Cookies.sqlite Infected

Btw, the Steam cache files I've deleted them and that's sorted my Steam problems out. Sorry for spam. :)

I've followed the sticky and here are the results:

Hi and welcome to the Daniweb forums :).

==========

You sort of followed the instructions, but you failed to update MBA-M. The latest database version is 6251 which makes your version ancient.
Please update and run again. Post the log when done.

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6253

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

03/04/2011 06:53:47
mbam-log-2011-04-03 (06-53-47).txt

Scan type: Full scan (C:\|)
Objects scanned: 260816
Time elapsed: 52 minute(s), 56 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Here you go. :)

Still nothing.

Download and Run ATF Cleaner
Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.

Double-click ATF Cleaner.exe to open it.

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.

Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.

========

See if AVG still warns you.

As soon as I re-initiated the broswer, I got the infection alert notification again.

Have a read here http://kb.mozillazine.org/Cookies and you will see that sometimes the Cookies.sqlite file needs to be deleted.
Try that and check again for the message from AVG.

I've done the above and /so far/ I haven't recieved the message. Hopefully it'll stay like this. I'll give it until the end of the day before being sure it's solved. Thank you much in advance. :D

No worries :).

Argh. It came back. Had 2-3 warnings since. :(

You are obviously going to a site that is infecting that file.
Delete the file again and take note of where you are when you get the warning.

You are obviously going to a site that is infecting that file.
Delete the file again and take note of where you are when you get the warning.

I agreed with what crunchie said, the site obviously contains harmful materials and may harm your computer. Follow crunchie advise and next time beware of website that looks suspicious, someimes it may seem that the website is not suspicious but just looking at the URL you can tell from a fake website to a real website. Good luck, try turning on your firewall

I closed the browser down, navigated my way to the file and the message popped up again. I deleted it through Fileassassin this time and it popped up again straight away. I've only been visiting mainstream sites such as Facebook. My firewall is running, just my Program Control is off through Zone Alarm. :(

You mean after you delete the file, it still appears from nowwhere. The files may be download to your conputer without you knowing. Have you done a virus scan and try to remove the file?

Yes, exactly that. I did as it says in my first post. Both SUPERAntiSpyware and SpyBot picked up results. 99 and 6 respectively in Safemode. I Quarentined these and it recursively seems to have come back.

You said you q quarantine it, quarantine does not delete the threat have your select the oftion clean up threat or delete threat. Try these options first

Will try now. :)

Please Run the ESET Online Scanner and post the ScanLog with your post for assistance.

• You will need to use Internet Explorer to complete this scan.
• You will need to temporarily Disable your current Anti-virus program.
• Be sure the option to Remove found threats is Un-checked at this time (we may have it clean what it finds at a later time), and the option to Scan unwanted applications is Checked.
• When you have completed that scan, a scanlog ought to have been created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please post that log for us as directed below.

NOTE: If you are unable to complete the ESET scan, please try another from the list below:

• Kaspersky Online Scanner • Panda Active Scan • Trend Micro HouseCall • F-Secure Online Virus Scanner

I ran SUPERAntiSpyware and Spybot in safe mode like 4 times and each times there would be threats after quarentining and removing the files which they were bing done already. Also there were threats in the: /application Settings/Cookies folder files. Even though this folder wouldn't show in the explorer view with 'show hidden folders' set to on. And had to be seen through the command/search line manually. Running ESET now btw.

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# IEXPLORE.EXE=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6425
# api_version=3.0.2
# EOSSerial=09258a90bf732a4a884b4d1b7b4199b6
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-04-04 12:57:16
# local_time=2011-04-04 01:57:16 (+0000, GMT Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1032 16777189 100 97 10094 59594612 0 0
# compatibility_mode=8192 67108863 100 0 111 111 0 0
# compatibility_mode=9217 16777214 75 70 14913932 24620636 0 0
# scanned=254840
# found=13
# cleaned=0
# scan_time=5277
C:\Documents and Settings\Waka\Desktop\SmitfraudFix.exe multiple threats (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Waka\Desktop\SmitfraudFix\Process.exe Win32/PrcView application (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Waka\Desktop\SmitfraudFix\restart.exe Win32/Shutdown.NAA application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Mozilla Firefox\SmitfraudFix\Process.exe Win32/PrcView application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Mozilla Firefox\SmitfraudFix\restart.exe Win32/Shutdown.NAA application (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\system32\Process.exe Win32/PrcView application (unable to clean) 00000000000000000000000000000000 I
E:\desktoppp\KingAMD\ccccc\usbmrs11.exe a variant of Win32/HackTool.Patcher.B application (unable to clean) 00000000000000000000000000000000 I
E:\desktoppp\KingAMD\Mouse-Settings\MOUSEHZ\xp\sp2\usbmrs11.exe a variant of Win32/HackTool.Patcher.B application (unable to clean) 00000000000000000000000000000000 I
E:\desktoppp\Sony Vegas Pro 8.0b Build 217-AVCHD-MPG-AC3 FIXED\Keygen.exe a variant of Win32/Keygen.AR application (unable to clean) 00000000000000000000000000000000 I
E:\My Documents\Downloads\SmitfraudFix.exe multiple threats (unable to clean) 00000000000000000000000000000000 I
E:\My Documents\Downloads\SmitfraudFix\Process.exe Win32/PrcView application (unable to clean) 00000000000000000000000000000000 I
E:\My Documents\Downloads\SmitfraudFix\restart.exe Win32/Shutdown.NAA application (unable to clean) 00000000000000000000000000000000 I
E:\My Documents\rknguiv102-standard\MOUSEHZ\xp\sp2\usbmrs11.exe a variant of Win32/HackTool.Patcher.B application (unable to clean) 00000000000000000000000000000000 I

See if you can delete this one:

E:\desktoppp\Sony Vegas Pro 8.0b Build 217-AVCHD-MPG-AC3 FIXED\Keygen.exe

Let me know if you deleted it ok.

Delete that file again and then immediately run ATF cleaner again.

Done.

Done.

Any change?

Nope. I've had that .exe for over a year so I doubted it was that. Still getting the threat. Also, I swear it's throttling my 'net. My average ping ingame is around 80 now since this occured.

Download OTL to your Desktop.

* Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
* Under the Custom Scan box paste this in:

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\System32\config\*.sav
CREATERESTOREPOINT

* Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

• When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

OTL logfile created on: 05/04/2011 11:03:32 - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Waka\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 65.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.23 Gb Total Space | 11.70 Gb Free Space | 16.90% Space Free | Partition Type: NTFS
Drive D: | 5.40 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 931.51 Gb Total Space | 733.31 Gb Free Space | 78.72% Space Free | Partition Type: NTFS

Computer Name: KINGY | User Name: Waka | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/05 10:42:34 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Waka\Desktop\OTL.exe
PRC - [2011/04/02 19:32:52 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files\Steam\Steam.exe
PRC - [2011/01/07 02:22:54 | 002,747,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2011/01/07 02:22:44 | 001,084,256 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2011/01/07 02:22:12 | 001,052,512 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgemcx.exe
PRC - [2011/01/06 16:23:20 | 000,737,872 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011/01/06 16:23:18 | 006,128,720 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2010/12/05 17:26:40 | 000,654,176 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2010/12/05 17:26:12 | 000,650,592 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2010/10/22 05:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2010/10/22 05:56:58 | 000,845,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
PRC - [2010/09/16 21:04:06 | 001,164,584 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/06/23 13:52:56 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe
PRC - [2010/06/23 13:51:30 | 001,043,968 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2010/02/12 10:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe
PRC - [2009/01/02 23:51:42 | 001,427,968 | ---- | M] () -- C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (SafeList) ==========

MOD - [2011/04/05 10:42:34 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Waka\Desktop\OTL.exe
MOD - [2010/08/23 17:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - [2011/02/02 11:57:54 | 000,052,288 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus(R)
SRV - [2011/01/06 16:23:18 | 006,128,720 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2010/12/11 21:41:48 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\MT6Licensing.exe -- (Creative Media Toolbox 6 Licensing Service)
SRV - [2010/10/22 05:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/09/24 05:38:36 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2010/06/23 13:52:56 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2010/02/12 10:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)

========== Driver Services (SafeList) ==========

DRV - [2011/04/04 17:50:41 | 000,140,248 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PnkBstrK.sys -- (PnkBstrK)
DRV - [2010/12/08 05:12:38 | 000,251,728 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/11/12 14:19:38 | 000,299,984 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2010/09/13 16:27:24 | 000,025,680 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2010/09/07 03:48:56 | 000,034,384 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2010/09/07 03:48:50 | 000,026,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2010/08/19 21:42:38 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2010/08/19 21:42:36 | 000,123,472 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2010/08/19 21:42:34 | 000,026,192 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2010/05/13 10:02:32 | 000,532,224 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2009/11/03 15:57:47 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/07/30 19:53:54 | 002,697,728 | ---- | M] (NTK) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvtcam.sys -- (DCamUSBNovatek)
DRV - [2009/06/18 03:46:11 | 000,025,280 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2009/06/04 10:34:06 | 000,054,784 | ---- | M] (Guillemot Corp S.A.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\guillflt.sys -- (guillflt)
DRV - [2009/05/06 03:36:12 | 000,742,936 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\t3.sys -- (t3)
DRV - [2009/04/12 13:08:22 | 000,209,200 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\drivers\Si3114r5.sys -- (Si3114r5)
DRV - [2009/02/27 10:45:30 | 000,171,008 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctusfsyn.sys -- (CTUSFSYN)
DRV - [2009/02/09 03:30:00 | 000,152,616 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\mv61xx.sys -- (mv61xx)
DRV - [2009/02/08 23:42:42 | 000,099,968 | ---- | M] (Guillemot Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hxctlflt.sys -- (hxctlflt)
DRV - [2009/02/05 09:34:16 | 001,803,136 | ---- | M] (Creative) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\t3filt.sys -- (t3filt)
DRV - [2009/01/14 10:47:24 | 000,142,336 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2009/01/14 10:47:24 | 000,114,688 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2009/01/14 03:47:24 | 000,008,704 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Pfmodnt.sys -- (PfModNT)
DRV - [2008/11/12 07:52:36 | 000,018,984 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\mrdd.sys -- (mrdd)
DRV - [2008/06/26 00:47:00 | 000,036,864 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l1e51x86.sys -- (L1e)
DRV - [2007/12/17 17:14:06 | 000,012,400 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AsIO.sys -- (AsIO)
DRV - [2007/08/02 17:32:26 | 000,022,784 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\dadder.sys -- (DAdderFltr)
DRV - [2007/04/11 17:23:48 | 000,045,440 | ---- | M] (Razer USA Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\UsbFltr.sys -- (TarFltr)
DRV - [2006/11/08 21:19:18 | 000,004,544 | ---- | M] (SweetLow) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hidusbf.sys -- (hidusbf)
DRV - [2004/08/13 10:56:20 | 000,005,810 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://google.com/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:3.3.3.2

FF - HKLM\software\mozilla\Firefox\extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG10\Firefox\ [2010/12/30 23:12:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/04/02 14:45:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.18\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/29 03:53:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.18\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/25 03:34:02 | 000,000,000 | ---D | M]

[2009/08/25 03:23:05 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Waka\Application Data\Mozilla\Extensions
[2009/08/25 03:23:05 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Waka\Application Data\Mozilla\Extensions\{2f1e6a90-e99e-11dd-ba2f-0800200c9a66}
[2009/06/29 20:49:49 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Waka\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2011/04/04 17:53:54 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Waka\Application Data\Mozilla\Firefox\Profiles\ldfpmils.default\extensions
[2010/08/23 21:10:35 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Waka\Application Data\Mozilla\Firefox\Profiles\ldfpmils.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/03/25 00:30:22 | 000,000,000 | ---D | M] (Zynga Community Toolbar) -- C:\Documents and Settings\Waka\Application Data\Mozilla\Firefox\Profiles\ldfpmils.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
[2011/04/04 17:53:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/15 22:39:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/16 02:11:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/10/15 22:51:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/12/15 21:55:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/02/15 23:56:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2010/04/15 22:39:39 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/02/02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/12/12 16:35:56 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/12/12 16:35:56 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/12/12 16:35:56 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/12/12 16:35:56 | 000,000,831 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2011/04/04 11:27:17 | 000,431,524 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 14855 more lines...
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Ai Nap] C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe ()
O4 - HKLM..\Run: [ASUS Update Checker] C:\Program Files\ASUS\ASUSUpdate\UpdateChecker\UpdateChecker.exe ()
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Cpu Level Up help] C:\Program Files\ASUS\AI Suite\CpuLevelUpHelp.exe ()
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [QFan Help] C:\Program Files\ASUS\AI Suite\QFan3\QFanHelp.exe ()
O4 - HKLM..\Run: [SPIRun] C:\WINDOWS\System32\SPIRun.dll (Creative Technology Ltd.)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Waka\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Waka\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/17 23:37:54 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/02/10 02:55:59 | 000,423,304 | R--- | M] (Electronic Arts) - D:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2010/02/10 07:21:09 | 000,000,000 | R--D | M] - D:\Autorun -- [ CDFS ]
O32 - AutoRun File - [2010/01/31 09:21:13 | 000,367,686 | R--- | M] () - D:\Autorun.ico -- [ CDFS ]
O32 - AutoRun File - [2010/02/10 03:55:03 | 009,965,568 | R--- | M] () - D:\autorun.dat -- [ CDFS ]
O32 - AutoRun File - [2010/02/10 03:54:55 | 000,000,155 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{096a3f4b-5b95-11de-b73f-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{096a3f4b-5b95-11de-b73f-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{096a3f4b-5b95-11de-b73f-806d6172696f}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2010/02/10 02:55:59 | 000,423,304 | R--- | M] (Electronic Arts)
O33 - MountPoints2\{6f2086a6-d3e3-11df-b31d-001d0fb062cc}\Shell\AutoRun\command - "" = G:\setup.exe
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\Installer.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - C:\WINDOWS\System32\iprip.dll (Microsoft Corporation)
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17183584330711040)

