OTL logfile created on: 11/1/2011 1:36:42 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Lisa\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1.75 Gb Total Physical Memory | 0.91 Gb Available Physical Memory | 52.29% Memory free
3.50 Gb Paging File | 1.99 Gb Available in Paging File | 56.81% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285.99 Gb Total Space | 196.88 Gb Free Space | 68.84% Space Free | Partition Type: NTFS
Drive D: | 1023.47 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
Computer Name: LISA-PC | User Name: Lisa | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ========== PRC - C:\Users\Lisa\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\Lisa\AppData\Local\Google\Update\1.3.21.79\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe (Affinegy, Inc.)
PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\Program Files (x86)\AWS\WeatherBug\Weather.exe (AWS Convergence Technologies, Inc.)
PRC - C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe (Acer Incorporated)
PRC - C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe (Acer)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe ()
========== Modules (No Company Name) ========== MOD - C:\Users\Lisa\AppData\Local\Google\Chrome\Application\15.0.874.106\ppgooglenaclpluginchrome.dll ()
MOD - C:\Users\Lisa\AppData\Local\Google\Chrome\Application\15.0.874.106\pdf.dll ()
MOD - C:\Users\Lisa\AppData\Local\Google\Chrome\Application\15.0.874.106\avutil-51.dll ()
MOD - C:\Users\Lisa\AppData\Local\Google\Chrome\Application\15.0.874.106\avformat-53.dll ()
MOD - C:\Users\Lisa\AppData\Local\Google\Chrome\Application\15.0.874.106\avcodec-53.dll ()
MOD - C:\Users\Lisa\AppData\Local\Google\Chrome\Application\15.0.874.106\gcswf32.dll ()
========== Win32 Services (SafeList) ========== SRV:
64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:
64bit: - (Belkin Local Backup Service) -- C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe ()
SRV:
64bit: - (Belkin Network USB Helper) -- C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe ()
SRV:
64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:
64bit: - (Updater Service) -- C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe (Acer)
SRV:
64bit: - (ForceWare Intelligent Application Manager (IAM)) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe ()
SRV:
64bit: - (nSvcIp) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe ()
SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (AffinegyService) -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe (Affinegy, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (ACDaemon) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (Greg_Service) -- C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe (Acer Incorporated)
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (GameConsoleService) -- C:\Program Files (x86)\eMachines Games\eMachines Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (SBSDWSCService) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (IJPLMSVC) -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe ()
========== Driver Services (SafeList) ========== DRV:
64bit: - (Avgrkx64) -- C:\Windows\SysNative\drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.)
DRV:
64bit: - (Avgmfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.)
DRV:
64bit: - (Avgtdia) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.)
DRV:
64bit: - (AVGIDSFilter) -- C:\Windows\SysNative\drivers\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. )
DRV:
64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\drivers\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. )
DRV:
64bit: - (AVGIDSEH) -- C:\Windows\SysNative\drivers\AVGIDSEH.sys (AVG Technologies CZ, s.r.o. )
DRV:
64bit: - (Avgldx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.)
DRV:
64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:
64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:
64bit: - (pcouffin) -- C:\Windows\SysNative\drivers\pcouffin.sys (VSO Software)
DRV:
64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:
64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:
64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:
64bit: - (NVNET) -- C:\Windows\SysNative\drivers\nvmf6264.sys (NVIDIA Corporation)
DRV:
64bit: - (sxuptp) -- C:\Windows\SysNative\drivers\sxuptp.sys (silex technology, Inc.)
