OTL logfile created on: 1/20/2012 9:26:11 AM - Run 2
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Documents and Settings\Ricky\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
503.00 Mb Total Physical Memory | 298.70 Mb Available Physical Memory | 59.38% Memory free
4.37 Gb Paging File | 4.21 Gb Available in Paging File | 96.50% Paging File free
Paging file location(s): C:\pagefile.sys 4000 4025 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 34.04 Gb Total Space | 8.32 Gb Free Space | 24.45% Space Free | Partition Type: NTFS
 
Computer Name: FAMILY | User Name: Ricky | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - File not found -- C:\WINDOWS\3949259467:873831188.exe
PRC - [2012/01/11 11:17:58 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ricky\Desktop\OTL.exe
PRC - [2007/06/13 05:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
 
 
[color=#E56717]========== Modules (No Company Name) ==========[/color]
 
 
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
 
SRV - File not found [Auto | Stopped] --  -- (Viewpoint Manager Service)
SRV - File not found [Auto | Stopped] --  -- (SQLWriter)
SRV - File not found [Auto | Stopped] --  -- (JavaQuickStarterService)
SRV - File not found [On_Demand | Stopped] --  -- (AppMgmt)
SRV - File not found [Auto | Stopped] --  -- (Application Updater)
SRV - [2009/09/11 07:33:18 | 000,020,680 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV - [2009/09/11 07:24:32 | 000,735,960 | ---- | M] () [Auto | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV - [2012/01/16 16:49:11 | 000,005,504 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\intelide.sys -- (IntelIde)
DRV - [2009/09/11 07:26:26 | 000,096,408 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir)
DRV - [2009/09/11 07:23:50 | 000,108,792 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2009/09/11 07:17:16 | 000,116,008 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2008/06/18 10:49:16 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2005/07/14 07:28:30 | 000,008,552 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2004/09/17 14:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2004/06/16 03:52:40 | 000,061,157 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC53.sys -- (IntelC53)
DRV - [2004/03/06 04:15:34 | 000,647,929 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC52.sys -- (IntelC52)
DRV - [2004/03/06 04:14:42 | 001,233,525 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC51.sys -- (IntelC51)
DRV - [2004/03/06 04:13:38 | 000,037,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mohfilt.sys -- (mohfilt)
DRV - [2003/07/15 21:20:46 | 000,043,136 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2003/01/10 16:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2002/11/08 19:45:06 | 000,017,217 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (omci)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
 
 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/mywaybiz
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/mywaybiz
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-2379642614-4113044259-601262879-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/mywaybiz
IE - HKU\S-1-5-21-2379642614-4113044259-601262879-1007\..\URLSearchHook: {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - No CLSID value found
IE - HKU\S-1-5-21-2379642614-4113044259-601262879-1007\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
IE - HKU\S-1-5-21-2379642614-4113044259-601262879-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=634471"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig"
FF - prefs.js..extensions.enabledItems: searchsettings@spigot.com:1.2.3
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/npracplug;version=1.0.0.0: C:\Program Files\Real\RealArcade\Plugins\Mozilla\npracplug.dll (RealNetworks)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Documents and Settings\Ricky\Application Data\Facebook\npfbplugin_1_0_3.dll File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/08/24 19:45:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/27 14:25:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2009/11/20 16:08:55 | 000,000,000 | ---D | M]
 
[2009/11/20 08:14:51 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Ricky\Application Data\Mozilla\Extensions
[2011/04/15 23:36:40 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Ricky\Application Data\Mozilla\Firefox\Profiles\w6omdj8q.default\extensions
[2009/11/20 12:47:01 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Ricky\Application Data\Mozilla\Firefox\Profiles\w6omdj8q.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/04/10 20:42:31 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Ricky\Application Data\Mozilla\Firefox\Profiles\w6omdj8q.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/08/26 18:32:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2007/12/17 19:24:03 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/07/30 02:53:04 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
File not found (No name found) -- C:\PROGRAM FILES\SEARCH SETTINGS\FF
[2009/07/17 18:02:48 | 000,002,476 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\BearShareWebSearch.xml
 