========== Files/Folders - Created Within 30 Days ==========

[2011/04/05 10:42:33 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Waka\Desktop\OTL.exe
[2011/04/04 13:15:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Waka\Application Data\AVG
[2011/04/04 13:12:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG PC Tuneup 2011
[2011/04/04 12:27:27 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/04/04 11:02:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Waka\Desktop\SmitfraudFix
[2011/04/03 04:24:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Waka\Desktop\practical9
[2011/04/02 14:35:34 | 000,000,000 | R--D | C] -- C:\32788R22FWJFW
[2011/04/02 14:28:54 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Waka\Desktop\TFC.exe
[2011/04/02 14:24:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Waka\Application Data\SUPERAntiSpyware.com
[2011/04/02 14:24:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/04/02 14:07:20 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/04/01 20:19:17 | 000,078,336 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\Agent.OMZ.Fix.exe
[2011/04/01 20:19:16 | 000,082,944 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\IEDFix.C.exe
[2011/04/01 20:19:16 | 000,082,432 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\404Fix.exe
[2011/04/01 20:19:16 | 000,080,384 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\o4Patch.exe
[2011/04/01 20:19:15 | 000,087,552 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\VACFix.exe
[2011/04/01 20:19:15 | 000,082,944 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\IEDFix.exe
[2011/04/01 20:19:14 | 000,289,144 | ---- | C] (S!Ri) -- C:\WINDOWS\System32\VCCLSID.exe
[2011/04/01 20:19:14 | 000,079,360 | ---- | C] (SteelWerX) -- C:\WINDOWS\System32\swxcacls.exe
[2011/04/01 20:19:13 | 000,288,417 | ---- | C] (S!Ri) -- C:\WINDOWS\System32\SrchSTS.exe
[2011/04/01 20:19:11 | 000,135,168 | ---- | C] (SteelWerX) -- C:\WINDOWS\System32\swreg.exe
[2011/04/01 20:19:10 | 000,053,248 | ---- | C] (http://www.beyondlogic.org) -- C:\WINDOWS\System32\Process.exe
[2011/04/01 19:20:31 | 000,000,000 | ---D | C] -- C:\Program Files\FileASSASSIN
[2011/04/01 19:20:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\FileASSASSIN
[2011/04/01 17:38:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2011/03/30 06:06:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Waka\Start Menu\Programs\StarCraft II
[2011/03/30 00:22:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Waka\Desktop\practical8
[2011/03/27 02:02:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Waka\Application Data\ImgBurn
[2011/03/27 01:57:32 | 000,000,000 | ---D | C] -- C:\Program Files\ImgBurn
[2011/03/27 01:57:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ImgBurn
[2011/03/21 17:56:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Waka\Desktop\practical7
[2011/03/19 04:35:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Waka\Desktop\hoes_files
[2011/03/18 01:54:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Waka\Desktop\Exec
[2011/03/16 00:06:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Waka\Desktop\testjava
[2011/03/14 06:53:15 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Waka\Start Menu\Programs\Administrative Tools
[2011/03/14 06:40:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
[2011/03/14 06:39:45 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2011/03/14 06:29:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Waka\Local Settings\Application Data\ApplicationHistory
[2011/03/14 06:18:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Waka\Application Data\Windows Search
[2011/03/14 06:18:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2011/03/14 06:15:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Games for Windows Marketplace
[2011/03/14 06:14:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\winrm
[2011/03/14 06:14:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\WindowsPowerShell
[2011/03/14 06:14:12 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$968930Uinstall_KB968930$
[2011/03/14 06:13:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Waka\Application Data\Windows Desktop Search
[2011/03/14 06:12:43 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Desktop Search
[2011/03/14 06:11:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\URTTEMP
[2011/03/14 05:40:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2011/03/14 04:59:48 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2011/03/14 04:59:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Waka\Start Menu\Programs\Revo Uninstaller
[2011/03/14 02:20:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Waka\Desktop\prac6
[2011/03/07 23:53:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Waka\Desktop\prac5
[2011/03/07 13:28:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Waka\.android
[1 C:\Documents and Settings\Waka\Desktop\*.tmp files -> C:\Documents and Settings\Waka\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/04/05 10:42:34 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Waka\Desktop\OTL.exe
[2011/04/05 09:51:23 | 111,693,519 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/04/05 08:13:26 | 000,000,543 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\World of Warcraft.lnk
[2011/04/05 07:49:05 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011/04/05 07:36:40 | 000,004,212 | -H-- | M] () -- C:\WINDOWS\System32\zllictbl.dat
[2011/04/04 17:50:41 | 000,140,248 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2011/04/04 17:50:36 | 000,266,400 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.xtr
[2011/04/04 16:42:47 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/04/04 16:42:16 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2011/04/04 16:42:00 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/04/04 13:12:45 | 000,000,848 | ---- | M] () -- C:\Documents and Settings\Waka\Application Data\Microsoft\Internet Explorer\Quick Launch\AVG PC Tuneup 2011.lnk
[2011/04/04 13:12:45 | 000,000,830 | ---- | M] () -- C:\Documents and Settings\Waka\Desktop\AVG PC Tuneup 2011.lnk
[2011/04/04 11:27:17 | 000,431,524 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/04/04 11:06:40 | 000,003,954 | ---- | M] () -- C:\WINDOWS\System32\tmp.reg
[2011/04/04 11:06:37 | 000,431,398 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110404-112717.backup
[2011/04/03 15:15:31 | 000,236,661 | ---- | M] () -- C:\Documents and Settings\Waka\Desktop\RelativeResourceManager.pdf
[2011/04/03 06:02:14 | 000,266,400 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.ex0
[2011/04/02 16:47:44 | 000,301,568 | ---- | M] () -- C:\Documents and Settings\Waka\Desktop\7327fcpt.exe
[2011/04/02 16:42:45 | 000,301,568 | ---- | M] () -- C:\Documents and Settings\Waka\Desktop\w4bjdjhx.exe
[2011/04/02 16:42:35 | 000,625,664 | ---- | M] () -- C:\Documents and Settings\Waka\Desktop\dds.scr
[2011/04/02 14:45:23 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk
[2011/04/02 14:28:55 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Waka\Desktop\TFC.exe
[2011/04/02 14:24:36 | 014,336,632 | ---- | M] () -- C:\Documents and Settings\Waka\Desktop\SAS_7751.COM
[2011/04/02 05:23:22 | 000,266,328 | ---- | M] () -- C:\Documents and Settings\Waka\Desktop\gifts-year-old-girl-800X800.jpg
[2011/04/01 20:17:42 | 001,885,088 | ---- | M] () -- C:\Documents and Settings\Waka\Desktop\SmitfraudFix.exe
[2011/04/01 19:20:31 | 000,000,730 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\FileASSASSIN.lnk
[2011/04/01 17:38:04 | 000,000,951 | ---- | M] () -- C:\Documents and Settings\Waka\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/04/01 17:38:04 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\Waka\Desktop\Spybot - Search & Destroy.lnk
[2011/03/30 23:21:03 | 000,921,654 | ---- | M] () -- C:\Documents and Settings\Waka\Desktop\untitled.bmp
[2011/03/30 23:04:59 | 000,050,198 | ---- | M] () -- C:\Documents and Settings\Waka\Desktop\practical7.rar
[2011/03/30 15:53:31 | 000,587,158 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/03/30 15:53:31 | 000,123,580 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/03/30 04:58:40 | 000,022,683 | ---- | M] () -- C:\Documents and Settings\Waka\Desktop\practical8.rar
[2011/03/30 03:49:28 | 000,009,006 | ---- | M] () -- C:\Documents and Settings\Waka\Desktop\binarypic1.PNG
[2011/03/29 18:50:38 | 000,083,484 | ---- | M] () -- C:\Documents and Settings\Waka\Desktop\wakkaaa11.jpg
[2011/03/28 23:27:30 | 000,241,440 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/03/28 23:27:30 | 000,241,440 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/03/28 23:27:30 | 000,000,001 | ---- | M] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/03/27 01:57:37 | 000,001,546 | ---- | M] () -- C:\Documents and Settings\Waka\Application Data\Microsoft\Internet Explorer\Quick Launch\ImgBurn.lnk
[2011/03/27 01:57:36 | 000,001,528 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ImgBurn.lnk
[2011/03/25 06:50:22 | 002,574,294 | ---- | M] () -- C:\Documents and Settings\Waka\Desktop\94707__x_2ch-games-with-nice-oppai-oshiri-part-2-033.gif
[2011/03/25 06:50:18 | 003,151,846 | ---- | M] () -- C:\Documents and Settings\Waka\Desktop\94706__x_2ch-games-with-nice-oppai-oshiri-part-2-032.gif
[2011/03/25 06:50:10 | 002,328,932 | ---- | M] () -- C:\Documents and Settings\Waka\Desktop\94702__x_2ch-games-with-nice-oppai-oshiri-part-2-030.gif
[2011/03/25 06:50:07 | 003,350,884 | ---- | M] () -- C:\Documents and Settings\Waka\Desktop\94700__x_2ch-games-with-nice-oppai-oshiri-part-2-029.gif
[2011/03/25 03:34:02 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/03/19 04:35:52 | 000,083,869 | ---- | M] () -- C:\Documents and Settings\Waka\Desktop\hoes.htm
[2011/03/18 22:54:15 | 000,137,515 | ---- | M] () -- C:\Documents and Settings\Waka\Desktop\259760527.jpg
[2011/03/18 06:31:40 | 000,000,239 | ---- | M] () -- C:\Documents and Settings\Waka\Desktop\2.java
[2011/03/18 03:54:17 | 000,052,936 | ---- | M] () -- C:\Documents and Settings\Waka\Desktop\wakaela1.jpg
[2011/03/15 06:10:49 | 000,137,856 | ---- | M] () -- C:\Documents and Settings\Waka\Desktop\MathsCW1.pdf
[2011/03/14 23:40:22 | 000,004,823 | ---- | M] () -- C:\Documents and Settings\Waka\Desktop\maths1111.PNG
[2011/03/14 16:26:25 | 000,000,656 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mumble.lnk
[2011/03/14 06:30:18 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/03/14 06:12:47 | 000,001,787 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
[2011/03/14 05:44:01 | 000,232,776 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/03/14 04:59:48 | 000,000,917 | ---- | M] () -- C:\Documents and Settings\Waka\Desktop\Revo Uninstaller.lnk
[2011/03/14 02:20:05 | 000,017,018 | ---- | M] () -- C:\Documents and Settings\Waka\Desktop\prac6.zip
[2011/03/09 01:25:23 | 000,015,889 | ---- | M] () -- C:\Documents and Settings\Waka\Desktop\prac5.rar
[2011/03/08 05:45:26 | 000,735,866 | ---- | M] () -- C:\Documents and Settings\Waka\Desktop\lonely-risa-wanko-to-kurasou.png
[2011/03/08 05:36:22 | 000,057,901 | ---- | M] () -- C:\Documents and Settings\Waka\Desktop\34071.jpg
[1 C:\Documents and Settings\Waka\Desktop\*.tmp files -> C:\Documents and Settings\Waka\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/04/04 13:12:45 | 000,000,848 | ---- | C] () -- C:\Documents and Settings\Waka\Application Data\Microsoft\Internet Explorer\Quick Launch\AVG PC Tuneup 2011.lnk
[2011/04/04 13:12:45 | 000,000,830 | ---- | C] () -- C:\Documents and Settings\Waka\Desktop\AVG PC Tuneup 2011.lnk
[2011/04/02 16:47:44 | 000,301,568 | ---- | C] () -- C:\Documents and Settings\Waka\Desktop\7327fcpt.exe
[2011/04/02 16:42:44 | 000,301,568 | ---- | C] () -- C:\Documents and Settings\Waka\Desktop\w4bjdjhx.exe
[2011/04/02 16:42:34 | 000,625,664 | ---- | C] () -- C:\Documents and Settings\Waka\Desktop\dds.scr
[2011/04/02 16:13:09 | 001,885,088 | ---- | C] () -- C:\Documents and Settings\Waka\Desktop\SmitfraudFix.exe
[2011/04/02 14:23:32 | 014,336,632 | ---- | C] () -- C:\Documents and Settings\Waka\Desktop\SAS_7751.COM
[2011/04/02 05:23:20 | 000,266,328 | ---- | C] () -- C:\Documents and Settings\Waka\Desktop\gifts-year-old-girl-800X800.jpg
[2011/04/01 20:22:37 | 000,003,954 | ---- | C] () -- C:\WINDOWS\System32\tmp.reg
[2011/04/01 20:19:15 | 000,075,776 | ---- | C] () -- C:\WINDOWS\System32\WS2Fix.exe
[2011/04/01 20:19:13 | 000,051,200 | ---- | C] () -- C:\WINDOWS\System32\dumphive.exe
[2011/04/01 20:19:12 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\swsc.exe
[2011/04/01 19:20:31 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\FileASSASSIN.lnk
[2011/04/01 17:38:04 | 000,000,951 | ---- | C] () -- C:\Documents and Settings\Waka\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/04/01 17:38:04 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\Waka\Desktop\Spybot - Search & Destroy.lnk
[2011/03/30 23:20:49 | 000,921,654 | ---- | C] () -- C:\Documents and Settings\Waka\Desktop\untitled.bmp
[2011/03/30 04:22:16 | 000,022,683 | ---- | C] () -- C:\Documents and Settings\Waka\Desktop\practical8.rar
[2011/03/30 03:49:28 | 000,009,006 | ---- | C] () -- C:\Documents and Settings\Waka\Desktop\binarypic1.PNG
[2011/03/29 18:50:37 | 000,083,484 | ---- | C] () -- C:\Documents and Settings\Waka\Desktop\wakkaaa11.jpg
[2011/03/27 05:09:48 | 001,839,104 | ---- | C] () -- C:\Documents and Settings\Waka\Desktop\mt420.iso
[2011/03/27 01:57:37 | 000,001,546 | ---- | C] () -- C:\Documents and Settings\Waka\Application Data\Microsoft\Internet Explorer\Quick Launch\ImgBurn.lnk
[2011/03/27 01:57:36 | 000,001,528 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ImgBurn.lnk
[2011/03/25 06:50:22 | 002,574,294 | ---- | C] () -- C:\Documents and Settings\Waka\Desktop\94707__x_2ch-games-with-nice-oppai-oshiri-part-2-033.gif
[2011/03/25 06:50:17 | 003,151,846 | ---- | C] () -- C:\Documents and Settings\Waka\Desktop\94706__x_2ch-games-with-nice-oppai-oshiri-part-2-032.gif
[2011/03/25 06:50:10 | 002,328,932 | ---- | C] () -- C:\Documents and Settings\Waka\Desktop\94702__x_2ch-games-with-nice-oppai-oshiri-part-2-030.gif
[2011/03/25 06:50:06 | 003,350,884 | ---- | C] () -- C:\Documents and Settings\Waka\Desktop\94700__x_2ch-games-with-nice-oppai-oshiri-part-2-029.gif
[2011/03/23 08:16:41 | 018,604,442 | ---- | C] () -- C:\Documents and Settings\Waka\Desktop\Fire In The Booth _Charlie Sloth_ Radio.mp3
[2011/03/23 08:16:37 | 002,865,849 | ---- | C] () -- C:\Documents and Settings\Waka\Desktop\22 - Subzero & Pyper - Audio Music Star - Bassline Mix CD.mp3
[2011/03/23 02:12:16 | 000,050,198 | ---- | C] () -- C:\Documents and Settings\Waka\Desktop\practical7.rar
[2011/03/19 04:35:50 | 000,083,869 | ---- | C] () -- C:\Documents and Settings\Waka\Desktop\hoes.htm
[2011/03/18 22:54:15 | 000,137,515 | ---- | C] () -- C:\Documents and Settings\Waka\Desktop\259760527.jpg
[2011/03/18 06:31:40 | 000,000,239 | ---- | C] () -- C:\Documents and Settings\Waka\Desktop\2.java
[2011/03/18 03:54:16 | 000,052,936 | ---- | C] () -- C:\Documents and Settings\Waka\Desktop\wakaela1.jpg
[2011/03/14 23:40:22 | 000,004,823 | ---- | C] () -- C:\Documents and Settings\Waka\Desktop\maths1111.PNG
[2011/03/14 23:38:24 | 000,137,856 | ---- | C] () -- C:\Documents and Settings\Waka\Desktop\MathsCW1.pdf
[2011/03/14 06:15:35 | 000,001,077 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Live ID.lnk
[2011/03/14 06:12:47 | 000,001,803 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Search.lnk
[2011/03/14 06:12:47 | 000,001,787 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
[2011/03/14 04:59:48 | 000,000,917 | ---- | C] () -- C:\Documents and Settings\Waka\Desktop\Revo Uninstaller.lnk
[2011/03/14 02:20:04 | 000,017,018 | ---- | C] () -- C:\Documents and Settings\Waka\Desktop\prac6.zip
[2011/03/10 03:32:48 | 000,236,661 | ---- | C] () -- C:\Documents and Settings\Waka\Desktop\RelativeResourceManager.pdf
[2011/03/09 01:25:23 | 000,015,889 | ---- | C] () -- C:\Documents and Settings\Waka\Desktop\prac5.rar
[2011/03/08 05:45:25 | 000,735,866 | ---- | C] () -- C:\Documents and Settings\Waka\Desktop\lonely-risa-wanko-to-kurasou.png
[2011/03/08 05:36:21 | 000,057,901 | ---- | C] () -- C:\Documents and Settings\Waka\Desktop\34071.jpg
[2011/03/06 04:50:31 | 000,000,075 | ---- | C] () -- C:\WINDOWS\System32\nvUnsupRes.dat
[2011/02/18 23:17:07 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Waka\Local Settings\Application Data\PUTTY.RND
[2010/10/29 01:10:14 | 000,815,104 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/10/29 01:10:14 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010/10/14 02:36:44 | 000,179,263 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2010/10/13 22:06:27 | 000,241,440 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2010/10/13 22:06:01 | 000,241,440 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2010/10/13 22:06:01 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2010/10/13 22:05:33 | 002,293,194 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2010/09/18 14:03:52 | 000,669,184 | ---- | C] () -- C:\WINDOWS\System32\pbsvc.exe
[2010/08/03 14:30:33 | 000,002,278 | ---- | C] () -- C:\WINDOWS\System32\Cam122.ini
[2010/07/17 21:02:51 | 000,000,004 | -H-- | C] () -- C:\WINDOWS\ujspa.sys
[2010/06/02 00:49:58 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010/05/14 23:29:15 | 000,000,041 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2010/04/17 20:19:26 | 000,047,204 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/04/02 16:14:15 | 000,140,248 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2010/04/02 16:13:45 | 000,022,328 | ---- | C] () -- C:\Documents and Settings\Waka\Application Data\PnkBstrK.sys
[2010/04/02 16:12:56 | 000,266,400 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2010/04/02 16:12:26 | 002,434,856 | ---- | C] () -- C:\WINDOWS\System32\pbsvc_bc2.exe
[2010/04/02 16:12:26 | 000,075,136 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe
[2010/03/02 07:51:08 | 000,000,080 | RHS- | C] () -- C:\WINDOWS\System32\60F61203DC.dll
[2009/11/03 16:07:30 | 000,000,219 | ---- | C] () -- C:\WINDOWS\ACTIVEJP.INI
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/07/11 19:20:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/07/07 02:23:10 | 000,018,944 | ---- | C] () -- C:\Documents and Settings\Waka\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/04 02:18:13 | 000,781,312 | ---- | C] () -- C:\WINDOWS\System32\RGSS102J.dll
[2009/07/04 02:18:13 | 000,778,752 | ---- | C] () -- C:\WINDOWS\System32\RGSS102E.dll
[2009/07/04 02:18:13 | 000,771,584 | ---- | C] () -- C:\WINDOWS\System32\RGSS100J.dll
[2009/07/04 02:18:13 | 000,685,056 | ---- | C] () -- C:\WINDOWS\System32\RGSS103J.dll
[2009/07/01 03:40:03 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/06/29 20:57:47 | 000,133,632 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall.exe
[2009/06/18 16:24:43 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/06/18 13:03:52 | 000,032,914 | ---- | C] () -- C:\WINDOWS\System32\t3.ini
[2009/06/18 13:03:52 | 000,000,049 | R--- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2009/06/18 13:03:11 | 000,145,920 | ---- | C] () -- C:\WINDOWS\System32\OemSpi.dll
[2009/06/18 13:03:11 | 000,118,850 | ---- | C] () -- C:\WINDOWS\System32\CTPcie.dll
[2009/06/18 13:03:11 | 000,008,535 | ---- | C] () -- C:\WINDOWS\sfsyn.ini
[2009/06/18 03:44:31 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/06/18 03:26:11 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\AsIO.dll
[2009/06/18 03:26:11 | 000,012,400 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsIO.sys
[2009/06/18 03:26:10 | 000,011,832 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp64.sys
[2009/06/18 03:26:10 | 000,010,216 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp32.sys
[2009/06/18 03:25:50 | 000,005,810 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2009/06/18 03:11:30 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\AegisI5.exe
[2009/06/18 00:58:10 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/06/18 00:58:08 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2009/06/18 00:25:57 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/06/18 00:22:50 | 000,232,776 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/06/18 00:22:00 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2009/06/17 23:39:23 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/06/17 23:35:34 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/05/26 22:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 22:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2008/04/14 05:55:28 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2007/09/27 11:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 11:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 11:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2006/12/31 07:57:08 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/08/23 13:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 13:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/08/18 12:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/08/18 12:00:00 | 000,587,158 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/08/18 12:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/18 12:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/18 12:00:00 | 000,123,580 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/08/18 12:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/18 12:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/18 12:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2009/10/18 03:37:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\2DBoy
[2011/04/02 14:45:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2010/10/19 12:14:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/10/19 12:19:48 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2009/11/03 15:57:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2011/04/02 14:41:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2010/02/03 16:15:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\nHancer
[2011/01/19 07:43:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2011/04/04 15:11:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/06/18 01:52:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WindowsLiveInstaller
[2011/01/30 00:36:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Waka\Application Data\.minecraft
[2011/04/04 14:16:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Waka\Application Data\AVG
[2010/10/19 12:21:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Waka\Application Data\AVG10
[2009/11/03 16:06:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Waka\Application Data\DAEMON Tools Lite
[2010/03/02 07:54:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Waka\Application Data\DJJava
[2011/02/27 15:48:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Waka\Application Data\gtk-2.0
[2010/07/10 03:35:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Waka\Application Data\HLSW
[2011/03/27 02:03:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Waka\Application Data\ImgBurn
[2011/01/21 02:28:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Waka\Application Data\LolClient
[2011/04/05 00:00:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Waka\Application Data\Mumble
[2010/02/03 16:15:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Waka\Application Data\nHancer
[2010/02/23 23:08:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Waka\Application Data\Notepad++
[2009/12/17 01:24:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Waka\Application Data\OpenOffice.org
[2009/11/18 18:45:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Waka\Application Data\Processing
[2009/08/25 03:23:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Waka\Application Data\Scendix Software
[2010/12/08 16:22:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Waka\Application Data\SmartDraw
[2011/03/05 04:44:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Waka\Application Data\Spotify
[2010/10/13 21:35:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Waka\Application Data\SystemRequirementsLab
[2010/07/14 00:11:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Waka\Application Data\TS3Client
[2010/12/11 20:46:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Waka\Application Data\Uniblue
[2011/03/19 07:51:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Waka\Application Data\uTorrent
[2011/03/14 06:13:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Waka\Application Data\Windows Desktop Search
[2011/03/14 06:18:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Waka\Application Data\Windows Search
[2011/04/04 16:42:16 | 000,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\OGALogon.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: AGP440.SYS >
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: AHCIX86.SYS >
[2009/04/12 13:08:20 | 000,113,152 | ---- | M] (ATI Technologies Inc.) MD5=9FACB9D43EC53F54386DAE74A175AE53 -- C:\WINDOWS\NLDRV\007\ahcix86.sys

