Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2015
Ran by al (administrator) on XP on 25-03-2015 12:47:19
Running from C:\Documents and Settings\al\Desktop\virus_et_al
Loaded Profiles: al (Available profiles: al & Administrator & Guest)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Acronis) C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
(Intuit Inc.) C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
(Intuit Inc.) C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jqs.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) C:\WINDOWS\SYSTEM32\locator.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
() C:\WINDOWS\StartupMonitor.exe
(Microsoft Corporation) C:\WINDOWS\SYSTEM32\wscntfy.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
() C:\Documents and Settings\al\Desktop\FRST.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Run StartupMonitor] => C:\WINDOWS\StartupMonitor.exe [86016 2000-05-20] ()
HKU\S-1-5-21-3960577219-1813400529-1317427278-1006\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\System32\sstext3d.scr [679936 2008-04-14] (Microsoft Corporation)
Lsa: [Authentication Packages] msv1_0 relog_ap
Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\winvnc4.exe (RealVNC Ltd.)
Startup: C:\Documents and Settings\al\Start Menu\Programs\Startup\alt_mich.com.lnk
ShortcutTarget: alt_mich.com.lnk -> (No File)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3960577219-1813400529-1317427278-1006\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
Local Policy Restriction on IP: [ActivePolicy] SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecPolicy{72385236-70fa-11d1-864c-14a300000000} <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3960577219-1813400529-1317427278-1006\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3960577219-1813400529-1317427278-1006\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
BHO: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2011-02-12] (RealPlayer)
BHO: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> C:\Program Files\AVG\AVG2012\avgssie.dll No File
BHO: No Name -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2005-05-31] (Safer Networking Limited)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre6\bin\ssv.dll [2013-06-08] (Sun Microsystems, Inc.)
BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll [2007-08-21] (Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2013-06-08] (Sun Microsystems, Inc.)
BHO: JQSIEStartDetectorImpl Class -> {E7E6F031-17CE-4C07-BC86-EABFE594F69C} -> C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2013-06-08] (Sun Microsystems, Inc.)
BHO: ChromeFrame BHO -> {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} -> C:\Program Files\Google\Chrome\Application\26.0.1410.64\npchrome_frame.dll [2013-04-09] (Google Inc.)
Toolbar: HKLM - No Name - {BA52B914-B692-46c4-B683-905236F6F655} - No File
Toolbar: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006 -> No Name - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
Toolbar: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://support.microsoft.com/oas/ActiveX/MSDcode.cab
DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} http://us.chat1.yimg.com/us.yimg.com/I/chat/applet/v45/yacscom.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,76/mcinsctl.cab
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} http://chat.yahoo.com/cab/yacsui.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_45-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,16/mcgdmgr.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0045-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_45-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_45-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL [2001-01-22] (Microsoft Corporation)
Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files\Google\Chrome\Application\26.0.1410.64\npchrome_frame.dll [2013-04-09] (Google Inc.)
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll No File []
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2001-06-20] (Microsoft Corporation)
ShellExecuteHooks: Eudora's Shell Extension - {EDB0E980-90BD-11D4-8599-0008C7D3B6F8} - C:\eudora_7\EuShlExt.dll [86016 2005-08-09] (Qualcomm Inc.)
Tcpip\..\Interfaces\{8AA62950-D597-4798-9F57-32AEF4529374}: [NameServer] 216.234.97.2 216.234.97.3
FireFox:
========
FF ProfilePath: C:\Documents and Settings\al\Application Data\Mozilla\Firefox\Profiles\nkz4233i.default
FF Homepage: hxxp://www.cloudynights.com/ubbthreads/|hxxp://www.cloudynights.com/ubbthreads/ubbthreads.php?Cat=
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2010-09-01] (Google)
FF Plugin: @java.com/DTPlugin,version=1.6.0_45 -> C:\WINDOWS\system32\npdeployJava1.dll [2013-06-08] (Sun Microsystems, Inc.)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll [2013-06-08] (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll [2014-02-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @nosltd.com/getPlus+(R),version=1.6.2.100 -> C:\Program Files\NOS\bin\np_gp.dll [2011-03-01] (NOS Microsystems Ltd.)
FF Plugin: @pack.google.com/Google Updater;version=11 -> C:\Program Files\Google\Google Updater\2.2.940.34809\npCIDetect11.dll [2007-08-21] (Google)
FF Plugin: @real.com/nppl3260;version=12.0.1.633 -> c:\program files\real\realplayer\Netscape6\nppl3260.dll [2011-02-12] (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=12.0.1.633 -> c:\program files\real\realplayer\Netscape6\nprjplug.dll [2011-02-12] (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=12.0.1.633 -> C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll [2011-02-12] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=12.0.1.633 -> c:\program files\real\realplayer\Netscape6\nprpjplug.dll [2011-02-12] (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=8 -> C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll [2010-10-21] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3960577219-1813400529-1317427278-1006: @tools.google.com/Google Update;version=8 -> C:\Documents and Settings\al\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll [2010-10-20] (Google Inc.)
FF Extension: Adblock Plus - C:\Documents and Settings\al\Application Data\Mozilla\Firefox\Profiles\nkz4233i.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-03-17]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2008-11-24]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011-02-12]
FF HKLM\...\Firefox\Extensions: [jqs@sun.com] - C:\Program Files\Java\jre6\lib\deploy\jqs\ff
FF Extension: Java Quick Starter - C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2013-06-08]
Chrome:
=======
CHR Profile: C:\Documents and Settings\al\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Documents and Settings\al\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk [2011-02-19]
CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2011-02-12]
StartMenuInternet: chrome.exe - C:\Documents and Settings\al\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 AcrSch2Svc; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [660576 2011-02-12] (Acronis)
S3 getPlus(R) Helper; C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [31592 2008-06-26] (NOS Microsystems Ltd.)
R2 JavaQuickStarterService; C:\Program Files\Java\jre6\bin\jqs.exe [158128 2013-06-08] (Sun Microsystems, Inc.)