O1 HOSTS File: ([2012/01/16 19:45:27 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (no name) - Software - No CLSID value found.
O3 - HKU\S-1-5-21-2379642614-4113044259-601262879-1007\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-2379642614-4113044259-601262879-1007\..\Toolbar\WebBrowser: (no name) - {4D1C4E89-A32A-416B-BCDB-33B3EF3617D3} - No CLSID value found.
O3 - HKU\S-1-5-21-2379642614-4113044259-601262879-1007\..\Toolbar\WebBrowser: (no name) - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - No CLSID value found.
O3 - HKU\S-1-5-21-2379642614-4113044259-601262879-1007\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [Blubster] C:\Program Files\Blubster\Blubster.exe (MP2P Technologies.)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - Startup: C:\Documents and Settings\Ricky\Start Menu\Programs\Startup\Skype.lnk =  File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2379642614-4113044259-601262879-1007\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2379642614-4113044259-601262879-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-2379642614-4113044259-601262879-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-2379642614-4113044259-601262879-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Documents and Settings\Ricky\Application Data\Dealio\kb124\res\DealioSearch.html File not found
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O15 - HKLM\..Trusted Domains: getmirar.com ([click] http in Trusted sites)
O15 - HKLM\..Trusted Domains: getmirar.com ([click] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mirarsearch.com ([click] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mirarsearch.com ([click] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mirarsearch.com ([redirect] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mirarsearch.com ([redirect] https in Trusted sites)
O15 - HKLM\..Trusted Domains: net-nucleus.com ([awbeta] http in Trusted sites)
O15 - HKLM\..Trusted Domains: net-nucleus.com ([awbeta] https in Trusted sites)
O15 - HKU\S-1-5-21-2379642614-4113044259-601262879-1007\..Trusted Domains: aol.com ([objects] * is out of zone range -  5)
O16 - DPF: {2DFF31F9-7893-4922-AF66-C9A1EB4EBB31} http://forms.real.com/real/player/download.html?f=windows/mrkt/rhapx/RhapsodyPlayerEngine_Inst_Win.cab (Reg Error: Key error.)
O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} http://asp.mathxl.com/wizmodules/testgen/installers/TestGenXInstall.cab (TTestGenXInstallObject)
O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} http://disney.go.com/pirates/online/testActiveX/built/signed/DisneyOnlineGames.cab (Disney Online Games ActiveX Control)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photo.walgreens.com/WalgreensActivia.cab (Snapfish Activia)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} http://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab (Pearson Installation Assistant 2)
O16 - DPF: {B3E32D88-8E7F-468F-B0E2-3A300FD4A82C} http://myitlab.pearsoned.com/Pegasus/Modules/SIMIntegration/Resources/ax/stub.cab (Enlite 2.x Simulation Engine Installer)
O16 - DPF: {BB383206-6DA1-4E80-B62A-3DF950FCC697} http://ak.imgag.com/imgag/cp/install/AxCtp2.cab (Create & Print ActiveX Plug-in)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} http://asp.mathxl.com/books/_Players/MathPlayer.cab (Pearson MathXL Player)
O16 - DPF: ActiveGS.cab http://www.virtualapple.org/gs.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{42AAA1A2-A41E-4C6B-BC89-B07492D6ECB3}: NameServer = 93.188.162.149,93.188.160.29
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -Explorer.exe ()
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 13:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: 6to4 -  File not found
NetSvcs: AppMgmt -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2012/01/19 21:10:43 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/01/16 19:51:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2012/01/16 18:31:12 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/01/16 16:58:38 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/01/16 16:58:38 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/01/16 16:58:37 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/01/16 16:58:37 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/01/16 16:58:29 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/01/16 16:41:25 | 001,974,064 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Ricky\Desktop\tdsskiller.exe
[2012/01/16 14:30:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/01/16 14:30:06 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/01/16 14:24:24 | 004,385,658 | R--- | C] (Swearware) -- C:\Documents and Settings\Ricky\Desktop\ComboFix.exe
[2012/01/16 14:03:44 | 004,713,472 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Ricky\Desktop\aswMBR.exe
[2012/01/16 11:19:10 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Ricky\Desktop\OTL.exe
[2012/01/16 10:48:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ricky\Desktop\RK_Quarantine
[2012/01/09 20:21:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/09/10 04:03:53 | 000,842,240 | ---- | C] (Heaventools Software) -- C:\Documents and Settings\All Users\Application Data\defender
[2011/08/31 14:54:19 | 000,842,240 | ---- | C] (Heaventools Software) -- C:\Documents and Settings\All Users\Application Data\defender.exe
[2009/02/16 18:25:01 | 000,774,144 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RngInterstitial.dll
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2012/01/19 20:59:06 | 000,007,037 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\Global.sw2
[2012/01/19 20:55:02 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/01/19 20:55:00 | 000,000,000 | ---- | M] () -- C:\WINDOWS\3949259467
[2012/01/19 20:54:59 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/01/19 20:54:56 | 527,503,360 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/16 19:45:27 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/01/16 18:31:19 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012/01/16 16:49:11 | 000,005,504 | ---- | M] () -- C:\WINDOWS\System32\drivers\intelide.sys
[2012/01/16 16:14:06 | 001,974,064 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Ricky\Desktop\tdsskiller.exe
[2012/01/16 16:13:38 | 000,111,872 | ---- | M] () -- C:\WINDOWS\System32\drivers\TrueSight.sys
