OTL logfile created on: 9/3/2011 2:18:22 PM - Run 1
OTL by OldTimer - Version 3.2.27.0 Folder = C:\Users\isis\Downloads
Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1.19 Gb Total Physical Memory | 0.87 Gb Available Physical Memory | 73.54% Memory free
2.37 Gb Paging File | 1.79 Gb Available in Paging File | 75.49% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 122.56 Gb Free Space | 82.23% Space Free | Partition Type: NTFS
Computer Name: ISIS-PC | User Name: isis | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ========== PRC - [2011/09/03 14:16:29 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\isis\Downloads\OTL.exe
PRC - [2011/07/06 19:52:38 | 000,449,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/05/15 15:53:20 | 000,325,512 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
PRC - [2011/03/15 17:59:32 | 000,312,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
PRC - [2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 08:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/04/14 07:43:42 | 000,604,704 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SOUNDMAN.EXE
PRC - [2004/07/26 00:38:28 | 000,045,056 | ---- | M] ( ) -- C:\Windows\System32\slserv.exe
========== Modules (No Company Name) ========== MOD - [2011/05/22 13:21:36 | 000,093,696 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll
MOD - [2011/04/14 21:01:33 | 000,548,854 | ---- | M] () -- C:\Program Files\BillP Studios\WinPatrol\sqlite3.dll
========== Win32 Services (SafeList) ========== SRV - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/06/11 23:36:11 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/07/13 21:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2004/07/26 00:38:28 | 000,045,056 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\slserv.exe -- (SLService)
========== Driver Services (SafeList) ========== DRV - [2011/07/06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010/11/20 08:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 08:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 08:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 06:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 06:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010/11/20 05:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 05:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009/07/13 19:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\serial.sys -- (Serial)
DRV - [2009/07/13 19:12:52 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2009/07/13 18:02:53 | 000,044,032 | ---- | M] (VIA Technologies, Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\fetnd6.sys -- (FETNDIS)
DRV - [2009/07/13 18:02:50 | 000,211,456 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
DRV - [2009/07/13 18:02:46 | 001,096,704 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/06/18 19:45:02 | 004,172,832 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVAC.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2006/06/02 05:37:58 | 000,236,800 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RT2500.sys -- (RT2500)
DRV - [2004/05/13 02:58:20 | 001,303,128 | ---- | M] ( ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mtlstrm.sys -- (Mtlstrm)
DRV - [2004/05/03 06:10:58 | 000,013,920 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\RecAgent.sys -- (RecAgent)
DRV - [2004/05/03 06:08:40 | 000,635,952 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\slntamr.sys -- (Slntamr)
DRV - [2004/05/03 06:06:08 | 000,095,768 | ---- | M] ( ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\slnthal.sys -- (SlNtHal)
DRV - [2004/05/03 06:03:04 | 000,230,664 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mtlmnt5.sys -- (Mtlmnt5)
DRV - [2004/05/03 05:55:38 | 000,180,640 | ---- | M] ( ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ntmtlfax.sys -- (NtMtlFax)
DRV - [2004/05/03 05:44:54 | 000,013,288 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\slwdmsup.sys -- (SlWdmSup)
DRV - [2004/02/23 21:08:52 | 000,400,384 | ---- | M] (Sensaura) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\alcxsens.sys -- (ALCXSENS)
========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1720305724-1132477395-487832035-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache =
http://www.msn.com/?ocid=iehpIE - HKU\S-1-5-21-1720305724-1132477395-487832035-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-1720305724-1132477395-487832035-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 28 B8 2F E6 80 3A CC 01 [binary data]
IE - HKU\S-1-5-21-1720305724-1132477395-487832035-1000\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-1720305724-1132477395-487832035-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=685749"
FF - prefs.js..browser.search.selectedEngine: "Bing"
FF - prefs.js..browser.startup.homepage: "http://www.msn.com/?pc=Z128&install_date=20110818"
FF - prefs.js..keyword.URL: "http://www.bing.com/search?pc=Z128&form=ZGAADF&install_date=20110818&q="
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\isis\AppData\Local\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\isis\AppData\Local\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/07/21 09:50:40 | 000,000,000 | ---D | M]
[2011/06/11 12:26:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\isis\AppData\Roaming\Mozilla\Extensions
[2011/08/30 12:15:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\isis\AppData\Roaming\Mozilla\Firefox\Profiles\q9905z3n.default\extensions
[2011/08/17 13:02:07 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\isis\AppData\Roaming\Mozilla\Firefox\Profiles\q9905z3n.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/08/18 12:20:20 | 000,001,945 | ---- | M] () -- C:\Users\isis\AppData\Roaming\Mozilla\Firefox\Profiles\q9905z3n.default\searchplugins\bing-zugo.xml
[2011/09/02 22:27:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/08/12 09:13:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/07/21 09:50:39 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml.old
O1 HOSTS File: ([2011/08/19 09:52:25 | 000,436,398 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1
www.007guard.comO1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1
www.008k.comO1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1
www.00hq.comO1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1
www.032439.comO1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1
www.0scan.comO1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1
www.1000gratisproben.comO1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1
www.1001namen.comO1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1
www.100888290cs.comO1 - Hosts: 127.0.0.1
www.100sexlinks.comO1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1
www.10sek.comO1 - Hosts: 127.0.0.1
www.1-2005-search.comO1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 15018 more lines...