R2 MDM; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [335872 2003-03-19] (Microsoft Corporation) [File not signed]
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-10-23] (Microsoft Corporation)
S4 MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation)
S3 NetSvc; C:\Program Files\Intel\NCS\Sync\NetSvc.exe [143360 2003-03-03] (Intel(R) Corporation) [File not signed]
S2 helpsvc; %SystemRoot%\PCHealth\HelpCtr\Binaries\pchsvc.dlles\pchsvc.dll [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S4 abp480n5; C:\WINDOWS\System32\DRIVERS\ABP480N5.SYS [23552 2003-07-16] (Microsoft Corporation)
R3 Afc; C:\WINDOWS\System32\drivers\Afc.sys [11776 2005-02-23] (Arcsoft, Inc.) [File not signed]
R3 BCMModem; C:\WINDOWS\System32\DRIVERS\BCMSM.sys [1101696 2003-08-29] (Broadcom Corporation)
R2 BrPar; C:\WINDOWS\System32\drivers\BrPar.sys [19537 2000-07-24] (Brother Industries Ltd.) [File not signed]
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
S3 DIGIRPS; C:\WINDOWS\System32\DRIVERS\digirlpt.sys [152376 2008-07-10] (Digi International Inc.)
R2 DriverX; C:\WINDOWS\System32\Drivers\driverx.sys [52512 2001-06-11] (Microsoft Corporation) [File not signed]
R0 drvmcdb; C:\WINDOWS\System32\drivers\drvmcdb.sys [84576 2003-07-31] (Sonic Solutions) [File not signed]
R2 drvnddm; C:\WINDOWS\System32\drivers\drvnddm.sys [40448 2003-06-20] (Sonic Solutions) [File not signed]
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [383800 2007-02-13] (Symantec Corporation)
S3 evserial; C:\WINDOWS\System32\DRIVERS\evserial.sys [53888 2008-05-19] (ELTIMA Software)
S3 FTDIBUS; C:\WINDOWS\System32\drivers\ftdibus.sys [57536 2008-03-13] (FTDI Ltd.)
R1 hwinterface; C:\WINDOWS\System32\Drivers\hwinterface.sys [3026 2009-10-09] (Logix4u) [File not signed]
S3 i81x; C:\WINDOWS\System32\DRIVERS\i81xnt5.sys [161020 2004-08-03] (Intel(R) Corporation)
S3 iAimFP0; C:\WINDOWS\System32\DRIVERS\wADV01nt.sys [12415 2004-08-03] (Intel(R) Corporation)
S3 iAimFP1; C:\WINDOWS\System32\DRIVERS\wADV02NT.sys [12127 2004-08-03] (Intel(R) Corporation)
S3 iAimFP2; C:\WINDOWS\System32\DRIVERS\wADV05NT.sys [11775 2004-08-03] (Intel(R) Corporation)
S3 iAimFP3; C:\WINDOWS\System32\DRIVERS\wSiINTxx.sys [12063 2004-08-03] (Intel(R) Corporation)
S3 iAimFP4; C:\WINDOWS\System32\DRIVERS\wVchNTxx.sys [19455 2004-08-03] (Intel(R) Corporation)
S3 iAimTV0; C:\WINDOWS\System32\DRIVERS\wATV01nt.sys [29311 2004-08-03] (Intel(R) Corporation)
S3 iAimTV1; C:\WINDOWS\System32\DRIVERS\wATV02NT.sys [19551 2004-08-03] (Intel(R) Corporation)
S3 iAimTV3; C:\WINDOWS\System32\DRIVERS\wATV04nt.sys [33599 2004-08-03] (Intel(R) Corporation)
S3 iAimTV4; C:\WINDOWS\System32\DRIVERS\wCh7xxNT.sys [23615 2004-08-03] (Intel(R) Corporation)
S3 MPE; C:\WINDOWS\System32\DRIVERS\MPE.sys [15232 2008-04-14] (Microsoft Corporation)
R0 MpFilter; C:\WINDOWS\System32\DRIVERS\MpFilter.sys [214696 2013-09-27] (Microsoft Corporation)
R1 MpKsla9fceb36; C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BCD37E5A-9F72-45E5-A0C9-0AE8DB38995E}\MpKsla9fceb36.sys [39464 2015-03-25] (Microsoft Corporation)
R3 MxlW2k; C:\WINDOWS\system32\Drivers\MxlW2k.sys [28256 2010-05-07] (MusicMatch, Inc.) [File not signed]
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
R1 omci; C:\WINDOWS\System32\DRIVERS\omci.sys [17217 2002-11-08] (Dell Computer Corporation) [File not signed]
S1 P3; C:\WINDOWS\System32\DRIVERS\p3.sys [42752 2008-04-14] (Microsoft Corporation)
R0 PxHelp20; C:\WINDOWS\System32\DRIVERS\PxHelp20.sys [17168 2003-07-30] (Sonic Solutions) [File not signed]
R0 snapman; C:\WINDOWS\System32\DRIVERS\snapman.sys [99776 2009-08-04] (Acronis) [File not signed]
R1 sscdbhk5; C:\WINDOWS\System32\drivers\sscdbhk5.sys [5621 2003-07-14] (Sonic Solutions) [File not signed]
R1 ssrtln; C:\WINDOWS\System32\drivers\ssrtln.sys [23219 2003-07-14] (Sonic Solutions) [File not signed]
R2 tfsnboio; C:\WINDOWS\System32\dla\tfsnboio.sys [25685 2003-08-06] (Sonic Solutions) [File not signed]
R2 tfsncofs; C:\WINDOWS\System32\dla\tfsncofs.sys [34837 2003-08-06] (Sonic Solutions) [File not signed]
R2 tfsndrct; C:\WINDOWS\System32\dla\tfsndrct.sys [4117 2003-08-06] (Sonic Solutions) [File not signed]
R2 tfsndres; C:\WINDOWS\System32\dla\tfsndres.sys [2233 2003-08-06] (Sonic Solutions) [File not signed]
R2 tfsnifs; C:\WINDOWS\System32\dla\tfsnifs.sys [83284 2003-08-06] (Sonic Solutions) [File not signed]
R2 tfsnopio; C:\WINDOWS\System32\dla\tfsnopio.sys [14229 2003-08-06] (Sonic Solutions) [File not signed]
R2 tfsnpool; C:\WINDOWS\System32\dla\tfsnpool.sys [6357 2003-08-06] (Sonic Solutions) [File not signed]
R2 tfsnudf; C:\WINDOWS\System32\dla\tfsnudf.sys [98068 2003-08-06] (Sonic Solutions) [File not signed]
R2 tfsnudfa; C:\WINDOWS\System32\dla\tfsnudfa.sys [100373 2003-08-06] (Sonic Solutions) [File not signed]
R2 tifsfilter; C:\WINDOWS\System32\DRIVERS\tifsfilt.sys [32224 2009-08-04] (Acronis) [File not signed]
R0 timounter; C:\WINDOWS\System32\DRIVERS\timntr.sys [387520 2009-08-04] (Acronis) [File not signed]
S3 TVicHW32; C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS [29536 2006-10-13] (EnTech Taiwan)
R2 tviclpt; C:\WINDOWS\system32\Drivers\tviclpt.sys [15536 2003-03-12] (EnTech Taiwan) [File not signed]
S3 USB28xxBGA; C:\WINDOWS\System32\DRIVERS\emBDA.sys [608128 2011-03-10] (eMPIA Technology, Inc.)