< MD5 for: ATAPI.SYS >
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008/04/14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2008/04/14 01:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\system32\DRIVERS\atapi.sys
[2008/04/14 01:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\i386\atapi.sys
[2008/04/14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0008\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/14 05:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/14 05:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2008/04/14 05:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: IASTOR.SYS >
[2009/04/12 13:08:15 | 000,874,240 | ---- | M] (Intel Corporation) MD5=309C4D86D989FB1FCF64BD30DC81C51B -- C:\WINDOWS\NLDRV\005\iastor.sys
[2009/04/12 13:08:18 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\WINDOWS\NLDRV\006\iastor.sys

< MD5 for: NETLOGON.DLL >
[2008/04/14 05:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/14 05:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2008/04/14 05:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: NVATABUS.SYS >
[2009/04/12 13:08:07 | 000,105,472 | ---- | M] (NVIDIA Corporation) MD5=6B37162E91A7005BAA753CB611ACEA2D -- C:\WINDOWS\NLDRV\003\nvatabus.sys

< MD5 for: NVGTS.SYS >
[2009/04/12 13:08:11 | 000,102,400 | ---- | M] (NVIDIA Corporation) MD5=1F790624AB1619CAE0C78597BD33615B -- C:\WINDOWS\NLDRV\004\nvgts.sys
[2009/04/12 13:08:03 | 000,107,520 | ---- | M] (NVIDIA Corporation) MD5=20E15B182DE3EFDFEA3AECB86A04E5CA -- C:\WINDOWS\NLDRV\002\nvgts.sys

< MD5 for: SCECLI.DLL >
[2008/04/14 05:42:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/14 05:42:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2008/04/14 05:42:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: VIAMRAID.SYS >
[2009/04/12 13:08:30 | 000,116,688 | ---- | M] (VIA Technologies inc,.ltd) MD5=68B41DFA083C2734340BA254532700F3 -- C:\WINDOWS\NLDRV\013\viamraid.sys
[2009/04/12 13:08:28 | 000,102,912 | ---- | M] (VIA Technologies inc,.ltd) MD5=7DC3E1DC6E4F8BE381C31BFEA578412A -- C:\WINDOWS\NLDRV\012\viamraid.sys

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2009/06/18 00:22:04 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2009/06/18 00:22:04 | 001,089,536 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2009/06/18 00:22:04 | 000,950,272 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

========== Files - Unicode (All) ==========
[2011/02/22 22:37:50 | 000,411,905 | ---- | M] ()(C:\Documents and Settings\Waka\Desktop\QQ?????.png) -- C:\Documents and Settings\Waka\Desktop\QQ截图未命名.png
[2011/02/22 22:37:42 | 000,411,905 | ---- | C] ()(C:\Documents and Settings\Waka\Desktop\QQ?????.png) -- C:\Documents and Settings\Waka\Desktop\QQ截图未命名.png

========== Alternate Data Streams ==========

@Alternate Data Stream - 487 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF
@Alternate Data Stream - 24 bytes -> C:\WINDOWS:4E17D6D2B619558D
@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4