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - File not found
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] File not found
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SoundMan] C:\Windows\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{26E8A79F-0978-43D9-B816-75A3C529E62D}: DhcpNameServer = 192.168.1.1 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7DFD0662-4948-40A9-869F-D187FE37FAB3}: DhcpNameServer = 192.168.1.254 192.168.0.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ========== [2011/08/30 12:14:57 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt
[2011/08/30 09:50:51 | 000,000,000 | ---D | C] -- C:\Users\isis\AppData\Roaming\Process Hacker 2
[2011/08/29 23:30:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Process Hacker 2
[2011/08/29 23:30:26 | 000,000,000 | ---D | C] -- C:\Program Files\Process Hacker 2
[2011/08/29 22:57:35 | 000,000,000 | ---D | C] -- C:\Users\isis\AppData\Roaming\TuneUp Software
[2011/08/29 22:56:46 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2011/08/29 22:56:29 | 000,000,000 | -HSD | C] -- C:\ProgramData\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
[2011/08/29 22:40:25 | 000,000,000 | ---D | C] -- C:\Users\isis\AppData\Roaming\WinPatrol
[2011/08/29 22:40:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPatrol
[2011/08/29 22:40:17 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate
[2011/08/29 22:40:17 | 000,000,000 | ---D | C] -- C:\Program Files\BillP Studios
[2011/08/29 22:14:15 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/08/24 16:01:49 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/08/24 16:01:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2011/08/24 16:01:05 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/08/23 14:41:53 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2011/08/22 16:12:19 | 000,000,000 | ---D | C] -- C:\Windows\System32\SPReview
[2011/08/22 16:11:19 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2011/08/18 12:21:57 | 000,000,000 | ---D | C] -- C:\Users\isis\AppData\Roaming\FileZilla
[2011/08/18 12:21:34 | 000,000,000 | ---D | C] -- C:\Users\isis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
[2011/08/18 12:21:31 | 000,000,000 | ---D | C] -- C:\Program Files\FileZilla FTP Client
[2011/08/18 12:15:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2011/08/18 12:15:31 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2011/08/16 10:04:05 | 000,000,000 | ---D | C] -- C:\Users\isis\Desktop\Memories
[2011/08/14 11:12:41 | 000,000,000 | ---D | C] -- C:\Users\isis\AppData\Roaming\OpenOffice.org
[2011/08/12 09:16:09 | 000,000,000 | ---D | C] -- C:\Users\isis\AppData\Roaming\ParetoLogic
[2011/08/12 09:16:09 | 000,000,000 | ---D | C] -- C:\Users\isis\AppData\Roaming\DriverCure
[2011/08/12 09:15:29 | 000,000,000 | ---D | C] -- C:\ProgramData\ParetoLogic
[2011/08/12 09:15:29 | 000,000,000 | ---D | C] -- C:\Program Files\ParetoLogic
[2011/08/12 09:13:32 | 000,000,000 | ---D | C] -- C:\Program Files\OpenOffice.org 3
[2011/08/12 09:13:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2011/08/12 09:13:15 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2011/08/11 20:39:42 | 000,000,000 | ---D | C] -- C:\Users\isis\AppData\Local\SoftGrid Client
[2011/08/11 20:39:05 | 000,000,000 | ---D | C] -- C:\Users\isis\AppData\Roaming\SoftGrid Client
[2011/08/11 20:32:13 | 000,000,000 | ---D | C] -- C:\Users\isis\AppData\Roaming\TP
[2011/08/11 10:53:37 | 000,000,000 | ---D | C] -- C:\Users\isis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011/08/11 10:52:01 | 000,000,000 | ---D | C] -- C:\Users\isis\AppData\Local\Google
[2011/08/10 17:18:18 | 003,967,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011/08/10 17:18:18 | 003,912,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011/08/10 17:01:57 | 000,319,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbcjt32.dll
[2011/08/10 17:01:57 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbctrac.dll
[2011/08/10 17:01:57 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbccp32.dll
[2011/08/10 17:01:57 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbccu32.dll
[2011/08/10 17:01:57 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbccr32.dll
[2011/08/10 17:01:42 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
[2011/08/10 17:01:42 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2011/08/10 17:01:42 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