[2012/01/16 14:13:58 | 004,385,658 | R--- | M] (Swearware) -- C:\Documents and Settings\Ricky\Desktop\ComboFix.exe
[2012/01/16 12:10:48 | 004,713,472 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Ricky\Desktop\aswMBR.exe
[2012/01/16 10:38:12 | 000,787,456 | ---- | M] () -- C:\Documents and Settings\Ricky\Desktop\RogueKiller.exe
[2012/01/11 11:17:58 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ricky\Desktop\OTL.exe
[2012/01/11 09:43:30 | 001,008,141 | ---- | M] () -- C:\Documents and Settings\Ricky\Desktop\eXplorer.exe
[2012/01/11 09:39:48 | 001,008,141 | ---- | M] () -- C:\Documents and Settings\Ricky\Desktop\rkill.com
[2012/01/11 09:21:40 | 000,000,177 | ---- | M] () -- C:\Documents and Settings\Ricky\Desktop\rk-proxy.reg
[2012/01/10 08:26:01 | 000,492,506 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/01/10 08:26:01 | 000,090,526 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2012/01/16 19:01:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\3949259467
[2012/01/16 18:31:19 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2012/01/16 18:31:13 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/01/16 16:58:38 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/01/16 16:58:38 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/01/16 16:58:38 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/01/16 16:58:38 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/01/16 16:58:37 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/01/16 10:48:19 | 000,111,872 | ---- | C] () -- C:\WINDOWS\System32\drivers\TrueSight.sys
[2012/01/16 10:47:55 | 000,787,456 | ---- | C] () -- C:\Documents and Settings\Ricky\Desktop\RogueKiller.exe
[2012/01/11 09:21:40 | 000,000,177 | ---- | C] () -- C:\Documents and Settings\Ricky\Desktop\rk-proxy.reg
[2012/01/11 09:19:41 | 001,008,141 | ---- | C] () -- C:\Documents and Settings\Ricky\Desktop\eXplorer.exe
[2012/01/11 09:19:18 | 001,008,141 | ---- | C] () -- C:\Documents and Settings\Ricky\Desktop\rkill.com
[2012/01/11 09:14:37 | 527,503,360 | -HS- | C] () -- C:\hiberfil.sys
[2011/06/15 05:18:58 | 000,016,806 | -HS- | C] () -- C:\Documents and Settings\Ricky\Local Settings\Application Data\rn18yk600c1cco7vj4
[2011/06/15 05:18:58 | 000,016,806 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\rn18yk600c1cco7vj4
[2010/07/30 02:54:34 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/03/05 14:28:57 | 000,009,728 | ---- | C] () -- C:\Documents and Settings\Ricky\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/05/02 07:37:44 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2008/02/13 20:22:46 | 000,000,071 | ---- | C] () -- C:\WINDOWS\pex.INI
[2008/02/13 20:15:16 | 000,000,151 | ---- | C] () -- C:\WINDOWS\Ulead32.ini
[2007/07/23 22:22:24 | 000,022,661 | ---- | C] () -- C:\WINDOWS\cookies.ini
[2007/07/11 02:05:37 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2007/07/07 07:39:56 | 000,000,002 | ---- | C] () -- C:\WINDOWS\System32\wcpicomsv.exe
[2007/06/27 05:15:19 | 000,000,932 | ---- | C] () -- C:\WINDOWS\System32\winpfz32.sys
[2007/06/27 05:14:28 | 000,016,591 | ---- | C] () -- C:\WINDOWS\cs_cache.ini
[2006/11/08 19:07:43 | 000,000,028 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/10/26 18:19:20 | 000,000,004 | -H-- | C] () -- C:\WINDOWS\uccspecb.sys
[2006/02/01 19:34:29 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Ricky\Application Data\PFP120JPR.{PB
[2006/02/01 19:34:29 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Ricky\Application Data\PFP120JCM.{PB
[2006/01/04 18:40:45 | 000,000,881 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2005/12/30 11:37:47 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2005/12/03 21:39:06 | 000,000,010 | ---- | C] () -- C:\WINDOWS\smdat32m.sys
[2005/12/03 21:39:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\smdat32a.sys
[2005/12/01 21:25:15 | 000,002,516 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2005/12/01 21:25:15 | 000,000,056 | RHS- | C] () -- C:\WINDOWS\System32\0A354710AB.sys
[2005/11/29 14:28:02 | 000,000,021 | ---- | C] () -- C:\WINDOWS\PI_setup.ini
[2005/11/29 14:24:14 | 000,096,768 | ---- | C] () -- C:\WINDOWS\SlantAdj.dll
[2005/11/29 14:24:14 | 000,003,136 | ---- | C] () -- C:\WINDOWS\Ade001.bin
[2005/11/29 14:24:14 | 000,000,072 | ---- | C] () -- C:\WINDOWS\System32\epDPE.ini
[2005/11/29 14:21:20 | 000,000,182 | ---- | C] () -- C:\WINDOWS\System32\EBPPORT4.DAT
[2005/11/29 14:20:05 | 000,000,196 | ---- | C] () -- C:\WINDOWS\EPSONCX6400.ini
[2005/07/14 07:44:16 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/07/14 07:29:20 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/07/14 07:27:05 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2005/07/14 06:58:00 | 000,049,152 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe
[2005/07/14 06:57:20 | 000,000,375 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/01/28 08:08:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/10 13:12:05 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 13:07:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/10 13:02:15 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/10 13:01:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/10 12:58:43 | 000,005,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\intelide.sys
[2004/08/10 12:57:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/10 12:57:15 | 000,352,176 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/10 12:51:21 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/10 12:51:20 | 000,492,506 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/10 12:51:20 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/10 12:51:20 | 000,090,526 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/10 12:51:20 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/10 12:51:18 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/10 12:51:17 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/10 12:51:16 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/10 12:51:12 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/10 12:51:11 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/10 12:51:05 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/10 12:50:56 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2002/03/13 16:46:46 | 000,053,248 | R--- | C] () -- C:\WINDOWS\System32\zlib.dll
 
