/12 21:59:35 | 000,000,119 | -HS- | M] () -- D:\Documents and Settings\Paul\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2010/09/12 21:42:14 | 000,000,079 | ---- | M] () -- D:\Documents and Settings\Paul\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2010/09/12 23:15:53 | 000,050,688 | ---- | M] (Atribune.org) -- D:\Documents and Settings\Paul\Desktop\ATF_Cleaner.exe
[2010/09/12 23:34:56 | 044,089,904 | ---- | M] () -- D:\Documents and Settings\Paul\Desktop\avira_antivir_personal_en.exe
[2010/09/12 23:11:59 | 000,812,344 | ---- | M] (Trend Micro Inc.) -- D:\Documents and Settings\Paul\Desktop\HJTInstall.exe
[2010/09/12 23:17:02 | 006,153,384 | ---- | M] (Malwarebytes Corporation ) -- D:\Documents and Settings\Paul\Desktop\mbam-setup.exe
[2010/09/13 21:15:06 | 000,576,000 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\Paul\Desktop\OTL.exe
[2010/09/12 22:54:58 | 006,275,448 | ---- | M] (Microsoft Corporation) -- D:\Documents and Settings\Paul\Desktop\Silverlight.exe
[2010/09/12 23:39:19 | 000,446,464 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\Paul\Desktop\TFC.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-09-13 02:07:11
< End of report >
2carrots
Active Member
 
Posts: 4
Joined: September 10th, 2010, 3:36 pm

Re: Blocked Websites

Unread postby 2carrots » September 13th, 2010, 4:39 pm

Extras.txt as follow

OTL Extras logfile created on: 13/09/2010 21:20:51 - Run 1
OTL by OldTimer - Version 3.2.12.0 Folder = D:\Documents and Settings\Paul\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1,007.00 Mb Total Physical Memory | 476.00 Mb Available Physical Memory | 47.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): D:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = D: | %SystemRoot% = D:\WINDOWS | %ProgramFiles% = D:\Program Files
Drive C: | 147.25 Gb Total Space | 113.20 Gb Free Space | 76.87% Space Free | Partition Type: NTFS
Drive D: | 39.05 Gb Total Space | 33.13 Gb Free Space | 84.83% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive J: | 446.77 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
Drive K: | 930.86 Gb Total Space | 539.36 Gb Free Space | 57.94% Space Free | Partition Type: NTFS

Computer Name: N-52643C1385FA4
Current User Name: Paul
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"D:\Program Files\AVG\AVG9\avgam.exe" = D:\Program Files\AVG\AVG9\avgam.exe:*:Enabled:avgam.exe -- (AVG Technologies CZ, s.r.o.)
"D:\Program Files\AVG\AVG9\avgdiagex.exe" = D:\Program Files\AVG\AVG9\avgdiagex.exe:*:Enabled:avgdiagex.exe -- (AVG Technologies CZ, s.r.o.)
"D:\Program Files\AVG\AVG9\avgemc.exe" = D:\Program Files\AVG\AVG9\avgemc.exe:*:Enabled:avgemc.exe -- (AVG Technologies CZ, s.r.o.)
"D:\Program Files\AVG\AVG9\avgupd.exe" = D:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"D:\Program Files\AVG\AVG9\avgnsx.exe" = D:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{C7EEF2B9-8C16-4A04-B98D-B1A952A47E55}" = Linksys Wireless-G USB Network Adapter
"AVG9Uninstall" = AVG 9.0
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"HijackThis" = HijackThis 2.0.2
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"NVIDIA Drivers" = NVIDIA Drivers
"Windows XP Service Pack" = Windows XP Service Pack 3

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/09/2010 17:37:28 | Computer Name = N-52643C1385FA4 | Source = Alert Manager Event Interface | ID = 257
Description =

Error - 12/09/2010 17:39:16 | Computer Name = N-52643C1385FA4 | Source = Alert Manager Event Interface | ID = 257
Description =

Error - 12/09/2010 17:39:59 | Computer Name = N-52643C1385FA4 | Source = Alert Manager Event Interface | ID = 257
Description =

Error - 12/09/2010 17:40:34 | Computer Name = N-52643C1385FA4 | Source = Alert Manager Event Interface | ID = 257
Description =

Error - 12/09/2010 17:41:13 | Computer Name = N-52643C1385FA4 | Source = Alert Manager Event Interface | ID = 257
Description =

Error - 12/09/2010 17:44:14 | Computer Name = N-52643C1385FA4 | Source = Alert Manager Event Interface | ID = 257
Description =

Error - 12/09/2010 17:45:12 | Computer Name = N-52643C1385FA4 | Source = Alert Manager Event Interface | ID = 257
Description =

[ System Events ]
Error - 12/09/2010 18:38:17 | Computer Name = N-52643C1385FA4 | Source = Service Control Manager | ID = 7034
Description = The NVIDIA Display Driver Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 12/09/2010 18:38:17 | Computer Name = N-52643C1385FA4 | Source = Service Control Manager | ID = 7034
Description = The WUSB54GSv2SVC service terminated unexpectedly. It has done this
1 time(s).

Error - 12/09/2010 18:38:18 | Computer Name = N-52643C1385FA4 | Source = Service Control Manager | ID = 7031
Description = The AVG WatchDog service terminated unexpectedly. It has done this
1 time(s). The following corrective action will be taken in 0 milliseconds: Restart
the service.

Error - 12/09/2010 18:39:24 | Computer Name = N-52643C1385FA4 | Source = Service Control Manager | ID = 7034
Description = The AVG E-mail Scanner service terminated unexpectedly. It has done
this 1 time(s).

Error - 12/09/2010 18:39:24 | Computer Name = N-52643C1385FA4 | Source = Service Control Manager | ID = 7031
Description = The AVG WatchDog service terminated unexpectedly. It has done this
1 time(s). The following corrective action will be taken in 0 milliseconds: Restart
the service.

Error - 12/09/2010 18:43:09 | Computer Name = N-52643C1385FA4 | Source = SideBySide | ID = 16842784
Description = Dependent Assembly Microsoft.VC90.CRT could not be found and Last
Error was The referenced assembly is not installed on your system.

Error - 12/09/2010 18:43:09 | Computer Name = N-52643C1385FA4 | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.VC90.CRT. Reference error
message: The referenced assembly is not installed on your system. .

Error - 12/09/2010 18:43:09 | Computer Name = N-52643C1385FA4 | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for D:\DOCUME~1\Paul\LOCALS~1\Temp\RarSFX0\redist.dll.
Reference
error message: The operation completed successfully. .


< End of report >
2carrots
Active Member
 
Posts: 4
Joined: September 10th, 2010, 3:36 pm

Re: Blocked Websites

Unread postby askey127 » September 14th, 2010, 7:04 am

2carrots,
It looks like the AVG antivirus is still installed (and running).
Would you please double check whether it shows in Add/Remove Programs, and if so, choose to remove it.
Let me know.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Blocked Websites

Unread postby askey127 » September 17th, 2010, 7:42 am

Due to Lack of Response this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 335 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware