Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Internet connection disabled


  • Please log in to reply

#1
Mich73

Mich73

    Member

  • Member
  • PipPip
  • 57 posts
Good Morning,

For the past few months, I have been having this same problem. I clean them but from what I have found there still sitting somewhere and randomly pop up. Then a virus protector pops up and starts scanning my pc. It's not something I installed. I do the clean up and I can see the files still sitting in a folder and then a few days later I have to clean again. It disables my IE so it wont connect to the internet as well as any other programs like Itunes. The only program I can use is Foxfire.

Malwarebytes finds it, I clean it and it dont find anything but my IE still wont work. Avira found them and said it cleaned them but IE still isnt working.

Here are my logs.
Thanks
Michele

Malwarebytes' Anti-Malware 1.44
Database version: 3588
Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18865

1/23/2010 8:24:54 AM
mbam-log-2010-01-23 (08-24-54).txt

Scan type: Quick Scan
Objects scanned: 103696
Time elapsed: 4 minute(s), 9 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


GMER 1.0.15.14966 - http://www.gmer.net
Rootkit scan 2010-01-23 08:58:00
Windows 6.0.6001 Service Pack 1


---- System - GMER 1.0.15 ----

SSDT 89E7C1B4 ZwCreateThread
SSDT 89E7C1A0 ZwOpenProcess
SSDT 89E7C1A5 ZwOpenThread
SSDT 89E7C1AF ZwTerminateProcess

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\tdx \Device\Tcp Lbd.sys (Boot Driver/Lavasoft AB)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

My OTL log only opened 1 txt log and I didnt find another in the file folder where OTL was saved.

OTL logfile created on: 1/23/2010 9:09:12 AM - Run 6
OTL by OldTimer - Version 3.1.26.0 Folder = C:\Users\Michele\Desktop\pc fixes
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18865)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 52.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 74.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222.78 Gb Total Space | 95.18 Gb Free Space | 42.72% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.61 Gb Free Space | 56.11% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MICHELE-PC
Current User Name: Michele
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Minimal
Quick Scan

========== Processes (SafeList) ==========

PRC - C:\Users\Michele\Desktop\pc fixes\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe (Siber Systems)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
PRC - C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Windows\System32\wbem\unsecapp.exe (Microsoft Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe (Juniper Networks)
PRC - C:\Windows\System32\AERTSrv.exe (Andrea Electronics Corporation)
PRC - C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe ()
PRC - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe (Sonic Solutions)
PRC - C:\Program Files\Dell Photo AIO Printer 926\memcard.exe ()
PRC - C:\Windows\System32\PSIService.exe ()
PRC - C:\Windows\System32\dlcxcoms.exe ( )
PRC - C:\Windows\System32\drivers\XAudio.exe (Conexant Systems, Inc.)


========== Modules (SafeList) ==========

MOD - C:\Users\Michele\Desktop\pc fixes\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\GdiPlus.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (CLTNetCnService) -- File not found
SRV - (iPod Service) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (fsssvc) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (wlidsvc) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
SRV - (Bonjour Service) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (odserv) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (nvsvc) -- C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (dsNcService) -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe (Juniper Networks)
SRV - (AERTFilters) -- C:\Windows\System32\AERTSrv.exe (Andrea Electronics Corporation)
SRV - (SQLWriter) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
SRV - (RoxMediaDB9) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe (Sonic Solutions)
SRV - (RoxWatch9) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe (Sonic Solutions)
SRV - (ProtexisLicensing) -- C:\Windows\System32\PSIService.exe ()
SRV - (ehstart) -- C:\Windows\ehome\ehstart.dll (Microsoft Corporation)
SRV - (ose) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (dlcx_device) -- C:\Windows\System32\dlcxcoms.exe ( )
SRV - (stllssvr) -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (MicroVision Development, Inc.)
SRV - (XAudioService) -- C:\Windows\System32\drivers\XAudio.exe (Conexant Systems, Inc.)
SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

FF - HKLM\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files\Siber Systems\AI RoboForm\Firefox [2007/08/20 11:46:28 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/20 12:33:19 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/11 22:31:50 | 00,000,000 | ---D | M]

[2010/01/21 15:36:49 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/01/10 11:59:41 | 00,393,216 | ---- | M] (Invenda Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPcol400.dll
[2009/11/19 17:16:28 | 00,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2009/11/19 17:16:29 | 00,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
[2007/03/09 18:16:44 | 00,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll

O1 HOSTS File: ([2009/07/17 14:45:02 | 00,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DLCXCATS] C:\Windows\System32\spool\DRIVERS\W32X86\3\DLCXtime.DLL ()
O4 - HKLM..\Run: [dlcxmon.exe] C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe ()
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MemoryCardManager] C:\Program Files\Dell Photo AIO Printer 926\memcard.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKCU..\Run: [RoboForm] C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - HKCU..\RunOnce: [Shockwave Updater] C:\Windows\System32\Adobe\Shockwave 11\SwHelper_1151601.exe -Update -1151601 -Mozilla\4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident\4.0; Mozilla\4.0 ( File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: _NoDriveTypeAutoRun = 145
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: nickjr.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} http://www.musicnote...ad/mnviewer.cab (Musicnotes Viewer)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1EF9F042-C2EB-4293-8213-474CAEEF531D} http://www.trendsecu...vex/TmHcmsX.CAB (TmHcmsX Control)
O16 - DPF: {2042B57E-6336-459E-B7CE-2A0F6C9E6AF8} file:///E:/win/setup/iaieplay.dll (IEPlayInterface Class)
O16 - DPF: {2FF8D282-F78A-4A33-ABC2-49E72A341482} http://riteaid.store...eUpload1_10.CAB (SFImageUpload1_10.ImageUpload)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photo2.walgre...eensActivia.cab (Snapfish Activia)
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} http://picasaweb.goo...6/uploader2.cab (UploadListView Class)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.aka...vex-2.2.5.0.cab (DLM Control)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace....ploader1006.cab (MySpace Uploader Control)
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} http://support.dell....r/SysProExe.CAB (WMI Class)
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} http://www.eset.eu/b...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {57055870-7F19-46ED-B1DD-56004FBFCB9D} http://music.5gum.co...loadManager.cab (Hip Digital Download Manager)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1237723815333 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1238540125445 (MUWebControl Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8B67B37E-1AE2-4B99-B8CF-55AF4D58DF0D} file:///E:/win/setup/iamce.dll (IAMCE Class)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Value error.)
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} http://lads.myspace....ceUploader2.cab (MySpace Uploader Control)
O16 - DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} http://www.cvsphoto....veX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} http://www.trendsecu...asyInstallX.CAB (TSEasyInstallX Control)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} Reg Error: Value error. (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} http://www.live365.c...ers/play365.cab (Live365Player Class)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://www.adobe.com...obat/nos/gp.cab (get_atlcom Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} http://3dlifeplayer....r_installer.exe (Virtools WebPlayer Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Value error.)
O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} http://livenj02.cust...l/java/RntX.cab (Live Collaboration)
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} Reg Error: Value error. (Persits Software XUpload)
O16 - DPF: vzTCPConfig http://www2.verizon....vzTCPConfig.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Michele\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 14 Days ==========