< End of report >

I kind of messed up and ran it the first time with FireFox and WoW open and it created the primary file and the extra files. I shut down everything properly and reloaded the program yet this time, after the scan, it didn't create an Extras.txt file. :(

OTL logfile created on: 05/04/2011 11:03:32 - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Waka\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 65.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.23 Gb Total Space | 11.70 Gb Free Space | 16.90% Space Free | Partition Type: NTFS
Drive D: | 5.40 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 931.51 Gb Total Space | 733.31 Gb Free Space | 78.72% Space Free | Partition Type: NTFS

Computer Name: KINGY | User Name: Waka | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/05 10:42:34 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Waka\Desktop\OTL.exe
PRC - [2011/04/02 19:32:52 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files\Steam\Steam.exe
PRC - [2011/01/07 02:22:54 | 002,747,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2011/01/07 02:22:44 | 001,084,256 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2011/01/07 02:22:12 | 001,052,512 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgemcx.exe
PRC - [2011/01/06 16:23:20 | 000,737,872 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011/01/06 16:23:18 | 006,128,720 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2010/12/05 17:26:40 | 000,654,176 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2010/12/05 17:26:12 | 000,650,592 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2010/10/22 05:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2010/10/22 05:56:58 | 000,845,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
PRC - [2010/09/16 21:04:06 | 001,164,584 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/06/23 13:52:56 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe
PRC - [2010/06/23 13:51:30 | 001,043,968 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2010/02/12 10:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe
PRC - [2009/01/02 23:51:42 | 001,427,968 | ---- | M] () -- C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (SafeList) ==========

MOD - [2011/04/05 10:42:34 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Waka\Desktop\OTL.exe
MOD - [2010/08/23 17:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - [2011/02/02 11:57:54 | 000,052,288 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus(R)
SRV - [2011/01/06 16:23:18 | 006,128,720 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2010/12/11 21:41:48 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\MT6Licensing.exe -- (Creative Media Toolbox 6 Licensing Service)
SRV - [2010/10/22 05:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/09/24 05:38:36 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2010/06/23 13:52:56 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2010/02/12 10:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)

========== Driver Services (SafeList) ==========

DRV - [2011/04/04 17:50:41 | 000,140,248 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PnkBstrK.sys -- (PnkBstrK)
DRV - [2010/12/08 05:12:38 | 000,251,728 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/11/12 14:19:38 | 000,299,984 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2010/09/13 16:27:24 | 000,025,680 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2010/09/07 03:48:56 | 000,034,384 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2010/09/07 03:48:50 | 000,026,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2010/08/19 21:42:38 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2010/08/19 21:42:36 | 000,123,472 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2010/08/19 21:42:34 | 000,026,192 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2010/05/13 10:02:32 | 000,532,224 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2009/11/03 15:57:47 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/07/30 19:53:54 | 002,697,728 | ---- | M] (NTK) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvtcam.sys -- (DCamUSBNovatek)
DRV - [2009/06/18 03:46:11 | 000,025,280 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2009/06/04 10:34:06 | 000,054,784 | ---- | M] (Guillemot Corp S.A.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\guillflt.sys -- (guillflt)
DRV - [2009/05/06 03:36:12 | 000,742,936 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\t3.sys -- (t3)
DRV - [2009/04/12 13:08:22 | 000,209,200 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\drivers\Si3114r5.sys -- (Si3114r5)
DRV - [2009/02/27 10:45:30 | 000,171,008 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctusfsyn.sys -- (CTUSFSYN)
DRV - [2009/02/09 03:30:00 | 000,152,616 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\mv61xx.sys -- (mv61xx)
DRV - [2009/02/08 23:42:42 | 000,099,968 | ---- | M] (Guillemot Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hxctlflt.sys -- (hxctlflt)
DRV - [2009/02/05 09:34:16 | 001,803,136 | ---- | M] (Creative) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\t3filt.sys -- (t3filt)
DRV - [2009/01/14 10:47:24 | 000,142,336 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2009/01/14 10:47:24 | 000,114,688 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2009/01/14 03:47:24 | 000,008,704 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Pfmodnt.sys -- (PfModNT)
DRV - [2008/11/12 07:52:36 | 000,018,984 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\mrdd.sys -- (mrdd)
DRV - [2008/06/26 00:47:00 | 000,036,864 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l1e51x86.sys -- (L1e)
DRV - [2007/12/17 17:14:06 | 000,012,400 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AsIO.sys -- (AsIO)
DRV - [2007/08/02 17:32:26 | 000,022,784 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\dadder.sys -- (DAdderFltr)
DRV - [2007/04/11 17:23:48 | 000,045,440 | ---- | M] (Razer USA Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\UsbFltr.sys -- (TarFltr)
DRV - [2006/11/08 21:19:18 | 000,004,544 | ---- | M] (SweetLow) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hidusbf.sys -- (hidusbf)
DRV - [2004/08/13 10:56:20 | 000,005,810 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://google.com/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:3.3.3.2

FF - HKLM\software\mozilla\Firefox\extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG10\Firefox\ [2010/12/30 23:12:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/04/02 14:45:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.18\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/29 03:53:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.18\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/25 03:34:02 | 000,000,000 | ---D | M]

[2009/08/25 03:23:05 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Waka\Application Data\Mozilla\Extensions
[2009/08/25 03:23:05 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Waka\Application Data\Mozilla\Extensions\{2f1e6a90-e99e-11dd-ba2f-0800200c9a66}
[2009/06/29 20:49:49 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Waka\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2011/04/04 17:53:54 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Waka\Application Data\Mozilla\Firefox\Profiles\ldfpmils.default\extensions
[2010/08/23 21:10:35 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Waka\Application Data\Mozilla\Firefox\Profiles\ldfpmils.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/03/25 00:30:22 | 000,000,000 | ---D | M] (Zynga Community Toolbar) -- C:\Documents and Settings\Waka\Application Data\Mozilla\Firefox\Profiles\ldfpmils.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
[2011/04/04 17:53:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/15 22:39:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/16 02:11:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/10/15 22:51:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/12/15 21:55:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/02/15 23:56:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2010/04/15 22:39:39 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/02/02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/12/12 16:35:56 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/12/12 16:35:56 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/12/12 16:35:56 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/12/12 16:35:56 | 000,000,831 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2011/04/04 11:27:17 | 000,431,524 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 14855 more lines...
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Ai Nap] C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe ()
O4 - HKLM..\Run: [ASUS Update Checker] C:\Program Files\ASUS\ASUSUpdate\UpdateChecker\UpdateChecker.exe ()
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Cpu Level Up help] C:\Program Files\ASUS\AI Suite\CpuLevelUpHelp.exe ()
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [QFan Help] C:\Program Files\ASUS\AI Suite\QFan3\QFanHelp.exe ()
O4 - HKLM..\Run: [SPIRun] C:\WINDOWS\System32\SPIRun.dll (Creative Technology Ltd.)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Waka\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Waka\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/17 23:37:54 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/02/10 02:55:59 | 000,423,304 | R--- | M] (Electronic Arts) - D:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2010/02/10 07:21:09 | 000,000,000 | R--D | M] - D:\Autorun -- [ CDFS ]
O32 - AutoRun File - [2010/01/31 09:21:13 | 000,367,686 | R--- | M] () - D:\Autorun.ico -- [ CDFS ]
O32 - AutoRun File - [2010/02/10 03:55:03 | 009,965,568 | R--- | M] () - D:\autorun.dat -- [ CDFS ]
O32 - AutoRun File - [2010/02/10 03:54:55 | 000,000,155 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{096a3f4b-5b95-11de-b73f-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{096a3f4b-5b95-11de-b73f-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{096a3f4b-5b95-11de-b73f-806d6172696f}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2010/02/10 02:55:59 | 000,423,304 | R--- | M] (Electronic Arts)
O33 - MountPoints2\{6f2086a6-d3e3-11df-b31d-001d0fb062cc}\Shell\AutoRun\command - "" = G:\setup.exe
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\Installer.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - C:\WINDOWS\System32\iprip.dll (Microsoft Corporation)
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17183584330711040)

========== Files/Folders - Created Within 30 Days ==========

[2011/04/05 10:42:33 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Waka\Desktop\OTL.exe
[2011/04/04 13:15:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Waka\Application Data\AVG
[2011/04/04 13:12:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG PC Tuneup 2011
[2011/04/04 12:27:27 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/04/04 11:02:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Waka\Desktop\SmitfraudFix
[2011/04/03 04:24:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Waka\Desktop\practical9
[2011/04/02 14:35:34 | 000,000,000 | R--D | C] -- C:\32788R22FWJFW
[2011/04/02 14:28:54 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Waka\Desktop\TFC.exe
[2011/04/02 14:24:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Waka\Application Data\SUPERAntiSpyware.com
[2011/04/02 14:24:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/04/02 14:07:20 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/04/01 20:19:17 | 000,078,336 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\Agent.OMZ.Fix.exe
[2011/04/01 20:19:16 | 000,082,944 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\IEDFix.C.exe
[2011/04/01 20:19:16 | 000,082,432 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\404Fix.exe
[2011/04/01 20:19:16 | 000,080,384 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\o4Patch.exe
[2011/04/01 20:19:15 | 000,087,552 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\VACFix.exe
[2011/04/01 20:19:15 | 000,082,944 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\IEDFix.exe
[2011/04/01 20:19:14 | 000,289,144 | ---- | C] (S!Ri) -- C:\WINDOWS\System32\VCCLSID.exe
[2011/04/01 20:19:14 | 000,079,360 | ---- | C] (SteelWerX) -- C:\WINDOWS\System32\swxcacls.exe
[2011/04/01 20:19:13 | 000,288,417 | ---- | C] (S!Ri) -- C:\WINDOWS\System32\SrchSTS.exe
[2011/04/01 20:19:11 | 000,135,168 | ---- | C] (SteelWerX) -- C:\WINDOWS\System32\swreg.exe
[2011/04/01 20:19:10 | 000,053,248 | ---- | C] (http://www.beyondlogic.org) -- C:\WINDOWS\System32\Process.exe
[2011/04/01 19:20:31 | 000,000,000 | ---D | C] -- C:\Program Files\FileASSASSIN
[2011/04/01 19:20:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\FileASSASSIN
[2011/04/01 17:38:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2011/03/30 06:06:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Waka\Start Menu\Programs\StarCraft II
[2011/03/30 00:22:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Waka\Desktop\practical8
[2011/03/27 02:02:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Waka\Application Data\ImgBurn
[2011/03/27 01:57:32 | 000,000,000 | ---D | C] -- C:\Program Files\ImgBurn
[2011/03/27 01:57:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ImgBurn
[2011/03/21 17:56:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Waka\Desktop\practical7
[2011/03/19 04:35:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Waka\Desktop\hoes_files
[2011/03/18 01:54:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Waka\Desktop\Exec
[2011/03/16 00:06:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Waka\Desktop\testjava
[2011/03/14 06:53:15 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Waka\Start Menu\Programs\Administrative Tools
[2011/03/14 06:40:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
[2011/03/14 06:39:45 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2011/03/14 06:29:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Waka\Local Settings\Application Data\ApplicationHistory
[2011/03/14 06:18:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Waka\Application Data\Windows Search
[2011/03/14 06:18:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2011/03/14 06:15:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Games for Windows Marketplace
[2011/03/14 06:14:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\winrm
[2011/03/14 06:14:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\WindowsPowerShell
[2011/03/14 06:14:12 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$968930Uinstall_KB968930$
[2011/03/14 06:13:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Waka\Application Data\Windows Desktop Search
[2011/03/14 06:12:43 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Desktop Search
[2011/03/14 06:11:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\URTTEMP
[2011/03/14 05:40:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2011/03/14 04:59:48 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2011/03/14 04:59:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Waka\Start Menu\Programs\Revo Uninstaller
[2011/03/14 02:20:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Waka\Desktop\prac6
[2011/03/07 23:53:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Waka\Desktop\prac5
[2011/03/07 13:28:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Waka\.android
[1 C:\Documents and Settings\Waka\Desktop\*.tmp files -> C:\Documents and Settings\Waka\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/04/05 10:42:34 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Waka\Desktop\OTL.exe
[2011/04/05 09:51:23 | 111,693,519 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/04/05 08:13:26 | 000,000,543 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\World of Warcraft.lnk
[2011/04/05 07:49:05 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011/04/05 07:36:40 | 000,004,212 | -H-- | M] () -- C:\WINDOWS\System32\zllictbl.dat
[2011/04/04 17:50:41 | 000,140,248 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2011/04/04 17:50:36 | 000,266,400 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.xtr
[2011/04/04 16:42:47 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/04/04 16:42:16 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2011/04/04 16:42:00 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/04/04 13:12:45 | 000,000,848 | ---- | M] () -- C:\Documents and Settings\Waka\Application Data\Microsoft\Internet Explorer\Quick Launch\AVG PC Tuneup 2011.lnk
[2011/04/04 13:12:45 | 000,000,830 | ---- | M] () -- C:\Documents and Settings\Waka\Desktop\AVG PC Tuneup 2011.lnk
[2011/04/04 11:27:17 | 000,431,524 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/04/04 11:06:40 | 000,003,954 | ---- | M] () -- C:\WINDOWS\System32\tmp.reg
[2011/04/04 11:06:37 | 000,431,398 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110404-112717.backup
[2011/04/03 15:15:31 | 000,236,661 | ---- | M] () -- C:\Documents and Settings\Waka\Desktop\RelativeResourceManager.pdf
[2011/04/03 06:02:14 | 000,266,400 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.ex0
[2011/04/02 16:47:44 | 000,301,568 | ---- | M] () -- C:\Documents and Settings\Waka\Desktop\7327fcpt.exe
[2011/04/02 16:42:45 | 000,301,568 | ---- | M] () -- C:\Documents and Settings\Waka\Desktop\w4bjdjhx.exe
[2011/04/02 16:42:35 | 000,625,664 | ---- | M] () -- C:\Documents and Settings\Waka\Desktop\dds.scr
[2011/04/02 14:45:23 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk
[2011/04/02 14:28:55 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Waka\Desktop\TFC.exe
[2011/04/02 14:24:36 | 014,336,632 | ---- | M] () -- C:\Documents and Settings\Waka\Desktop\SAS_7751.COM
[2011/04/02 05:23:22 | 000,266,328 | ---- | M] () -- C:\Documents and Settings\Waka\Desktop\gifts-year-old-girl-800X800.jpg
[2011/04/01 20:17:42 | 001,885,088 | ---- | M] () -- C:\Documents and Settings\Waka\Desktop\SmitfraudFix.exe
[2011/04/01 19:20:31 | 000,000,730 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\FileASSASSIN.lnk
[2011/04/01 17:38:04 | 000,000,951 | ---- | M] () -- C:\Documents and Settings\Waka\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/04/01 17:38:04 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\Waka\Desktop\Spybot - Search & Destroy.lnk
[2011/03/30 23:21:03 | 000,921,654 | ---- | M] () -- C:\Documents and Settings\Waka\Desktop\untitled.bmp
[2011/03/30 23:04:59 | 000,050,198 | ---- | M] () -- C:\Documents and Settings\Waka\Desktop\practical7.rar
[2011/03/30 15:53:31 | 000,587,158 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/03/30 15:53:31 | 000,123,580 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/03/30 04:58:40 | 000,022,683 | ---- | M] () -- C:\Documents and Settings\Waka\Desktop\practical8.rar
[2011/03/30 03:49:28 | 000,009,006 | ---- | M] () -- C:\Documents and Settings\Waka\Desktop\binarypic1.PNG
[2011/03/29 18:50:38 | 000,083,484 | ---- | M] () -- C:\Documents and Settings\Waka\Desktop\wakkaaa11.jpg
[2011/03/28 23:27:30 | 000,241,440 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/03/28 23:27:30 | 000,241,440 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/03/28 23:27:30 | 000,000,001 | ---- | M] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/03/27 01:57:37 | 000,001,546 | ---- | M] () -- C:\Documents and Settings\Waka\Application Data\Microsoft\Internet Explorer\Quick Launch\ImgBurn.lnk
[2011/03/27 01:57:36 | 000,001,528 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ImgBurn.lnk
[2011/03/25 06:50:22 | 002,574,294 | ---- | M] () -- C:\Documents and Settings\Waka\Desktop\94707__x_2ch-games-with-nice-oppai-oshiri-part-2-033.gif
[2011/03/25 06:50:18 | 003,151,846 | ---- | M] () -- C:\Documents and Settings\Waka\Desktop\94706__x_2ch-games-with-nice-oppai-oshiri-part-2-032.gif
[2011/03/25 06:50:10 | 002,328,932 | ---- | M] () -- C:\Documents and Settings\Waka\Desktop\94702__x_2ch-games-with-nice-oppai-oshiri-part-2-030.gif
[2011/03/25 06:50:07 | 003,350,884 | ---- | M] () -- C:\Documents and Settings\Waka\Desktop\94700__x_2ch-games-with-nice-oppai-oshiri-part-2-029.gif
[2011/03/25 03:34:02 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/03/19 04:35:52 | 000,083,869 | ---- | M] () -- C:\Documents and Settings\Waka\Desktop\hoes.htm
[2011/03/18 22:54:15 | 000,137,515 | ---- | M] () -- C:\Documents and Settings\Waka\Desktop\259760527.jpg
[2011/03/18 06:31:40 | 000,000,239 | ---- | M] () -- C:\Documents and Settings\Waka\Desktop\2.java
[2011/03/18 03:54:17 | 000,052,936 | ---- | M] () -- C:\Documents and Settings\Waka\Desktop\wakaela1.jpg
[2011/03/15 06:10:49 | 000,137,856 | ---- | M] () -- C:\Documents and Settings\Waka\Desktop\MathsCW1.pdf
[2011/03/14 23:40:22 | 000,004,823 | ---- | M] () -- C:\Documents and Settings\Waka\Desktop\maths1111.PNG
[2011/03/14 16:26:25 | 000,000,656 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mumble.lnk
[2011/03/14 06:30:18 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/03/14 06:12:47 | 000,001,787 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
[2011/03/14 05:44:01 | 000,232,776 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/03/14 04:59:48 | 000,000,917 | ---- | M] () -- C:\Documents and Settings\Waka\Desktop\Revo Uninstaller.lnk
[2011/03/14 02:20:05 | 000,017,018 | ---- | M] () -- C:\Documents and Settings\Waka\Desktop\prac6.zip
[2011/03/09 01:25:23 | 000,015,889 | ---- | M] () -- C:\Documents and Settings\Waka\Desktop\prac5.rar
[2011/03/08 05:45:26 | 000,735,866 | ---- | M] () -- C:\Documents and Settings\Waka\Desktop\lonely-risa-wanko-to-kurasou.png
[2011/03/08 05:36:22 | 000,057,901 | ---- | M] () -- C:\Documents and Settings\Waka\Desktop\34071.jpg
[1 C:\Documents and Settings\Waka\Desktop\*.tmp files -> C:\Documents and Settings\Waka\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/04/04 13:12:45 | 000,000,848 | ---- | C] () -- C:\Documents and Settings\Waka\Application Data\Microsoft\Internet Explorer\Quick Launch\AVG PC Tuneup 2011.lnk
[2011/04/04 13:12:45 | 000,000,830 | ---- | C] () -- C:\Documents and Settings\Waka\Desktop\AVG PC Tuneup 2011.lnk
[2011/04/02 16:47:44 | 000,301,568 | ---- | C] () -- C:\Documents and Settings\Waka\Desktop\7327fcpt.exe
[2011/04/02 16:42:44 | 000,301,568 | ---- | C] () -- C:\Documents and Settings\Waka\Desktop\w4bjdjhx.exe
[2011/04/02 16:42:34 | 000,625,664 | ---- | C] () -- C:\Documents and Settings\Waka\Desktop\dds.scr
[2011/04/02 16:13:09 | 001,885,088 | ---- | C] () -- C:\Documents and Settings\Waka\Desktop\SmitfraudFix.exe
[2011/04/02 14:23:32 | 014,336,632 | ---- | C] () -- C:\Documents and Settings\Waka\Desktop\SAS_7751.COM
[2011/04/02 05:23:20 | 000,266,328 | ---- | C] () -- C:\Documents and Settings\Waka\Desktop\gifts-year-old-girl-800X800.jpg
[2011/04/01 20:22:37 | 000,003,954 | ---- | C] () -- C:\WINDOWS\System32\tmp.reg
[2011/04/01 20:19:15 | 000,075,776 | ---- | C] () -- C:\WINDOWS\System32\WS2Fix.exe
[2011/04/01 20:19:13 | 000,051,200 | ---- | C] () -- C:\WINDOWS\System32\dumphive.exe
[2011/04/01 20:19:12 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\swsc.exe
[2011/04/01 19:20:31 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\FileASSASSIN.lnk
[2011/04/01 17:38:04 | 000,000,951 | ---- | C] () -- C:\Documents and Settings\Waka\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/04/01 17:38:04 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\Waka\Desktop\Spybot - Search & Destroy.lnk
[2011/03/30 23:20:49 | 000,921,654 | ---- | C] () -- C:\Documents and Settings\Waka\Desktop\untitled.bmp
[2011/03/30 04:22:16 | 000,022,683 | ---- | C] () -- C:\Documents and Settings\Waka\Desktop\practical8.rar
[2011/03/30 03:49:28 | 000,009,006 | ---- | C] () -- C:\Documents and Settings\Waka\Desktop\binarypic1.PNG
[2011/03/29 18:50:37 | 000,083,484 | ---- | C] () -- C:\Documents and Settings\Waka\Desktop\wakkaaa11.jpg
[2011/03/27 05:09:48 | 001,839,104 | ---- | C] () -- C:\Documents and Settings\Waka\Desktop\mt420.iso
[2011/03/27 01:57:37 | 000,001,546 | ---- | C] () -- C:\Documents and Settings\Waka\Application Data\Microsoft\Internet Explorer\Quick Launch\ImgBurn.lnk
[2011/03/27 01:57:36 | 000,001,528 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ImgBurn.lnk
[2011/03/25 06:50:22 | 002,574,294 | ---- | C] () -- C:\Documents and Settings\Waka\Desktop\94707__x_2ch-games-with-nice-oppai-oshiri-part-2-033.gif
[2011/03/25 06:50:17 | 003,151,846 | ---- | C] () -- C:\Documents and Settings\Waka\Desktop\94706__x_2ch-games-with-nice-oppai-oshiri-part-2-032.gif
[2011/03/25 06:50:10 | 002,328,932 | ---- | C] () -- C:\Documents and Settings\Waka\Desktop\94702__x_2ch-games-with-nice-oppai-oshiri-part-2-030.gif
[2011/03/25 06:50:06 | 003,350,884 | ---- | C] () -- C:\Documents and Settings\Waka\Desktop\94700__x_2ch-games-with-nice-oppai-oshiri-part-2-029.gif
[2011/03/23 08:16:41 | 018,604,442 | ---- | C] () -- C:\Documents and Settings\Waka\Desktop\Fire In The Booth _Charlie Sloth_ Radio.mp3
[2011/03/23 08:16:37 | 002,865,849 | ---- | C] () -- C:\Documents and Settings\Waka\Desktop\22 - Subzero & Pyper - Audio Music Star - Bassline Mix CD.mp3
[2011/03/23 02:12:16 | 000,050,198 | ---- | C] () -- C:\Documents and Settings\Waka\Desktop\practical7.rar
[2011/03/19 04:35:50 | 000,083,869 | ---- | C] () -- C:\Documents and Settings\Waka\Desktop\hoes.htm
[2011/03/18 22:54:15 | 000,137,515 | ---- | C] () -- C:\Documents and Settings\Waka\Desktop\259760527.jpg
[2011/03/18 06:31:40 | 000,000,239 | ---- | C] () -- C:\Documents and Settings\Waka\Desktop\2.java
[2011/03/18 03:54:16 | 000,052,936 | ---- | C] () -- C:\Documents and Settings\Waka\Desktop\wakaela1.jpg
[2011/03/14 23:40:22 | 000,004,823 | ---- | C] () -- C:\Documents and Settings\Waka\Desktop\maths1111.PNG
[2011/03/14 23:38:24 | 000,137,856 | ---- | C] () -- C:\Documents and Settings\Waka\Desktop\MathsCW1.pdf
[2011/03/14 06:15:35 | 000,001,077 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Live ID.lnk
[2011/03/14 06:12:47 | 000,001,803 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Search.lnk
[2011/03/14 06:12:47 | 000,001,787 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
[2011/03/14 04:59:48 | 000,000,917 | ---- | C] () -- C:\Documents and Settings\Waka\Desktop\Revo Uninstaller.lnk
[2011/03/14 02:20:04 | 000,017,018 | ---- | C] () -- C:\Documents and Settings\Waka\Desktop\prac6.zip
[2011/03/10 03:32:48 | 000,236,661 | ---- | C] () -- C:\Documents and Settings\Waka\Desktop\RelativeResourceManager.pdf
[2011/03/09 01:25:23 | 000,015,889 | ---- | C] () -- C:\Documents and Settings\Waka\Desktop\prac5.rar
[2011/03/08 05:45:25 | 000,735,866 | ---- | C] () -- C:\Documents and Settings\Waka\Desktop\lonely-risa-wanko-to-kurasou.png
[2011/03/08 05:36:21 | 000,057,901 | ---- | C] () -- C:\Documents and Settings\Waka\Desktop\34071.jpg
[2011/03/06 04:50:31 | 000,000,075 | ---- | C] () -- C:\WINDOWS\System32\nvUnsupRes.dat
[2011/02/18 23:17:07 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Waka\Local Settings\Application Data\PUTTY.RND
[2010/10/29 01:10:14 | 000,815,104 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/10/29 01:10:14 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010/10/14 02:36:44 | 000,179,263 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2010/10/13 22:06:27 | 000,241,440 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2010/10/13 22:06:01 | 000,241,440 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2010/10/13 22:06:01 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2010/10/13 22:05:33 | 002,293,194 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2010/09/18 14:03:52 | 000,669,184 | ---- | C] () -- C:\WINDOWS\System32\pbsvc.exe
[2010/08/03 14:30:33 | 000,002,278 | ---- | C] () -- C:\WINDOWS\System32\Cam122.ini
[2010/07/17 21:02:51 | 000,000,004 | -H-- | C] () -- C:\WINDOWS\ujspa.sys
[2010/06/02 00:49:58 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010/05/14 23:29:15 | 000,000,041 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2010/04/17 20:19:26 | 000,047,204 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/04/02 16:14:15 | 000,140,248 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2010/04/02 16:13:45 | 000,022,328 | ---- | C] () -- C:\Documents and Settings\Waka\Application Data\PnkBstrK.sys
[2010/04/02 16:12:56 | 000,266,400 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2010/04/02 16:12:26 | 002,434,856 | ---- | C] () -- C:\WINDOWS\System32\pbsvc_bc2.exe
[2010/04/02 16:12:26 | 000,075,136 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe
[2010/03/02 07:51:08 | 000,000,080 | RHS- | C] () -- C:\WINDOWS\System32\60F61203DC.dll
[2009/11/03 16:07:30 | 000,000,219 | ---- | C] () -- C:\WINDOWS\ACTIVEJP.INI
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/07/11 19:20:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/07/07 02:23:10 | 000,018,944 | ---- | C] () -- C:\Documents and Settings\Waka\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/04 02:18:13 | 000,781,312 | ---- | C] () -- C:\WINDOWS\System32\RGSS102J.dll
[2009/07/04 02:18:13 | 000,778,752 | ---- | C] () -- C:\WINDOWS\System32\RGSS102E.dll
[2009/07/04 02:18:13 | 000,771,584 | ---- | C] () -- C:\WINDOWS\System32\RGSS100J.dll
[2009/07/04 02:18:13 | 000,685,056 | ---- | C] () -- C:\WINDOWS\System32\RGSS103J.dll
[2009/07/01 03:40:03 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/06/29 20:57:47 | 000,133,632 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall.exe
[2009/06/18 16:24:43 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/06/18 13:03:52 | 000,032,914 | ---- | C] () -- C:\WINDOWS\System32\t3.ini
[2009/06/18 13:03:52 | 000,000,049 | R--- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2009/06/18 13:03:11 | 000,145,920 | ---- | C] () -- C:\WINDOWS\System32\OemSpi.dll
[2009/06/18 13:03:11 | 000,118,850 | ---- | C] () -- C:\WINDOWS\System32\CTPcie.dll
[2009/06/18 13:03:11 | 000,008,535 | ---- | C] () -- C:\WINDOWS\sfsyn.ini
[2009/06/18 03:44:31 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/06/18 03:26:11 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\AsIO.dll
[2009/06/18 03:26:11 | 000,012,400 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsIO.sys
[2009/06/18 03:26:10 | 000,011,832 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp64.sys
[2009/06/18 03:26:10 | 000,010,216 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp32.sys
[2009/06/18 03:25:50 | 000,005,810 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2009/06/18 03:11:30 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\AegisI5.exe
[2009/06/18 00:58:10 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/06/18 00:58:08 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2009/06/18 00:25:57 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/06/18 00:22:50 | 000,232,776 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/06/18 00:22:00 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2009/06/17 23:39:23 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/06/17 23:35:34 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/05/26 22:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 22:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2008/04/14 05:55:28 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2007/09/27 11:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 11:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 11:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2006/12/31 07:57:08 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/08/23 13:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 13:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/08/18 12:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/08/18 12:00:00 | 000,587,158 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/08/18 12:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/18 12:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/18 12:00:00 | 000,123,580 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/08/18 12:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/18 12:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/18 12:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2009/10/18 03:37:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\2DBoy
[2011/04/02 14:45:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2010/10/19 12:14:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/10/19 12:19:48 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2009/11/03 15:57:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2011/04/02 14:41:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2010/02/03 16:15:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\nHancer
[2011/01/19 07:43:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2011/04/04 15:11:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/06/18 01:52:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WindowsLiveInstaller
[2011/01/30 00:36:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Waka\Application Data\.minecraft
[2011/04/04 14:16:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Waka\Application Data\AVG
[2010/10/19 12:21:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Waka\Application Data\AVG10
[2009/11/03 16:06:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Waka\Application Data\DAEMON Tools Lite
[2010/03/02 07:54:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Waka\Application Data\DJJava
[2011/02/27 15:48:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Waka\Application Data\gtk-2.0
[2010/07/10 03:35:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Waka\Application Data\HLSW
[2011/03/27 02:03:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Waka\Application Data\ImgBurn
[2011/01/21 02:28:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Waka\Application Data\LolClient
[2011/04/05 00:00:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Waka\Application Data\Mumble
[2010/02/03 16:15:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Waka\Application Data\nHancer
[2010/02/23 23:08:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Waka\Application Data\Notepad++
[2009/12/17 01:24:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Waka\Application Data\OpenOffice.org
[2009/11/18 18:45:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Waka\Application Data\Processing
[2009/08/25 03:23:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Waka\Application Data\Scendix Software
[2010/12/08 16:22:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Waka\Application Data\SmartDraw
[2011/03/05 04:44:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Waka\Application Data\Spotify
[2010/10/13 21:35:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Waka\Application Data\SystemRequirementsLab
[2010/07/14 00:11:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Waka\Application Data\TS3Client
[2010/12/11 20:46:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Waka\Application Data\Uniblue
[2011/03/19 07:51:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Waka\Application Data\uTorrent
[2011/03/14 06:13:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Waka\Application Data\Windows Desktop Search
[2011/03/14 06:18:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Waka\Application Data\Windows Search
[2011/04/04 16:42:16 | 000,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\OGALogon.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: AGP440.SYS >
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: AHCIX86.SYS >
[2009/04/12 13:08:20 | 000,113,152 | ---- | M] (ATI Technologies Inc.) MD5=9FACB9D43EC53F54386DAE74A175AE53 -- C:\WINDOWS\NLDRV\007\ahcix86.sys