[color=#E56717]========== LOP Check ==========[/color]
 
[2009/12/25 19:49:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\201CC
[2009/11/20 16:08:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2012/01/09 20:21:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2008/05/04 11:01:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2008/12/03 13:26:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/12/25 20:02:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Kay\Application Data\Dealio
[2005/12/01 21:19:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Kay\Application Data\Earthlink
[2005/12/05 21:57:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Kay\Application Data\EarthLink Toolbar
[2006/09/13 13:48:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Kay\Application Data\EPSON
[2007/10/28 10:36:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Kay\Application Data\FUJIFILM
[2005/11/29 14:34:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Kay\Application Data\Leadertech
[2011/08/12 18:36:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Kay\Application Data\Search Settings
[2007/07/29 20:08:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Kay\Application Data\Slide
[2006/04/04 17:03:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Kay\Application Data\Smart Panel
[2006/10/21 16:11:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Kay\Application Data\SmartDraw
[2007/09/27 18:46:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Kay\Application Data\Snapfish
[2007/02/09 19:43:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Kay\Application Data\SpamBlocker
[2007/01/21 21:43:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Kay\Application Data\SpamBlockerUtility_Icons
[2008/05/31 12:00:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Kay\Application Data\TAIT3
[2008/02/13 20:19:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Kay\Application Data\Ulead Systems
[2007/04/18 07:09:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Kay\Application Data\Viewpoint
[2006/10/18 18:11:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Kay\Application Data\WinAntiSpyware 2006
[2007/06/27 05:40:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Kay\Application Data\WinAntiSpyware 2007
[2009/12/28 19:45:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ricky\Application Data\bearsharetb
[2010/03/05 12:57:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ricky\Application Data\EPSON
[2010/10/28 21:59:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ricky\Application Data\FUJIFILM
[2005/11/29 20:08:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ricky\Application Data\Leadertech
[2010/07/14 01:33:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ricky\Application Data\Nyigyw
[2011/08/31 14:59:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ricky\Application Data\Search Settings
[2007/04/30 20:41:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ricky\Application Data\Smart Panel
[2010/07/21 03:39:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ricky\Application Data\Smilebox
[2007/08/09 16:47:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ricky\Application Data\Viewpoint
 