[2010/01/23 08:58:57 | 00,000,000 | ---D | C] -- C:\Users\Michele\Desktop\pc fixes
[2010/01/23 08:35:50 | 00,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\WinZip
[2010/01/23 08:34:52 | 00,000,000 | ---D | C] -- C:\Program Files\WinZip
[2010/01/23 08:29:52 | 00,003,721 | ---- | C] () -- \Rooter.txt
[2010/01/23 08:28:24 | 00,000,000 | ---D | C] -- C:\Rooter$
[2010/01/23 08:28:24 | 00,000,000 | ---D | C] -- \Rooter$
[2010/01/23 08:28:23 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2010/01/23 08:28:23 | 00,000,000 | -HSD | C] -- \Config.Msi
[2010/01/22 23:17:17 | 02,571,912 | -H-- | C] () -- C:\Users\Michele\AppData\Local\IconCache.db
[2010/01/22 17:06:53 | 20,787,93728 | -HS- | C] () --
[2010/01/22 07:43:36 | 00,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\lsfcyh
[2010/01/22 07:43:28 | 00,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\kcnums
[2010/01/22 07:43:27 | 00,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\umbgyr
[2010/01/22 07:43:22 | 00,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\gejabb
[2010/01/22 07:43:12 | 00,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\cykwax
[2010/01/22 07:43:08 | 00,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\fgvlyb
[2010/01/22 07:43:03 | 00,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\jwexvh
[2010/01/22 07:43:01 | 00,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\xtluyu
[2010/01/22 07:42:59 | 00,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\osvika
[2010/01/22 07:42:58 | 00,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\qjoowo
[2010/01/22 07:42:55 | 00,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\crppkm
[2010/01/22 07:42:54 | 00,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\bbwixx
[2010/01/22 07:42:54 | 00,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\adjtwx
[2010/01/22 07:42:49 | 00,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\tqadvr
[2010/01/22 07:42:37 | 00,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\ddaahp
[2010/01/22 07:42:34 | 00,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\xodxij
[2010/01/22 07:42:31 | 00,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\ebnoip
[2010/01/22 07:42:29 | 00,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\ssmour
[2010/01/22 07:42:27 | 00,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\hiycis
[2010/01/22 07:42:21 | 00,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\onnlto
[2010/01/22 07:42:17 | 00,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\nwuega
[2010/01/22 07:42:15 | 00,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\gklngs
[2010/01/22 07:42:13 | 00,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\pegsgd
[2010/01/22 07:42:12 | 00,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\cmhstb
[2010/01/22 07:42:06 | 00,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\ruyysr
[2010/01/22 07:42:06 | 00,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\imnfpl
[2010/01/22 07:42:04 | 00,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\npawro
[2010/01/22 07:42:03 | 00,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\yaniem
[2010/01/22 07:42:00 | 00,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\kioisl
[2010/01/22 07:42:00 | 00,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\axbwgm
[2010/01/22 07:41:49 | 00,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\fmxyet
[2010/01/22 07:41:47 | 00,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\wjubrx
[2010/01/22 07:41:43 | 00,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\vlhmpx
[2010/01/22 07:41:43 | 00,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\lbtbda
[2010/01/22 07:41:40 | 00,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\xcatdm
[2010/01/22 07:41:29 | 00,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\caeoof
[2010/01/22 07:41:19 | 00,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\sgijou
[2010/01/22 07:41:17 | 00,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\dqwubt
[2010/01/22 07:41:12 | 00,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\nkrabd
[2010/01/22 07:41:10 | 00,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\wemebm
[2010/01/22 07:41:08 | 00,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\alxsaq
[2010/01/22 07:41:02 | 00,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\csjgat
[2010/01/22 07:41:01 | 00,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\xpwowq
[2010/01/22 07:40:54 | 00,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\loqvxd
[2010/01/22 07:40:47 | 00,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\pmuqku
[2010/01/22 07:40:45 | 00,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\rbamxj
[2010/01/22 07:40:40 | 00,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\cuvrxt
[2010/01/22 07:40:39 | 00,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\mfjdkr
[2010/01/22 07:40:33 | 00,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\desqvw
[2010/01/22 07:40:31 | 00,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\kqdhwd
[2010/01/22 07:40:30 | 00,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\pfyjuj
[2010/01/22 07:40:28 | 00,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\ygpvjf
[2010/01/22 07:40:27 | 00,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\iakajo
[2010/01/22 07:40:26 | 00,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\cnbjji
[2010/01/22 07:40:24 | 00,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\xichif
[2010/01/22 07:40:24 | 00,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\nxouvg
[2010/01/22 07:40:20 | 00,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\lhvojr
[2010/01/22 07:40:18 | 00,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\fulxil
[2010/01/22 07:40:03 | 00,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\araggi
[2010/01/22 07:39:31 | 00,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\kxfucv
[2010/01/22 07:39:31 | 00,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\elueco
[2010/01/22 07:39:30 | 00,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\bejqcl
[2010/01/22 07:39:27 | 00,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\ypdunw
[2010/01/22 07:39:18 | 00,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\ducwoa
[2010/01/22 07:39:15 | 00,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\ttmkaf
[2010/01/22 07:39:12 | 00,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\pvipon
[2010/01/22 07:39:12 | 00,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\hsgrbr
[2010/01/22 07:39:01 | 00,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\qmbwbc
[2010/01/22 07:38:42 | 00,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\gnxvkh
[2010/01/22 07:38:34 | 00,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\qhsakq
[2010/01/19 18:36:20 | 00,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/01/19 18:36:20 | 00,000,000 | -HSD | C] -- \$RECYCLE.BIN
[2010/01/19 18:36:17 | 00,000,000 | ---D | C] -- C:\Windows\temp
[2010/01/19 18:36:17 | 00,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\temp
[2010/01/19 18:36:16 | 00,018,151 | ---- | C] () -- \ComboFix.txt
[2010/01/19 18:25:06 | 00,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/01/19 18:25:06 | 00,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/01/19 18:25:06 | 00,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/01/19 18:25:01 | 00,000,000 | ---D | C] -- C:\ComboFix
[2010/01/19 18:25:01 | 00,000,000 | ---D | C] -- \ComboFix
[2010/01/19 18:24:41 | 00,000,000 | ---D | C] -- C:\Qoobox
[2010/01/19 18:24:41 | 00,000,000 | ---D | C] -- \Qoobox
[2010/01/19 18:24:28 | 00,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/01/19 05:29:10 | 00,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\mjqbbm
[2010/01/17 05:13:07 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Office Outlook Connector
[2010/01/17 05:12:00 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live SkyDrive
[2010/01/17 05:11:07 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2010/01/17 05:10:42 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2010/01/17 05:06:07 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2010/01/17 04:57:31 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2010/01/17 04:17:31 | 00,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\jxjwie
[2010/01/17 04:16:14 | 00,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\jorebh
[2010/01/17 04:16:12 | 00,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\eychsh
[2010/01/17 04:15:38 | 00,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\rxvptu
[2010/01/17 04:15:28 | 00,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\llmytn
[2010/01/17 04:15:26 | 00,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\xfxjdp
[2010/01/17 04:13:57 | 00,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\kdovbx
[2010/01/17 04:13:53 | 00,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\djdrua
[2010/01/17 04:13:50 | 00,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\vskeei
[2010/01/17 04:13:46 | 00,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\mwdogx
[2010/01/17 04:13:44 | 00,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\ysbkoa
[2010/01/17 04:13:31 | 00,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\nbllwj
[2010/01/17 04:13:27 | 00,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\ktbwwg
[2010/01/17 04:13:20 | 00,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\xhqasw
[2010/01/17 04:13:13 | 00,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\twkbbi
[2010/01/17 04:13:11 | 00,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\fmgjer
[2010/01/17 04:13:09 | 00,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\acrevw
[2010/01/17 04:13:07 | 00,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\tcswrt
[2010/01/17 04:13:05 | 00,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\wqxsgi
[2010/01/17 04:13:03 | 00,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\grofud
[2010/01/17 04:13:02 | 00,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\itqwdu
[2010/01/17 04:13:00 | 00,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\xolihh
[2010/01/17 04:13:00 | 00,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\avwvhl
[2010/01/17 04:12:55 | 00,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\tefipt
[2010/01/17 04:12:54 | 00,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\wjdlqw
[2010/01/17 04:12:54 | 00,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\fhxmng
[2010/01/17 04:12:45 | 00,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\ogbneb
[2010/01/17 04:12:44 | 00,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\axjhfl
[2010/01/17 04:12:42 | 00,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\npigrm
[2010/01/17 04:12:35 | 00,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\qwtuqp
[2010/01/17 04:12:31 | 00,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\dqffbr
[2010/01/17 04:12:28 | 00,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\bhhgdo
[2010/01/17 04:12:25 | 00,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\dxanpd
[2010/01/17 04:12:24 | 00,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\qpymcf
[2010/01/17 04:12:18 | 00,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\hdypqg
[2010/01/17 04:12:14 | 00,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\rnmbde
[2010/01/17 04:12:12 | 00,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\xcidcl
[2010/01/17 04:11:45 | 00,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\gxqsau
[2010/01/17 04:11:26 | 00,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\xpfywo
[2010/01/17 04:11:22 | 00,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\gshwjj
[2010/01/17 04:11:15 | 00,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\uitkwl
[2010/01/17 04:11:08 | 00,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\bwqmvr
[2010/01/17 04:10:49 | 00,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\udloga
[2010/01/17 04:10:41 | 00,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\majqtf
[2010/01/15 21:25:00 | 00,000,000 | ---D | C] -- C:\Users\Michele\Desktop\My old fam pics
[2010/01/14 14:47:40 | 00,000,000 | ---D | C] -- C:\Users\Michele\Desktop\Wins 2010
[2009/11/29 19:19:52 | 00,000,268 | RH-- | C] () -- C:\ProgramData\Instrument Library
[2009/11/29 19:19:52 | 00,000,012 | RH-- | C] () -- C:\ProgramData\Keyboard Layouts
[2009/11/23 08:01:27 | 00,000,268 | RH-- | C] () -- C:\ProgramData\Internet Services
[2009/11/23 08:01:27 | 00,000,012 | RH-- | C] () -- C:\ProgramData\Legacy
[2009/11/12 11:49:02 | 00,413,696 | ---- | C] ( ) -- C:\Windows\System32\dlcxinpa.dll
[2009/11/12 11:49:02 | 00,397,312 | ---- | C] ( ) -- C:\Windows\System32\dlcxiesc.dll
[2009/11/12 11:49:02 | 00,323,584 | ---- | C] ( ) -- C:\Windows\System32\dlcxhcp.dll
[2009/11/12 11:49:01 | 01,224,704 | ---- | C] ( ) -- C:\Windows\System32\dlcxserv.dll
[2009/11/12 11:49:01 | 00,991,232 | ---- | C] ( ) -- C:\Windows\System32\dlcxusb1.dll
[2009/11/12 11:49:01 | 00,643,072 | ---- | C] ( ) -- C:\Windows\System32\dlcxpmui.dll
[2009/11/12 11:49:01 | 00,585,728 | ---- | C] ( ) -- C:\Windows\System32\dlcxlmpm.dll
[2009/11/12 11:49:01 | 00,163,840 | ---- | C] ( ) -- C:\Windows\System32\dlcxprox.dll
[2009/11/12 11:49:01 | 00,094,208 | ---- | C] ( ) -- C:\Windows\System32\dlcxpplc.dll
[2009/11/12 11:49:00 | 00,696,320 | ---- | C] ( ) -- C:\Windows\System32\dlcxhbn3.dll
[2009/11/12 11:49:00 | 00,684,032 | ---- | C] ( ) -- C:\Windows\System32\dlcxcomc.dll
[2009/11/12 11:49:00 | 00,421,888 | ---- | C] ( ) -- C:\Windows\System32\dlcxcomm.dll
[2009/11/12 11:13:38 | 00,000,540 | ---- | C] () -- \dlcxcomx.log
[2009/09/29 16:47:35 | 00,000,471 | ---- | C] () -- \faxend.log
[2009/09/29 16:47:35 | 00,000,242 | ---- | C] () -- \faxendPdoc.log
[2009/09/29 16:47:33 | 00,000,367 | ---- | C] () -- \faxfile.log
[2009/06/18 08:32:21 | 00,011,168 | -H-- | C] () -- C:\ProgramData\kegevadi
[2009/04/21 20:35:11 | 00,000,976 | ---- | C] () -- \fiosLog.txt
[2009/03/04 14:12:08 | 00,000,000 | ---- | C] () -- C:\Users\Michele\AppData\Local\prvlcl.dat
[2008/10/18 16:18:31 | 00,047,617 | ---- | C] () -- \aaw7boot.log
[2008/09/22 11:57:47 | 00,001,356 | ---- | C] () -- C:\Users\Michele\AppData\Local\d3d9caps.dat
[2008/08/25 17:17:16 | 00,000,000 | RHS- | C] () -- \MSDOS.SYS
[2008/08/25 17:17:16 | 00,000,000 | RHS- | C] () -- \IO.SYS
[2008/08/10 10:54:42 | 00,000,268 | RH-- | C] () -- C:\ProgramData\Rock Kit
[2008/08/10 10:54:42 | 00,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLck.DAT
[2008/08/10 10:54:40 | 00,000,268 | RH-- | C] () -- C:\ProgramData\Rule Actions
[2008/08/10 10:52:13 | 00,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLbx.DAT
[2008/08/10 10:43:11 | 00,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdy.DAT
[2008/08/10 10:34:00 | 00,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdw.DAT
[2008/08/10 10:32:07 | 00,000,268 | RH-- | C] () -- C:\ProgramData\InkjetPrinter
[2008/08/10 10:32:07 | 00,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdu.DAT
[2008/08/10 10:32:07 | 00,000,012 | RH-- | C] () -- C:\ProgramData\Jazz
[2007/09/27 12:28:54 | 00,000,095 | ---- | C] () -- C:\Users\Michele\AppData\Local\fusioncache.dat
[2007/09/26 10:03:05 | 00,000,171 | ---- | C] () -- \logfile.dat
[2007/09/01 10:27:01 | 00,001,030 | -H-- | C] () -- \IPH.PH
[2007/08/17 09:35:48 | 00,032,768 | ---- | C] () -- C:\Users\Michele\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/08/17 09:30:55 | 00,116,088 | ---- | C] () -- C:\Users\Michele\AppData\Local\GDIPFONTCACHEV1.DAT
[2007/08/08 01:42:31 | 00,004,788 | RH-- | C] () -- \dell.sdr
[2007/08/07 18:25:05 | 00,000,071 | ---- | C] () -- \SystemInfo.ini
[2007/08/07 17:44:38 | 23,925,96480 | -HS- | C] () --
[2007/07/20 23:31:12 | 00,000,156 | ---- | C] () -- \YServer.txt
[2007/07/20 23:14:29 | 00,021,986 | ---- | C] () -- \dlcx.log
[2007/05/29 22:33:30 | 00,005,124 | RH-- | C] () -- \dell (1).sdr
[2007/05/29 15:11:43 | 00,000,070 | ---- | C] () -- \SystemInfo (1).ini
[2006/11/10 08:22:24 | 00,008,192 | R-S- | C] () -- \BOOTSECT.BAK
[2006/11/10 08:22:23 | 00,333,257 | RHS- | C] () -- \bootmgr
[2006/11/02 07:50:50 | 00,000,174 | -HS- | C] () -- C:\Program Files\desktop.ini
[2006/11/02 07:37:35 | 00,030,808 | ---- | C] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
[2006/11/02 07:37:35 | 00,029,779 | ---- | C] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2006/11/02 07:37:35 | 00,026,489 | ---- | C] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 07:37:35 | 00,026,040 | ---- | C] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 05:23:09 | 00,000,024 | ---- | C] () -- \autoexec.bat
[2006/11/02 01:25:08 | 00,000,010 | ---- | C] () -- \config.sys
[5 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[5 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2010/01/23 09:08:41 | 04,456,448 | -HS- | M] () -- C:\Users\Michele\ntuser.dat
[2010/01/23 08:56:21 | 00,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{38373818-AF7C-4797-B6B5-F2B48C191FAA}.job
[2010/01/23 08:35:29 | 00,001,856 | ---- | M] () -- C:\Users\Public\Desktop\WinZip.lnk
[2010/01/23 08:35:28 | 00,001,790 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
[2010/01/23 07:18:45 | 00,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/01/23 07:18:45 | 00,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/01/22 23:23:09 | 00,743,386 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/01/22 23:23:09 | 00,634,738 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/01/22 23:23:09 | 00,113,040 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/01/22 23:18:46 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/01/22 23:18:43 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/01/22 23:18:41 | 20,787,93728 | -HS- | M] () -- C:\hiberfil.sys
[2010/01/22 23:17:59 | 00,524,288 | -HS- | M] () -- C:\Users\Michele\ntuser.dat{90ed795a-f9e1-11dc-b142-001aa0526cbf}.TMContainer00000000000000000001.regtrans-ms
[2010/01/22 23:17:59 | 00,065,536 | -HS- | M] () -- C:\Users\Michele\ntuser.dat{90ed795a-f9e1-11dc-b142-001aa0526cbf}.TM.blf
[2010/01/22 23:17:17 | 02,571,912 | -H-- | M] () -- C:\Users\Michele\AppData\Local\IconCache.db
[2010/01/22 19:36:52 | 00,051,660 | ---- | M] () -- C:\Users\Michele\Desktop\55_25793.jpg
[2010/01/22 18:49:40 | 00,000,735 | ---- | M] () -- C:\Users\Michele\Desktop\NTREGOPT.lnk
[2010/01/21 21:12:53 | 00,002,231 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/01/21 17:56:18 | 00,000,472 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2010/01/21 16:23:23 | 00,191,344 | -H-- | M] () -- C:\Windows\System32\mlfcache.dat
[2010/01/19 18:34:05 | 00,000,215 | ---- | M] () -- C:\Windows\system.ini
[2010/01/17 05:17:58 | 00,413,856 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/01/17 04:32:39 | 00,001,356 | ---- | M] () -- C:\Users\Michele\AppData\Local\d3d9caps.dat
[2010/01/15 16:08:40 | 00,001,682 | -HS- | M] () -- C:\Windows\System32\KGyGaAvL.sys
[2010/01/11 06:02:28 | 00,001,672 | ---- | M] () -- C:\Users\Michele\Desktop\CCleaner.lnk
[5 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[5 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/01/23 08:35:29 | 00,001,856 | ---- | C] () -- C:\Users\Public\Desktop\WinZip.lnk
[2010/01/23 08:35:28 | 00,001,790 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
[2010/01/22 19:36:46 | 00,051,660 | ---- | C] () -- C:\Users\Michele\Desktop\55_25793.jpg
[2010/01/22 18:49:40 | 00,000,735 | ---- | C] () -- C:\Users\Michele\Desktop\NTREGOPT.lnk
[2010/01/22 17:06:53 | 20,787,93728 | -HS- | C] () -- C:\hiberfil.sys
[2010/01/21 16:23:23 | 00,191,344 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2010/01/19 18:25:06 | 00,261,632 | ---- | C] () -- C:\Windows\PEV.exe
[2010/01/19 18:25:06 | 00,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/01/19 18:25:06 | 00,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/01/19 18:25:06 | 00,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010/01/19 18:25:06 | 00,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2009/11/12 11:49:02 | 00,274,432 | ---- | C] () -- C:\Windows\System32\dlcxinst.dll
[2009/11/12 11:49:01 | 00,454,656 | ---- | C] () -- C:\Windows\System32\dlcxutil.dll
[2009/11/12 11:49:01 | 00,176,128 | ---- | C] () -- C:\Windows\System32\dlcxinsb.dll
[2009/11/12 11:49:01 | 00,176,128 | ---- | C] () -- C:\Windows\System32\dlcxins.dll
[2009/11/12 11:49:01 | 00,139,264 | ---- | C] () -- C:\Windows\System32\dlcxjswr.dll
[2009/11/12 11:49:01 | 00,106,496 | ---- | C] () -- C:\Windows\System32\dlcxinsr.dll
[2009/11/12 11:49:00 | 00,188,416 | ---- | C] () -- C:\Windows\System32\dlcxgrd.dll
[2009/11/12 11:49:00 | 00,086,016 | ---- | C] () -- C:\Windows\System32\dlcxcub.dll
[2009/11/12 11:49:00 | 00,073,728 | ---- | C] () -- C:\Windows\System32\dlcxcu.dll
[2009/11/12 11:49:00 | 00,073,728 | ---- | C] () -- C:\Windows\System32\DLCXcfg.dll
[2009/11/12 11:49:00 | 00,036,864 | ---- | C] () -- C:\Windows\System32\dlcxcur.dll
[2009/08/03 15:07:42 | 00,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2008/11/10 06:12:03 | 00,001,682 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys
[2008/02/11 08:39:26 | 00,253,952 | ---- | C] () -- C:\Windows\System32\OnlineScannerDLLA.dll
[2008/02/11 08:39:18 | 00,237,568 | ---- | C] () -- C:\Windows\System32\OnlineScannerDLLW.dll
[2008/02/08 12:53:46 | 00,110,592 | ---- | C] () -- C:\Windows\System32\OnlineScannerLang.dll
[2007/11/11 10:50:25 | 00,524,288 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2007/11/11 10:50:25 | 00,139,264 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2007/09/07 13:31:25 | 00,000,002 | ---- | C] () -- C:\Windows\msoffice.ini
[2007/08/19 18:17:35 | 00,045,056 | ---- | C] () -- C:\Windows\System32\DLPRMON.DLL
[2007/08/19 18:17:35 | 00,032,768 | ---- | C] () -- C:\Windows\System32\DLPMONUI.DLL
[2007/08/19 06:05:09 | 00,056,056 | ---- | C] () -- C:\Windows\System32\DLAAPI_W.DLL
[2007/08/19 06:05:08 | 00,000,363 | ---- | C] () -- C:\Windows\wininit.ini
[2007/07/27 13:49:02 | 00,225,355 | ---- | C] () -- C:\Windows\System32\lnod32apiW.dll
[2007/07/27 13:49:02 | 00,196,683 | ---- | C] () -- C:\Windows\System32\lnod32apiA.dll
[2007/07/21 06:32:25 | 00,692,224 | ---- | C] () -- C:\Windows\System32\dlcxdrs.dll
[2007/07/21 06:32:25 | 00,065,536 | ---- | C] () -- C:\Windows\System32\dlcxcaps.dll
[2007/07/21 06:32:25 | 00,061,440 | ---- | C] () -- C:\Windows\System32\dlcxcnv4.dll
[2007/07/21 06:32:25 | 00,040,960 | ---- | C] () -- C:\Windows\System32\dlcxvs.dll
[2007/07/21 06:32:24 | 00,344,064 | ---- | C] () -- C:\Windows\System32\dlcxcoin.dll
[2006/11/02 07:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:25:44 | 00,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 02:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/09/16 22:36:50 | 00,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/09/16 22:36:50 | 00,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2005/12/05 18:25:22 | 00,139,264 | ---- | C] () -- C:\Windows\System32\lnod32umc.dll
[2005/12/05 11:37:10 | 00,106,496 | ---- | C] () -- C:\Windows\System32\lnod32upd.dll
[2005/11/18 13:47:26 | 00,000,000 | ---- | C] () -- C:\Windows\System32\px.ini

========== LOP Check ==========

[2010/01/21 17:56:18 | 00,000,472 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
[2010/01/22 23:17:41 | 00,032,596 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/01/23 08:56:21 | 00,000,422 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{38373818-AF7C-4797-B6B5-F2B48C191FAA}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2008/01/19 02:42:25 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/19 02:42:25 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/19 02:42:25 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2007/08/08 01:39:15 | 00,053,864 | ---- | M] (Microsoft Corporation) MD5=8B10CE1C1F9F1D47E4DEB1A547A00CD4 -- C:\Windows\ERDNT\cache\AGP440.sys
[2007/08/08 01:39:15 | 00,053,864 | ---- | M] (Microsoft Corporation) MD5=8B10CE1C1F9F1D47E4DEB1A547A00CD4 -- C:\Windows\System32\drivers\AGP440.sys
[2007/08/08 01:39:15 | 00,053,864 | ---- | M] (Microsoft Corporation) MD5=8B10CE1C1F9F1D47E4DEB1A547A00CD4 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_8ed06b47\AGP440.sys
[2007/08/08 01:39:15 | 00,053,864 | ---- | M] (Microsoft Corporation) MD5=8B10CE1C1F9F1D47E4DEB1A547A00CD4 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.16400_none_b82caac9c18a4e3b\AGP440.sys
[2007/08/08 01:39:15 | 00,053,864 | ---- | M] (Microsoft Corporation) MD5=BF34B4A0E0B64440C5389AA6B902F4AD -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.20496_none_b85af81edaeb8461\AGP440.sys
[2006/11/02 04:49:52 | 00,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/04/11 01:32:26 | 00,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/19 02:41:30 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\ERDNT\cache\atapi.sys
[2008/01/19 02:41:30 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\drivers\atapi.sys
[2008/01/19 02:41:30 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/19 02:41:30 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 04:49:36 | 00,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2007/08/08 01:39:51 | 00,019,048 | ---- | M] (Microsoft Corporation) MD5=5653737BAD8C6C10136451C195C19881 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20485_none_db8a029f3dbd443b\atapi.sys
[2007/08/08 01:39:43 | 00,021,688 | ---- | M] (Microsoft Corporation) MD5=9E7E85EC61D1C9C3171CC08427108863 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_5a9555b4\atapi.sys
[2007/08/08 01:39:43 | 00,021,688 | ---- | M] (Microsoft Corporation) MD5=9E7E85EC61D1C9C3171CC08427108863 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20509_none_dbe4850d3d78c736\atapi.sys
[2007/08/08 01:39:51 | 00,019,048 | ---- | M] (Microsoft Corporation) MD5=A779CA2C76DA4FCB595E692C05E8E4EB -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_82339ef2\atapi.sys
[2007/08/08 01:39:51 | 00,019,048 | ---- | M] (Microsoft Corporation) MD5=A779CA2C76DA4FCB595E692C05E8E4EB -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16391_none_daf194c024ab5b06\atapi.sys
[2008/01/19 00:06:48 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2008/01/19 00:06:48 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2008/01/18 23:33:23 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_64dfd8ea\atapi.sys
[2008/01/18 23:33:23 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 04:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\ERDNT\cache\cngaudit.dll
[2006/11/02 04:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 04:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: IASTORV.SYS >
[2008/01/19 02:42:51 | 00,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008/01/19 02:42:51 | 00,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 04:51:25 | 00,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006/11/02 04:51:25 | 00,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2006/11/02 04:46:11 | 00,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2009/04/11 01:28:23 | 00,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008/01/19 02:35:36 | 00,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\ERDNT\cache\netlogon.dll
[2008/01/19 02:35:36 | 00,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\System32\netlogon.dll
[2008/01/19 02:35:36 | 00,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVRD32.SYS >
[2007/05/01 07:26:26 | 00,131,368 | ---- | M] (NVIDIA Corporation) MD5=1988AF02F581EE0A0A0C4D920B7E272F -- C:\Drivers\storage\R155144\nvrd32.sys
[2007/03/23 06:09:16 | 00,129,832 | ---- | M] (NVIDIA Corporation) MD5=DCDECB11B5A8AD813FEE68FD98C60E0A -- C:\Drivers\storage\R152146\nvrd32.sys
[2007/03/23 06:09:16 | 00,129,832 | ---- | M] (NVIDIA Corporation) MD5=DCDECB11B5A8AD813FEE68FD98C60E0A -- C:\Windows\System32\drivers\nvrd32.sys
[2007/03/23 06:09:16 | 00,129,832 | ---- | M] (NVIDIA Corporation) MD5=DCDECB11B5A8AD813FEE68FD98C60E0A -- C:\Windows\System32\DriverStore\FileRepository\nvrd32.inf_f832753e\nvrd32.sys

< MD5 for: NVSTOR.SYS >
[2007/01/05 20:59:42 | 00,035,920 | ---- | M] (NVIDIA Corporation) MD5=4A5FCAB82D9BF6AF8A023A66802FE9E9 -- C:\DELL\drivers\R150193\IDE\WinVista\sata_ide\nvstor.sys
[2007/01/05 20:59:42 | 00,035,920 | ---- | M] (NVIDIA Corporation) MD5=4A5FCAB82D9BF6AF8A023A66802FE9E9 -- C:\DELL\drivers\R150193\IDE\WinVista\sataraid\nvstor.sys
[2007/01/06 00:59:42 | 00,035,920 | ---- | M] (NVIDIA Corporation) MD5=4A5FCAB82D9BF6AF8A023A66802FE9E9 -- C:\Drivers\system\r148912\nvstor.sys
[2006/11/02 04:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006/11/02 04:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/19 02:42:09 | 00,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/19 02:42:09 | 00,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: NVSTOR32.SYS >
[2007/03/23 06:09:16 | 00,101,160 | ---- | M] (NVIDIA Corporation) MD5=215816305E18C3305ED3407FC375B3FD -- C:\Drivers\storage\R152146\nvstor32.sys
[2007/03/23 06:09:16 | 00,101,160 | ---- | M] (NVIDIA Corporation) MD5=215816305E18C3305ED3407FC375B3FD -- C:\Windows\System32\DriverStore\FileRepository\nvrd32.inf_f832753e\nvstor32.sys
[2007/07/02 23:37:08 | 00,110,112 | ---- | M] (NVIDIA Corporation) MD5=A1CE1A6FD74C046F029448FCFA5E386D -- C:\Windows\System32\DriverStore\FileRepository\nvstor32.inf_efe24208\nvstor32.sys
[2007/08/09 18:12:30 | 00,110,624 | ---- | M] (NVIDIA Corporation) MD5=DC5F166422BEEBF195E3E4BB8AB4EE22 -- C:\Windows\System32\drivers\nvstor32.sys
[2007/08/09 18:12:30 | 00,110,624 | ---- | M] (NVIDIA Corporation) MD5=DC5F166422BEEBF195E3E4BB8AB4EE22 -- C:\Windows\System32\DriverStore\FileRepository\nvstor32.inf_99d8b088\nvstor32.sys
[2007/05/01 07:26:26 | 00,102,696 | ---- | M] (NVIDIA Corporation) MD5=E1C2036823B9E75535051499C61350F6 -- C:\Drivers\storage\R155144\nvstor32.sys

< MD5 for: SCECLI.DLL >
[2008/01/19 02:36:19 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\ERDNT\cache\scecli.dll
[2008/01/19 02:36:19 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\System32\scecli.dll
[2008/01/19 02:36:19 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006/11/02 04:46:12 | 00,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
[2009/04/11 01:28:24 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2008/01/19 02:38:03 | 00,242,744 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2008/01/19 02:36:10 | 00,225,792 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll

< %systemroot%\Tasks\*.job /lockedfiles >

========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:1D32EC29
@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:A518B662
@Alternate Data Stream - 76 bytes -> C:\Users\Michele\Documents\Jamaica 1.dmsd:Roxio EMC Stream
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:8173A019
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:2B9724CF
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:1247C505
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:93C494CA
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:BA0FC1D6
< End of report >

< MD5 for: [2006/11/02 04:46:03 | 00,011,776 | ---- | M] (MICROSOFT CORPORATION) >
[2006/11/02 04:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\ERDNT\cache\cngaudit.dll
[2006/11/02 04:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cngaudit.dll
[2006/11/02 04:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: [2006/11/02 04:46:11 | 00,559,616 | ---- | M] (MICROSOFT CORPORATION) >
[2006/11/02 04:46:11 | 00,559,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll

< MD5 for: [2006/11/02 04:46:12 | 00,176,640 | ---- | M] (MICROSOFT CORPORATION) >
[2006/11/02 04:46:12 | 00,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll

< MD5 for: [2006/11/02 04:49:36 | 00,019,048 | ---- | M] (MICROSOFT CORPORATION) >
[2006/11/02 04:49:36 | 00,019,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys

< MD5 for: [2006/11/02 04:49:52 | 00,053,864 | ---- | M] (MICROSOFT CORPORATION) >
[2006/11/02 04:49:52 | 00,053,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: [2006/11/02 04:50:13 | 00,040,040 | ---- | M] (NVIDIA CORPORATION) >
[2006/11/02 04:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvstor.sys
[2006/11/02 04:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys

< MD5 for: [2006/11/02 04:51:25 | 00,232,040 | ---- | M] (INTEL CORPORATION) >
[2006/11/02 04:51:25 | 00,232,040 | ---- | M] (Intel Corporation) -- C:\Windows\System32\drivers\iaStorV.sys
[2006/11/02 04:51:25 | 00,232,040 | ---- | M] (Intel Corporation) -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: [2007/03/23 06:09:16 | 00,101,160 | ---- | M] (NVIDIA CORPORATION) >
[2007/03/23 06:09:16 | 00,101,160 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\DriverStore\FileRepository\nvrd32.inf_f832753e\nvstor32.sys

< MD5 for: [2007/03/23 06:09:16 | 00,129,832 | ---- | M] (NVIDIA CORPORATION) >
[2007/03/23 06:09:16 | 00,129,832 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvrd32.sys
[2007/03/23 06:09:16 | 00,129,832 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\DriverStore\FileRepository\nvrd32.inf_f832753e\nvrd32.sys

< MD5 for: [2007/07/02 23:37:08 | 00,110,112 | ---- | M] (NVIDIA CORPORATION) >
[2007/07/02 23:37:08 | 00,110,112 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\DriverStore\FileRepository\nvstor32.inf_efe24208\nvstor32.sys

< MD5 for: [2007/08/08 01:39:15 | 00,053,864 | ---- | M] (MICROSOFT CORPORATION) >
[2007/08/08 01:39:15 | 00,053,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\ERDNT\cache\AGP440.sys
[2007/08/08 01:39:15 | 00,053,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\AGP440.sys
[2007/08/08 01:39:15 | 00,053,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_8ed06b47\AGP440.sys
[2007/08/08 01:39:15 | 00,053,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.16400_none_b82caac9c18a4e3b\AGP440.sys
[2007/08/08 01:39:15 | 00,053,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.20496_none_b85af81edaeb8461\AGP440.sys

< MD5 for: [2007/08/08 01:39:43 | 00,021,688 | ---- | M] (MICROSOFT CORPORATION) >
[2007/08/08 01:39:43 | 00,021,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_5a9555b4\atapi.sys
[2007/08/08 01:39:43 | 00,021,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20509_none_dbe4850d3d78c736\atapi.sys

< MD5 for: [2007/08/08 01:39:51 | 00,019,048 | ---- | M] (MICROSOFT CORPORATION) >
[2007/08/08 01:39:51 | 00,019,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_82339ef2\atapi.sys
[2007/08/08 01:39:51 | 00,019,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16391_none_daf194c024ab5b06\atapi.sys
[2007/08/08 01:39:51 | 00,019,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20485_none_db8a029f3dbd443b\atapi.sys

< MD5 for: [2007/08/09 18:12:30 | 00,110,624 | ---- | M] (NVIDIA CORPORATION) >
[2007/08/09 18:12:30 | 00,110,624 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvstor32.sys
[2007/08/09 18:12:30 | 00,110,624 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\DriverStore\FileRepository\nvstor32.inf_99d8b088\nvstor32.sys

< MD5 for: [2008/01/18 23:33:23 | 00,021,560 | ---- | M] (MICROSOFT CORPORATION) >
[2008/01/18 23:33:23 | 00,021,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_64dfd8ea\atapi.sys
[2008/01/18 23:33:23 | 00,021,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys

< MD5 for: [2008/01/19 00:06:48 | 00,021,560 | ---- | M] (MICROSOFT CORPORATION) >
[2008/01/19 00:06:48 | 00,021,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2008/01/19 00:06:48 | 00,021,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys

< MD5 for: [2008/01/19 02:35:36 | 00,592,384 | ---- | M] (MICROSOFT CORPORATION) >
[2008/01/19 02:35:36 | 00,592,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\ERDNT\cache\netlogon.dll
[2008/01/19 02:35:36 | 00,592,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netlogon.dll
[2008/01/19 02:35:36 | 00,592,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: [2008/01/19 02:36:19 | 00,177,152 | ---- | M] (MICROSOFT CORPORATION) >
[2008/01/19 02:36:19 | 00,177,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\ERDNT\cache\scecli.dll
[2008/01/19 02:36:19 | 00,177,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\scecli.dll
[2008/01/19 02:36:19 | 00,177,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll

< MD5 for: [2008/01/19 02:41:30 | 00,021,560 | ---- | M] (MICROSOFT CORPORATION) >
[2008/01/19 02:41:30 | 00,021,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\ERDNT\cache\atapi.sys
[2008/01/19 02:41:30 | 00,021,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\atapi.sys
[2008/01/19 02:41:30 | 00,021,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/19 02:41:30 | 00,021,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys

< MD5 for: [2008/01/19 02:42:09 | 00,045,112 | ---- | M] (NVIDIA CORPORATION) >
[2008/01/19 02:42:09 | 00,045,112 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/19 02:42:09 | 00,045,112 | ---- | M] (NVIDIA Corporation) -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: [2008/01/19 02:42:25 | 00,056,376 | ---- | M] (MICROSOFT CORPORATION) >
[2008/01/19 02:42:25 | 00,056,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/19 02:42:25 | 00,056,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/19 02:42:25 | 00,056,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys

< MD5 for: [2008/01/19 02:42:51 | 00,235,064 | ---- | M] (INTEL CORPORATION) >
[2008/01/19 02:42:51 | 00,235,064 | ---- | M] (Intel Corporation) -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008/01/19 02:42:51 | 00,235,064 | ---- | M] (Intel Corporation) -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys

< MD5 for: [2009/04/11 01:28:23 | 00,592,896 | ---- | M] (MICROSOFT CORPORATION) >
[2009/04/11 01:28:23 | 00,592,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll

< MD5 for: [2009/04/11 01:28:24 | 00,177,152 | ---- | M] (MICROSOFT CORPORATION) >
[2009/04/11 01:28:24 | 00,177,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

< MD5 for: [2009/04/11 01:32:26 | 00,019,944 | ---- | M] (MICROSOFT CORPORATION) >
[2009/04/11 01:32:26 | 00,019,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2008/01/19 02:38:03 | 00,242,744 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2008/01/19 02:36:10 | 00,225,792 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< End of report >

Edited by Mich73, 23 January 2010 - 08:28 AM.

  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,145 posts
  • MVP
IE doesn't work cause it's looking for a proxy server which used to be on your PC but no longer is.

In IE, Tools, Internet Options, Connections, LAN Settings and uncheck everything then OK. Close IE and reopen and it should work.

Download but do not yet run ComboFix
:!: If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:

:!: It must be saved to your desktop, do not run it :!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Rename this file -- (call it george.exe ) to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Doubleclick on george to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.


A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

Re-activate your protection programs at this time :!:

Ron
  • 0

#3
Mich73

Mich73

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts
ComboFix 10-01-26.05 - Michele 01/27/2010 7:19.4.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1982.1186 [GMT -5:00]
Running from: c:\users\Michele\Desktop\george.exe
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2009-12-27 to 2010-01-27 )))))))))))))))))))))))))))))))
.

2010-01-27 12:27 . 2010-01-27 12:27 -------- d-----w- c:\users\Michele\AppData\Local\temp
2010-01-27 12:27 . 2010-01-27 12:27 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-01-27 12:27 . 2010-01-27 12:27 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-01-27 11:36 . 2010-01-27 12:13 -------- d-----w- c:\users\Michele\AppData\Local\bhhlgl
2010-01-26 12:40 . 2010-01-26 12:51 -------- d-----w- C:\ComboFix
2010-01-23 13:35 . 2010-01-23 13:35 -------- d-----w- c:\users\Michele\AppData\Local\WinZip
2010-01-23 13:28 . 2010-01-23 13:29 -------- d-----w- C:\Rooter$
2010-01-22 12:43 . 2010-01-22 13:11 -------- d-----w- c:\users\Michele\AppData\Local\lsfcyh
2010-01-22 12:43 . 2010-01-22 13:11 -------- d-----w- c:\users\Michele\AppData\Local\kcnums
2010-01-22 12:43 . 2010-01-22 13:11 -------- d-----w- c:\users\Michele\AppData\Local\umbgyr
2010-01-22 12:43 . 2010-01-22 13:11 -------- d-----w- c:\users\Michele\AppData\Local\gejabb
2010-01-22 12:43 . 2010-01-22 13:11 -------- d-----w- c:\users\Michele\AppData\Local\cykwax
2010-01-22 12:43 . 2010-01-22 13:11 -------- d-----w- c:\users\Michele\AppData\Local\fgvlyb
2010-01-22 12:43 . 2010-01-22 13:11 -------- d-----w- c:\users\Michele\AppData\Local\jwexvh
2010-01-22 12:43 . 2010-01-22 13:11 -------- d-----w- c:\users\Michele\AppData\Local\xtluyu
2010-01-22 12:41 . 2010-01-22 13:11 -------- d-----w- c:\users\Michele\AppData\Local\fmxyet
2010-01-22 12:41 . 2010-01-22 13:11 -------- d-----w- c:\users\Michele\AppData\Local\wjubrx
2010-01-22 12:41 . 2010-01-22 13:11 -------- d-----w- c:\users\Michele\AppData\Local\vlhmpx
2010-01-22 12:41 . 2010-01-22 13:11 -------- d-----w- c:\users\Michele\AppData\Local\lbtbda
2010-01-22 12:41 . 2010-01-22 13:11 -------- d-----w- c:\users\Michele\AppData\Local\xcatdm
2010-01-22 12:41 . 2010-01-22 13:11 -------- d-----w- c:\users\Michele\AppData\Local\caeoof
2010-01-22 12:41 . 2010-01-22 13:11 -------- d-----w- c:\users\Michele\AppData\Local\sgijou
2010-01-22 12:41 . 2010-01-22 13:11 -------- d-----w- c:\users\Michele\AppData\Local\dqwubt
2010-01-22 12:41 . 2010-01-22 13:11 -------- d-----w- c:\users\Michele\AppData\Local\nkrabd
2010-01-22 12:41 . 2010-01-22 13:11 -------- d-----w- c:\users\Michele\AppData\Local\wemebm
2010-01-22 12:41 . 2010-01-22 13:11 -------- d-----w- c:\users\Michele\AppData\Local\alxsaq
2010-01-22 12:41 . 2010-01-22 13:11 -------- d-----w- c:\users\Michele\AppData\Local\csjgat
2010-01-22 12:41 . 2010-01-22 13:11 -------- d-----w- c:\users\Michele\AppData\Local\xpwowq
2010-01-22 12:39 . 2010-01-22 16:27 -------- d-----w- c:\users\Michele\AppData\Local\kxfucv
2010-01-22 12:39 . 2010-01-22 16:27 -------- d-----w- c:\users\Michele\AppData\Local\elueco
2010-01-22 12:39 . 2010-01-22 16:27 -------- d-----w- c:\users\Michele\AppData\Local\bejqcl
2010-01-22 12:39 . 2010-01-22 16:27 -------- d-----w- c:\users\Michele\AppData\Local\ypdunw
2010-01-22 12:39 . 2010-01-22 16:27 -------- d-----w- c:\users\Michele\AppData\Local\ducwoa
2010-01-22 12:39 . 2010-01-22 13:11 -------- d-----w- c:\users\Michele\AppData\Local\ttmkaf
2010-01-22 12:39 . 2010-01-22 16:27 -------- d-----w- c:\users\Michele\AppData\Local\pvipon
2010-01-22 12:39 . 2010-01-22 16:27 -------- d-----w- c:\users\Michele\AppData\Local\hsgrbr
2010-01-22 12:39 . 2010-01-22 13:11 -------- d-----w- c:\users\Michele\AppData\Local\qmbwbc
2010-01-22 12:38 . 2010-01-22 16:27 -------- d-----w- c:\users\Michele\AppData\Local\gnxvkh
2010-01-22 12:38 . 2010-01-22 13:11 -------- d-----w- c:\users\Michele\AppData\Local\qhsakq
2010-01-21 21:23 . 2010-01-21 21:23 191344 ---ha-w- c:\windows\system32\mlfcache.dat
2010-01-19 10:29 . 2010-01-19 11:00 -------- d-----w- c:\users\Michele\AppData\Local\mjqbbm
2010-01-17 10:13 . 2010-01-17 10:13 -------- d-----w- c:\program files\Microsoft Office Outlook Connector
2010-01-17 10:12 . 2009-08-06 03:48 54632 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2010-01-17 10:12 . 2010-01-17 10:12 -------- d-----w- c:\program files\Windows Live SkyDrive
2010-01-17 10:11 . 2010-01-17 10:12 -------- d-----w- c:\program files\Windows Live
2010-01-17 10:10 . 2006-11-29 18:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2010-01-17 10:10 . 2010-01-17 10:10 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-01-17 10:06 . 2010-01-17 10:06 -------- d-----w- c:\program files\Common Files\Windows Live
2010-01-17 10:04 . 2009-10-29 09:41 2048 ----a-w- c:\windows\system32\tzres.dll
2010-01-17 09:59 . 2009-11-09 13:22 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-01-17 09:59 . 2009-11-09 13:20 31232 ----a-w- c:\windows\system32\httpapi.dll
2010-01-17 09:59 . 2009-11-09 11:04 411136 ----a-w- c:\windows\system32\drivers\http.sys
2010-01-17 09:57 . 2010-01-17 10:12 -------- d-----w- c:\program files\Microsoft
2010-01-17 09:56 . 2009-06-15 15:21 499712 ----a-w- c:\windows\system32\kerberos.dll
2010-01-17 09:56 . 2009-06-15 15:24 270848 ----a-w- c:\windows\system32\schannel.dll
2010-01-17 09:54 . 2009-10-07 12:41 244224 ----a-w- c:\windows\system32\rastls.dll
2010-01-17 09:54 . 2009-10-07 12:41 281600 ----a-w- c:\windows\system32\raschap.dll
2010-01-17 09:54 . 2009-08-10 13:05 351232 ----a-w- c:\windows\system32\WSDApi.dll
2010-01-17 09:17 . 2010-01-17 09:37 -------- d-----w- c:\users\Michele\AppData\Local\jxjwie
2010-01-17 09:16 . 2010-01-17 09:37 -------- d-----w- c:\users\Michele\AppData\Local\jorebh
2010-01-17 09:16 . 2010-01-17 09:37 -------- d-----w- c:\users\Michele\AppData\Local\eychsh
2010-01-17 09:15 . 2010-01-17 09:37 -------- d-----w- c:\users\Michele\AppData\Local\rxvptu
2010-01-17 09:15 . 2010-01-17 09:37 -------- d-----w- c:\users\Michele\AppData\Local\llmytn
2010-01-17 09:15 . 2010-01-17 09:37 -------- d-----w- c:\users\Michele\AppData\Local\xfxjdp
2010-01-17 09:12 . 2010-01-17 09:37 -------- d-----w- c:\users\Michele\AppData\Local\tefipt
2010-01-17 09:11 . 2010-01-17 09:37 -------- d-----w- c:\users\Michele\AppData\Local\gxqsau
2010-01-17 09:11 . 2010-01-17 09:37 -------- d-----w- c:\users\Michele\AppData\Local\xpfywo
2010-01-17 09:11 . 2010-01-17 09:37 -------- d-----w- c:\users\Michele\AppData\Local\gshwjj
2010-01-17 09:11 . 2010-01-17 09:37 -------- d-----w- c:\users\Michele\AppData\Local\uitkwl
2010-01-17 09:11 . 2010-01-17 09:37 -------- d-----w- c:\users\Michele\AppData\Local\bwqmvr
2010-01-17 09:10 . 2010-01-17 09:37 -------- d-----w- c:\users\Michele\AppData\Local\udloga
2010-01-17 09:10 . 2010-01-17 09:37 -------- d-----w- c:\users\Michele\AppData\Local\majqtf
2010-01-10 16:59 . 2010-01-10 16:59 423464 ----a-w- c:\users\Michele\AppData\Roaming\E-centives\BSTIEPrintCtl1.dll
2010-01-10 16:59 . 2010-01-10 16:59 -------- d-----w- c:\users\Michele\AppData\Roaming\E-centives
2010-01-10 16:59 . 2010-01-10 16:59 443944 ----a-w- c:\users\Michele\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\E-centives\UninstallCouponActivator.exe
2010-01-07 00:59 . 2010-01-07 00:59 -------- d-----w- c:\program files\Walmart MP3 Music Downloads
2010-01-04 20:46 . 2010-01-04 20:46 -------- d-----w- c:\users\Michele\AppData\Local\PhotoChannel

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-23 13:35 . 2009-04-17 13:53 -------- d-----w- c:\programdata\WinZip
2010-01-22 23:49 . 2009-07-10 18:12 -------- d-----w- c:\program files\ERUNT
2010-01-22 14:25 . 2007-08-19 23:20 -------- d-----w- c:\program files\Dl_cats
2010-01-22 13:14 . 2009-01-02 19:53 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-01-17 10:15 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-01-17 10:05 . 2007-08-07 23:09 -------- d-----w- c:\programdata\Microsoft Help
2010-01-17 09:32 . 2008-09-22 16:57 1356 ----a-w- c:\users\Michele\AppData\Local\d3d9caps.dat
2010-01-15 21:08 . 2008-11-10 11:12 1682 --sha-w- c:\windows\system32\KGyGaAvL.sys
2010-01-12 03:31 . 2007-08-20 22:23 -------- d-----w- c:\program files\Coupons
2010-01-10 23:43 . 2009-01-02 19:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-10 23:43 . 2009-01-05 10:27 5115824 ----a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-01-07 21:07 . 2009-01-02 19:56 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 21:07 . 2009-01-02 19:56 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-26 03:45 . 2007-09-02 03:27 -------- d-----w- c:\users\Michele\AppData\Roaming\Apple Computer
2009-12-26 03:44 . 2007-09-02 03:23 -------- d-----w- c:\programdata\Apple
2009-12-26 02:04 . 2009-12-26 02:04 690952 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-12-14 15:38 . 2007-08-07 22:59 -------- d-----w- c:\program files\Java
2009-12-11 13:05 . 2009-04-15 23:30 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-12-08 23:25 . 2009-12-08 23:25 -------- d-----w- c:\program files\InterActual
2009-12-07 16:20 . 2007-12-09 04:05 -------- d-----w- c:\program files\NCH Swift Sound
2009-12-07 14:57 . 2008-08-10 15:32 20 ---h--w- c:\programdata\PKP_DLdu.DAT
2009-12-07 13:00 . 2008-08-10 15:34 20 ---h--w- c:\programdata\PKP_DLdw.DAT
2009-12-07 13:00 . 2008-08-10 15:52 -------- d-----w- c:\users\Michele\AppData\Roaming\Nikon
2009-11-30 00:23 . 2009-11-30 00:23 49152 ----a-r- c:\users\Michele\AppData\Roaming\Microsoft\Installer\{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}\ARPPRODUCTICON.exe
2009-11-30 00:22 . 2009-11-30 00:22 335872 ----a-r- c:\users\Michele\AppData\Roaming\Microsoft\Installer\{237CD223-1B9D-47E8-A76C-E478B83CCEA2}\ARPPRODUCTICON.exe
2009-11-30 00:22 . 2008-08-10 15:32 -------- d-----w- c:\program files\Common Files\Nikon
2009-11-30 00:22 . 2008-08-10 15:36 57344 ----a-r- c:\users\Michele\AppData\Roaming\Microsoft\Installer\{87441A59-5E64-4096-A170-14EFE67200C3}\ARPPRODUCTICON.exe
2009-11-29 15:18 . 2008-08-10 15:32 -------- d-----w- c:\program files\Nikon
2009-11-29 15:18 . 2007-08-07 23:01 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-11-26 22:56 . 2009-09-21 21:56 3695616 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AutoLaunch.exe
2009-11-26 15:36 . 2009-11-26 15:36 79144 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-11-23 13:01 . 2008-08-10 15:43 20 ---h--w- c:\programdata\PKP_DLdy.DAT
2009-11-22 16:19 . 2009-11-22 16:19 261831 ----a-w- c:\programdata\SPLF6A5.tmp
2009-11-21 06:40 . 2010-01-17 09:55 916480 ----a-w- c:\windows\system32\wininet.dll
2009-11-21 06:34 . 2010-01-17 09:55 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-11-21 06:34 . 2010-01-17 09:55 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-11-21 04:59 . 2010-01-17 09:55 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-11-19 21:19 . 2009-11-19 21:19 1105483 ----a-w- c:\programdata\SPL7348.tmp
2009-11-15 06:04 . 2007-08-17 14:30 116088 ----a-w- c:\users\Michele\AppData\Local\GDIPFONTCACHEV1.DAT
2009-11-12 14:19 . 2009-11-12 14:19 2421184 ----a-w- c:\programdata\TaxCut\2008\Update\VA30013201cupd.exe
2009-11-12 14:19 . 2009-11-12 14:19 29813256 ----a-w- c:\programdata\TaxCut\2008\Update\US62017101cupd.exe
2009-11-03 01:42 . 2009-11-02 15:08 195456 ------w- c:\windows\system32\MpSigStub.exe
2007-08-08 06:39 . 2007-08-08 06:39 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((( [email protected]_23.34.05 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-12-07 15:29 . 2009-12-07 15:29 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-12-07 15:29 . 2010-01-22 02:11 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-12-07 15:29 . 2009-12-07 15:29 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-12-07 15:29 . 2010-01-22 02:11 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-12-07 15:29 . 2009-12-07 15:29 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-12-07 15:29 . 2010-01-22 02:11 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-01-23 13:35 . 2010-01-23 13:35 29184 c:\windows\Installer\{CD95F661-A5C4-44F5-A6AA-ECDD91C240BB}\IconCD95F6617.exe
- 2010-01-19 20:44 . 2010-01-19 20:44 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2010-01-27 12:14 . 2010-01-27 12:14 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2010-01-19 20:44 . 2010-01-19 20:44 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-01-27 12:14 . 2010-01-27 12:14 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-11-15 12:16 . 2010-01-19 11:09 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-11-15 12:16 . 2010-01-27 12:16 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2010-01-23 13:35 . 2010-01-23 13:35 632320 c:\windows\Installer\{CD95F661-A5C4-44F5-A6AA-ECDD91C240BB}\IconCD95F66110.exe
+ 2010-01-22 23:50 . 2005-10-20 17:02 163328 c:\windows\ERDNT\1-22-2010\ERDNT.EXE
+ 2010-01-23 13:35 . 2010-01-23 13:35 1544192 c:\windows\Installer\1f75a58.msi
+ 2010-01-22 23:50 . 2010-01-22 23:50 3788800 c:\windows\ERDNT\1-22-2010\Users\00000002\UsrClass.dat
+ 2010-01-22 23:50 . 2010-01-22 23:50 4255744 c:\windows\ERDNT\1-22-2010\Users\00000001\ntuser.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2009-07-25 160592]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Shockwave Updater"="c:\windows\system32\Adobe\Shockwave 11\SwHelper_1151601.exe" [2009-07-21 468408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-17 4907008]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-09-21 520024]
"dlcxmon.exe"="c:\program files\Dell Photo AIO Printer 926\dlcxmon.exe" [2007-01-12 292336]
"MemoryCardManager"="c:\program files\Dell Photo AIO Printer 926\memcard.exe" [2006-11-03 304008]
"DLCXCATS"="c:\windows\system32\spool\DRIVERS\W32X86\3\DLCXtime.dll" [2006-10-16 106496]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-01-07 1394000]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2009-07-25 160592]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2009-11-18 495432]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^Michele^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Nikon Monitor.lnk]
backup=c:\windows\pss\Nikon Monitor.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-19 07:33 125952 ----a-w- c:\windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-11-12 21:33 141600 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Shockwave Updater]
2009-07-21 08:17 468408 ----a-w- c:\windows\System32\Adobe\Shockwave 11\SwHelper_1151601.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 20:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-19 07:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiSpywareOverride"=dword:00000001
"VistaSp2"=hex(b):3a,46,d6,06,ab,00,ca,01

R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [4/23/2009 4:57 PM 64160]
R2 AERTFilters;Andrea RT Filters Service;c:\windows\System32\AERTSrv.exe [12/5/2007 5:17 AM 77824]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [4/15/2009 6:30 PM 108289]
R2 dlcx_device;dlcx_device;c:\windows\system32\dlcxcoms.exe -service --> c:\windows\system32\dlcxcoms.exe -service [?]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [1/18/2009 4:34 PM 1028432]
S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [1/17/2010 5:12 AM 54632]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\Windows Live\Family Safety\fsssvc.exe [8/5/2009 10:48 PM 704864]
.
Contents of the 'Scheduled Tasks' folder

2010-01-25 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 21:56]

2010-01-27 c:\windows\Tasks\User_Feed_Synchronization-{38373818-AF7C-4797-B6B5-F2B48C191FAA}.job
- c:\windows\system32\msfeedssync.exe [2010-01-17 04:59]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://www.yahoo.com
uInternet Settings,ProxyServer = http=127.0.0.1:5555
LSP: c:\windows\system32\wpclsp.dll
Trusted Zone: nickjr.com\www
DPF: vzTCPConfig - hxxp://www2.verizon.net/help/fios_settings_POTT20009/include/vzTCPConfig.CAB
DPF: {2FF8D282-F78A-4A33-ABC2-49E72A341482} - hxxp://riteaid.storefront.com/images/global/activex/SFImageUpload1_10.CAB
DPF: {57055870-7F19-46ED-B1DD-56004FBFCB9D} - hxxp://music.5gum.com/HipDigitalDownloadManager.cab
DPF: {8B67B37E-1AE2-4B99-B8CF-55AF4D58DF0D} - file:///E:/win/setup/iamce.dll
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} - hxxp://www.cvsphoto.com/upload/activex/v3_0_0_5/PhotoCenter_ActiveX_Control.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - ProfilePath - c:\users\Michele\AppData\Roaming\Mozilla\Firefox\Profiles\6ufdgskr.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=19&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.online-sweepstakes.com/
FF - prefs.js: keyword.URL - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=NAUS&v=19&tid={29F9E918-8B54-BBA6-97C2-B552DC1C2C0A}&q=
FF - component: c:\program files\Siber Systems\AI RoboForm\Firefox\components\rfproxy_31.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPcol400.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\Virtools\3D Life Player\npvirtools.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-27 07:27
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCXCATS = rundll32 c:\windows\system32\spool\DRIVERS\W32X86\3\DLCXtime.dll,[email protected]???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-01-27 07:29:22
ComboFix-quarantined-files.txt 2010-01-27 12:29
ComboFix2.txt 2010-01-26 12:51
ComboFix3.txt 2010-01-19 23:36

Pre-Run: 99,743,911,936 bytes free
Post-Run: 99,967,475,712 bytes free

- - End Of File - - 8737B28D06D1E6FFFE518B7DF802BED5
  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,145 posts
  • MVP
Does IE work now?

You have a lot of odd folders which look suspicious. Let's see what is in them:

Copy the text between the lines of stars by highlighting and Ctrl + c.

******************************************

Killall:

DirLook::
c:\users\Default\AppData\Local\temp
c:\users\Michele\AppData\Local\bhhlgl


******************************************

Now open notepad (Start, Run, notepad, OK) and Ctrl + V to paste the text into Notepad. Make sure you got it all then File, SAVE AS, (to your Desktop), CFScript , OK. Close notepad. (Overwrite the old one if it's still there.) You should see a file CFScript.txt on your desktop.

Drag it over to george and let it start as before.

Post the new log.

Ron
  • 0

#5
Mich73

Mich73

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts
I did as you said, and it said there is a newer version of combofix and I downloaded it. I hope that is okay. I had already downloaded a new version when I posted my other log so Im not sure what that was all about. Anyhow, here is my new log.

ComboFix 10-01-26.06 - Michele 01/27/2010 13:27:48.5.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1982.1376 [GMT -5:00]
Running from: c:\users\Michele\Desktop\george.exe
Command switches used :: c:\users\Michele\Desktop\CFScript.txt
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2009-12-27 to 2010-01-27 )))))))))))))))))))))))))))))))
.

2010-01-27 18:35 . 2010-01-27 18:39 -------- d-----w- c:\users\Michele\AppData\Local\temp
2010-01-27 18:35 . 2010-01-27 18:35 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-01-27 18:35 . 2010-01-27 18:35 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-01-27 12:18 . 2010-01-27 12:29 -------- d-----w- C:\george
2010-01-27 11:36 . 2010-01-27 12:13 -------- d-----w- c:\users\Michele\AppData\Local\bhhlgl
2010-01-26 12:40 . 2010-01-26 12:51 -------- d-----w- C:\ComboFix
2010-01-23 13:35 . 2010-01-23 13:35 -------- d-----w- c:\users\Michele\AppData\Local\WinZip
2010-01-23 13:28 . 2010-01-23 13:29 -------- d-----w- C:\Rooter$
2010-01-22 12:43 . 2010-01-22 13:11 -------- d-----w- c:\users\Michele\AppData\Local\lsfcyh
2010-01-22 12:43 . 2010-01-22 13:11 -------- d-----w- c:\users\Michele\AppData\Local\kcnums
2010-01-22 12:43 . 2010-01-22 13:11 -------- d-----w- c:\users\Michele\AppData\Local\umbgyr
2010-01-22 12:43 . 2010-01-22 13:11 -------- d-----w- c:\users\Michele\AppData\Local\gejabb
2010-01-22 12:43 . 2010-01-22 13:11 -------- d-----w- c:\users\Michele\AppData\Local\cykwax
2010-01-22 12:43 . 2010-01-22 13:11 -------- d-----w- c:\users\Michele\AppData\Local\fgvlyb
2010-01-22 12:43 . 2010-01-22 13:11 -------- d-----w- c:\users\Michele\AppData\Local\jwexvh
2010-01-22 12:43 . 2010-01-22 13:11 -------- d-----w- c:\users\Michele\AppData\Local\xtluyu
2010-01-22 12:41 . 2010-01-22 13:11 -------- d-----w- c:\users\Michele\AppData\Local\fmxyet
2010-01-22 12:41 . 2010-01-22 13:11 -------- d-----w- c:\users\Michele\AppData\Local\wjubrx
2010-01-22 12:41 . 2010-01-22 13:11 -------- d-----w- c:\users\Michele\AppData\Local\vlhmpx
2010-01-22 12:41 . 2010-01-22 13:11 -------- d-----w- c:\users\Michele\AppData\Local\lbtbda
2010-01-22 12:41 . 2010-01-22 13:11 -------- d-----w- c:\users\Michele\AppData\Local\xcatdm
2010-01-22 12:41 . 2010-01-22 13:11 -------- d-----w- c:\users\Michele\AppData\Local\caeoof
2010-01-22 12:41 . 2010-01-22 13:11 -------- d-----w- c:\users\Michele\AppData\Local\sgijou
2010-01-22 12:41 . 2010-01-22 13:11 -------- d-----w- c:\users\Michele\AppData\Local\dqwubt
2010-01-22 12:41 . 2010-01-22 13:11 -------- d-----w- c:\users\Michele\AppData\Local\nkrabd
2010-01-22 12:41 . 2010-01-22 13:11 -------- d-----w- c:\users\Michele\AppData\Local\wemebm
2010-01-22 12:41 . 2010-01-22 13:11 -------- d-----w- c:\users\Michele\AppData\Local\alxsaq
2010-01-22 12:41 . 2010-01-22 13:11 -------- d-----w- c:\users\Michele\AppData\Local\csjgat
2010-01-22 12:41 . 2010-01-22 13:11 -------- d-----w- c:\users\Michele\AppData\Local\xpwowq
2010-01-22 12:39 . 2010-01-22 16:27 -------- d-----w- c:\users\Michele\AppData\Local\kxfucv
2010-01-22 12:39 . 2010-01-22 16:27 -------- d-----w- c:\users\Michele\AppData\Local\elueco
2010-01-22 12:39 . 2010-01-22 16:27 -------- d-----w- c:\users\Michele\AppData\Local\bejqcl
2010-01-22 12:39 . 2010-01-22 16:27 -------- d-----w- c:\users\Michele\AppData\Local\ypdunw
2010-01-22 12:39 . 2010-01-22 16:27 -------- d-----w- c:\users\Michele\AppData\Local\ducwoa
2010-01-22 12:39 . 2010-01-22 13:11 -------- d-----w- c:\users\Michele\AppData\Local\ttmkaf
2010-01-22 12:39 . 2010-01-22 16:27 -------- d-----w- c:\users\Michele\AppData\Local\pvipon
2010-01-22 12:39 . 2010-01-22 16:27 -------- d-----w- c:\users\Michele\AppData\Local\hsgrbr
2010-01-22 12:39 . 2010-01-22 13:11 -------- d-----w- c:\users\Michele\AppData\Local\qmbwbc
2010-01-22 12:38 . 2010-01-22 16:27 -------- d-----w- c:\users\Michele\AppData\Local\gnxvkh
2010-01-22 12:38 . 2010-01-22 13:11 -------- d-----w- c:\users\Michele\AppData\Local\qhsakq
2010-01-21 21:23 . 2010-01-21 21:23 191344 ---ha-w- c:\windows\system32\mlfcache.dat
2010-01-19 10:29 . 2010-01-19 11:00 -------- d-----w- c:\users\Michele\AppData\Local\mjqbbm
2010-01-17 10:13 . 2010-01-17 10:13 -------- d-----w- c:\program files\Microsoft Office Outlook Connector
2010-01-17 10:12 . 2009-08-06 03:48 54632 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2010-01-17 10:12 . 2010-01-17 10:12 -------- d-----w- c:\program files\Windows Live SkyDrive
2010-01-17 10:11 . 2010-01-17 10:12 -------- d-----w- c:\program files\Windows Live
2010-01-17 10:10 . 2006-11-29 18:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2010-01-17 10:10 . 2010-01-17 10:10 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-01-17 10:06 . 2010-01-17 10:06 -------- d-----w- c:\program files\Common Files\Windows Live
2010-01-17 10:04 . 2009-10-29 09:41 2048 ----a-w- c:\windows\system32\tzres.dll
2010-01-17 09:59 . 2009-11-09 13:22 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-01-17 09:59 . 2009-11-09 13:20 31232 ----a-w- c:\windows\system32\httpapi.dll
2010-01-17 09:59 . 2009-11-09 11:04 411136 ----a-w- c:\windows\system32\drivers\http.sys
2010-01-17 09:57 . 2010-01-17 10:12 -------- d-----w- c:\program files\Microsoft
2010-01-17 09:56 . 2009-06-15 15:21 499712 ----a-w- c:\windows\system32\kerberos.dll
2010-01-17 09:56 . 2009-06-15 15:24 270848 ----a-w- c:\windows\system32\schannel.dll
2010-01-17 09:54 . 2009-10-07 12:41 244224 ----a-w- c:\windows\system32\rastls.dll
2010-01-17 09:54 . 2009-10-07 12:41 281600 ----a-w- c:\windows\system32\raschap.dll
2010-01-17 09:54 . 2009-08-10 13:05 351232 ----a-w- c:\windows\system32\WSDApi.dll
2010-01-17 09:17 . 2010-01-17 09:37 -------- d-----w- c:\users\Michele\AppData\Local\jxjwie
2010-01-17 09:16 . 2010-01-17 09:37 -------- d-----w- c:\users\Michele\AppData\Local\jorebh
2010-01-17 09:16 . 2010-01-17 09:37 -------- d-----w- c:\users\Michele\AppData\Local\eychsh
2010-01-17 09:15 . 2010-01-17 09:37 -------- d-----w- c:\users\Michele\AppData\Local\rxvptu
2010-01-17 09:15 . 2010-01-17 09:37 -------- d-----w- c:\users\Michele\AppData\Local\llmytn
2010-01-17 09:15 . 2010-01-17 09:37 -------- d-----w- c:\users\Michele\AppData\Local\xfxjdp
2010-01-17 09:12 . 2010-01-17 09:37 -------- d-----w- c:\users\Michele\AppData\Local\tefipt
2010-01-17 09:11 . 2010-01-17 09:37 -------- d-----w- c:\users\Michele\AppData\Local\gxqsau
2010-01-17 09:11 . 2010-01-17 09:37 -------- d-----w- c:\users\Michele\AppData\Local\xpfywo
2010-01-17 09:11 . 2010-01-17 09:37 -------- d-----w- c:\users\Michele\AppData\Local\gshwjj
2010-01-17 09:11 . 2010-01-17 09:37 -------- d-----w- c:\users\Michele\AppData\Local\uitkwl
2010-01-17 09:11 . 2010-01-17 09:37 -------- d-----w- c:\users\Michele\AppData\Local\bwqmvr
2010-01-17 09:10 . 2010-01-17 09:37 -------- d-----w- c:\users\Michele\AppData\Local\udloga
2010-01-17 09:10 . 2010-01-17 09:37 -------- d-----w- c:\users\Michele\AppData\Local\majqtf
2010-01-10 16:59 . 2010-01-10 16:59 -------- d-----w- c:\users\Michele\AppData\Roaming\E-centives
2010-01-07 00:59 . 2010-01-07 00:59 -------- d-----w- c:\program files\Walmart MP3 Music Downloads
2010-01-04 20:46 . 2010-01-04 20:46 -------- d-----w- c:\users\Michele\AppData\Local\PhotoChannel

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-27 18:39 . 2007-08-19 23:20 -------- d-----w- c:\program files\Dl_cats
2010-01-23 13:35 . 2009-04-17 13:53 -------- d-----w- c:\programdata\WinZip
2010-01-22 23:49 . 2009-07-10 18:12 -------- d-----w- c:\program files\ERUNT
2010-01-22 13:14 . 2009-01-02 19:53 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-01-17 10:15 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-01-17 10:05 . 2007-08-07 23:09 -------- d-----w- c:\programdata\Microsoft Help
2010-01-17 09:32 . 2008-09-22 16:57 1356 ----a-w- c:\users\Michele\AppData\Local\d3d9caps.dat
2010-01-15 21:08 . 2008-11-10 11:12 1682 --sha-w- c:\windows\system32\KGyGaAvL.sys
2010-01-12 03:31 . 2007-08-20 22:23 -------- d-----w- c:\program files\Coupons
2010-01-10 23:43 . 2009-01-02 19:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-10 23:43 . 2009-01-05 10:27 5115824 ----a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-01-10 16:59 . 2010-01-10 16:59 423464 ----a-w- c:\users\Michele\AppData\Roaming\E-centives\BSTIEPrintCtl1.dll
2010-01-10 16:59 . 2010-01-10 16:59 443944 ----a-w- c:\users\Michele\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\E-centives\UninstallCouponActivator.exe
2010-01-07 21:07 . 2009-01-02 19:56 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 21:07 . 2009-01-02 19:56 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-26 03:45 . 2007-09-02 03:27 -------- d-----w- c:\users\Michele\AppData\Roaming\Apple Computer
2009-12-26 03:44 . 2007-09-02 03:23 -------- d-----w- c:\programdata\Apple
2009-12-26 02:04 . 2009-12-26 02:04 690952 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-12-14 15:38 . 2007-08-07 22:59 -------- d-----w- c:\program files\Java
2009-12-11 13:05 . 2009-04-15 23:30 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-12-08 23:25 . 2009-12-08 23:25 -------- d-----w- c:\program files\InterActual
2009-12-07 16:20 . 2007-12-09 04:05 -------- d-----w- c:\program files\NCH Swift Sound
2009-12-07 14:57 . 2008-08-10 15:32 20 ---h--w- c:\programdata\PKP_DLdu.DAT
2009-12-07 13:00 . 2008-08-10 15:34 20 ---h--w- c:\programdata\PKP_DLdw.DAT
2009-12-07 13:00 . 2008-08-10 15:52 -------- d-----w- c:\users\Michele\AppData\Roaming\Nikon
2009-11-30 00:23 . 2009-11-30 00:23 49152 ----a-r- c:\users\Michele\AppData\Roaming\Microsoft\Installer\{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}\ARPPRODUCTICON.exe
2009-11-30 00:22 . 2009-11-30 00:22 335872 ----a-r- c:\users\Michele\AppData\Roaming\Microsoft\Installer\{237CD223-1B9D-47E8-A76C-E478B83CCEA2}\ARPPRODUCTICON.exe
2009-11-30 00:22 . 2008-08-10 15:32 -------- d-----w- c:\program files\Common Files\Nikon
2009-11-30 00:22 . 2008-08-10 15:36 57344 ----a-r- c:\users\Michele\AppData\Roaming\Microsoft\Installer\{87441A59-5E64-4096-A170-14EFE67200C3}\ARPPRODUCTICON.exe
2009-11-29 15:18 . 2008-08-10 15:32 -------- d-----w- c:\program files\Nikon
2009-11-29 15:18 . 2007-08-07 23:01 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-11-26 22:56 . 2009-09-21 21:56 3695616 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AutoLaunch.exe
2009-11-26 15:36 . 2009-11-26 15:36 79144 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-11-23 13:01 . 2008-08-10 15:43 20 ---h--w- c:\programdata\PKP_DLdy.DAT
2009-11-22 16:19 . 2009-11-22 16:19 261831 ----a-w- c:\programdata\SPLF6A5.tmp
2009-11-21 06:40 . 2010-01-17 09:55 916480 ----a-w- c:\windows\system32\wininet.dll
2009-11-21 06:34 . 2010-01-17 09:55 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-11-21 06:34 . 2010-01-17 09:55 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-11-21 04:59 . 2010-01-17 09:55 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-11-19 21:19 . 2009-11-19 21:19 1105483 ----a-w- c:\programdata\SPL7348.tmp
2009-11-15 06:04 . 2007-08-17 14:30 116088 ----a-w- c:\users\Michele\AppData\Local\GDIPFONTCACHEV1.DAT
2009-11-12 14:19 . 2009-11-12 14:19 2421184 ----a-w- c:\programdata\TaxCut\2008\Update\VA30013201cupd.exe
2009-11-12 14:19 . 2009-11-12 14:19 29813256 ----a-w- c:\programdata\TaxCut\2008\Update\US62017101cupd.exe
2009-11-03 01:42 . 2009-11-02 15:08 195456 ------w- c:\windows\system32\MpSigStub.exe
2007-08-08 06:39 . 2007-08-08 06:39 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\users\Default\AppData\Local\temp ----


---- Directory of c:\users\Michele\AppData\Local\bhhlgl ----



((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2009-07-25 160592]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Shockwave Updater"="c:\windows\system32\Adobe\Shockwave 11\SwHelper_1151601.exe" [2009-07-21 468408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-17 4907008]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-09-21 520024]
"dlcxmon.exe"="c:\program files\Dell Photo AIO Printer 926\dlcxmon.exe" [2007-01-12 292336]
"MemoryCardManager"="c:\program files\Dell Photo AIO Printer 926\memcard.exe" [2006-11-03 304008]
"DLCXCATS"="c:\windows\system32\spool\DRIVERS\W32X86\3\DLCXtime.dll" [2006-10-16 106496]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-01-07 1394000]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2009-07-25 160592]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2009-11-18 495432]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^Michele^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Nikon Monitor.lnk]
backup=c:\windows\pss\Nikon Monitor.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-19 07:33 125952 ----a-w- c:\windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-11-12 21:33 141600 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Shockwave Updater]
2009-07-21 08:17 468408 ----a-w- c:\windows\System32\Adobe\Shockwave 11\SwHelper_1151601.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 20:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-19 07:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiSpywareOverride"=dword:00000001
"VistaSp2"=hex(b):3a,46,d6,06,ab,00,ca,01

R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [4/23/2009 4:57 PM 64160]
R2 AERTFilters;Andrea RT Filters Service;c:\windows\System32\AERTSrv.exe [12/5/2007 5:17 AM 77824]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [4/15/2009 6:30 PM 108289]
R2 dlcx_device;dlcx_device;c:\windows\system32\dlcxcoms.exe -service --> c:\windows\system32\dlcxcoms.exe -service [?]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [1/18/2009 4:34 PM 1028432]
S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [1/17/2010 5:12 AM 54632]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\Windows Live\Family Safety\fsssvc.exe [8/5/2009 10:48 PM 704864]
.
Contents of the 'Scheduled Tasks' folder

2010-01-25 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 21:56]

2010-01-27 c:\windows\Tasks\User_Feed_Synchronization-{38373818-AF7C-4797-B6B5-F2B48C191FAA}.job
- c:\windows\system32\msfeedssync.exe [2010-01-17 04:59]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://www.yahoo.com
uInternet Settings,ProxyServer = http=127.0.0.1:5555
LSP: c:\windows\system32\wpclsp.dll
Trusted Zone: nickjr.com\www
DPF: vzTCPConfig - hxxp://www2.verizon.net/help/fios_settings_POTT20009/include/vzTCPConfig.CAB
DPF: {2FF8D282-F78A-4A33-ABC2-49E72A341482} - hxxp://riteaid.storefront.com/images/global/activex/SFImageUpload1_10.CAB
DPF: {57055870-7F19-46ED-B1DD-56004FBFCB9D} - hxxp://music.5gum.com/HipDigitalDownloadManager.cab
DPF: {8B67B37E-1AE2-4B99-B8CF-55AF4D58DF0D} - file:///E:/win/setup/iamce.dll
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} - hxxp://www.cvsphoto.com/upload/activex/v3_0_0_5/PhotoCenter_ActiveX_Control.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - ProfilePath - c:\users\Michele\AppData\Roaming\Mozilla\Firefox\Profiles\6ufdgskr.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=19&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.online-sweepstakes.com/
FF - prefs.js: keyword.URL - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=NAUS&v=19&tid={29F9E918-8B54-BBA6-97C2-B552DC1C2C0A}&q=
FF - component: c:\program files\Siber Systems\AI RoboForm\Firefox\components\rfproxy_31.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPcol400.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\Virtools\3D Life Player\npvirtools.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-27 13:39
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCXCATS = rundll32 c:\windows\system32\spool\DRIVERS\W32X86\3\DLCXtime.dll,[email protected]???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(3864)
c:\program files\Roxio\Drag-to-Disc\Shellex.dll
c:\windows\system32\DLAAPI_W.DLL
c:\program files\Roxio\Drag-to-Disc\ShellRes.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\rundll32.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\dlcxcoms.exe
c:\program files\Juniper Networks\Common Files\dsNcService.exe
c:\windows\system32\PSIService.exe
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\RtHDVCpl.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2010-01-27 13:46:24 - machine was rebooted
ComboFix-quarantined-files.txt 2010-01-27 18:46
ComboFix2.txt 2010-01-27 12:29
ComboFix3.txt 2010-01-26 12:51
ComboFix4.txt 2010-01-19 23:36

Pre-Run: 99,844,030,464 bytes free
Post-Run: 99,764,191,232 bytes free

- - End Of File - - 88B5A49DF744B1D73D02C019886F1894
  • 0

#6
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,145 posts
  • MVP
Appears the folders are empty. Don't know what is creating them or why.

Disable Spybot's TeaTimer to make sure it won't interfere with fixes. You can re-enable it when you're clean again:

* Run Spybot-S&D in Advanced Mode
* If it is not already set to do this, go to the Mode menu
select
Advanced Mode
* On the left hand side, click on Tools
* Then click on the Resident icon in the list
* Uncheck
Resident TeaTimer
and OK any prompts.
* Restart your computer


Copy the text between the lines of stars by highlighting and Ctrl + c
***************************************************************************************************
:OTL
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555
2010-01-27 11:36 . 2010-01-27 12:13 -------- d-----w- c:\users\Michele\AppData\Local\bhhlgl
2010-01-22 12:43 . 2010-01-22 13:11 -------- d-----w- c:\users\Michele\AppData\Local\lsfcyh
2010-01-22 12:43 . 2010-01-22 13:11 -------- d-----w- c:\users\Michele\AppData\Local\kcnums
2010-01-22 12:43 . 2010-01-22 13:11 -------- d-----w- c:\users\Michele\AppData\Local\umbgyr
2010-01-22 12:43 . 2010-01-22 13:11 -------- d-----w- c:\users\Michele\AppData\Local\gejabb
2010-01-22 12:43 . 2010-01-22 13:11 -------- d-----w- c:\users\Michele\AppData\Local\cykwax
2010-01-22 12:43 . 2010-01-22 13:11 -------- d-----w- c:\users\Michele\AppData\Local\fgvlyb
2010-01-22 12:43 . 2010-01-22 13:11 -------- d-----w- c:\users\Michele\AppData\Local\jwexvh
2010-01-22 12:43 . 2010-01-22 13:11 -------- d-----w- c:\users\Michele\AppData\Local\xtluyu
2010-01-22 12:41 . 2010-01-22 13:11 -------- d-----w- c:\users\Michele\AppData\Local\fmxyet
2010-01-22 12:41 . 2010-01-22 13:11 -------- d-----w- c:\users\Michele\AppData\Local\wjubrx
2010-01-22 12:41 . 2010-01-22 13:11 -------- d-----w- c:\users\Michele\AppData\Local\vlhmpx
2010-01-22 12:41 . 2010-01-22 13:11 -------- d-----w- c:\users\Michele\AppData\Local\lbtbda
2010-01-22 12:41 . 2010-01-22 13:11 -------- d-----w- c:\users\Michele\AppData\Local\xcatdm
2010-01-22 12:41 . 2010-01-22 13:11 -------- d-----w- c:\users\Michele\AppData\Local\caeoof
2010-01-22 12:41 . 2010-01-22 13:11 -------- d-----w- c:\users\Michele\AppData\Local\sgijou
2010-01-22 12:41 . 2010-01-22 13:11 -------- d-----w- c:\users\Michele\AppData\Local\dqwubt
2010-01-22 12:41 . 2010-01-22 13:11 -------- d-----w- c:\users\Michele\AppData\Local\nkrabd
2010-01-22 12:41 . 2010-01-22 13:11 -------- d-----w- c:\users\Michele\AppData\Local\wemebm
2010-01-22 12:41 . 2010-01-22 13:11 -------- d-----w- c:\users\Michele\AppData\Local\alxsaq
2010-01-22 12:41 . 2010-01-22 13:11 -------- d-----w- c:\users\Michele\AppData\Local\csjgat
2010-01-22 12:41 . 2010-01-22 13:11 -------- d-----w- c:\users\Michele\AppData\Local\xpwowq
2010-01-22 12:39 . 2010-01-22 16:27 -------- d-----w- c:\users\Michele\AppData\Local\kxfucv
2010-01-22 12:39 . 2010-01-22 16:27 -------- d-----w- c:\users\Michele\AppData\Local\elueco
2010-01-22 12:39 . 2010-01-22 16:27 -------- d-----w- c:\users\Michele\AppData\Local\bejqcl
2010-01-22 12:39 . 2010-01-22 16:27 -------- d-----w- c:\users\Michele\AppData\Local\ypdunw
2010-01-22 12:39 . 2010-01-22 16:27 -------- d-----w- c:\users\Michele\AppData\Local\ducwoa
2010-01-22 12:39 . 2010-01-22 13:11 -------- d-----w- c:\users\Michele\AppData\Local\ttmkaf
2010-01-22 12:39 . 2010-01-22 16:27 -------- d-----w- c:\users\Michele\AppData\Local\pvipon
2010-01-22 12:39 . 2010-01-22 16:27 -------- d-----w- c:\users\Michele\AppData\Local\hsgrbr
2010-01-22 12:39 . 2010-01-22 13:11 -------- d-----w- c:\users\Michele\AppData\Local\qmbwbc
2010-01-22 12:38 . 2010-01-22 16:27 -------- d-----w- c:\users\Michele\AppData\Local\gnxvkh
2010-01-22 12:38 . 2010-01-22 13:11 -------- d-----w- c:\users\Michele\AppData\Local\qhsakq
2010-01-19 10:29 . 2010-01-19 11:00 -------- d-----w- c:\users\Michele\AppData\Local\mjqbbm
2010-01-17 09:17 . 2010-01-17 09:37 -------- d-----w- c:\users\Michele\AppData\Local\jxjwie
2010-01-17 09:16 . 2010-01-17 09:37 -------- d-----w- c:\users\Michele\AppData\Local\jorebh
2010-01-17 09:16 . 2010-01-17 09:37 -------- d-----w- c:\users\Michele\AppData\Local\eychsh
2010-01-17 09:15 . 2010-01-17 09:37 -------- d-----w- c:\users\Michele\AppData\Local\rxvptu
2010-01-17 09:15 . 2010-01-17 09:37 -------- d-----w- c:\users\Michele\AppData\Local\llmytn
2010-01-17 09:15 . 2010-01-17 09:37 -------- d-----w- c:\users\Michele\AppData\Local\xfxjdp
2010-01-17 09:12 . 2010-01-17 09:37 -------- d-----w- c:\users\Michele\AppData\Local\tefipt
2010-01-17 09:11 . 2010-01-17 09:37 -------- d-----w- c:\users\Michele\AppData\Local\gxqsau
2010-01-17 09:11 . 2010-01-17 09:37 -------- d-----w- c:\users\Michele\AppData\Local\xpfywo
2010-01-17 09:11 . 2010-01-17 09:37 -------- d-----w- c:\users\Michele\AppData\Local\gshwjj
2010-01-17 09:11 . 2010-01-17 09:37 -------- d-----w- c:\users\Michele\AppData\Local\uitkwl
2010-01-17 09:11 . 2010-01-17 09:37 -------- d-----w- c:\users\Michele\AppData\Local\bwqmvr
2010-01-17 09:10 . 2010-01-17 09:37 -------- d-----w- c:\users\Michele\AppData\Local\udloga
2010-01-17 09:10 . 2010-01-17 09:37 -------- d-----w- c:\users\Michele\AppData\Local\majqtf
2009-11-23 13:01 . 2008-08-10 15:43 20 ---h--w- c:\programdata\PKP_DLdy.DAT
2009-11-22 16:19 . 2009-11-22 16:19 261831 ----a-w- c:\programdata\SPLF6A5.tmp



:Commands
[purity]
[emptytemp]
[Reboot]

*******************************************************************

then run OTL and Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the Run Fix button at the top
Let the program run unhindered, OTL will reboot the PC when it is done.

Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Clean up System Restore. Follow Jim's procedure here:
http://forum.aumha.o...581099691bf108f

Ron
  • 0

#7
Mich73

Mich73

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts
OTL logfile created on: 1/27/2010 3:29:23 PM - Run 7
OTL by OldTimer - Version 3.1.26.0 Folder = C:\Users\Michele\Desktop\pc fixes
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18865)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 63.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222.78 Gb Total Space | 93.10 Gb Free Space | 41.79% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.61 Gb Free Space | 56.11% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MICHELE-PC
Current User Name: Michele
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Minimal
Quick Scan

========== Processes (SafeList) ==========

PRC - C:\Users\Michele\Desktop\pc fixes\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, S.L.)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe (Siber Systems)
PRC - C:\Windows\System32\Macromed\Flash\FlashUtil10c.exe (Adobe Systems, Inc.)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
PRC - C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation)
PRC - C:\Windows\System32\wbem\unsecapp.exe (Microsoft Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe (Juniper Networks)
PRC - C:\Windows\System32\AERTSrv.exe (Andrea Electronics Corporation)
PRC - C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe ()
PRC - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe (Sonic Solutions)
PRC - C:\Program Files\Dell Photo AIO Printer 926\memcard.exe ()
PRC - C:\Windows\System32\PSIService.exe ()
PRC - C:\Windows\System32\dlcxcoms.exe ( )
PRC - C:\Windows\System32\drivers\XAudio.exe (Conexant Systems, Inc.)


========== Modules (SafeList) ==========

MOD - C:\Users\Michele\Desktop\pc fixes\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (CLTNetCnService) -- File not found
SRV - (iPod Service) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (fsssvc) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (wlidsvc) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
SRV - (Bonjour Service) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (odserv) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (nvsvc) -- C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (dsNcService) -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe (Juniper Networks)
SRV - (AERTFilters) -- C:\Windows\System32\AERTSrv.exe (Andrea Electronics Corporation)
SRV - (SQLWriter) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
SRV - (RoxMediaDB9) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe (Sonic Solutions)
SRV - (RoxWatch9) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe (Sonic Solutions)
SRV - (ProtexisLicensing) -- C:\Windows\System32\PSIService.exe ()
SRV - (ehstart) -- C:\Windows\ehome\ehstart.dll (Microsoft Corporation)
SRV - (ose) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (dlcx_device) -- C:\Windows\System32\dlcxcoms.exe ( )
SRV - (stllssvr) -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (MicroVision Development, Inc.)
SRV - (XAudioService) -- C:\Windows\System32\drivers\XAudio.exe (Conexant Systems, Inc.)
SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files\Siber Systems\AI RoboForm\Firefox [2007/08/20 11:46:28 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/20 12:33:19 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/11 22:31:50 | 00,000,000 | ---D | M]

[2010/01/27 06:36:24 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/01/10 11:59:41 | 00,393,216 | ---- | M] (Invenda Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPcol400.dll
[2009/11/19 17:16:28 | 00,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2009/11/19 17:16:29 | 00,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
[2007/03/09 18:16:44 | 00,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll

O1 HOSTS File: ([2010/01/27 13:38:47 | 00,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DLCXCATS] C:\Windows\System32\spool\DRIVERS\W32X86\3\DLCXtime.DLL ()
O4 - HKLM..\Run: [dlcxmon.exe] C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe ()
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MemoryCardManager] C:\Program Files\Dell Photo AIO Printer 926\memcard.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKCU..\Run: [RoboForm] C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - HKCU..\RunOnce: [Shockwave Updater] C:\Windows\System32\Adobe\Shockwave 11\SwHelper_1151601.exe -Update -1151601 -Mozilla\4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident\4.0; Mozilla\4.0 ( File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: _NoDriveTypeAutoRun = 145
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: nickjr.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} http://www.musicnote...ad/mnviewer.cab (Musicnotes Viewer)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1EF9F042-C2EB-4293-8213-474CAEEF531D} http://www.trendsecu...vex/TmHcmsX.CAB (TmHcmsX Control)
O16 - DPF: {2042B57E-6336-459E-B7CE-2A0F6C9E6AF8} file:///E:/win/setup/iaieplay.dll (IEPlayInterface Class)
O16 - DPF: {2FF8D282-F78A-4A33-ABC2-49E72A341482} http://riteaid.store...eUpload1_10.CAB (SFImageUpload1_10.ImageUpload)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photo2.walgre...eensActivia.cab (Snapfish Activia)
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} http://picasaweb.goo...6/uploader2.cab (UploadListView Class)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.aka...vex-2.2.5.0.cab (DLM Control)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace....ploader1006.cab (MySpace Uploader Control)
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} http://support.dell....r/SysProExe.CAB (WMI Class)
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} http://www.eset.eu/b...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {57055870-7F19-46ED-B1DD-56004FBFCB9D} http://music.5gum.co...loadManager.cab (Hip Digital Download Manager)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1237723815333 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1238540125445 (MUWebControl Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8B67B37E-1AE2-4B99-B8CF-55AF4D58DF0D} file:///E:/win/setup/iamce.dll (IAMCE Class)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Value error.)
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} http://lads.myspace....ceUploader2.cab (MySpace Uploader Control)
O16 - DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} http://www.cvsphoto....veX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} http://www.trendsecu...asyInstallX.CAB (TSEasyInstallX Control)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} Reg Error: Value error. (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} http://www.live365.c...ers/play365.cab (Live365Player Class)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://www.adobe.com...obat/nos/gp.cab (get_atlcom Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} http://3dlifeplayer....r_installer.exe (Virtools WebPlayer Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Value error.)
O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} http://livenj02.cust...l/java/RntX.cab (Live Collaboration)
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} Reg Error: Value error. (Persits Software XUpload)
O16 - DPF: vzTCPConfig http://www2.verizon....vzTCPConfig.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Michele\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 14 Days ==========

[2010/01/27 15:18:39 | 00,000,000 | ---D | C] -- C:\_OTL
[2010/01/27 15:18:39 | 00,000,000 | ---D | C] -- \_OTL
[2010/01/27 13:46:27 | 00,000,000 | ---D | C] -- C:\Windows\temp
[2010/01/27 13:46:27 | 00,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\temp
[2010/01/27 13:45:59 | 00,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/01/27 13:45:59 | 00,000,000 | -HSD | C] -- \$RECYCLE.BIN
[2010/01/27 13:25:28 | 00,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/01/27 07:18:53 | 00,000,000 | ---D | C] -- C:\george
[2010/01/27 07:18:53 | 00,000,000 | ---D | C] -- \george
[2010/01/27 06:36:50 | 00,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\bhhlgl
[2010/01/26 07:40:56 | 00,000,000 | ---D | C] -- C:\ComboFix
[2010/01/26 07:40:56 | 00,000,000 | ---D | C] -- \ComboFix
[2010/01/26 05:26:14 | 00,000,000 | ---D | C] -- C:\Users\Michele\Desktop\New Folder
[2010/01/23 08:58:57 | 00,000,000 | ---D | C] -- C:\Users\Michele\Desktop\pc fixes
[2010/01/23 08:35:50 | 00,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\WinZip
[2010/01/23 08:34:52 | 00,000,000 | ---D | C] -- C:\Program Files\WinZip
[2010/01/23 08:28:24 | 00,000,000 | ---D | C] -- C:\Rooter$
[2010/01/23 08:28:24 | 00,000,000 | ---D | C] -- \Rooter$
[2010/01/23 08:28:23 | 00,000,000 | ---D | C] -- C:\Config.Msi
[2010/01/23 08:28:23 | 00,000,000 | ---D | C] -- \Config.Msi
[2010/01/22 07:43:36 | 00,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\lsfcyh
[2010/01/22 07:43:28 | 00,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\kcnums
[2010/01/22 07:43:27 | 00,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\umbgyr
[2010/01/22 07:43:22 | 00,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\gejabb
[2010/01/22 07:43:12 | 00,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\cykwax
[2010/01/22 07:43:08 | 00,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\fgvlyb
[2010/01/22 07:43:03 | 00,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\jwexvh
[2010/01/22 07:43:01 | 00,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\xtluyu
[2010/01/22 07:42:59 | 00,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\osvika
[2010/01/22 07:42:58 | 00,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\qjoowo
[2010/01/22 07:42:55 | 00,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\crppkm
[2010/01/22 07:42:54 | 00,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\bbwixx
[2010/01/22 07:42:54 | 00,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\adjtwx
[2010/01/22 07:42:49 | 00,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\tqadvr
[2010/01/22 07:42:37 | 00,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\ddaahp
[2010/01/22 07:42:34 | 00,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\xodxij
[2010/01/22 07:42:31 | 00,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\ebnoip
[2010/01/22 07:42:29 | 00,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\ssmour
[2010/01/22 07:42:27 | 00,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\hiycis
[2010/01/22 07:42:21 | 00,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\onnlto
[2010/01/22 07:42:17 | 00,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\nwuega
[2010/01/22 07:42:15 | 00,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\gklngs
[2010/01/22 07:42:13 | 00,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\pegsgd
[2010/01/22 07:42:12 | 00,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\cmhstb
[2010/01/22 07:42:06 | 00,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\ruyysr
[2010/01/22 07:42:06 | 00,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\imnfpl
[2010/01/22 07:42:04 | 00,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\npawro
[2010/01/22 07:42:03 | 00,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\yaniem
[2010/01/22 07:42:00 | 00,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\kioisl
[2010/01/22 07:42:00 | 00,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\axbwgm
[2010/01/22 07:41:49 | 00,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\fmxyet
[2010/01/22 07:41:47 | 00,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\wjubrx
[2010/01/22 07:41:43 | 00,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\vlhmpx
[2010/01/22 07:41:43 | 00,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\lbtbda
[2010/01/22 07:41:40 | 00,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\xcatdm
[2010/01/22 07:41:29 | 00,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\caeoof
[2010/01/22 07:41:19 | 00,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\sgijou
[2010/01/22 07:41:17 | 00,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\dqwubt
[2010/01/22 07:41:12 | 00,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\nkrabd
[2010/01/22 07:41:10 | 00,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\wemebm
[2010/01/22 07:41:08 | 00,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\alxsaq
[2010/01/22 07:41:02 | 00,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\csjgat
[2010/01/22 07:41:01 | 00,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\xpwowq
[2010/01/22 07:40:54 | 00,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\loqvxd
[2010/01/22 07:40:47 | 00,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\pmuqku
[2010/01/22 07:40:45 | 00,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\rbamxj
[2010/01/22 07:40:40 | 00,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\cuvrxt
[2010/01/22 07:40:39 | 00,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\mfjdkr
[2010/01/22 07:40:33 | 00,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\desqvw
[2010/01/22 07:40:31 | 00,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\kqdhwd
[2010/01/22 07:40:30 | 00,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\pfyjuj
[2010/01/22 07:40:28 | 00,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\ygpvjf
[2010/01/22 07:40:27 | 00,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\iakajo
[2010/01/22 07:40:26 | 00,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\cnbjji
[2010/01/22 07:40:24 | 00,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\xichif
[2010/01/22 07:40:24 | 00,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\nxouvg
[2010/01/22 07:40:20 | 00,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\lhvojr
[2010/01/22 07:40:18 | 00,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\fulxil
[2010/01/22 07:40:03 | 00,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\araggi
[2010/01/22 07:39:31 | 00,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\kxfucv
[2010/01/22 07:39:31 | 00,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\elueco
[2010/01/22 07:39:30 | 00,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\bejqcl
[2010/01/22 07:39:27 | 00,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\ypdunw
[2010/01/22 07:39:18 | 00,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\ducwoa
[2010/01/22 07:39:15 | 00,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\ttmkaf
[2010/01/22 07:39:12 | 00,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\pvipon
[2010/01/22 07:39:12 | 00,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\hsgrbr
[2010/01/22 07:39:01 | 00,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\qmbwbc
[2010/01/22 07:38:42 | 00,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\gnxvkh
[2010/01/22 07:38:34 | 00,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\qhsakq
[2010/01/19 18:25:06 | 00,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/01/19 18:25:06 | 00,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/01/19 18:25:06 | 00,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/01/19 18:24:41 | 00,000,000 | ---D | C] -- C:\Qoobox
[2010/01/19 18:24:41 | 00,000,000 | ---D | C] -- \Qoobox
[2010/01/19 05:29:10 | 00,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\mjqbbm
[2010/01/17 05:13:07 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Office Outlook Connector
[2010/01/17 05:12:00 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live SkyDrive
[2010/01/17 05:11:07 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2010/01/17 05:10:42 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2010/01/17 05:06:07 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2010/01/17 04:57:31 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2010/01/17 04:17:31 | 00,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\jxjwie
[2010/01/17 04:16:14 | 00,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\jorebh
[2010/01/17 04:16:12 | 00,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\eychsh
[2010/01/17 04:15:38 | 00,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\rxvptu
[2010/01/17 04:15:28 | 00,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\llmytn
[2010/01/17 04:15:26 | 00,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\xfxjdp
[2010/01/17 04:13:57 | 00,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\kdovbx
[2010/01/17 04:13:53 | 00,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\djdrua
[2010/01/17 04:13:50 | 00,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\vskeei
[2010/01/17 04:13:46 | 00,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\mwdogx
[2010/01/17 04:13:44 | 00,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\ysbkoa
[2010/01/17 04:13:31 | 00,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\nbllwj
[2010/01/17 04:13:27 | 00,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\ktbwwg
[2010/01/17 04:13:20 | 00,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\xhqasw
[2010/01/17 04:13:13 | 00,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\twkbbi
[2010/01/17 04:13:11 | 00,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\fmgjer
[2010/01/17 04:13:09 | 00,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\acrevw
[2010/01/17 04:13:07 | 00,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\tcswrt
[2010/01/17 04:13:05 | 00,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\wqxsgi
[2010/01/17 04:13:03 | 00,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\grofud
[2010/01/17 04:13:02 | 00,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\itqwdu
[2010/01/17 04:13:00 | 00,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\xolihh
[2010/01/17 04:13:00 | 00,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\avwvhl
[2010/01/17 04:12:55 | 00,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\tefipt
[2010/01/17 04:12:54 | 00,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\wjdlqw
[2010/01/17 04:12:54 | 00,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\fhxmng
[2010/01/17 04:12:45 | 00,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\ogbneb
[2010/01/17 04:12:44 | 00,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\axjhfl
[2010/01/17 04:12:42 | 00,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\npigrm
[2010/01/17 04:12:35 | 00,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\qwtuqp
[2010/01/17 04:12:31 | 00,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\dqffbr
[2010/01/17 04:12:28 | 00,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\bhhgdo
[2010/01/17 04:12:25 | 00,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\dxanpd
[2010/01/17 04:12:24 | 00,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\qpymcf
[2010/01/17 04:12:18 | 00,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\hdypqg
[2010/01/17 04:12:14 | 00,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\rnmbde
[2010/01/17 04:12:12 | 00,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\xcidcl
[2010/01/17 04:11:45 | 00,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\gxqsau
[2010/01/17 04:11:26 | 00,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\xpfywo
[2010/01/17 04:11:22 | 00,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\gshwjj
[2010/01/17 04:11:15 | 00,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\uitkwl
[2010/01/17 04:11:08 | 00,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\bwqmvr
[2010/01/17 04:10:49 | 00,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\udloga
[2010/01/17 04:10:41 | 00,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\majqtf
[2010/01/15 21:25:00 | 00,000,000 | ---D | C] -- C:\Users\Michele\Desktop\My old fam pics
[2010/01/14 14:47:40 | 00,000,000 | ---D | C] -- C:\Users\Michele\Desktop\Wins 2010
[2009/11/12 11:49:02 | 00,413,696 | ---- | C] ( ) -- C:\Windows\System32\dlcxinpa.dll
[2009/11/12 11:49:02 | 00,397,312 | ---- | C] ( ) -- C:\Windows\System32\dlcxiesc.dll
[2009/11/12 11:49:02 | 00,323,584 | ---- | C] ( ) -- C:\Windows\System32\dlcxhcp.dll
[2009/11/12 11:49:01 | 01,224,704 | ---- | C] ( ) -- C:\Windows\System32\dlcxserv.dll
[2009/11/12 11:49:01 | 00,991,232 | ---- | C] ( ) -- C:\Windows\System32\dlcxusb1.dll
[2009/11/12 11:49:01 | 00,643,072 | ---- | C] ( ) -- C:\Windows\System32\dlcxpmui.dll
[2009/11/12 11:49:01 | 00,585,728 | ---- | C] ( ) -- C:\Windows\System32\dlcxlmpm.dll
[2009/11/12 11:49:01 | 00,163,840 | ---- | C] ( ) -- C:\Windows\System32\dlcxprox.dll
[2009/11/12 11:49:01 | 00,094,208 | ---- | C] ( ) -- C:\Windows\System32\dlcxpplc.dll
[2009/11/12 11:49:00 | 00,696,320 | ---- | C] ( ) -- C:\Windows\System32\dlcxhbn3.dll
[2009/11/12 11:49:00 | 00,684,032 | ---- | C] ( ) -- C:\Windows\System32\dlcxcomc.dll
[2009/11/12 11:49:00 | 00,421,888 | ---- | C] ( ) -- C:\Windows\System32\dlcxcomm.dll
[5 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[5 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2010/01/27 15:29:31 | 04,456,448 | -HS- | M] () -- C:\Users\Michele\ntuser.dat
[2010/01/27 15:24:26 | 00,743,386 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/01/27 15:24:26 | 00,634,738 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/01/27 15:24:26 | 00,113,040 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/01/27 15:20:05 | 00,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/01/27 15:20:05 | 00,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/01/27 15:20:01 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/01/27 15:19:58 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/01/27 15:19:54 | 20,787,93728 | -HS- | M] () -- C:\hiberfil.sys
[2010/01/27 15:19:13 | 00,524,288 | -HS- | M] () -- C:\Users\Michele\ntuser.dat{90ed795a-f9e1-11dc-b142-001aa0526cbf}.TMContainer00000000000000000001.regtrans-ms
[2010/01/27 15:19:13 | 00,065,536 | -HS- | M] () -- C:\Users\Michele\ntuser.dat{90ed795a-f9e1-11dc-b142-001aa0526cbf}.TM.blf
[2010/01/27 15:01:25 | 00,001,682 | -HS- | M] () -- C:\Windows\System32\KGyGaAvL.sys
[2010/01/27 13:40:22 | 00,000,215 | ---- | M] () -- C:\Windows\system.ini
[2010/01/27 13:38:47 | 00,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/01/27 13:35:48 | 01,980,352 | -H-- | M] () -- C:\Users\Michele\AppData\Local\IconCache.db
[2010/01/27 13:25:20 | 03,838,287 | R--- | M] () -- C:\Users\Michele\Desktop\george.exe
[2010/01/27 12:04:58 | 00,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{38373818-AF7C-4797-B6B5-F2B48C191FAA}.job
[2010/01/25 17:56:14 | 00,000,472 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2010/01/23 08:35:29 | 00,001,856 | ---- | M] () -- C:\Users\Public\Desktop\WinZip.lnk
[2010/01/23 08:35:28 | 00,001,790 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
[2010/01/22 19:36:52 | 00,051,660 | ---- | M] () -- C:\Users\Michele\Desktop\55_25793.jpg
[2010/01/22 18:49:40 | 00,000,735 | ---- | M] () -- C:\Users\Michele\Desktop\NTREGOPT.lnk
[2010/01/21 21:12:53 | 00,002,231 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/01/21 16:23:23 | 00,191,344 | -H-- | M] () -- C:\Windows\System32\mlfcache.dat
[2010/01/17 05:17:58 | 00,413,856 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/01/17 04:32:39 | 00,001,356 | ---- | M] () -- C:\Users\Michele\AppData\Local\d3d9caps.dat
[5 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[5 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/01/27 13:46:25 | 00,022,711 | ---- | C] () -- \ComboFix.txt
[2010/01/27 07:18:17 | 03,838,287 | R--- | C] () -- C:\Users\Michele\Desktop\george.exe
[2010/01/27 07:14:31 | 20,787,93728 | -HS- | C] () -- C:\hiberfil.sys
[2010/01/27 07:14:31 | 20,787,93728 | -HS- | C] () --
[2010/01/23 08:35:29 | 00,001,856 | ---- | C] () -- C:\Users\Public\Desktop\WinZip.lnk
[2010/01/23 08:35:28 | 00,001,790 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
[2010/01/23 08:29:52 | 00,003,721 | ---- | C] () -- \Rooter.txt
[2010/01/22 19:36:46 | 00,051,660 | ---- | C] () -- C:\Users\Michele\Desktop\55_25793.jpg
[2010/01/22 18:49:40 | 00,000,735 | ---- | C] () -- C:\Users\Michele\Desktop\NTREGOPT.lnk
[2010/01/21 16:23:23 | 00,191,344 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2010/01/19 18:25:06 | 00,261,632 | ---- | C] () -- C:\Windows\PEV.exe
[2010/01/19 18:25:06 | 00,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/01/19 18:25:06 | 00,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/01/19 18:25:06 | 00,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010/01/19 18:25:06 | 00,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2009/11/29 19:19:52 | 00,000,268 | RH-- | C] () -- C:\ProgramData\Instrument Library
[2009/11/29 19:19:52 | 00,000,012 | RH-- | C] () -- C:\ProgramData\Keyboard Layouts
[2009/11/23 08:01:27 | 00,000,268 | RH-- | C] () -- C:\ProgramData\Internet Services
[2009/11/23 08:01:27 | 00,000,012 | RH-- | C] () -- C:\ProgramData\Legacy
[2009/11/12 11:49:02 | 00,274,432 | ---- | C] () -- C:\Windows\System32\dlcxinst.dll
[2009/11/12 11:49:01 | 00,454,656 | ---- | C] () -- C:\Windows\System32\dlcxutil.dll
[2009/11/12 11:49:01 | 00,176,128 | ---- | C] () -- C:\Windows\System32\dlcxinsb.dll
[2009/11/12 11:49:01 | 00,176,128 | ---- | C] () -- C:\Windows\System32\dlcxins.dll
[2009/11/12 11:49:01 | 00,139,264 | ---- | C] () -- C:\Windows\System32\dlcxjswr.dll
[2009/11/12 11:49:01 | 00,106,496 | ---- | C] () -- C:\Windows\System32\dlcxinsr.dll
[2009/11/12 11:49:00 | 00,188,416 | ---- | C] () -- C:\Windows\System32\dlcxgrd.dll
[2009/11/12 11:49:00 | 00,086,016 | ---- | C] () -- C:\Windows\System32\dlcxcub.dll
[2009/11/12 11:49:00 | 00,073,728 | ---- | C] () -- C:\Windows\System32\dlcxcu.dll
[2009/11/12 11:49:00 | 00,073,728 | ---- | C] () -- C:\Windows\System32\DLCXcfg.dll
[2009/11/12 11:49:00 | 00,036,864 | ---- | C] () -- C:\Windows\System32\dlcxcur.dll
[2009/11/12 11:13:38 | 00,000,540 | ---- | C] () -- \dlcxcomx.log
[2009/09/29 16:47:35 | 00,000,471 | ---- | C] () -- \faxend.log
[2009/09/29 16:47:35 | 00,000,242 | ---- | C] () -- \faxendPdoc.log
[2009/09/29 16:47:33 | 00,000,367 | ---- | C] () -- \faxfile.log
[2009/08/03 15:07:42 | 00,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/06/18 08:32:21 | 00,011,168 | -H-- | C] () -- C:\ProgramData\kegevadi
[2009/04/21 20:35:11 | 00,000,976 | ---- | C] () -- \fiosLog.txt
[2009/03/04 14:12:08 | 00,000,000 | ---- | C] () -- C:\Users\Michele\AppData\Local\prvlcl.dat
[2008/11/10 06:12:03 | 00,001,682 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys
[2008/10/18 16:18:31 | 00,049,185 | ---- | C] () -- \aaw7boot.log
[2008/09/22 11:57:47 | 00,001,356 | ---- | C] () -- C:\Users\Michele\AppData\Local\d3d9caps.dat
[2008/08/25 17:17:16 | 00,000,000 | RHS- | C] () -- \MSDOS.SYS
[2008/08/25 17:17:16 | 00,000,000 | RHS- | C] () -- \IO.SYS
[2008/08/10 10:54:42 | 00,000,268 | RH-- | C] () -- C:\ProgramData\Rock Kit
[2008/08/10 10:54:42 | 00,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLck.DAT
[2008/08/10 10:54:40 | 00,000,268 | RH-- | C] () -- C:\ProgramData\Rule Actions
[2008/08/10 10:52:13 | 00,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLbx.DAT
[2008/08/10 10:43:11 | 00,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdy.DAT
[2008/08/10 10:34:00 | 00,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdw.DAT
[2008/08/10 10:32:07 | 00,000,268 | RH-- | C] () -- C:\ProgramData\InkjetPrinter
[2008/08/10 10:32:07 | 00,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdu.DAT
[2008/08/10 10:32:07 | 00,000,012 | RH-- | C] () -- C:\ProgramData\Jazz
[2008/02/11 08:39:26 | 00,253,952 | ---- | C] () -- C:\Windows\System32\OnlineScannerDLLA.dll
[2008/02/11 08:39:18 | 00,237,568 | ---- | C] () -- C:\Windows\System32\OnlineScannerDLLW.dll
[2008/02/08 12:53:46 | 00,110,592 | ---- | C] () -- C:\Windows\System32\OnlineScannerLang.dll
[2007/11/11 10:50:25 | 00,524,288 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2007/11/11 10:50:25 | 00,139,264 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2007/09/27 12:28:54 | 00,000,095 | ---- | C] () -- C:\Users\Michele\AppData\Local\fusioncache.dat
[2007/09/26 10:03:05 | 00,000,171 | ---- | C] () -- \logfile.dat
[2007/09/07 13:31:25 | 00,000,002 | ---- | C] () -- C:\Windows\msoffice.ini
[2007/09/01 10:27:01 | 00,001,030 | -H-- | C] () -- \IPH.PH
[2007/08/19 18:17:35 | 00,045,056 | ---- | C] () -- C:\Windows\System32\DLPRMON.DLL
[2007/08/19 18:17:35 | 00,032,768 | ---- | C] () -- C:\Windows\System32\DLPMONUI.DLL
[2007/08/19 06:05:09 | 00,056,056 | ---- | C] () -- C:\Windows\System32\DLAAPI_W.DLL
[2007/08/19 06:05:08 | 00,000,363 | ---- | C] () -- C:\Windows\wininit.ini
[2007/08/17 09:35:48 | 00,032,768 | ---- | C] () -- C:\Users\Michele\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/08/08 01:42:31 | 00,004,788 | RH-- | C] () -- \dell.sdr
[2007/08/07 18:25:05 | 00,000,071 | ---- | C] () -- \SystemInfo.ini
[2007/08/07 17:44:38 | 23,925,96480 | -HS- | C] () --
[2007/07/27 13:49:02 | 00,225,355 | ---- | C] () -- C:\Windows\System32\lnod32apiW.dll
[2007/07/27 13:49:02 | 00,196,683 | ---- | C] () -- C:\Windows\System32\lnod32apiA.dll
[2007/07/21 06:32:25 | 00,692,224 | ---- | C] () -- C:\Windows\System32\dlcxdrs.dll
[2007/07/21 06:32:25 | 00,065,536 | ---- | C] () -- C:\Windows\System32\dlcxcaps.dll
[2007/07/21 06:32:25 | 00,061,440 | ---- | C] () -- C:\Windows\System32\dlcxcnv4.dll
[2007/07/21 06:32:25 | 00,040,960 | ---- | C] () -- C:\Windows\System32\dlcxvs.dll
[2007/07/21 06:32:24 | 00,344,064 | ---- | C] () -- C:\Windows\System32\dlcxcoin.dll
[2007/07/20 23:31:12 | 00,000,156 | ---- | C] () -- \YServer.txt
[2007/07/20 23:14:29 | 00,022,578 | ---- | C] () -- \dlcx.log
[2007/05/29 22:33:30 | 00,005,124 | RH-- | C] () -- \dell (1).sdr
[2007/05/29 15:11:43 | 00,000,070 | ---- | C] () -- \SystemInfo (1).ini
[2006/11/10 08:22:24 | 00,008,192 | R-S- | C] () -- \BOOTSECT.BAK
[2006/11/10 08:22:23 | 00,333,257 | RHS- | C] () -- \bootmgr
[2006/11/02 07:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:25:44 | 00,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 05:23:09 | 00,000,024 | ---- | C] () -- \autoexec.bat
[2006/11/02 02:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 01:25:08 | 00,000,010 | ---- | C] () -- \config.sys
[2006/09/16 22:36:50 | 00,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/09/16 22:36:50 | 00,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2005/12/05 18:25:22 | 00,139,264 | ---- | C] () -- C:\Windows\System32\lnod32umc.dll
[2005/12/05 11:37:10 | 00,106,496 | ---- | C] () -- C:\Windows\System32\lnod32upd.dll
[2005/11/18 13:47:26 | 00,000,000 | ---- | C] () -- C:\Windows\System32\px.ini

========== LOP Check ==========

[2010/01/25 17:56:14 | 00,000,472 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
[2010/01/27 15:19:13 | 00,032,596 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/01/27 12:04:58 | 00,000,422 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{38373818-AF7C-4797-B6B5-F2B48C191FAA}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:1D32EC29
@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:A518B662
@Alternate Data Stream - 76 bytes -> C:\Users\Michele\Documents\Jamaica 1.dmsd:Roxio EMC Stream
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:8173A019
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:2B9724CF
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:1247C505
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:93C494CA
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:BA0FC1D6
< End of report >
  • 0

#8
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,145 posts
  • MVP
OTL didn't kill off the folders so let's try Avenger:

Download The Avenger by Swandog46 from
http://swandog46.gee...r2/download.php
* Unzip/extract it to a folder on your desktop.