[2011/08/10 17:01:42 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
[2011/08/10 17:01:42 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
[2011/08/10 17:01:42 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
[2011/08/10 17:01:42 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
[2011/08/10 17:01:42 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
[2011/08/10 17:01:42 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
[2011/08/10 17:01:42 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
[2011/08/10 17:01:42 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
[2011/08/10 17:01:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
[2011/08/10 17:01:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
[2011/08/10 17:01:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
[2011/08/10 17:01:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
[2011/08/10 17:01:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/08/10 17:01:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
[2011/08/10 17:01:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
[2011/08/10 17:01:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
[2011/08/10 17:01:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
[2011/08/10 17:01:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
[2011/08/10 17:01:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
[2011/08/10 17:01:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
[2011/08/10 17:01:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
[2011/08/10 17:01:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
[2011/08/10 17:01:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
[2011/08/10 17:01:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
[2011/08/10 17:01:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
[2011/08/10 17:01:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
[2011/08/10 17:01:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
[2011/08/10 17:00:47 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/08/10 17:00:47 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/08/10 17:00:46 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/08/10 17:00:46 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011/08/10 17:00:46 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/08/08 19:26:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011/08/08 19:26:13 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/08/04 17:50:25 | 000,000,000 | ---D | C] -- C:\Users\isis\AppData\Roaming\Malwarebytes
[2011/08/04 17:50:16 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/08/04 17:50:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/08/04 17:50:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/08/04 17:50:11 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/08/04 17:50:11 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/08/04 17:31:51 | 000,000,000 | ---D | C] -- C:\Users\isis\AppData\Roaming\AVG10
[2011/08/04 17:30:19 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2011/08/04 17:25:13 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG10
[2011/08/04 17:25:13 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\AVG
[2011/08/04 17:24:39 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2011/06/10 20:58:18 | 000,635,952 | ---- | C] ( ) -- C:\Windows\System32\drivers\slntamr.sys
[2011/06/10 20:58:18 | 000,095,768 | ---- | C] ( ) -- C:\Windows\System32\drivers\slnthal.sys
[2011/06/10 20:58:18 | 000,045,056 | ---- | C] ( ) -- C:\Windows\System32\slserv.exe
[2011/06/10 20:58:18 | 000,013,920 | ---- | C] ( ) -- C:\Windows\System32\drivers\RecAgent.sys
[2011/06/10 20:58:18 | 000,013,288 | ---- | C] ( ) -- C:\Windows\System32\drivers\slwdmsup.sys
[2011/06/10 20:58:17 | 001,303,128 | ---- | C] ( ) -- C:\Windows\System32\drivers\mtlstrm.sys
[2011/06/10 20:58:17 | 000,230,664 | ---- | C] ( ) -- C:\Windows\System32\drivers\mtlmnt5.sys
[2011/06/10 20:58:17 | 000,180,640 | ---- | C] ( ) -- C:\Windows\System32\drivers\ntmtlfax.sys
========== Files - Modified Within 30 Days ========== [2011/09/03 14:01:23 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1720305724-1132477395-487832035-1000UA.job
[2011/09/03 14:00:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/09/03 11:16:38 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1720305724-1132477395-487832035-1000Core.job
[2011/09/02 22:35:11 | 000,007,614 | ---- | M] () -- C:\Users\isis\AppData\Local\resmon.resmoncfg