[color=#E56717]========== Purity Check ==========[/color]
 
 
 
[color=#E56717]========== Custom Scans ==========[/color]
 
 
[color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color]
[2005/12/05 21:52:28 | 000,010,920 | ---- | M] () -- C:\aolconnfix.exe
 
 
[color=#A23BEC]< MD5 for: SERIAL.SY_  >[/color]
[2004/08/03 23:15:54 | 000,030,067 | ---- | M] () MD5=56A1F7591D17ECD1C5F60DABD2FA6B61 -- C:\cmdcons\SERIAL.SY_
 
[color=#A23BEC]< MD5 for: SERIAL.SYS  >[/color]
[2008/04/13 14:15:45 | 000,064,512 | ---- | M] (Microsoft Corporation) MD5=CCA207A8896D4C6A0C9CE29A4AE411A7 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\serial.sys
[2004/08/04 05:00:00 | 000,064,896 | ---- | M] (Microsoft Corporation) MD5=CD9404D115A00D249F70A371B46D5A26 -- C:\WINDOWS\system32\drivers\serial.sys
 
[color=#A23BEC]< CRESTERESTOREPOINT >[/color]
 
[color=#E56717]========== Files - Unicode (All) ==========[/color]
[2007/07/09 18:33:55 | 000,000,000 | ---D | M](C:\Documents and Settings\Mary Kay\Application Data\?ystem) -- C:\Documents and Settings\Mary Kay\Application Data\ѕystem
 
[color=#E56717]========== Alternate Data Streams ==========[/color]
 
@Alternate Data Stream - 816 bytes -> C:\WINDOWS\3949259467:873831188.exe

< End of report >