DRV:
64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:
64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:
64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:
64bit: - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation)
DRV:
64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:
64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:
64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:
64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:
64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://homepage.emachines.com/rdr.aspx? ... 5r4492s274IE:
64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://homepage.emachines.com/rdr.aspx? ... 5r4492s274IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://homepage.emachines.com/rdr.aspx? ... 5r4492s274IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://homepage.emachines.com/rdr.aspx? ... 5r4492s274 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3455427310-1578374356-189991141-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://homepage.emachines.com/rdr.aspx? ... 5r4492s274IE - HKU\S-1-5-21-3455427310-1578374356-189991141-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.com/IE - HKU\S-1-5-21-3455427310-1578374356-189991141-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF:
64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:
64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Lisa\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Lisa\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{B728AB94-9BC7-49b7-B76A-422BB31B2FD0}: C:\Program Files (x86)\ArcSoft\Media Converter for Philips\Internet Video Downloader\Plugin_FireFox [2010/10/18 19:54:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2011/10/25 01:09:21 | 000,000,000 | ---D | M]
[2011/09/13 07:02:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lisa\AppData\Roaming\Mozilla\Extensions
========== Chrome ========== CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Lisa\AppData\Local\Google\Chrome\Application\15.0.874.106\gcswf32.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Lisa\AppData\Local\Google\Chrome\Application\15.0.874.106\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Lisa\AppData\Local\Google\Chrome\Application\15.0.874.106\pdf.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\plugins/avgnpss.dll
CHR - plugin: EpicPlay NPAPI Display Host (Enabled) = C:\Program Files (x86)\EpicPlay\npEpicHost.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Lisa\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: EpicPlay = C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\aanpleapegldejhfkmkkibaimfnobecn\
CHR - Extension: Better Facebook = C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipjaijdkhejnbfpodmofannadgfokfnm\5.951_0\
CHR - Extension: AVG Safe Search = C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1829_0\
CHR - Extension: OpticAmber Clematis1280 Theme = C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\kkcnghhcpmnogchbmialmdieldnbpond\1.0.1_0\
O1 HOSTS File: ([2011/10/26 18:05:28 | 000,437,925 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1
www.007guard.comO1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1
www.008k.comO1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1
www.00hq.comO1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1
www.032439.comO1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1
www.0scan.comO1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1
www.1000gratisproben.comO1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1
www.1001namen.comO1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1
www.100888290cs.comO1 - Hosts: 127.0.0.1
www.100sexlinks.comO1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1
www.10sek.comO1 - Hosts: 127.0.0.1
www.1-2005-search.comO1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1
www.123fporn.infoO1 - Hosts: 15060 more lines...
O2:
64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (IEPlugin Class) - {11222041-111B-46E3-BD29-EFB2449479B1} - C:\Program Files (x86)\ArcSoft\Media Converter for Philips\Internet Video Downloader\ArcURLRecord.dll (ArcSoft, Inc.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O3:
64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-3455427310-1578374356-189991141-1001\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4:
64bit: - HKLM..\Run: [EKIJ5000StatusMonitor] C:\Windows\SysNative\spool\drivers\x64\3\EKIJ5000MUI.exe (Eastman Kodak Company)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [InstaLAN] C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe (Affinegy, Inc.)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)
O4 - HKU\S-1-5-19..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun File not found
O4 - HKU\S-1-5-20..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun File not found
O4 - HKU\S-1-5-21-3455427310-1578374356-189991141-1001..\Run: [Weather] C:\Program Files (x86)\AWS\WeatherBug\Weather.exe (AWS Convergence Technologies, Inc.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-3455427310-1578374356-189991141-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O8:
64bit: - Extra context menu item: Google Sidewiki... -
res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Google Sidewiki... -
res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13
64bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-3455427310-1578374356-189991141-1001\..Trusted Domains: real.com ([rhap-app-4-0] https in Trusted sites)
O15 - HKU\S-1-5-21-3455427310-1578374356-189991141-1001\..Trusted Domains: real.com ([rhapreg] https in Trusted sites)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089}
http://office.microsoft.com/sites/produ ... wsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}
http://appldnld.apple.com.edgesuite.net ... plugin.cab (QuickTime Object)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258}
http://download.macromedia.com/pub/shoc ... tor/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968}
http://upload.facebook.com/controls/200 ... ader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{76C09F17-3DAB-4FF0-8A0B-AE83015E5F44}: DhcpNameServer = 192.168.0.1
O18:
64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:
64bit: - Protocol\Handler\livecall - No CLSID value found
O18:
64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:
64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:
64bit: - Protocol\Handler\msnim - No CLSID value found
O18:
64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:
64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20:
64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:
64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:
64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:
64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:
64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:
64bit: - HKLM\..comfile [open] -- "%1" %*
O35:
64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:
64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:
64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ========== [2011/11/01 01:35:07 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Lisa\Desktop\OTL.exe
[2011/10/31 14:40:03 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\{A9AC75FC-E4A5-46EC-B8ED-E841A5DF18DB}
[2011/10/31 14:39:32 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\{96250A9C-7140-4025-80AE-6D8D9E04EB7E}
[2011/10/29 16:05:16 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\{7CB17AFC-D2E1-4217-A4A7-AC04089A907A}
[2011/10/29 16:04:52 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\{C4ABE55C-DB51-424D-8949-4A5F8E8EED95}
[2011/10/29 08:17:48 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\{C0C17F16-DF41-401F-9FA5-B30AEB0FED8D}
[2011/10/28 11:42:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2011/10/28 11:42:17 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/10/28 11:15:23 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\{B1CC115D-7BE5-4D6D-8E69-194A72908451}
[2011/10/28 11:14:53 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\{7C049432-886A-481F-8B5B-B761208E39F8}
[2011/10/27 21:45:04 | 000,000,000 | ---D | C] -- C:\ProgramData\DVD Shrink
[2011/10/27 21:44:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVD Shrink
[2011/10/27 21:44:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVD Shrink
[2011/10/26 18:11:31 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\{9682B9D8-0A61-4A1D-94D7-8CDB3A526891}
[2011/10/26 18:10:58 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\{8A9848FC-3E90-4526-B16E-E8398BF80B5D}
[2011/10/26 00:43:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/10/26 00:43:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/10/26 00:38:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MALWAREBYTES ANTI-MALWARE
[2011/10/26 00:35:34 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\{E3C91B97-1C73-415C-8CF2-03C2AF57455F}
[2011/10/26 00:35:10 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\{96BE3AAB-4DDB-44D6-81A8-EC736067DF98}
[2011/10/25 10:54:29 | 000,000,000 | ---D | C] -- C:\Users\Lisa\Documents\Leawo
[2011/10/25 10:54:29 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Roaming\Leawo
[2011/10/25 10:49:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
[2011/10/25 10:49:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\K-Lite Codec Pack
[2011/10/25 10:49:25 | 000,606,208 | ---- | C] (
http://www.xvid.org) -- C:\Windows\SysWow64\xvidcore.dll
[2011/10/25 10:49:25 | 000,139,264 | ---- | C] (
http://www.xvid.org) -- C:\Windows\SysWow64\xvid.ax
[2011/10/25 10:49:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Leawo
[2011/10/25 10:49:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Leawo
[2011/10/25 10:28:44 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Roaming\Xilisoft
[2011/10/25 00:26:07 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\{86B8468E-1D5F-4F14-A355-2F8B8218043F}
[2011/10/24 19:53:50 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\{092CE141-3E29-427E-AA97-23FD9E74B8FF}
[2011/10/24 19:53:27 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\{75056B1B-E4E7-43A8-A67D-0280BEB5F293}