[2011/09/02 22:33:19 | 000,014,960 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/09/02 22:33:19 | 000,014,960 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/09/02 22:23:28 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2011/09/02 19:22:27 | 000,000,314 | -HS- | M] () -- C:\Windows\tasks\EPYFNMH.job
[2011/09/02 19:22:05 | 955,949,056 | -HS- | M] () -- C:\hiberfil.sys
[2011/08/31 11:00:56 | 000,002,391 | ---- | M] () -- C:\Users\isis\Desktop\Google Chrome.lnk
[2011/08/30 22:19:23 | 000,056,754 | ---- | M] () -- C:\Users\isis\Documents\102.png
[2011/08/30 16:52:10 | 000,011,315 | ---- | M] () -- C:\Users\isis\Documents\quotio.png
[2011/08/29 23:30:27 | 000,001,978 | ---- | M] () -- C:\Users\isis\Desktop\Process Hacker 2.lnk
[2011/08/29 22:12:13 | 000,624,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/08/29 22:12:13 | 000,106,522 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/08/25 23:05:49 | 000,018,298 | ---- | M] () -- C:\Users\isis\Documents\NOIRET.png
[2011/08/24 16:01:09 | 000,000,894 | ---- | M] () -- C:\Users\isis\Desktop\NTREGOPT.lnk
[2011/08/24 16:01:09 | 000,000,875 | ---- | M] () -- C:\Users\isis\Desktop\ERUNT.lnk
[2011/08/24 01:42:16 | 000,000,296 | ---- | M] () -- C:\Users\isis\Documents\dd.rtf
[2011/08/23 19:48:57 | 003,784,744 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/08/23 17:45:24 | 001,108,600 | ---- | M] () -- C:\Users\isis\Desktop\NOIRET.ai
[2011/08/23 17:37:43 | 000,007,577 | ---- | M] () -- C:\Users\isis\Documents\brave.png
[2011/08/23 17:02:46 | 000,009,996 | ---- | M] () -- C:\Users\isis\Documents\noiret2.png
[2011/08/23 02:46:01 | 000,000,344 | ---- | M] () -- C:\Users\isis\Documents\Document.rtf
[2011/08/22 16:25:12 | 000,152,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msclmd.dll
[2011/08/18 12:21:38 | 000,001,946 | ---- | M] () -- C:\Users\isis\Desktop\FileZilla Client.lnk
[2011/08/17 11:39:49 | 000,012,060 | ---- | M] () -- C:\Users\isis\Documents\neal.png
[2011/08/15 08:59:24 | 000,203,224 | ---- | M] () -- C:\Users\isis\Desktop\1929.6.115_1a.jpg
[2011/08/11 23:41:14 | 000,000,147 | ---- | M] () -- C:\Windows\wininit.ini
[2011/08/10 17:18:18 | 003,967,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011/08/10 17:18:18 | 003,912,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011/08/10 17:01:57 | 000,319,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\odbcjt32.dll
[2011/08/10 17:01:57 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\odbctrac.dll
[2011/08/10 17:01:57 | 000,122,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\odbccp32.dll
[2011/08/10 17:01:57 | 000,086,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\odbccu32.dll
[2011/08/10 17:01:57 | 000,081,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\odbccr32.dll
[2011/08/10 17:01:42 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
[2011/08/10 17:01:42 | 000,169,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2011/08/10 17:01:42 | 000,006,144 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
[2011/08/10 17:01:42 | 000,005,120 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
[2011/08/10 17:01:42 | 000,004,608 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
[2011/08/10 17:01:42 | 000,004,608 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
[2011/08/10 17:01:42 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
[2011/08/10 17:01:42 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
[2011/08/10 17:01:42 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
[2011/08/10 17:01:42 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
[2011/08/10 17:01:42 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
[2011/08/10 17:01:42 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
[2011/08/10 17:01:42 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
[2011/08/10 17:01:42 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
[2011/08/10 17:01:42 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
[2011/08/10 17:01:42 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/08/10 17:01:42 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
[2011/08/10 17:01:42 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
[2011/08/10 17:01:42 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
[2011/08/10 17:01:42 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
[2011/08/10 17:01:42 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
[2011/08/10 17:01:42 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