< MD5 for: ATAPI.SYS >
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008/04/14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2008/04/14 01:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\system32\DRIVERS\atapi.sys
[2008/04/14 01:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\i386\atapi.sys
[2008/04/14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0008\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/14 05:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/14 05:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2008/04/14 05:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: IASTOR.SYS >
[2009/04/12 13:08:15 | 000,874,240 | ---- | M] (Intel Corporation) MD5=309C4D86D989FB1FCF64BD30DC81C51B -- C:\WINDOWS\NLDRV\005\iastor.sys
[2009/04/12 13:08:18 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\WINDOWS\NLDRV\006\iastor.sys

< MD5 for: NETLOGON.DLL >
[2008/04/14 05:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/14 05:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2008/04/14 05:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: NVATABUS.SYS >
[2009/04/12 13:08:07 | 000,105,472 | ---- | M] (NVIDIA Corporation) MD5=6B37162E91A7005BAA753CB611ACEA2D -- C:\WINDOWS\NLDRV\003\nvatabus.sys

< MD5 for: NVGTS.SYS >
[2009/04/12 13:08:11 | 000,102,400 | ---- | M] (NVIDIA Corporation) MD5=1F790624AB1619CAE0C78597BD33615B -- C:\WINDOWS\NLDRV\004\nvgts.sys
[2009/04/12 13:08:03 | 000,107,520 | ---- | M] (NVIDIA Corporation) MD5=20E15B182DE3EFDFEA3AECB86A04E5CA -- C:\WINDOWS\NLDRV\002\nvgts.sys

< MD5 for: SCECLI.DLL >
[2008/04/14 05:42:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/14 05:42:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2008/04/14 05:42:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: VIAMRAID.SYS >
[2009/04/12 13:08:30 | 000,116,688 | ---- | M] (VIA Technologies inc,.ltd) MD5=68B41DFA083C2734340BA254532700F3 -- C:\WINDOWS\NLDRV\013\viamraid.sys
[2009/04/12 13:08:28 | 000,102,912 | ---- | M] (VIA Technologies inc,.ltd) MD5=7DC3E1DC6E4F8BE381C31BFEA578412A -- C:\WINDOWS\NLDRV\012\viamraid.sys

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2009/06/18 00:22:04 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2009/06/18 00:22:04 | 001,089,536 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2009/06/18 00:22:04 | 000,950,272 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

========== Files - Unicode (All) ==========
[2011/02/22 22:37:50 | 000,411,905 | ---- | M] ()(C:\Documents and Settings\Waka\Desktop\QQ?????.png) -- C:\Documents and Settings\Waka\Desktop\QQ截图未命名.png
[2011/02/22 22:37:42 | 000,411,905 | ---- | C] ()(C:\Documents and Settings\Waka\Desktop\QQ?????.png) -- C:\Documents and Settings\Waka\Desktop\QQ截图未命名.png

========== Alternate Data Streams ==========

@Alternate Data Stream - 487 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF
@Alternate Data Stream - 24 bytes -> C:\WINDOWS:4E17D6D2B619558D
@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4

< End of report >

I kind of messed up and ran it the first time with FireFox and WoW open and it created the primary file and the extra files. I shut down everything properly and reloaded the program yet this time, after the scan, it didn't create an Extras.txt file. :(

EDIT: I deleted the files from the first scan sigh.

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following

  :Commands
  [purity]
  [emptyflash]
  [emptytemp]
  [Reboot]

• Then click the Run Fix button at the top.
• Let the program run unhindered, reboot the PC when it is done.
• Post log from this run.
• Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

================

When did you run Combofix?

All processes killed
========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: Default User

User: LocalService

User: NetworkService

User: Waka
->Flash cache emptied: 456 bytes

Total Flash Files Cleaned = 0.00 mb

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: Waka
->Temp folder emptied: 138981 bytes
->Temporary Internet Files folder emptied: 877282 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 102611006 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 256 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 99.00 mb

OTL by OldTimer - Version 3.2.22.3 log created on 04052011_132537

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Waka\Local Settings\Temp\IswTmp\Logs\110405112504656-000002.rsc_tmp not found!
C:\Documents and Settings\Waka\Local Settings\Temp\~DF56E4.tmp moved successfully.
File\Folder C:\WINDOWS\temp\ZLT02d04.TMP not found!

Registry entries deleted on Reboot...

OTL logfile created on: 05/04/2011 13:30:14 - Run 3
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Waka\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 58.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.23 Gb Total Space | 11.73 Gb Free Space | 16.94% Space Free | Partition Type: NTFS
Drive D: | 5.40 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 931.51 Gb Total Space | 733.31 Gb Free Space | 78.72% Space Free | Partition Type: NTFS

Computer Name: KINGY | User Name: Waka | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/05 10:42:34 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Waka\Desktop\OTL.exe
PRC - [2011/01/07 02:22:54 | 002,747,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2011/01/07 02:22:44 | 001,084,256 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2011/01/07 02:22:12 | 001,052,512 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgemcx.exe
PRC - [2011/01/06 16:23:20 | 000,737,872 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011/01/06 16:23:18 | 006,128,720 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2010/12/05 17:26:40 | 000,654,176 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2010/12/05 17:26:12 | 000,650,592 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2010/10/22 05:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2010/09/16 21:04:06 | 001,164,584 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/06/23 13:52:56 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe
PRC - [2010/06/23 13:51:30 | 001,043,968 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2010/02/12 10:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe
PRC - [2009/01/02 23:51:42 | 001,427,968 | ---- | M] () -- C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe
PRC - [2008/12/11 13:45:22 | 000,114,688 | ---- | M] () -- C:\Program Files\ASUS\ASUSUpdate\UpdateChecker\UpdateChecker.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (SafeList) ==========

MOD - [2011/04/05 10:42:34 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Waka\Desktop\OTL.exe
MOD - [2010/08/23 17:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - [2011/02/02 11:57:54 | 000,052,288 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus(R)
SRV - [2011/01/06 16:23:18 | 006,128,720 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2010/12/11 21:41:48 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\MT6Licensing.exe -- (Creative Media Toolbox 6 Licensing Service)
SRV - [2010/10/22 05:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/09/24 05:38:36 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2010/06/23 13:52:56 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2010/02/12 10:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)

========== Driver Services (SafeList) ==========

DRV - [2011/04/04 17:50:41 | 000,140,248 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PnkBstrK.sys -- (PnkBstrK)
DRV - [2010/12/08 05:12:38 | 000,251,728 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/11/12 14:19:38 | 000,299,984 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2010/09/13 16:27:24 | 000,025,680 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2010/09/07 03:48:56 | 000,034,384 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2010/09/07 03:48:50 | 000,026,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2010/08/19 21:42:38 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2010/08/19 21:42:36 | 000,123,472 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2010/08/19 21:42:34 | 000,026,192 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2010/05/13 10:02:32 | 000,532,224 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2009/11/03 15:57:47 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/07/30 19:53:54 | 002,697,728 | ---- | M] (NTK) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvtcam.sys -- (DCamUSBNovatek)
DRV - [2009/06/18 03:46:11 | 000,025,280 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2009/06/04 10:34:06 | 000,054,784 | ---- | M] (Guillemot Corp S.A.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\guillflt.sys -- (guillflt)
DRV - [2009/05/06 03:36:12 | 000,742,936 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\t3.sys -- (t3)
DRV - [2009/04/12 13:08:22 | 000,209,200 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\drivers\Si3114r5.sys -- (Si3114r5)
DRV - [2009/02/27 10:45:30 | 000,171,008 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctusfsyn.sys -- (CTUSFSYN)
DRV - [2009/02/09 03:30:00 | 000,152,616 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\mv61xx.sys -- (mv61xx)
DRV - [2009/02/08 23:42:42 | 000,099,968 | ---- | M] (Guillemot Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hxctlflt.sys -- (hxctlflt)
DRV - [2009/02/05 09:34:16 | 001,803,136 | ---- | M] (Creative) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\t3filt.sys -- (t3filt)
DRV - [2009/01/14 10:47:24 | 000,142,336 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2009/01/14 10:47:24 | 000,114,688 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2009/01/14 03:47:24 | 000,008,704 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Pfmodnt.sys -- (PfModNT)
DRV - [2008/11/12 07:52:36 | 000,018,984 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\mrdd.sys -- (mrdd)
DRV - [2008/06/26 00:47:00 | 000,036,864 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l1e51x86.sys -- (L1e)
DRV - [2007/12/17 17:14:06 | 000,012,400 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AsIO.sys -- (AsIO)
DRV - [2007/08/02 17:32:26 | 000,022,784 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\dadder.sys -- (DAdderFltr)
DRV - [2007/04/11 17:23:48 | 000,045,440 | ---- | M] (Razer USA Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\UsbFltr.sys -- (TarFltr)
DRV - [2006/11/08 21:19:18 | 000,004,544 | ---- | M] (SweetLow) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hidusbf.sys -- (hidusbf)
DRV - [2004/08/13 10:56:20 | 000,005,810 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://google.com/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:3.3.3.2

FF - HKLM\software\mozilla\Firefox\extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG10\Firefox\ [2010/12/30 23:12:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/04/02 14:45:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.18\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/29 03:53:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.18\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/25 03:34:02 | 000,000,000 | ---D | M]

[2009/08/25 03:23:05 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Waka\Application Data\Mozilla\Extensions
[2009/08/25 03:23:05 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Waka\Application Data\Mozilla\Extensions\{2f1e6a90-e99e-11dd-ba2f-0800200c9a66}
[2009/06/29 20:49:49 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Waka\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2011/04/04 17:53:54 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Waka\Application Data\Mozilla\Firefox\Profiles\ldfpmils.default\extensions
[2010/08/23 21:10:35 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Waka\Application Data\Mozilla\Firefox\Profiles\ldfpmils.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/03/25 00:30:22 | 000,000,000 | ---D | M] (Zynga Community Toolbar) -- C:\Documents and Settings\Waka\Application Data\Mozilla\Firefox\Profiles\ldfpmils.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
[2011/04/04 17:53:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/15 22:39:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/16 02:11:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/10/15 22:51:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/12/15 21:55:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/02/15 23:56:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2010/04/15 22:39:39 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/02/02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/12/12 16:35:56 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/12/12 16:35:56 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/12/12 16:35:56 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/12/12 16:35:56 | 000,000,831 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2011/04/04 11:27:17 | 000,431,524 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 14855 more lines...
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Ai Nap] C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe ()
O4 - HKLM..\Run: [ASUS Update Checker] C:\Program Files\ASUS\ASUSUpdate\UpdateChecker\UpdateChecker.exe ()
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Cpu Level Up help] C:\Program Files\ASUS\AI Suite\CpuLevelUpHelp.exe ()
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [QFan Help] C:\Program Files\ASUS\AI Suite\QFan3\QFanHelp.exe ()
O4 - HKLM..\Run: [SPIRun] C:\WINDOWS\System32\SPIRun.dll (Creative Technology Ltd.)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Waka\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Waka\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/17 23:37:54 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/02/10 02:55:59 | 000,423,304 | R--- | M] (Electronic Arts) - D:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2010/02/10 07:21:09 | 000,000,000 | R--D | M] - D:\Autorun -- [ CDFS ]
O32 - AutoRun File - [2010/01/31 09:21:13 | 000,367,686 | R--- | M] () - D:\Autorun.ico -- [ CDFS ]
O32 - AutoRun File - [2010/02/10 03:55:03 | 009,965,568 | R--- | M] () - D:\autorun.dat -- [ CDFS ]
O32 - AutoRun File - [2010/02/10 03:54:55 | 000,000,155 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{6f2086a6-d3e3-11df-b31d-001d0fb062cc}\Shell\AutoRun\command - "" = G:\setup.exe
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\Installer.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/04/05 13:25:37 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/04/05 10:42:33 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Waka\Desktop\OTL.exe
[2011/04/04 13:15:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Waka\Application Data\AVG
[2011/04/04 13:12:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG PC Tuneup 2011
[2011/04/04 12:27:27 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/04/04 11:02:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Waka\Desktop\SmitfraudFix
[2011/04/03 04:24:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Waka\Desktop\practical9
[2011/04/02 14:35:34 | 000,000,000 | R--D | C] -- C:\32788R22FWJFW
[2011/04/02 14:28:54 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Waka\Desktop\TFC.exe
[2011/04/02 14:24:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Waka\Application Data\SUPERAntiSpyware.com
[2011/04/02 14:24:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/04/02 14:07:20 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/04/01 20:19:17 | 000,078,336 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\Agent.OMZ.Fix.exe
[2011/04/01 20:19:16 | 000,082,944 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\IEDFix.C.exe
[2011/04/01 20:19:16 | 000,082,432 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\404Fix.exe
[2011/04/01 20:19:16 | 000,080,384 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\o4Patch.exe
[2011/04/01 20:19:15 | 000,087,552 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\VACFix.exe
[2011/04/01 20:19:15 | 000,082,944 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\IEDFix.exe
[2011/04/01 20:19:14 | 000,289,144 | ---- | C] (S!Ri) -- C:\WINDOWS\System32\VCCLSID.exe
[2011/04/01 20:19:14 | 000,079,360 | ---- | C] (SteelWerX) -- C:\WINDOWS\System32\swxcacls.exe
[2011/04/01 20:19:13 | 000,288,417 | ---- | C] (S!Ri) -- C:\WINDOWS\System32\SrchSTS.exe
[2011/04/01 20:19:11 | 000,135,168 | ---- | C] (SteelWerX) -- C:\WINDOWS\System32\swreg.exe
[2011/04/01 20:19:10 | 000,053,248 | ---- | C] (http://www.beyondlogic.org) -- C:\WINDOWS\System32\Process.exe
[2011/04/01 19:20:31 | 000,000,000 | ---D | C] -- C:\Program Files\FileASSASSIN
[2011/04/01 19:20:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\FileASSASSIN
[2011/04/01 17:38:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2011/03/30 06:06:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Waka\Start Menu\Programs\StarCraft II
[2011/03/30 00:22:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Waka\Desktop\practical8
[2011/03/27 02:02:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Waka\Application Data\ImgBurn
[2011/03/27 01:57:32 | 000,000,000 | ---D | C] -- C:\Program Files\ImgBurn
[2011/03/27 01:57:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ImgBurn
[2011/03/21 17:56:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Waka\Desktop\practical7
[2011/03/19 04:35:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Waka\Desktop\hoes_files
[2011/03/18 01:54:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Waka\Desktop\Exec
[2011/03/16 00:06:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Waka\Desktop\testjava
[2011/03/14 06:53:15 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Waka\Start Menu\Programs\Administrative Tools
[2011/03/14 06:40:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
[2011/03/14 06:39:45 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2011/03/14 06:29:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Waka\Local Settings\Application Data\ApplicationHistory
[2011/03/14 06:18:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Waka\Application Data\Windows Search
[2011/03/14 06:18:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2011/03/14 06:15:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Games for Windows Marketplace
[2011/03/14 06:14:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\winrm
[2011/03/14 06:14:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\WindowsPowerShell
[2011/03/14 06:14:12 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$968930Uinstall_KB968930$
[2011/03/14 06:13:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Waka\Application Data\Windows Desktop Search
[2011/03/14 06:12:43 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Desktop Search
[2011/03/14 06:11:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\URTTEMP
[2011/03/14 05:40:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2011/03/14 04:59:48 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2011/03/14 04:59:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Waka\Start Menu\Programs\Revo Uninstaller
[2011/03/14 02:20:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Waka\Desktop\prac6
[2011/03/07 23:53:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Waka\Desktop\prac5
[2011/03/07 13:28:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Waka\.android
[1 C:\Documents and Settings\Waka\Desktop\*.tmp files -> C:\Documents and Settings\Waka\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/04/05 13:28:10 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2011/04/05 13:28:07 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/04/05 13:27:40 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/04/05 10:42:34 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Waka\Desktop\OTL.exe
[2011/04/05 09:51:23 | 111,693,519 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/04/05 08:13:26 | 000,000,543 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\World of Warcraft.lnk
[2011/04/05 07:49:05 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011/04/05 07:36:40 | 000,004,212 | -H-- | M] () -- C:\WINDOWS\System32\zllictbl.dat
[2011/04/04 17:50:41 | 000,140,248 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2011/04/04 17:50:36 | 000,266,400 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.xtr
[2011/04/04 13:12:45 | 000,000,848 | ---- | M] () -- C:\Documents and Settings\Waka\Application Data\Microsoft\Internet Explorer\Quick Launch\AVG PC Tuneup 2011.lnk
[2011/04/04 13:12:45 | 000,000,830 | ---- | M] () -- C:\Documents and Settings\Waka\Desktop\AVG PC Tuneup 2011.lnk
[2011/04/04 11:27:17 | 000,431,524 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/04/04 11:06:40 | 000,003,954 | ---- | M] () -- C:\WINDOWS\System32\tmp.reg
[2011/04/04 11:06:37 | 000,431,398 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110404-112717.backup
[2011/04/03 15:15:31 | 000,236,661 | ---- | M] () -- C:\Documents and Settings\Waka\Desktop\RelativeResourceManager.pdf
[2011/04/03 06:02:14 | 000,266,400 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.ex0
[2011/04/02 16:47:44 | 000,301,568 | ---- | M] () -- C:\Documents and Settings\Waka\Desktop\7327fcpt.exe
[2011/04/02 16:42:45 | 000,301,568 | ---- | M] () -- C:\Documents and Settings\Waka\Desktop\w4bjdjhx.exe
[2011/04/02 16:42:35 | 000,625,664 | ---- | M] () -- C:\Documents and Settings\Waka\Desktop\dds.scr
[2011/04/02 14:45:23 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk
[2011/04/02 14:28:55 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Waka\Desktop\TFC.exe
[2011/04/02 14:24:36 | 014,336,632 | ---- | M] () -- C:\Documents and Settings\Waka\Desktop\SAS_7751.COM
[2011/04/02 05:23:22 | 000,266,328 | ---- | M] () -- C:\Documents and Settings\Waka\Desktop\gifts-year-old-girl-800X800.jpg
[2011/04/01 20:17:42 | 001,885,088 | ---- | M] () -- C:\Documents and Settings\Waka\Desktop\SmitfraudFix.exe
[2011/04/01 19:20:31 | 000,000,730 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\FileASSASSIN.lnk
[2011/04/01 17:38:04 | 000,000,951 | ---- | M] () -- C:\Documents and Settings\Waka\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/04/01 17:38:04 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\Waka\Desktop\Spybot - Search & Destroy.lnk
[2011/03/30 23:21:03 | 000,921,654 | ---- | M] () -- C:\Documents and Settings\Waka\Desktop\untitled.bmp
[2011/03/30 23:04:59 | 000,050,198 | ---- | M] () -- C:\Documents and Settings\Waka\Desktop\practical7.rar
[2011/03/30 15:53:31 | 000,587,158 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/03/30 15:53:31 | 000,123,580 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/03/30 04:58:40 | 000,022,683 | ---- | M] () -- C:\Documents and Settings\Waka\Desktop\practical8.rar
[2011/03/30 03:49:28 | 000,009,006 | ---- | M] () -- C:\Documents and Settings\Waka\Desktop\binarypic1.PNG
[2011/03/29 18:50:38 | 000,083,484 | ---- | M] () -- C:\Documents and Settings\Waka\Desktop\wakkaaa11.jpg
[2011/03/28 23:27:30 | 000,241,440 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/03/28 23:27:30 | 000,241,440 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/03/28 23:27:30 | 000,000,001 | ---- | M] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/03/27 01:57:37 | 000,001,546 | ---- | M] () -- C:\Documents and Settings\Waka\Application Data\Microsoft\Internet Explorer\Quick Launch\ImgBurn.lnk
[2011/03/27 01:57:36 | 000,001,528 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ImgBurn.lnk
[2011/03/25 06:50:22 | 002,574,294 | ---- | M] () -- C:\Documents and Settings\Waka\Desktop\94707__x_2ch-games-with-nice-oppai-oshiri-part-2-033.gif
[2011/03/25 06:50:18 | 003,151,846 | ---- | M] () -- C:\Documents and Settings\Waka\Desktop\94706__x_2ch-games-with-nice-oppai-oshiri-part-2-032.gif
[2011/03/25 06:50:10 | 002,328,932 | ---- | M] () -- C:\Documents and Settings\Waka\Desktop\94702__x_2ch-games-with-nice-oppai-oshiri-part-2-030.gif
[2011/03/25 06:50:07 | 003,350,884 | ---- | M] () -- C:\Documents and Settings\Waka\Desktop\94700__x_2ch-games-with-nice-oppai-oshiri-part-2-029.gif
[2011/03/25 03:34:02 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/03/19 04:35:52 | 000,083,869 | ---- | M] () -- C:\Documents and Settings\Waka\Desktop\hoes.htm
[2011/03/18 22:54:15 | 000,137,515 | ---- | M] () -- C:\Documents and Settings\Waka\Desktop\259760527.jpg
[2011/03/18 06:31:40 | 000,000,239 | ---- | M] () -- C:\Documents and Settings\Waka\Desktop\2.java
[2011/03/18 03:54:17 | 000,052,936 | ---- | M] () -- C:\Documents and Settings\Waka\Desktop\wakaela1.jpg
[2011/03/15 06:10:49 | 000,137,856 | ---- | M] () -- C:\Documents and Settings\Waka\Desktop\MathsCW1.pdf
[2011/03/14 23:40:22 | 000,004,823 | ---- | M] () -- C:\Documents and Settings\Waka\Desktop\maths1111.PNG
[2011/03/14 16:26:25 | 000,000,656 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mumble.lnk
[2011/03/14 06:30:18 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/03/14 06:12:47 | 000,001,787 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
[2011/03/14 05:44:01 | 000,232,776 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/03/14 04:59:48 | 000,000,917 | ---- | M] () -- C:\Documents and Settings\Waka\Desktop\Revo Uninstaller.lnk
[2011/03/14 02:20:05 | 000,017,018 | ---- | M] () -- C:\Documents and Settings\Waka\Desktop\prac6.zip
[2011/03/09 01:25:23 | 000,015,889 | ---- | M] () -- C:\Documents and Settings\Waka\Desktop\prac5.rar
[2011/03/08 05:45:26 | 000,735,866 | ---- | M] () -- C:\Documents and Settings\Waka\Desktop\lonely-risa-wanko-to-kurasou.png
[2011/03/08 05:36:22 | 000,057,901 | ---- | M] () -- C:\Documents and Settings\Waka\Desktop\34071.jpg
[1 C:\Documents and Settings\Waka\Desktop\*.tmp files -> C:\Documents and Settings\Waka\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/04/04 13:12:45 | 000,000,848 | ---- | C] () -- C:\Documents and Settings\Waka\Application Data\Microsoft\Internet Explorer\Quick Launch\AVG PC Tuneup 2011.lnk
[2011/04/04 13:12:45 | 000,000,830 | ---- | C] () -- C:\Documents and Settings\Waka\Desktop\AVG PC Tuneup 2011.lnk
[2011/04/02 16:47:44 | 000,301,568 | ---- | C] () -- C:\Documents and Settings\Waka\Desktop\7327fcpt.exe
[2011/04/02 16:42:44 | 000,301,568 | ---- | C] () -- C:\Documents and Settings\Waka\Desktop\w4bjdjhx.exe
[2011/04/02 16:42:34 | 000,625,664 | ---- | C] () -- C:\Documents and Settings\Waka\Desktop\dds.scr
[2011/04/02 16:13:09 | 001,885,088 | ---- | C] () -- C:\Documents and Settings\Waka\Desktop\SmitfraudFix.exe
[2011/04/02 14:23:32 | 014,336,632 | ---- | C] () -- C:\Documents and Settings\Waka\Desktop\SAS_7751.COM
[2011/04/02 05:23:20 | 000,266,328 | ---- | C] () -- C:\Documents and Settings\Waka\Desktop\gifts-year-old-girl-800X800.jpg
[2011/04/01 20:22:37 | 000,003,954 | ---- | C] () -- C:\WINDOWS\System32\tmp.reg
[2011/04/01 20:19:15 | 000,075,776 | ---- | C] () -- C:\WINDOWS\System32\WS2Fix.exe
[2011/04/01 20:19:13 | 000,051,200 | ---- | C] () -- C:\WINDOWS\System32\dumphive.exe
[2011/04/01 20:19:12 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\swsc.exe
[2011/04/01 19:20:31 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\FileASSASSIN.lnk
[2011/04/01 17:38:04 | 000,000,951 | ---- | C] () -- C:\Documents and Settings\Waka\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/04/01 17:38:04 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\Waka\Desktop\Spybot - Search & Destroy.lnk
[2011/03/30 23:20:49 | 000,921,654 | ---- | C] () -- C:\Documents and Settings\Waka\Desktop\untitled.bmp
[2011/03/30 04:22:16 | 000,022,683 | ---- | C] () -- C:\Documents and Settings\Waka\Desktop\practical8.rar
[2011/03/30 03:49:28 | 000,009,006 | ---- | C] () -- C:\Documents and Settings\Waka\Desktop\binarypic1.PNG
[2011/03/29 18:50:37 | 000,083,484 | ---- | C] () -- C:\Documents and Settings\Waka\Desktop\wakkaaa11.jpg
[2011/03/27 05:09:48 | 001,839,104 | ---- | C] () -- C:\Documents and Settings\Waka\Desktop\mt420.iso
[2011/03/27 01:57:37 | 000,001,546 | ---- | C] () -- C:\Documents and Settings\Waka\Application Data\Microsoft\Internet Explorer\Quick Launch\ImgBurn.lnk
[2011/03/27 01:57:36 | 000,001,528 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ImgBurn.lnk
[2011/03/25 06:50:22 | 002,574,294 | ---- | C] () -- C:\Documents and Settings\Waka\Desktop\94707__x_2ch-games-with-nice-oppai-oshiri-part-2-033.gif
[2011/03/25 06:50:17 | 003,151,846 | ---- | C] () -- C:\Documents and Settings\Waka\Desktop\94706__x_2ch-games-with-nice-oppai-oshiri-part-2-032.gif
[2011/03/25 06:50:10 | 002,328,932 | ---- | C] () -- C:\Documents and Settings\Waka\Desktop\94702__x_2ch-games-with-nice-oppai-oshiri-part-2-030.gif
[2011/03/25 06:50:06 | 003,350,884 | ---- | C] () -- C:\Documents and Settings\Waka\Desktop\94700__x_2ch-games-with-nice-oppai-oshiri-part-2-029.gif
[2011/03/23 08:16:41 | 018,604,442 | ---- | C] () -- C:\Documents and Settings\Waka\Desktop\Fire In The Booth _Charlie Sloth_ Radio.mp3
[2011/03/23 08:16:37 | 002,865,849 | ---- | C] () -- C:\Documents and Settings\Waka\Desktop\22 - Subzero & Pyper - Audio Music Star - Bassline Mix CD.mp3
[2011/03/23 02:12:16 | 000,050,198 | ---- | C] () -- C:\Documents and Settings\Waka\Desktop\practical7.rar
[2011/03/19 04:35:50 | 000,083,869 | ---- | C] () -- C:\Documents and Settings\Waka\Desktop\hoes.htm
[2011/03/18 22:54:15 | 000,137,515 | ---- | C] () -- C:\Documents and Settings\Waka\Desktop\259760527.jpg
[2011/03/18 06:31:40 | 000,000,239 | ---- | C] () -- C:\Documents and Settings\Waka\Desktop\2.java
[2011/03/18 03:54:16 | 000,052,936 | ---- | C] () -- C:\Documents and Settings\Waka\Desktop\wakaela1.jpg
[2011/03/14 23:40:22 | 000,004,823 | ---- | C] () -- C:\Documents and Settings\Waka\Desktop\maths1111.PNG
[2011/03/14 23:38:24 | 000,137,856 | ---- | C] () -- C:\Documents and Settings\Waka\Desktop\MathsCW1.pdf
[2011/03/14 06:15:35 | 000,001,077 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Live ID.lnk
[2011/03/14 06:12:47 | 000,001,803 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Search.lnk
[2011/03/14 06:12:47 | 000,001,787 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
[2011/03/14 04:59:48 | 000,000,917 | ---- | C] () -- C:\Documents and Settings\Waka\Desktop\Revo Uninstaller.lnk
[2011/03/14 02:20:04 | 000,017,018 | ---- | C] () -- C:\Documents and Settings\Waka\Desktop\prac6.zip
[2011/03/10 03:32:48 | 000,236,661 | ---- | C] () -- C:\Documents and Settings\Waka\Desktop\RelativeResourceManager.pdf
[2011/03/09 01:25:23 | 000,015,889 | ---- | C] () -- C:\Documents and Settings\Waka\Desktop\prac5.rar
[2011/03/08 05:45:25 | 000,735,866 | ---- | C] () -- C:\Documents and Settings\Waka\Desktop\lonely-risa-wanko-to-kurasou.png
[2011/03/08 05:36:21 | 000,057,901 | ---- | C] () -- C:\Documents and Settings\Waka\Desktop\34071.jpg
[2011/03/06 04:50:31 | 000,000,075 | ---- | C] () -- C:\WINDOWS\System32\nvUnsupRes.dat
[2011/02/18 23:17:07 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Waka\Local Settings\Application Data\PUTTY.RND
[2010/10/29 01:10:14 | 000,815,104 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/10/29 01:10:14 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010/10/14 02:36:44 | 000,179,263 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2010/10/13 22:06:27 | 000,241,440 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2010/10/13 22:06:01 | 000,241,440 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2010/10/13 22:06:01 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2010/10/13 22:05:33 | 002,293,194 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2010/09/18 14:03:52 | 000,669,184 | ---- | C] () -- C:\WINDOWS\System32\pbsvc.exe
[2010/08/03 14:30:33 | 000,002,278 | ---- | C] () -- C:\WINDOWS\System32\Cam122.ini
[2010/07/17 21:02:51 | 000,000,004 | -H-- | C] () -- C:\WINDOWS\ujspa.sys
[2010/06/02 00:49:58 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010/05/14 23:29:15 | 000,000,041 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2010/04/17 20:19:26 | 000,047,204 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/04/02 16:14:15 | 000,140,248 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2010/04/02 16:13:45 | 000,022,328 | ---- | C] () -- C:\Documents and Settings\Waka\Application Data\PnkBstrK.sys
[2010/04/02 16:12:56 | 000,266,400 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2010/04/02 16:12:26 | 002,434,856 | ---- | C] () -- C:\WINDOWS\System32\pbsvc_bc2.exe
[2010/04/02 16:12:26 | 000,075,136 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe
[2010/03/02 07:51:08 | 000,000,080 | RHS- | C] () -- C:\WINDOWS\System32\60F61203DC.dll
[2009/11/03 16:07:30 | 000,000,219 | ---- | C] () -- C:\WINDOWS\ACTIVEJP.INI
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/07/11 19:20:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/07/07 02:23:10 | 000,018,944 | ---- | C] () -- C:\Documents and Settings\Waka\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/04 02:18:13 | 000,781,312 | ---- | C] () -- C:\WINDOWS\System32\RGSS102J.dll
[2009/07/04 02:18:13 | 000,778,752 | ---- | C] () -- C:\WINDOWS\System32\RGSS102E.dll
[2009/07/04 02:18:13 | 000,771,584 | ---- | C] () -- C:\WINDOWS\System32\RGSS100J.dll
[2009/07/04 02:18:13 | 000,685,056 | ---- | C] () -- C:\WINDOWS\System32\RGSS103J.dll
[2009/07/01 03:40:03 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/06/29 20:57:47 | 000,133,632 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall.exe
[2009/06/18 16:24:43 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/06/18 13:03:52 | 000,032,914 | ---- | C] () -- C:\WINDOWS\System32\t3.ini
[2009/06/18 13:03:52 | 000,000,049 | R--- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2009/06/18 13:03:11 | 000,145,920 | ---- | C] () -- C:\WINDOWS\System32\OemSpi.dll
[2009/06/18 13:03:11 | 000,118,850 | ---- | C] () -- C:\WINDOWS\System32\CTPcie.dll
[2009/06/18 13:03:11 | 000,008,535 | ---- | C] () -- C:\WINDOWS\sfsyn.ini
[2009/06/18 03:44:31 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/06/18 03:26:11 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\AsIO.dll
[2009/06/18 03:26:11 | 000,012,400 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsIO.sys
[2009/06/18 03:26:10 | 000,011,832 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp64.sys
[2009/06/18 03:26:10 | 000,010,216 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp32.sys
[2009/06/18 03:25:50 | 000,005,810 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2009/06/18 03:11:30 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\AegisI5.exe
[2009/06/18 00:58:10 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/06/18 00:58:08 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2009/06/18 00:25:57 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/06/18 00:22:50 | 000,232,776 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/06/18 00:22:00 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2009/06/17 23:39:23 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/06/17 23:35:34 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/05/26 22:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 22:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2008/04/14 05:55:28 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2007/09/27 11:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 11:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 11:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2006/12/31 07:57:08 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/08/23 13:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 13:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/08/18 12:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/08/18 12:00:00 | 000,587,158 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/08/18 12:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/18 12:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/18 12:00:00 | 000,123,580 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/08/18 12:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/18 12:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/18 12:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2009/10/18 03:37:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\2DBoy
[2011/04/02 14:45:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2010/10/19 12:14:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/10/19 12:19:48 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2009/11/03 15:57:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2011/04/02 14:41:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2010/02/03 16:15:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\nHancer
[2011/01/19 07:43:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2011/04/05 11:30:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/06/18 01:52:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WindowsLiveInstaller
[2011/01/30 00:36:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Waka\Application Data\.minecraft
[2011/04/04 14:16:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Waka\Application Data\AVG
[2010/10/19 12:21:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Waka\Application Data\AVG10
[2009/11/03 16:06:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Waka\Application Data\DAEMON Tools Lite
[2010/03/02 07:54:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Waka\Application Data\DJJava
[2011/02/27 15:48:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Waka\Application Data\gtk-2.0
[2010/07/10 03:35:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Waka\Application Data\HLSW
[2011/03/27 02:03:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Waka\Application Data\ImgBurn
[2011/01/21 02:28:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Waka\Application Data\LolClient
[2011/04/05 13:25:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Waka\Application Data\Mumble
[2010/02/03 16:15:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Waka\Application Data\nHancer
[2010/02/23 23:08:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Waka\Application Data\Notepad++
[2009/12/17 01:24:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Waka\Application Data\OpenOffice.org
[2009/11/18 18:45:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Waka\Application Data\Processing
[2009/08/25 03:23:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Waka\Application Data\Scendix Software
[2010/12/08 16:22:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Waka\Application Data\SmartDraw
[2011/03/05 04:44:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Waka\Application Data\Spotify
[2010/10/13 21:35:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Waka\Application Data\SystemRequirementsLab
[2010/07/14 00:11:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Waka\Application Data\TS3Client
[2010/12/11 20:46:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Waka\Application Data\Uniblue
[2011/03/19 07:51:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Waka\Application Data\uTorrent
[2011/03/14 06:13:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Waka\Application Data\Windows Desktop Search
[2011/03/14 06:18:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Waka\Application Data\Windows Search
[2011/04/05 13:28:10 | 000,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\OGALogon.job

========== Purity Check ==========

========== Files - Unicode (All) ==========
[2011/02/22 22:37:50 | 000,411,905 | ---- | M] ()(C:\Documents and Settings\Waka\Desktop\QQ?????.png) -- C:\Documents and Settings\Waka\Desktop\QQ截图未命名.png
[2011/02/22 22:37:42 | 000,411,905 | ---- | C] ()(C:\Documents and Settings\Waka\Desktop\QQ?????.png) -- C:\Documents and Settings\Waka\Desktop\QQ截图未命名.png

========== Alternate Data Streams ==========

@Alternate Data Stream - 487 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF
@Alternate Data Stream - 24 bytes -> C:\WINDOWS:4E17D6D2B619558D
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4

< End of report >

I ran it before I came to seek help on this forum~