[2011/10/24 16:18:10 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\2DBoy
[2011/10/24 16:18:10 | 000,000,000 | ---D | C] -- C:\ProgramData\2DBoy
[2011/10/23 12:22:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2011/10/23 12:16:01 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2011/10/23 12:16:01 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2011/10/23 12:16:01 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2011/10/23 09:58:43 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\{EE0ACB9B-FF16-45B7-814D-256BB8B1FDE6}
[2011/10/23 09:58:18 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\{1022EE65-7761-4B7F-850A-880FDC37F76A}
[2011/10/22 10:14:39 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\{C1D99A2A-D914-49F7-B4F0-73F97AF6266B}
[2011/10/22 10:14:06 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\{334CB71A-A546-4152-AEE5-9332165846DB}
[2011/10/21 15:17:52 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\{7C4D7777-5236-4EF1-9610-84240F484A17}
[2011/10/21 15:17:28 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\{BEA7B824-B08B-4D48-9B0E-5AE815201A3B}
[2011/10/20 23:34:50 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\{81C19D36-3105-49E6-BF31-21C9E6D9821B}
[2011/10/20 23:34:38 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\{B434B42C-BE9C-4566-8B49-8443D684BEFA}
[2011/10/19 22:06:58 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\{FAB1BC58-67E1-46DE-B8C6-F72645415CA2}
[2011/10/19 22:06:34 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\{1901E218-A6B5-4047-A967-88EFD7D0163B}
[2011/10/18 19:33:21 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\{E6C0E7A2-F768-4BB0-B69D-160539C7F46D}
[2011/10/18 19:32:58 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\{6D0E66DC-DCAC-4163-A65D-2784D267E2B4}
[2011/10/18 05:35:07 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\{73D55F21-40A6-4AE8-AD81-10550E0CA56E}
[2011/10/18 05:34:41 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\{64729EF2-6FB7-41E6-A840-701085BC03B5}
[2011/10/17 14:59:50 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\{B43853B0-34B6-41BA-85CA-67EF3C60F1F4}
[2011/10/16 22:44:48 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\{A86DBA8D-A4E7-45D0-9C79-AC2EE3107627}
[2011/10/16 22:44:25 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\{AB99115D-A5FC-4D40-AC6B-DD037ED80F42}
[2011/10/16 22:16:19 | 000,000,000 | ---D | C] -- C:\Users\Lisa\Desktop\GHS
[2011/10/15 05:47:38 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\{C9479CAE-DB68-4E96-82D3-CEC28882C9AD}
[2011/10/15 05:47:15 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\{604714C5-A2DF-4BC7-9057-9CC50A52E342}
[2011/10/14 15:04:31 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\{3E0DB642-EF63-4868-87B3-D08DA76CB7E1}
[2011/10/14 15:04:08 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\{62057FDB-1A0F-4629-9359-F71FA8B82032}
[2011/10/13 22:36:45 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\{195C9D55-997F-4443-8BDA-9A5672869A26}
[2011/10/13 22:36:20 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\{D295171C-B214-4092-95C0-3FE1F6DEB8D6}
[2011/10/13 07:08:42 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\{136D59B1-D084-48C8-90DA-BC7712393184}
[2011/10/13 03:25:15 | 000,702,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2011/10/13 03:25:13 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011/10/13 03:25:13 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011/10/13 03:25:12 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011/10/13 03:25:12 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011/10/13 03:25:10 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2011/10/13 03:25:10 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2011/10/13 03:24:47 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisdecd.dll
[2011/10/13 03:24:47 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisdecd.dll
[2011/10/13 03:24:47 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisrndr.ax
[2011/10/13 03:24:47 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisrndr.ax
[2011/10/13 03:24:26 | 000,331,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleacc.dll
[2011/10/13 03:24:25 | 000,861,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll
[2011/10/12 17:35:05 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\{3D658060-39F2-4C69-B111-249C0EABF6A5}
[2011/10/12 17:34:37 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\{B06B68E5-F8A0-4247-BA38-FC88A7868134}
[2011/10/11 22:17:16 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\{B5B7B21A-001C-42CD-BAB5-B49A9ACC2A08}
[2011/10/11 22:16:52 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\{1B5FA039-5D2F-4E40-8615-4536E6911D07}
[2011/10/11 09:06:58 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\{7A0478B6-76CC-44A9-9F68-AFCF247AC19D}
[2011/10/11 09:06:35 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\{85E1CF0D-E80E-406D-A5E4-B9B3487D3682}
[2011/10/10 11:49:38 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\{3D02A8F5-7A6B-40DF-8A16-DA8079BBBC91}