[2011/08/10 17:01:42 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
[2011/08/10 17:01:42 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
[2011/08/10 17:01:42 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
[2011/08/10 17:01:42 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
[2011/08/10 17:01:42 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
[2011/08/10 17:01:42 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
[2011/08/10 17:01:42 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
[2011/08/10 17:01:42 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
[2011/08/10 17:00:47 | 000,599,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/08/10 17:00:47 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/08/10 17:00:46 | 001,638,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/08/10 17:00:46 | 000,132,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011/08/10 17:00:46 | 000,048,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/08/04 17:50:16 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/08/04 17:36:14 | 126,853,854 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm.prepare
========== Files Created - No Company Name ========== [2011/08/30 22:19:22 | 000,056,754 | ---- | C] () -- C:\Users\isis\Documents\102.png
[2011/08/30 16:52:10 | 000,011,315 | ---- | C] () -- C:\Users\isis\Documents\quotio.png
[2011/08/29 23:30:27 | 000,001,978 | ---- | C] () -- C:\Users\isis\Desktop\Process Hacker 2.lnk
[2011/08/25 23:05:48 | 000,018,298 | ---- | C] () -- C:\Users\isis\Documents\NOIRET.png
[2011/08/24 16:01:09 | 000,000,894 | ---- | C] () -- C:\Users\isis\Desktop\NTREGOPT.lnk
[2011/08/24 16:01:09 | 000,000,875 | ---- | C] () -- C:\Users\isis\Desktop\ERUNT.lnk
[2011/08/24 01:42:15 | 000,000,296 | ---- | C] () -- C:\Users\isis\Documents\dd.rtf
[2011/08/23 17:37:43 | 000,007,577 | ---- | C] () -- C:\Users\isis\Documents\brave.png
[2011/08/23 17:02:45 | 000,009,996 | ---- | C] () -- C:\Users\isis\Documents\noiret2.png
[2011/08/23 13:26:47 | 001,108,600 | ---- | C] () -- C:\Users\isis\Desktop\NOIRET.ai
[2011/08/23 02:46:01 | 000,000,344 | ---- | C] () -- C:\Users\isis\Documents\Document.rtf
[2011/08/18 12:21:38 | 000,001,946 | ---- | C] () -- C:\Users\isis\Desktop\FileZilla Client.lnk
[2011/08/17 11:39:48 | 000,012,060 | ---- | C] () -- C:\Users\isis\Documents\neal.png
[2011/08/15 08:59:38 | 000,203,224 | ---- | C] () -- C:\Users\isis\Desktop\1929.6.115_1a.jpg
[2011/08/11 23:48:23 | 000,007,614 | ---- | C] () -- C:\Users\isis\AppData\Local\resmon.resmoncfg
[2011/08/11 10:53:42 | 000,002,391 | ---- | C] () -- C:\Users\isis\Desktop\Google Chrome.lnk
[2011/08/11 10:52:03 | 000,000,904 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1720305724-1132477395-487832035-1000UA.job
[2011/08/11 10:52:02 | 000,000,852 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1720305724-1132477395-487832035-1000Core.job
[2011/08/10 19:27:14 | 000,000,147 | ---- | C] () -- C:\Windows\wininit.ini
[2011/08/04 17:50:16 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/08/04 17:33:07 | 126,853,854 | ---- | C] () -- C:\Windows\System32\drivers\AVG\incavi.avm.prepare
[2011/08/02 13:42:10 | 000,065,536 | RHS- | C] () -- C:\Windows\System32\odbcad32Q.dll
[2011/06/16 18:58:36 | 000,000,132 | ---- | C] () -- C:\Users\isis\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011/06/16 16:20:17 | 000,001,456 | ---- | C] () -- C:\Users\isis\AppData\Local\Adobe Save for Web 12.0 Prefs
[2011/06/13 09:04:32 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011/06/13 09:02:20 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/06/11 23:27:34 | 000,001,048 | ---- | C] () -- C:\Windows\System32\drivers\alcxinit.dat
[2011/06/11 23:22:21 | 000,086,016 | ---- | C] () -- C:\Windows\System32\test.dll
[2011/06/10 20:58:18 | 000,196,608 | ---- | C] () -- C:\Windows\System32\slextspk.dll
[2011/06/10 20:58:18 | 000,163,840 | ---- | C] () -- C:\Windows\System32\SLGen.dll
[2011/06/10 20:58:18 | 000,024,576 | ---- | C] () -- C:\Windows\slrundll.exe
[2011/06/10 20:58:16 | 000,049,152 | ---- | C] () -- C:\Windows\System32\coinst.dll