S3 USB28xxOEM; C:\WINDOWS\System32\DRIVERS\emOEM.sys [1038080 2011-03-10] (eMPIA Technology, Inc.)
R1 vcdrom; C:\WINDOWS\SYSTEM32\DRIVERS\VCdRom.sys [8576 2001-12-19] (Microsoft Corporation) [File not signed]
R3 VSBC; C:\WINDOWS\System32\DRIVERS\evsbc.sys [27904 2008-05-19] (ELTIMA Software)
R3 vsbus; C:\WINDOWS\System32\DRIVERS\vsb.sys [18180 2003-03-14] (ELTIMA Software) [File not signed]
S3 vserial; C:\WINDOWS\System32\DRIVERS\vserial.sys [69932 2003-03-14] (ELTIMA Software) [File not signed]
S3 {6080A529-897E-4629-A488-ABA0C29B635E}; C:\WINDOWS\System32\drivers\ialmsbw.sys [113504 2003-04-15] (Intel Corporation)
S3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91}; C:\WINDOWS\System32\drivers\ialmkchw.sys [78752 2003-04-15] (Intel Corporation)
S2 adfs; No ImagePath
S3 catchme; \??\C:\DOCUME~1\al\LOCALS~1\Temp\catchme.sys [X]
S3 EL90X; System32\DRIVERS\el90xnd5.sys [X]
S3 EL90XBC; System32\DRIVERS\el90xbc5.sys [X]
S3 iAimTV2; System32\DRIVERS\wATV03nt.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)
S3 wanatw; System32\DRIVERS\wanatw4.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-03-25 12:44 - 2015-03-25 12:47 - 00000000 ____D () C:\FRST
2015-03-13 08:40 - 2015-03-13 21:59 - 00054156 ____H () C:\WINDOWS\QTFont.qfn
2015-03-13 08:40 - 2015-03-13 08:40 - 00001409 _____ () C:\WINDOWS\QTFont.for
2015-03-13 00:32 - 2015-03-13 00:32 - 00001887 _____ () C:\Documents and Settings\All Users\Desktop\CyberLink Media Suite 10.lnk
2015-03-13 00:32 - 2015-03-13 00:32 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\CyberLink Media Suite
2015-03-13 00:31 - 2015-03-13 00:31 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\install_clap
2015-03-12 20:05 - 2015-03-12 20:05 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\vsosdk
2015-03-11 00:32 - 2015-03-14 06:36 - 00181549 _____ () C:\Documents and Settings\al\My Documents\GOPR0105.XtoDVD
2015-03-10 23:34 - 2015-03-10 17:28 - 00001119 _____ () C:\Documents and Settings\al\Desktop\Desktop Burning Gadget.lnk
2015-03-10 18:04 - 2015-03-13 09:31 - 00000000 ____D () C:\Documents and Settings\al\My Documents\ConvertXtoDVD
2015-03-10 17:25 - 2015-03-10 17:32 - 00087608 _____ () C:\Documents and Settings\al\Application Data\inst.exe
2015-03-10 17:25 - 2015-03-10 17:32 - 00047360 _____ (VSO Software) C:\Documents and Settings\al\Application Data\pcouffin.sys
2015-03-10 17:25 - 2015-03-10 17:32 - 00007887 _____ () C:\Documents and Settings\al\Application Data\pcouffin.cat
2015-03-10 17:25 - 2015-03-10 17:32 - 00000055 _____ () C:\Documents and Settings\al\Application Data\pcouffin.log
2015-03-10 17:25 - 2015-03-10 17:32 - 00000000 ____D () C:\Documents and Settings\al\Application Data\Vso
2015-03-10 17:24 - 2015-03-13 18:17 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\VSO
2015-03-10 17:24 - 2015-03-10 17:32 - 00000889 _____ () C:\Documents and Settings\al\Desktop\ConvertXToDVD 5.lnk
2015-03-10 17:24 - 2015-03-10 17:24 - 00000000 ____D () C:\Program Files\VSO
2015-03-10 17:24 - 2015-03-10 17:24 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\VSO
2015-03-10 16:52 - 2015-03-10 16:53 - 00000000 ____D () C:\Documents and Settings\al\My Documents\Youcam
2015-03-10 16:52 - 2015-03-10 16:52 - 00000000 ____D () C:\Documents and Settings\al\Local Settings\Application Data\CyberLink
2015-03-10 16:51 - 2015-03-10 16:52 - 00000000 ____D () C:\Program Files\lg_fwupdate
2015-03-10 16:51 - 2015-03-10 16:51 - 00000267 _____ () C:\WINDOWS\lgfwup.ini
2015-03-10 16:51 - 2015-03-10 16:51 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\LG Tool Kit
2015-03-10 16:51 - 2012-07-11 13:18 - 00023664 _____ (BitLeader) C:\WINDOWS\system32\lgfwunis.exe
2015-03-10 16:51 - 2001-08-29 21:00 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbemdisp.tlb
2015-03-10 16:51 - 1998-07-22 00:00 - 00102160 _____ (Microsoft Corporation) C:\WINDOWS\system32\VB6KO.DLL
2015-03-10 16:50 - 2008-04-14 05:42 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\kswdmcap.ax
2015-03-10 16:50 - 2008-04-14 05:42 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\kstvtune.ax
2015-03-10 16:50 - 2008-04-14 05:42 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vfwwdm32.dll
2015-03-10 16:50 - 2008-04-14 05:42 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksxbar.ax
2015-03-10 16:50 - 2008-04-14 05:42 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vidcap.ax
2015-03-10 16:46 - 2015-03-10 16:50 - 00000000 ____D () C:\Documents and Settings\Guest\Start Menu\Programs\CyberLink Media Suite
2015-03-10 16:46 - 2015-03-10 16:50 - 00000000 ____D () C:\Documents and Settings\Default User\Start Menu\Programs\CyberLink Media Suite
2015-03-10 16:46 - 2015-03-10 16:50 - 00000000 ____D () C:\Documents and Settings\al\Start Menu\Programs\CyberLink Media Suite
2015-03-10 16:46 - 2015-03-10 16:50 - 00000000 ____D () C:\Documents and Settings\Administrator\Start Menu\Programs\CyberLink Media Suite
2015-03-10 16:43 - 2015-03-10 16:43 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\CLSK
2015-03-10 16:35 - 2015-03-13 00:51 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\CyberLink
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-03-25 12:48 - 2012-07-19 02:14 - 00000000 ____D () C:\Documents and Settings\al\Local Settings\temp
2015-03-25 12:47 - 2011-02-06 08:41 - 00000000 ____D () C:\Documents and Settings\al\Desktop\virus_et_al
2015-03-25 12:06 - 2011-12-02 21:09 - 00000272 _____ () C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-3960577219-1813400529-1317427278-1006.job
2015-03-25 12:06 - 2004-08-21 08:38 - 01710817 _____ () C:\WINDOWS\WindowsUpdate.log
2015-03-25 12:06 - 2004-01-09 06:49 - 00000427 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.ics
2015-03-25 12:05 - 2013-06-08 15:44 - 00000350 _____ () C:\WINDOWS\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
2015-03-25 12:05 - 2004-01-03 18:46 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-03-25 12:05 - 2004-01-03 18:32 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\Temp
2015-03-25 12:04 - 2004-01-08 16:03 - 00000278 ___SH () C:\Documents and Settings\al\NTUSER.INI
2015-03-25 12:04 - 2004-01-03 18:46 - 00032488 _____ () C:\WINDOWS\SchedLgU.Txt
2015-03-25 11:50 - 2013-04-20 16:27 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-03-24 21:22 - 2011-10-01 19:00 - 00000280 _____ () C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-3960577219-1813400529-1317427278-1006.job
2015-03-23 01:32 - 2012-02-05 23:31 - 02691628 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-3960577219-1813400529-1317427278-1006-0.dat
2015-03-23 01:32 - 2012-02-05 23:31 - 00261318 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2015-03-22 15:00 - 2015-02-05 20:17 - 00000000 ____D () C:\tTax_2014
2015-03-22 15:00 - 2015-02-05 20:06 - 00002393 _____ () C:\Documents and Settings\All Users\Desktop\TurboTax 2014.lnk
2015-03-21 09:30 - 2013-08-12 14:25 - 00016077 _____ () C:\WINDOWS\al8.xlb
2015-03-20 10:29 - 2014-06-14 10:17 - 00114904 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-03-19 00:45 - 2002-09-03 14:29 - 00000215 _____ () C:\WINDOWS\WIADEBUG.LOG
2015-03-18 11:19 - 2002-09-03 14:29 - 00000049 _____ () C:\WINDOWS\WIASERVC.LOG
2015-03-17 23:38 - 2014-10-08 15:26 - 00000000 ____D () C:\eudora_7
2015-03-17 20:02 - 2013-04-03 16:51 - 00000718 _____ () C:\Documents and Settings\al\Desktop\New Text Document (2).txt
2015-03-16 21:30 - 2005-04-12 19:38 - 04249909 _____ () C:\winzip.log
2015-03-16 21:28 - 2014-10-18 10:23 - 00000000 ____D () C:\unzipped
2015-03-13 00:31 - 2012-08-11 16:14 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\TEMP
2015-03-13 00:31 - 2004-01-03 18:57 - 00000000 ____D () C:\Program Files\CyberLink
2015-03-13 00:31 - 2004-01-03 18:56 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2015-03-11 08:34 - 2004-09-13 18:43 - 00000000 __SHD () C:\WINDOWS\CSC
2015-03-11 08:34 - 2004-02-17 13:14 - 805306368 _____ () C:\WINDOWS\MEMORY.DMP
2015-03-10 18:05 - 2006-02-11 16:36 - 00000000 ____D () C:\Dextron
2015-03-10 17:01 - 2005-02-25 19:20 - 00000000 ____D () C:\Documents and Settings\al\Application Data\CyberLink
2015-03-10 16:50 - 2011-02-06 23:45 - 00243617 _____ () C:\WINDOWS\setupapi.log
2015-03-05 00:50 - 2013-10-06 09:31 - 00004064 _____ () C:\Documents and Settings\al\Desktop\Empty.txt
2015-03-03 08:16 - 2013-12-05 02:39 - 00246920 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2015-03-02 07:11 - 2004-01-03 18:43 - 00001170 _____ () C:\WINDOWS\system32\WPA.DBL
2015-02-26 11:59 - 2003-10-16 16:44 - 00258918 _____ () C:\WINDOWS\SETUPACT.LOG
==================== Files in the root of some directories =======
2004-01-13 07:24 - 2004-01-13 08:56 - 0000000 _____ () C:\Documents and Settings\al\Application Data\dm.ini
2015-03-10 17:25 - 2015-03-10 17:32 - 0087608 _____ () C:\Documents and Settings\al\Application Data\inst.exe
2015-03-10 17:25 - 2015-03-10 17:32 - 0007887 _____ () C:\Documents and Settings\al\Application Data\pcouffin.cat
2015-03-10 17:25 - 2015-03-10 17:32 - 0001144 _____ () C:\Documents and Settings\al\Application Data\pcouffin.inf
2015-03-10 17:25 - 2015-03-10 17:32 - 0000055 _____ () C:\Documents and Settings\al\Application Data\pcouffin.log
2015-03-10 17:25 - 2015-03-10 17:32 - 0047360 _____ (VSO Software) C:\Documents and Settings\al\Application Data\pcouffin.sys
2004-12-10 22:01 - 2004-12-10 22:01 - 0012358 _____ () C:\Documents and Settings\al\Application Data\PFP110JCM.{PB
2004-12-10 22:01 - 2004-12-10 22:01 - 0061678 _____ () C:\Documents and Settings\al\Application Data\PFP110JPR.{PB
2004-02-20 23:30 - 2014-10-18 13:40 - 0010752 _____ () C:\Documents and Settings\al\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-08-10 14:53 - 2012-08-10 14:53 - 0027520 _____ () C:\Documents and Settings\al\Local Settings\Application Data\dt.dat
2004-02-21 12:33 - 2005-01-05 22:28 - 0000125 _____ () C:\Documents and Settings\al\Local Settings\Application Data\fusioncache.dat
2002-12-15 00:10 - 2002-12-15 00:10 - 0001192 ___RH () C:\Documents and Settings\al\Local Settings\Application Data\ntuisl.dat
Some zero byte size files/folders:
==========================
C:\Windows\System32\addxr32.exe
C:\Windows\System32\netne32.exe
C:\Windows\System32\ofjhl.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
==================== End Of Log ============================
Ran by al (administrator) on XP on 25-03-2015 12:47:19
Running from C:\Documents and Settings\al\Desktop\virus_et_al
Loaded Profiles: al (Available profiles: al & Administrator & Guest)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Acronis) C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
(Intuit Inc.) C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
(Intuit Inc.) C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jqs.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) C:\WINDOWS\SYSTEM32\locator.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
() C:\WINDOWS\StartupMonitor.exe
(Microsoft Corporation) C:\WINDOWS\SYSTEM32\wscntfy.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
() C:\Documents and Settings\al\Desktop\FRST.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Run StartupMonitor] => C:\WINDOWS\StartupMonitor.exe [86016 2000-05-20] ()
HKU\S-1-5-21-3960577219-1813400529-1317427278-1006\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\System32\sstext3d.scr [679936 2008-04-14] (Microsoft Corporation)
Lsa: [Authentication Packages] msv1_0 relog_ap
Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\winvnc4.exe (RealVNC Ltd.)
Startup: C:\Documents and Settings\al\Start Menu\Programs\Startup\alt_mich.com.lnk
ShortcutTarget: alt_mich.com.lnk -> (No File)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3960577219-1813400529-1317427278-1006\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
Local Policy Restriction on IP: [ActivePolicy] SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecPolicy{72385236-70fa-11d1-864c-14a300000000} <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3960577219-1813400529-1317427278-1006\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3960577219-1813400529-1317427278-1006\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
BHO: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2011-02-12] (RealPlayer)
BHO: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> C:\Program Files\AVG\AVG2012\avgssie.dll No File
BHO: No Name -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2005-05-31] (Safer Networking Limited)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre6\bin\ssv.dll [2013-06-08] (Sun Microsystems, Inc.)
BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll [2007-08-21] (Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2013-06-08] (Sun Microsystems, Inc.)
BHO: JQSIEStartDetectorImpl Class -> {E7E6F031-17CE-4C07-BC86-EABFE594F69C} -> C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2013-06-08] (Sun Microsystems, Inc.)
BHO: ChromeFrame BHO -> {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} -> C:\Program Files\Google\Chrome\Application\26.0.1410.64\npchrome_frame.dll [2013-04-09] (Google Inc.)
Toolbar: HKLM - No Name - {BA52B914-B692-46c4-B683-905236F6F655} - No File
Toolbar: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006 -> No Name - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
Toolbar: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://support.microsoft.com/oas/ActiveX/MSDcode.cab
DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} http://us.chat1.yimg.com/us.yimg.com/I/chat/applet/v45/yacscom.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,76/mcinsctl.cab
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} http://chat.yahoo.com/cab/yacsui.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_45-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,16/mcgdmgr.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0045-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_45-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_45-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL [2001-01-22] (Microsoft Corporation)
Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files\Google\Chrome\Application\26.0.1410.64\npchrome_frame.dll [2013-04-09] (Google Inc.)
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll No File []
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2001-06-20] (Microsoft Corporation)
ShellExecuteHooks: Eudora's Shell Extension - {EDB0E980-90BD-11D4-8599-0008C7D3B6F8} - C:\eudora_7\EuShlExt.dll [86016 2005-08-09] (Qualcomm Inc.)
Tcpip\..\Interfaces\{8AA62950-D597-4798-9F57-32AEF4529374}: [NameServer] 216.234.97.2 216.234.97.3
FireFox:
========
FF ProfilePath: C:\Documents and Settings\al\Application Data\Mozilla\Firefox\Profiles\nkz4233i.default
FF Homepage: hxxp://www.cloudynights.com/ubbthreads/|hxxp://www.cloudynights.com/ubbthreads/ubbthreads.php?Cat=
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2010-09-01] (Google)
FF Plugin: @java.com/DTPlugin,version=1.6.0_45 -> C:\WINDOWS\system32\npdeployJava1.dll [2013-06-08] (Sun Microsystems, Inc.)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll [2013-06-08] (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll [2014-02-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @nosltd.com/getPlus+(R),version=1.6.2.100 -> C:\Program Files\NOS\bin\np_gp.dll [2011-03-01] (NOS Microsystems Ltd.)
FF Plugin: @pack.google.com/Google Updater;version=11 -> C:\Program Files\Google\Google Updater\2.2.940.34809\npCIDetect11.dll [2007-08-21] (Google)
FF Plugin: @real.com/nppl3260;version=12.0.1.633 -> c:\program files\real\realplayer\Netscape6\nppl3260.dll [2011-02-12] (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=12.0.1.633 -> c:\program files\real\realplayer\Netscape6\nprjplug.dll [2011-02-12] (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=12.0.1.633 -> C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll [2011-02-12] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=12.0.1.633 -> c:\program files\real\realplayer\Netscape6\nprpjplug.dll [2011-02-12] (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=8 -> C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll [2010-10-21] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3960577219-1813400529-1317427278-1006: @tools.google.com/Google Update;version=8 -> C:\Documents and Settings\al\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll [2010-10-20] (Google Inc.)
FF Extension: Adblock Plus - C:\Documents and Settings\al\Application Data\Mozilla\Firefox\Profiles\nkz4233i.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-03-17]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2008-11-24]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011-02-12]
FF HKLM\...\Firefox\Extensions: [jqs@sun.com] - C:\Program Files\Java\jre6\lib\deploy\jqs\ff
FF Extension: Java Quick Starter - C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2013-06-08]
Chrome:
=======
CHR Profile: C:\Documents and Settings\al\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Documents and Settings\al\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk [2011-02-19]
CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2011-02-12]
StartMenuInternet: chrome.exe - C:\Documents and Settings\al\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 AcrSch2Svc; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [660576 2011-02-12] (Acronis)
S3 getPlus(R) Helper; C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [31592 2008-06-26] (NOS Microsystems Ltd.)
R2 JavaQuickStarterService; C:\Program Files\Java\jre6\bin\jqs.exe [158128 2013-06-08] (Sun Microsystems, Inc.)
R2 MDM; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [335872 2003-03-19] (Microsoft Corporation) [File not signed]
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-10-23] (Microsoft Corporation)
S4 MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation)
S3 NetSvc; C:\Program Files\Intel\NCS\Sync\NetSvc.exe [143360 2003-03-03] (Intel(R) Corporation) [File not signed]
S2 helpsvc; %SystemRoot%\PCHealth\HelpCtr\Binaries\pchsvc.dlles\pchsvc.dll [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S4 abp480n5; C:\WINDOWS\System32\DRIVERS\ABP480N5.SYS [23552 2003-07-16] (Microsoft Corporation)
R3 Afc; C:\WINDOWS\System32\drivers\Afc.sys [11776 2005-02-23] (Arcsoft, Inc.) [File not signed]
R3 BCMModem; C:\WINDOWS\System32\DRIVERS\BCMSM.sys [1101696 2003-08-29] (Broadcom Corporation)
R2 BrPar; C:\WINDOWS\System32\drivers\BrPar.sys [19537 2000-07-24] (Brother Industries Ltd.) [File not signed]
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
S3 DIGIRPS; C:\WINDOWS\System32\DRIVERS\digirlpt.sys [152376 2008-07-10] (Digi International Inc.)
R2 DriverX; C:\WINDOWS\System32\Drivers\driverx.sys [52512 2001-06-11] (Microsoft Corporation) [File not signed]
R0 drvmcdb; C:\WINDOWS\System32\drivers\drvmcdb.sys [84576 2003-07-31] (Sonic Solutions) [File not signed]
R2 drvnddm; C:\WINDOWS\System32\drivers\drvnddm.sys [40448 2003-06-20] (Sonic Solutions) [File not signed]
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [383800 2007-02-13] (Symantec Corporation)
S3 evserial; C:\WINDOWS\System32\DRIVERS\evserial.sys [53888 2008-05-19] (ELTIMA Software)
S3 FTDIBUS; C:\WINDOWS\System32\drivers\ftdibus.sys [57536 2008-03-13] (FTDI Ltd.)
R1 hwinterface; C:\WINDOWS\System32\Drivers\hwinterface.sys [3026 2009-10-09] (Logix4u) [File not signed]
S3 i81x; C:\WINDOWS\System32\DRIVERS\i81xnt5.sys [161020 2004-08-03] (Intel(R) Corporation)
S3 iAimFP0; C:\WINDOWS\System32\DRIVERS\wADV01nt.sys [12415 2004-08-03] (Intel(R) Corporation)
S3 iAimFP1; C:\WINDOWS\System32\DRIVERS\wADV02NT.sys [12127 2004-08-03] (Intel(R) Corporation)
S3 iAimFP2; C:\WINDOWS\System32\DRIVERS\wADV05NT.sys [11775 2004-08-03] (Intel(R) Corporation)
S3 iAimFP3; C:\WINDOWS\System32\DRIVERS\wSiINTxx.sys [12063 2004-08-03] (Intel(R) Corporation)
S3 iAimFP4; C:\WINDOWS\System32\DRIVERS\wVchNTxx.sys [19455 2004-08-03] (Intel(R) Corporation)
S3 iAimTV0; C:\WINDOWS\System32\DRIVERS\wATV01nt.sys [29311 2004-08-03] (Intel(R) Corporation)
S3 iAimTV1; C:\WINDOWS\System32\DRIVERS\wATV02NT.sys [19551 2004-08-03] (Intel(R) Corporation)
S3 iAimTV3; C:\WINDOWS\System32\DRIVERS\wATV04nt.sys [33599 2004-08-03] (Intel(R) Corporation)
S3 iAimTV4; C:\WINDOWS\System32\DRIVERS\wCh7xxNT.sys [23615 2004-08-03] (Intel(R) Corporation)
S3 MPE; C:\WINDOWS\System32\DRIVERS\MPE.sys [15232 2008-04-14] (Microsoft Corporation)
R0 MpFilter; C:\WINDOWS\System32\DRIVERS\MpFilter.sys [214696 2013-09-27] (Microsoft Corporation)
R1 MpKsla9fceb36; C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BCD37E5A-9F72-45E5-A0C9-0AE8DB38995E}\MpKsla9fceb36.sys [39464 2015-03-25] (Microsoft Corporation)
R3 MxlW2k; C:\WINDOWS\system32\Drivers\MxlW2k.sys [28256 2010-05-07] (MusicMatch, Inc.) [File not signed]
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
R1 omci; C:\WINDOWS\System32\DRIVERS\omci.sys [17217 2002-11-08] (Dell Computer Corporation) [File not signed]
S1 P3; C:\WINDOWS\System32\DRIVERS\p3.sys [42752 2008-04-14] (Microsoft Corporation)
R0 PxHelp20; C:\WINDOWS\System32\DRIVERS\PxHelp20.sys [17168 2003-07-30] (Sonic Solutions) [File not signed]
R0 snapman; C:\WINDOWS\System32\DRIVERS\snapman.sys [99776 2009-08-04] (Acronis) [File not signed]
R1 sscdbhk5; C:\WINDOWS\System32\drivers\sscdbhk5.sys [5621 2003-07-14] (Sonic Solutions) [File not signed]
R1 ssrtln; C:\WINDOWS\System32\drivers\ssrtln.sys [23219 2003-07-14] (Sonic Solutions) [File not signed]
R2 tfsnboio; C:\WINDOWS\System32\dla\tfsnboio.sys [25685 2003-08-06] (Sonic Solutions) [File not signed]
R2 tfsncofs; C:\WINDOWS\System32\dla\tfsncofs.sys [34837 2003-08-06] (Sonic Solutions) [File not signed]
R2 tfsndrct; C:\WINDOWS\System32\dla\tfsndrct.sys [4117 2003-08-06] (Sonic Solutions) [File not signed]
R2 tfsndres; C:\WINDOWS\System32\dla\tfsndres.sys [2233 2003-08-06] (Sonic Solutions) [File not signed]
R2 tfsnifs; C:\WINDOWS\System32\dla\tfsnifs.sys [83284 2003-08-06] (Sonic Solutions) [File not signed]
R2 tfsnopio; C:\WINDOWS\System32\dla\tfsnopio.sys [14229 2003-08-06] (Sonic Solutions) [File not signed]
R2 tfsnpool; C:\WINDOWS\System32\dla\tfsnpool.sys [6357 2003-08-06] (Sonic Solutions) [File not signed]
R2 tfsnudf; C:\WINDOWS\System32\dla\tfsnudf.sys [98068 2003-08-06] (Sonic Solutions) [File not signed]
R2 tfsnudfa; C:\WINDOWS\System32\dla\tfsnudfa.sys [100373 2003-08-06] (Sonic Solutions) [File not signed]
R2 tifsfilter; C:\WINDOWS\System32\DRIVERS\tifsfilt.sys [32224 2009-08-04] (Acronis) [File not signed]
R0 timounter; C:\WINDOWS\System32\DRIVERS\timntr.sys [387520 2009-08-04] (Acronis) [File not signed]
S3 TVicHW32; C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS [29536 2006-10-13] (EnTech Taiwan)
R2 tviclpt; C:\WINDOWS\system32\Drivers\tviclpt.sys [15536 2003-03-12] (EnTech Taiwan) [File not signed]
S3 USB28xxBGA; C:\WINDOWS\System32\DRIVERS\emBDA.sys [608128 2011-03-10] (eMPIA Technology, Inc.)
S3 USB28xxOEM; C:\WINDOWS\System32\DRIVERS\emOEM.sys [1038080 2011-03-10] (eMPIA Technology, Inc.)
R1 vcdrom; C:\WINDOWS\SYSTEM32\DRIVERS\VCdRom.sys [8576 2001-12-19] (Microsoft Corporation) [File not signed]
R3 VSBC; C:\WINDOWS\System32\DRIVERS\evsbc.sys [27904 2008-05-19] (ELTIMA Software)
R3 vsbus; C:\WINDOWS\System32\DRIVERS\vsb.sys [18180 2003-03-14] (ELTIMA Software) [File not signed]
S3 vserial; C:\WINDOWS\System32\DRIVERS\vserial.sys [69932 2003-03-14] (ELTIMA Software) [File not signed]
S3 {6080A529-897E-4629-A488-ABA0C29B635E}; C:\WINDOWS\System32\drivers\ialmsbw.sys [113504 2003-04-15] (Intel Corporation)
S3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91}; C:\WINDOWS\System32\drivers\ialmkchw.sys [78752 2003-04-15] (Intel Corporation)
S2 adfs; No ImagePath
S3 catchme; \??\C:\DOCUME~1\al\LOCALS~1\Temp\catchme.sys [X]
S3 EL90X; System32\DRIVERS\el90xnd5.sys [X]
S3 EL90XBC; System32\DRIVERS\el90xbc5.sys [X]
S3 iAimTV2; System32\DRIVERS\wATV03nt.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)
S3 wanatw; System32\DRIVERS\wanatw4.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-03-25 12:44 - 2015-03-25 12:47 - 00000000 ____D () C:\FRST
2015-03-13 08:40 - 2015-03-13 21:59 - 00054156 ____H () C:\WINDOWS\QTFont.qfn
2015-03-13 08:40 - 2015-03-13 08:40 - 00001409 _____ () C:\WINDOWS\QTFont.for
2015-03-13 00:32 - 2015-03-13 00:32 - 00001887 _____ () C:\Documents and Settings\All Users\Desktop\CyberLink Media Suite 10.lnk
2015-03-13 00:32 - 2015-03-13 00:32 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\CyberLink Media Suite
2015-03-13 00:31 - 2015-03-13 00:31 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\install_clap
2015-03-12 20:05 - 2015-03-12 20:05 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\vsosdk
2015-03-11 00:32 - 2015-03-14 06:36 - 00181549 _____ () C:\Documents and Settings\al\My Documents\GOPR0105.XtoDVD
2015-03-10 23:34 - 2015-03-10 17:28 - 00001119 _____ () C:\Documents and Settings\al\Desktop\Desktop Burning Gadget.lnk
2015-03-10 18:04 - 2015-03-13 09:31 - 00000000 ____D () C:\Documents and Settings\al\My Documents\ConvertXtoDVD
2015-03-10 17:25 - 2015-03-10 17:32 - 00087608 _____ () C:\Documents and Settings\al\Application Data\inst.exe
2015-03-10 17:25 - 2015-03-10 17:32 - 00047360 _____ (VSO Software) C:\Documents and Settings\al\Application Data\pcouffin.sys
2015-03-10 17:25 - 2015-03-10 17:32 - 00007887 _____ () C:\Documents and Settings\al\Application Data\pcouffin.cat
2015-03-10 17:25 - 2015-03-10 17:32 - 00000055 _____ () C:\Documents and Settings\al\Application Data\pcouffin.log
2015-03-10 17:25 - 2015-03-10 17:32 - 00000000 ____D () C:\Documents and Settings\al\Application Data\Vso
2015-03-10 17:24 - 2015-03-13 18:17 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\VSO
2015-03-10 17:24 - 2015-03-10 17:32 - 00000889 _____ () C:\Documents and Settings\al\Desktop\ConvertXToDVD 5.lnk
2015-03-10 17:24 - 2015-03-10 17:24 - 00000000 ____D () C:\Program Files\VSO
2015-03-10 17:24 - 2015-03-10 17:24 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\VSO
2015-03-10 16:52 - 2015-03-10 16:53 - 00000000 ____D () C:\Documents and Settings\al\My Documents\Youcam
2015-03-10 16:52 - 2015-03-10 16:52 - 00000000 ____D () C:\Documents and Settings\al\Local Settings\Application Data\CyberLink
2015-03-10 16:51 - 2015-03-10 16:52 - 00000000 ____D () C:\Program Files\lg_fwupdate
2015-03-10 16:51 - 2015-03-10 16:51 - 00000267 _____ () C:\WINDOWS\lgfwup.ini
2015-03-10 16:51 - 2015-03-10 16:51 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\LG Tool Kit
2015-03-10 16:51 - 2012-07-11 13:18 - 00023664 _____ (BitLeader) C:\WINDOWS\system32\lgfwunis.exe
2015-03-10 16:51 - 2001-08-29 21:00 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbemdisp.tlb
2015-03-10 16:51 - 1998-07-22 00:00 - 00102160 _____ (Microsoft Corporation) C:\WINDOWS\system32\VB6KO.DLL
2015-03-10 16:50 - 2008-04-14 05:42 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\kswdmcap.ax
2015-03-10 16:50 - 2008-04-14 05:42 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\kstvtune.ax
2015-03-10 16:50 - 2008-04-14 05:42 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vfwwdm32.dll
2015-03-10 16:50 - 2008-04-14 05:42 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksxbar.ax
2015-03-10 16:50 - 2008-04-14 05:42 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vidcap.ax
2015-03-10 16:46 - 2015-03-10 16:50 - 00000000 ____D () C:\Documents and Settings\Guest\Start Menu\Programs\CyberLink Media Suite
2015-03-10 16:46 - 2015-03-10 16:50 - 00000000 ____D () C:\Documents and Settings\Default User\Start Menu\Programs\CyberLink Media Suite
2015-03-10 16:46 - 2015-03-10 16:50 - 00000000 ____D () C:\Documents and Settings\al\Start Menu\Programs\CyberLink Media Suite
2015-03-10 16:46 - 2015-03-10 16:50 - 00000000 ____D () C:\Documents and Settings\Administrator\Start Menu\Programs\CyberLink Media Suite
2015-03-10 16:43 - 2015-03-10 16:43 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\CLSK
2015-03-10 16:35 - 2015-03-13 00:51 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\CyberLink
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-03-25 12:48 - 2012-07-19 02:14 - 00000000 ____D () C:\Documents and Settings\al\Local Settings\temp
2015-03-25 12:47 - 2011-02-06 08:41 - 00000000 ____D () C:\Documents and Settings\al\Desktop\virus_et_al
2015-03-25 12:06 - 2011-12-02 21:09 - 00000272 _____ () C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-3960577219-1813400529-1317427278-1006.job
2015-03-25 12:06 - 2004-08-21 08:38 - 01710817 _____ () C:\WINDOWS\WindowsUpdate.log
2015-03-25 12:06 - 2004-01-09 06:49 - 00000427 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.ics
2015-03-25 12:05 - 2013-06-08 15:44 - 00000350 _____ () C:\WINDOWS\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
2015-03-25 12:05 - 2004-01-03 18:46 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-03-25 12:05 - 2004-01-03 18:32 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\Temp
2015-03-25 12:04 - 2004-01-08 16:03 - 00000278 ___SH () C:\Documents and Settings\al\NTUSER.INI
2015-03-25 12:04 - 2004-01-03 18:46 - 00032488 _____ () C:\WINDOWS\SchedLgU.Txt
2015-03-25 11:50 - 2013-04-20 16:27 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-03-24 21:22 - 2011-10-01 19:00 - 00000280 _____ () C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-3960577219-1813400529-1317427278-1006.job
2015-03-23 01:32 - 2012-02-05 23:31 - 02691628 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-3960577219-1813400529-1317427278-1006-0.dat
2015-03-23 01:32 - 2012-02-05 23:31 - 00261318 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2015-03-22 15:00 - 2015-02-05 20:17 - 00000000 ____D () C:\tTax_2014
2015-03-22 15:00 - 2015-02-05 20:06 - 00002393 _____ () C:\Documents and Settings\All Users\Desktop\TurboTax 2014.lnk
2015-03-21 09:30 - 2013-08-12 14:25 - 00016077 _____ () C:\WINDOWS\al8.xlb
2015-03-20 10:29 - 2014-06-14 10:17 - 00114904 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-03-19 00:45 - 2002-09-03 14:29 - 00000215 _____ () C:\WINDOWS\WIADEBUG.LOG
2015-03-18 11:19 - 2002-09-03 14:29 - 00000049 _____ () C:\WINDOWS\WIASERVC.LOG
2015-03-17 23:38 - 2014-10-08 15:26 - 00000000 ____D () C:\eudora_7
2015-03-17 20:02 - 2013-04-03 16:51 - 00000718 _____ () C:\Documents and Settings\al\Desktop\New Text Document (2).txt
2015-03-16 21:30 - 2005-04-12 19:38 - 04249909 _____ () C:\winzip.log
2015-03-16 21:28 - 2014-10-18 10:23 - 00000000 ____D () C:\unzipped
2015-03-13 00:31 - 2012-08-11 16:14 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\TEMP
2015-03-13 00:31 - 2004-01-03 18:57 - 00000000 ____D () C:\Program Files\CyberLink
2015-03-13 00:31 - 2004-01-03 18:56 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2015-03-11 08:34 - 2004-09-13 18:43 - 00000000 __SHD () C:\WINDOWS\CSC
2015-03-11 08:34 - 2004-02-17 13:14 - 805306368 _____ () C:\WINDOWS\MEMORY.DMP
2015-03-10 18:05 - 2006-02-11 16:36 - 00000000 ____D () C:\Dextron
2015-03-10 17:01 - 2005-02-25 19:20 - 00000000 ____D () C:\Documents and Settings\al\Application Data\CyberLink
2015-03-10 16:50 - 2011-02-06 23:45 - 00243617 _____ () C:\WINDOWS\setupapi.log
2015-03-05 00:50 - 2013-10-06 09:31 - 00004064 _____ () C:\Documents and Settings\al\Desktop\Empty.txt
2015-03-03 08:16 - 2013-12-05 02:39 - 00246920 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2015-03-02 07:11 - 2004-01-03 18:43 - 00001170 _____ () C:\WINDOWS\system32\WPA.DBL
2015-02-26 11:59 - 2003-10-16 16:44 - 00258918 _____ () C:\WINDOWS\SETUPACT.LOG
==================== Files in the root of some directories =======
2004-01-13 07:24 - 2004-01-13 08:56 - 0000000 _____ () C:\Documents and Settings\al\Application Data\dm.ini
2015-03-10 17:25 - 2015-03-10 17:32 - 0087608 _____ () C:\Documents and Settings\al\Application Data\inst.exe
2015-03-10 17:25 - 2015-03-10 17:32 - 0007887 _____ () C:\Documents and Settings\al\Application Data\pcouffin.cat
2015-03-10 17:25 - 2015-03-10 17:32 - 0001144 _____ () C:\Documents and Settings\al\Application Data\pcouffin.inf
2015-03-10 17:25 - 2015-03-10 17:32 - 0000055 _____ () C:\Documents and Settings\al\Application Data\pcouffin.log
2015-03-10 17:25 - 2015-03-10 17:32 - 0047360 _____ (VSO Software) C:\Documents and Settings\al\Application Data\pcouffin.sys
2004-12-10 22:01 - 2004-12-10 22:01 - 0012358 _____ () C:\Documents and Settings\al\Application Data\PFP110JCM.{PB
2004-12-10 22:01 - 2004-12-10 22:01 - 0061678 _____ () C:\Documents and Settings\al\Application Data\PFP110JPR.{PB
2004-02-20 23:30 - 2014-10-18 13:40 - 0010752 _____ () C:\Documents and Settings\al\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-08-10 14:53 - 2012-08-10 14:53 - 0027520 _____ () C:\Documents and Settings\al\Local Settings\Application Data\dt.dat
2004-02-21 12:33 - 2005-01-05 22:28 - 0000125 _____ () C:\Documents and Settings\al\Local Settings\Application Data\fusioncache.dat
2002-12-15 00:10 - 2002-12-15 00:10 - 0001192 ___RH () C:\Documents and Settings\al\Local Settings\Application Data\ntuisl.dat
Some zero byte size files/folders:
==========================
C:\Windows\System32\addxr32.exe
C:\Windows\System32\netne32.exe
C:\Windows\System32\ofjhl.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
==================== End Of Log ============================