[2011/10/10 11:49:15 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\{6E3248E1-2A23-4A5A-AB2D-D1574FF2E99C}
[2011/10/08 12:36:20 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\{19D4B655-5A57-4A16-BE01-F71EF962EAAF}
[2011/10/07 21:44:48 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\{770F9937-E9CC-4992-8F93-221F26AA9421}
[2011/10/07 21:44:26 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\{37BA2E14-2B90-4B26-912F-5B28F4613CA1}
[2011/10/06 07:08:52 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\{A63AD3A9-3097-40F6-8416-8A664A695613}
[2011/10/06 07:08:40 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\{0A26CA9C-366A-42C5-A910-CE6AF667EB86}
[2011/10/06 02:33:35 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\AVG
[2011/10/04 12:10:24 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\{2B206C13-1258-4D62-975B-13889EC7C46A}
[2011/10/04 12:10:00 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\{D88E2154-5CC3-4157-8716-D112CFCE7E04}
[2011/10/03 21:59:47 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\{2A714BC4-2690-4215-8770-2735FAF4130C}
[2011/10/03 21:59:25 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\{87657410-7E90-4B0B-9E99-D339E120E873}
[2011/10/03 18:31:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Kodak
[2011/10/02 12:05:11 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\{8AD850DD-3440-4FF6-BCF1-685ADCD7D18C}
[2011/10/02 12:04:48 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\{52807890-D00D-4AA8-AB0B-EDEE748B5CD8}
[2011/10/02 09:27:12 | 000,000,000 | ---D | C] -- C:\Users\Lisa\Desktop\LINKS
[2011/10/02 09:25:02 | 000,000,000 | ---D | C] -- C:\Users\Lisa\Desktop\PROGRAMS
[2011/01/25 16:55:54 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Lisa\AppData\Roaming\pcouffin.sys
========== Files - Modified Within 30 Days ========== [2011/11/01 01:35:02 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Lisa\Desktop\OTL.exe
[2011/11/01 01:34:04 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3455427310-1578374356-189991141-1001UA.job
[2011/11/01 00:34:02 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3455427310-1578374356-189991141-1001Core.job
[2011/10/31 02:40:32 | 108,120,151 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2011/10/29 03:53:55 | 000,367,237 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2011/10/28 15:42:47 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/10/28 15:42:47 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/10/28 15:41:53 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/10/28 15:41:53 | 000,623,940 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/10/28 15:41:53 | 000,106,316 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/10/28 15:37:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/10/28 15:37:03 | 1408,098,304 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/28 11:40:08 | 001,402,880 | ---- | M] () -- C:\Users\Lisa\Desktop\HiJackThis.msi
[2011/10/28 01:35:48 | 000,002,399 | ---- | M] () -- C:\Users\Lisa\Desktop\Google Chrome.lnk
[2011/10/26 18:05:28 | 000,437,925 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/10/25 01:09:21 | 000,000,974 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2011/10/21 05:39:32 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011/10/13 07:12:45 | 000,343,552 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/10/06 02:33:35 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm
[2011/10/06 02:33:35 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm
[2011/10/03 05:06:16 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2011/10/03 05:06:15 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2011/10/03 05:06:14 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2011/10/03 05:06:03 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
========== Files Created - No Company Name ========== [2011/10/28 11:40:05 | 001,402,880 | ---- | C] () -- C:\Users\Lisa\Desktop\HiJackThis.msi
[2011/10/25 10:49:57 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2011/10/06 02:33:35 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm
[2011/10/06 02:33:35 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm
[2011/01/25 16:55:54 | 000,099,384 | ---- | C] () -- C:\Users\Lisa\AppData\Roaming\inst.exe
[2011/01/25 16:55:54 | 000,007,859 | ---- | C] () -- C:\Users\Lisa\AppData\Roaming\pcouffin.cat
[2011/01/25 16:55:54 | 000,001,167 | ---- | C] () -- C:\Users\Lisa\AppData\Roaming\pcouffin.inf
[2011/01/09 20:48:58 | 000,000,218 | ---- | C] () -- C:\Windows\iepreview.ini
[2010/11/18 07:34:57 | 000,000,048 | ---- | C] () -- C:\Windows\WININIT.INI
[2010/03/19 06:24:55 | 000,000,902 | ---- | C] () -- C:\Users\Lisa\AppData\Roaming\wklnhst.dat
[2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
========== Alternate Data Streams ========== @Alternate Data Stream - 641 bytes -> C:\Users\Lisa\Documents\addresses.eml:OECustomProperty
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:0B4227B4
@Alternate Data Stream - 1304 bytes -> C:\Users\Lisa\Documents\Lady Liberty Fireworks.eml:OECustomProperty
< End of report >