[2009/07/14 00:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 00:33:53 | 003,784,744 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/13 22:05:48 | 000,624,178 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/13 22:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/13 22:05:48 | 000,106,522 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/13 22:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/13 22:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/13 22:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 19:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 19:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2009/04/14 07:43:32 | 000,154,144 | ---- | C] () -- C:\Windows\System32\RTLCPAPI.dll
========== LOP Check ========== [2011/08/04 17:31:51 | 000,000,000 | ---D | M] -- C:\Users\isis\AppData\Roaming\AVG10
[2011/06/15 22:08:16 | 000,000,000 | ---D | M] -- C:\Users\isis\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/06/15 15:14:02 | 000,000,000 | ---D | M] -- C:\Users\isis\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2011/08/12 09:16:09 | 000,000,000 | ---D | M] -- C:\Users\isis\AppData\Roaming\DriverCure
[2011/08/18 14:09:21 | 000,000,000 | ---D | M] -- C:\Users\isis\AppData\Roaming\FileZilla
[2011/07/05 10:23:53 | 000,000,000 | ---D | M] -- C:\Users\isis\AppData\Roaming\Foxit Software
[2011/08/17 13:42:09 | 000,000,000 | ---D | M] -- C:\Users\isis\AppData\Roaming\IObit
[2011/08/14 11:12:41 | 000,000,000 | ---D | M] -- C:\Users\isis\AppData\Roaming\OpenOffice.org
[2011/08/12 09:16:09 | 000,000,000 | ---D | M] -- C:\Users\isis\AppData\Roaming\ParetoLogic
[2011/08/30 09:50:51 | 000,000,000 | ---D | M] -- C:\Users\isis\AppData\Roaming\Process Hacker 2
[2011/08/29 22:01:12 | 000,000,000 | ---D | M] -- C:\Users\isis\AppData\Roaming\SoftGrid Client
[2011/06/24 11:00:43 | 000,000,000 | ---D | M] -- C:\Users\isis\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011/08/11 20:39:23 | 000,000,000 | ---D | M] -- C:\Users\isis\AppData\Roaming\TP
[2011/08/29 22:57:36 | 000,000,000 | ---D | M] -- C:\Users\isis\AppData\Roaming\TuneUp Software
[2011/08/29 22:40:25 | 000,000,000 | ---D | M] -- C:\Users\isis\AppData\Roaming\WinPatrol
[2011/09/02 19:22:27 | 000,000,314 | -HS- | M] () -- C:\Windows\Tasks\EPYFNMH.job
[2009/07/14 00:53:46 | 000,022,142 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ========== < End of report >
---------------------
OTL Extras logfile created on: 9/3/2011 2:18:22 PM - Run 1
OTL by OldTimer - Version 3.2.27.0 Folder = C:\Users\isis\Downloads
Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1.19 Gb Total Physical Memory | 0.87 Gb Available Physical Memory | 73.54% Memory free
2.37 Gb Paging File | 1.79 Gb Available in Paging File | 75.49% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 122.56 Gb Free Space | 82.23% Space Free | Partition Type: NTFS
Computer Name: ISIS-PC | User Name: isis | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-1720305724-1132477395-487832035-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ========== ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{007811BF-E310-4285-BFC6-55DB29B3EDDE}" = WinPatrol
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{23767F5D-A80C-4264-B8EA-ED4085FC332A}" = Adobe Illustrator CS5.1
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{5D90E53A-BD7C-8F32-9B82-7733D0F0BC8E}" = Adobe Download Assistant
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{9158FF30-78D7-40EF-B83E-451AC5334640}" = Adobe Photoshop CS5.1
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9C2F9B2C-1585-43AD-9EF9-48AAD60DFC04}" = Microsoft IntelliPoint 8.1
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{E91E8912-769D-42F0-8408-0E329443BABC}" = Ralink Wireless LAN Card
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"7-Zip" = 7-Zip 9.22beta
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"ERUNT_is1" = ERUNT 1.1j
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft IntelliPoint 8.1" = Microsoft IntelliPoint 8.1
"Mozilla Firefox 5.0 (x86 en-US)" = Mozilla Firefox 5.0 (x86 en-US)
"Process_Hacker2_is1" = Process Hacker 2.20
========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-1720305724-1132477395-487832035-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"FileZilla Client" = FileZilla Client 3.5.0
"Google Chrome" = Google Chrome
========== Last 10 Event Log Errors ========== [ Application Events ]
Error - 8/11/2011 8:45:49 PM | Computer Name = isis-PC | Source = Application Virtualization Client | ID = 6001
Description =
Error - 8/12/2011 10:47:40 AM | Computer Name = isis-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program files\spybot
- search & destroy\DelZip179.dll" on line 8. The value "*" of attribute "language"
in element "assemblyIdentity" is invalid.
Error - 8/15/2011 5:19:17 PM | Computer Name = isis-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program files\spybot
- search & destroy\DelZip179.dll" on line 8. The value "*" of attribute "language"
in element "assemblyIdentity" is invalid.
Error - 8/16/2011 10:03:14 PM | Computer Name = isis-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program files\spybot
- search & destroy\DelZip179.dll" on line 8. The value "*" of attribute "language"
in element "assemblyIdentity" is invalid.
Error - 8/17/2011 1:31:16 PM | Computer Name = isis-PC | Source = Application Hang | ID = 1002
Description = The program Illustrator.exe version 15.1.0.39 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 3f0 Start
Time: 01cc5cf10bfca77c Termination Time: 287 Application Path: C:\Program Files\Adobe\Adobe
Illustrator CS5.1\Support Files\Contents\Windows\Illustrator.exe Report Id: 9ecaef82-c8f6-11e0-b05f-0040d0638be2
Error - 8/19/2011 3:16:15 PM | Computer Name = isis-PC | Source = IMFservice | ID = 0
Description =
Error - 8/19/2011 3:16:15 PM | Computer Name = isis-PC | Source = IMFservice | ID = 0
Description =
Error - 8/22/2011 5:37:35 PM | Computer Name = isis-PC | Source = ESENT | ID = 215
Description = WinMail (2332) WindowsMail0: The backup has been stopped because it
was halted by the client or the connection with the client failed.
Error - 8/23/2011 12:19:38 AM | Computer Name = isis-PC | Source = Application Error | ID = 1000
Description = Faulting application name: ToolbarUpdaterService.exe, version: 0.0.0.0,
time stamp: 0x4e205299 Faulting module name: msxml3.dll, version: 8.110.7601.17514,
time stamp: 0x4ce7b8e9 Exception code: 0xc0000005 Fault offset: 0x00032531 Faulting
process id: 0x14c Faulting application start time: 0x01cc611310699bb2 Faulting application
path: C:\Program Files\StartNow Toolbar\ToolbarUpdaterService.exe Faulting module
path: C:\Windows\System32\msxml3.dll Report Id: 1d478391-cd3f-11e0-849a-0040d0638be2
Error - 8/29/2011 10:02:01 PM | Computer Name = isis-PC | Source = VSS | ID = 8193
Description =
[ System Events ]
Error - 8/31/2011 9:59:06 PM | Computer Name = isis-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the Netman service.
Error - 9/1/2011 9:12:41 AM | Computer Name = isis-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the Netman service.
Error - 9/1/2011 5:02:29 PM | Computer Name = isis-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the Netman service.
Error - 9/1/2011 5:48:22 PM | Computer Name = isis-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 5:46:36 PM on ?9/?1/?2011 was unexpected.
Error - 9/1/2011 5:48:11 PM | Computer Name = isis-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
Description = Some processor performance power management features have been disabled
due to a known firmware problem. Check with the computer manufacturer for updated
firmware.
Error - 9/1/2011 5:48:28 PM | Computer Name = isis-PC | Source = Service Control Manager | ID = 7001
Description = The SBSD Security Center Service service depends on the Security Center
service which failed to start because of the following error: %%1058
Error - 9/1/2011 5:48:29 PM | Computer Name = isis-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
cdrom
Error - 9/1/2011 5:49:11 PM | Computer Name = isis-PC | Source = WMPNetworkSvc | ID = 866300
Description =
Error - 9/1/2011 6:40:49 PM | Computer Name = isis-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 6:30:11 PM on ?9/?1/?2011 was unexpected.
Error - 9/1/2011 6:40:38 PM | Computer Name = isis-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
Description = Some processor performance power management features have been disabled
due to a known firmware problem. Check with the computer manufacturer for updated
firmware.
< End of report >