* Copy the text between the lines of stars into your clipboard by highlighting it and pressing
CTRL+C

**********************************************************

Folders to delete:
C:\Users\Michele\AppData\Local\lsfcyh
C:\Users\Michele\AppData\Local\kcnums
C:\Users\Michele\AppData\Local\umbgyr
C:\Users\Michele\AppData\Local\gejabb
C:\Users\Michele\AppData\Local\cykwax
C:\Users\Michele\AppData\Local\fgvlyb
C:\Users\Michele\AppData\Local\jwexvh
C:\Users\Michele\AppData\Local\xtluyu
C:\Users\Michele\AppData\Local\osvika
C:\Users\Michele\AppData\Local\qjoowo
C:\Users\Michele\AppData\Local\crppkm
C:\Users\Michele\AppData\Local\bbwixx
C:\Users\Michele\AppData\Local\adjtwx
C:\Users\Michele\AppData\Local\tqadvr
C:\Users\Michele\AppData\Local\ddaahp
C:\Users\Michele\AppData\Local\xodxij
C:\Users\Michele\AppData\Local\ebnoip
C:\Users\Michele\AppData\Local\ssmour
C:\Users\Michele\AppData\Local\hiycis
C:\Users\Michele\AppData\Local\onnlto
C:\Users\Michele\AppData\Local\nwuega
C:\Users\Michele\AppData\Local\gklngs
C:\Users\Michele\AppData\Local\pegsgd
C:\Users\Michele\AppData\Local\cmhstb
C:\Users\Michele\AppData\Local\ruyysr
C:\Users\Michele\AppData\Local\imnfpl
C:\Users\Michele\AppData\Local\npawro
C:\Users\Michele\AppData\Local\yaniem
C:\Users\Michele\AppData\Local\kioisl
C:\Users\Michele\AppData\Local\axbwgm
C:\Users\Michele\AppData\Local\fmxyet
C:\Users\Michele\AppData\Local\wjubrx
C:\Users\Michele\AppData\Local\vlhmpx
C:\Users\Michele\AppData\Local\lbtbda
C:\Users\Michele\AppData\Local\xcatdm
C:\Users\Michele\AppData\Local\caeoof
C:\Users\Michele\AppData\Local\sgijou
C:\Users\Michele\AppData\Local\dqwubt
C:\Users\Michele\AppData\Local\nkrabd
C:\Users\Michele\AppData\Local\wemebm
C:\Users\Michele\AppData\Local\alxsaq
C:\Users\Michele\AppData\Local\csjgat
C:\Users\Michele\AppData\Local\xpwowq
C:\Users\Michele\AppData\Local\loqvxd
C:\Users\Michele\AppData\Local\pmuqku
C:\Users\Michele\AppData\Local\rbamxj
C:\Users\Michele\AppData\Local\cuvrxt
C:\Users\Michele\AppData\Local\mfjdkr
C:\Users\Michele\AppData\Local\desqvw
C:\Users\Michele\AppData\Local\kqdhwd
C:\Users\Michele\AppData\Local\pfyjuj
C:\Users\Michele\AppData\Local\ygpvjf
C:\Users\Michele\AppData\Local\iakajo
C:\Users\Michele\AppData\Local\cnbjji
C:\Users\Michele\AppData\Local\xichif
C:\Users\Michele\AppData\Local\nxouvg
C:\Users\Michele\AppData\Local\lhvojr
C:\Users\Michele\AppData\Local\fulxil
C:\Users\Michele\AppData\Local\araggi
C:\Users\Michele\AppData\Local\kxfucv
C:\Users\Michele\AppData\Local\elueco
C:\Users\Michele\AppData\Local\bejqcl
C:\Users\Michele\AppData\Local\ypdunw
C:\Users\Michele\AppData\Local\ducwoa
C:\Users\Michele\AppData\Local\ttmkaf
C:\Users\Michele\AppData\Local\pvipon
C:\Users\Michele\AppData\Local\hsgrbr
C:\Users\Michele\AppData\Local\qmbwbc
C:\Users\Michele\AppData\Local\gnxvkh
C:\Users\Michele\AppData\Local\qhsakq
C:\Users\Michele\AppData\Local\mjqbbm
C:\Users\Michele\AppData\Local\jxjwie
C:\Users\Michele\AppData\Local\jorebh
C:\Users\Michele\AppData\Local\eychsh
C:\Users\Michele\AppData\Local\rxvptu
C:\Users\Michele\AppData\Local\llmytn
C:\Users\Michele\AppData\Local\xfxjdp
C:\Users\Michele\AppData\Local\kdovbx
C:\Users\Michele\AppData\Local\djdrua
C:\Users\Michele\AppData\Local\vskeei
C:\Users\Michele\AppData\Local\mwdogx
C:\Users\Michele\AppData\Local\ysbkoa
C:\Users\Michele\AppData\Local\nbllwj
C:\Users\Michele\AppData\Local\ktbwwg
C:\Users\Michele\AppData\Local\xhqasw
C:\Users\Michele\AppData\Local\twkbbi
C:\Users\Michele\AppData\Local\fmgjer
C:\Users\Michele\AppData\Local\acrevw
C:\Users\Michele\AppData\Local\tcswrt
C:\Users\Michele\AppData\Local\wqxsgi
C:\Users\Michele\AppData\Local\grofud
C:\Users\Michele\AppData\Local\itqwdu
C:\Users\Michele\AppData\Local\xolihh
C:\Users\Michele\AppData\Local\avwvhl
C:\Users\Michele\AppData\Local\tefipt
C:\Users\Michele\AppData\Local\wjdlqw
C:\Users\Michele\AppData\Local\fhxmng
C:\Users\Michele\AppData\Local\ogbneb
C:\Users\Michele\AppData\Local\axjhfl
C:\Users\Michele\AppData\Local\npigrm
C:\Users\Michele\AppData\Local\qwtuqp
C:\Users\Michele\AppData\Local\dqffbr
C:\Users\Michele\AppData\Local\bhhgdo
C:\Users\Michele\AppData\Local\dxanpd
C:\Users\Michele\AppData\Local\qpymcf
C:\Users\Michele\AppData\Local\hdypqg
C:\Users\Michele\AppData\Local\rnmbde
C:\Users\Michele\AppData\Local\xcidcl
C:\Users\Michele\AppData\Local\gxqsau
C:\Users\Michele\AppData\Local\xpfywo
C:\Users\Michele\AppData\Local\gshwjj
C:\Users\Michele\AppData\Local\uitkwl
C:\Users\Michele\AppData\Local\bwqmvr
C:\Users\Michele\AppData\Local\udloga
C:\Users\Michele\AppData\Local\majqtf

***********************************************************************************

* Double click on avenger.exe to run The Avenger.
* Click OK.
* Make sure that the box next to Scan for rootkits has a tick in it and that the box next to Automatically disable any rootkits found does not have a tick in it.
* Under "Script file to execute" choose "Input Script Manually".
* Now click on the Magnifying Glass icon which will open a new window titled "View/edit script"
* Paste the text copied to clipboard into this window by pressing (Ctrl+V).
* Click Done
* Now click on the Green Light to begin execution of the script
* Answer "Yes" twice when prompted.

The Avenger will automatically do the following:

* It will Restart your computer.
* On reboot, it will briefly open a black command window on your desktop, this is normal.
* After the reboot, it creates a log file that should open with the results of Avenger’s actions. This log
file will be located at C:\avenger.txt
* The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped
them and moved the zip archives to C:\avenger\backup.zip.

Please attach the c:\avenger.txt file to your next message.

How's the system working?

I do see a Norton/Symantec remnant:
SRV - (CLTNetCnService) -- File not found

Start, Run, services.msc, OK then click on Standard and look in the right pane for Symantec Lic NetConnect service CLTNetCnService. Double click on it and change the Startup Type: to Disabled. OK and close the services window.

Ron
  • 0

#9
Mich73

Mich73

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts
Runs sooo much better. I did notice in the services area a file that did not have a description with it, which made me suspicious. stllssvr "C:\Program Files\Common Files\SureThing Shared\stllssvr.exe Its set to manual but Im not sure what that may be.





Logfile of The Avenger Version 2.0, © by Swandog46
http://swandog46.geekstogo.com

Platform: Windows Vista

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

Folder "C:\Users\Michele\AppData\Local\lsfcyh" deleted successfully.
Folder "C:\Users\Michele\AppData\Local\kcnums" deleted successfully.
Folder "C:\Users\Michele\AppData\Local\umbgyr" deleted successfully.
Folder "C:\Users\Michele\AppData\Local\gejabb" deleted successfully.
Folder "C:\Users\Michele\AppData\Local\cykwax" deleted successfully.
Folder "C:\Users\Michele\AppData\Local\fgvlyb" deleted successfully.
Folder "C:\Users\Michele\AppData\Local\jwexvh" deleted successfully.
Folder "C:\Users\Michele\AppData\Local\xtluyu" deleted successfully.
Folder "C:\Users\Michele\AppData\Local\osvika" deleted successfully.
Folder "C:\Users\Michele\AppData\Local\qjoowo" deleted successfully.
Folder "C:\Users\Michele\AppData\Local\crppkm" deleted successfully.
Folder "C:\Users\Michele\AppData\Local\bbwixx" deleted successfully.
Folder "C:\Users\Michele\AppData\Local\adjtwx" deleted successfully.
Folder "C:\Users\Michele\AppData\Local\tqadvr" deleted successfully.
Folder "C:\Users\Michele\AppData\Local\ddaahp" deleted successfully.
Folder "C:\Users\Michele\AppData\Local\xodxij" deleted successfully.
Folder "C:\Users\Michele\AppData\Local\ebnoip" deleted successfully.
Folder "C:\Users\Michele\AppData\Local\ssmour" deleted successfully.
Folder "C:\Users\Michele\AppData\Local\hiycis" deleted successfully.
Folder "C:\Users\Michele\AppData\Local\onnlto" deleted successfully.
Folder "C:\Users\Michele\AppData\Local\nwuega" deleted successfully.
Folder "C:\Users\Michele\AppData\Local\gklngs" deleted successfully.
Folder "C:\Users\Michele\AppData\Local\pegsgd" deleted successfully.
Folder "C:\Users\Michele\AppData\Local\cmhstb" deleted successfully.
Folder "C:\Users\Michele\AppData\Local\ruyysr" deleted successfully.
Folder "C:\Users\Michele\AppData\Local\imnfpl" deleted successfully.
Folder "C:\Users\Michele\AppData\Local\npawro" deleted successfully.
Folder "C:\Users\Michele\AppData\Local\yaniem" deleted successfully.
Folder "C:\Users\Michele\AppData\Local\kioisl" deleted successfully.
Folder "C:\Users\Michele\AppData\Local\axbwgm" deleted successfully.
Folder "C:\Users\Michele\AppData\Local\fmxyet" deleted successfully.
Folder "C:\Users\Michele\AppData\Local\wjubrx" deleted successfully.
Folder "C:\Users\Michele\AppData\Local\vlhmpx" deleted successfully.
Folder "C:\Users\Michele\AppData\Local\lbtbda" deleted successfully.
Folder "C:\Users\Michele\AppData\Local\xcatdm" deleted successfully.
Folder "C:\Users\Michele\AppData\Local\caeoof" deleted successfully.
Folder "C:\Users\Michele\AppData\Local\sgijou" deleted successfully.
Folder "C:\Users\Michele\AppData\Local\dqwubt" deleted successfully.
Folder "C:\Users\Michele\AppData\Local\nkrabd" deleted successfully.
Folder "C:\Users\Michele\AppData\Local\wemebm" deleted successfully.
Folder "C:\Users\Michele\AppData\Local\alxsaq" deleted successfully.
Folder "C:\Users\Michele\AppData\Local\csjgat" deleted successfully.
Folder "C:\Users\Michele\AppData\Local\xpwowq" deleted successfully.
Folder "C:\Users\Michele\AppData\Local\loqvxd" deleted successfully.
Folder "C:\Users\Michele\AppData\Local\pmuqku" deleted successfully.
Folder "C:\Users\Michele\AppData\Local\rbamxj" deleted successfully.
Folder "C:\Users\Michele\AppData\Local\cuvrxt" deleted successfully.
Folder "C:\Users\Michele\AppData\Local\mfjdkr" deleted successfully.
Folder "C:\Users\Michele\AppData\Local\desqvw" deleted successfully.
Folder "C:\Users\Michele\AppData\Local\kqdhwd" deleted successfully.
Folder "C:\Users\Michele\AppData\Local\pfyjuj" deleted successfully.
Folder "C:\Users\Michele\AppData\Local\ygpvjf" deleted successfully.
Folder "C:\Users\Michele\AppData\Local\iakajo" deleted successfully.
Folder "C:\Users\Michele\AppData\Local\cnbjji" deleted successfully.
Folder "C:\Users\Michele\AppData\Local\xichif" deleted successfully.
Folder "C:\Users\Michele\AppData\Local\nxouvg" deleted successfully.
Folder "C:\Users\Michele\AppData\Local\lhvojr" deleted successfully.
Folder "C:\Users\Michele\AppData\Local\fulxil" deleted successfully.
Folder "C:\Users\Michele\AppData\Local\araggi" deleted successfully.
Folder "C:\Users\Michele\AppData\Local\kxfucv" deleted successfully.
Folder "C:\Users\Michele\AppData\Local\elueco" deleted successfully.
Folder "C:\Users\Michele\AppData\Local\bejqcl" deleted successfully.
Folder "C:\Users\Michele\AppData\Local\ypdunw" deleted successfully.
Folder "C:\Users\Michele\AppData\Local\ducwoa" deleted successfully.
Folder "C:\Users\Michele\AppData\Local\ttmkaf" deleted successfully.
Folder "C:\Users\Michele\AppData\Local\pvipon" deleted successfully.
Folder "C:\Users\Michele\AppData\Local\hsgrbr" deleted successfully.
Folder "C:\Users\Michele\AppData\Local\qmbwbc" deleted successfully.
Folder "C:\Users\Michele\AppData\Local\gnxvkh" deleted successfully.
Folder "C:\Users\Michele\AppData\Local\qhsakq" deleted successfully.
Folder "C:\Users\Michele\AppData\Local\mjqbbm" deleted successfully.
Folder "C:\Users\Michele\AppData\Local\jxjwie" deleted successfully.
Folder "C:\Users\Michele\AppData\Local\jorebh" deleted successfully.
Folder "C:\Users\Michele\AppData\Local\eychsh" deleted successfully.
Folder "C:\Users\Michele\AppData\Local\rxvptu" deleted successfully.
Folder "C:\Users\Michele\AppData\Local\llmytn" deleted successfully.
Folder "C:\Users\Michele\AppData\Local\xfxjdp" deleted successfully.
Folder "C:\Users\Michele\AppData\Local\kdovbx" deleted successfully.
Folder "C:\Users\Michele\AppData\Local\djdrua" deleted successfully.
Folder "C:\Users\Michele\AppData\Local\vskeei" deleted successfully.
Folder "C:\Users\Michele\AppData\Local\mwdogx" deleted successfully.
Folder "C:\Users\Michele\AppData\Local\ysbkoa" deleted successfully.
Folder "C:\Users\Michele\AppData\Local\nbllwj" deleted successfully.
Folder "C:\Users\Michele\AppData\Local\ktbwwg" deleted successfully.
Folder "C:\Users\Michele\AppData\Local\xhqasw" deleted successfully.
Folder "C:\Users\Michele\AppData\Local\twkbbi" deleted successfully.
Folder "C:\Users\Michele\AppData\Local\fmgjer" deleted successfully.
Folder "C:\Users\Michele\AppData\Local\acrevw" deleted successfully.
Folder "C:\Users\Michele\AppData\Local\tcswrt" deleted successfully.
Folder "C:\Users\Michele\AppData\Local\wqxsgi" deleted successfully.
Folder "C:\Users\Michele\AppData\Local\grofud" deleted successfully.
Folder "C:\Users\Michele\AppData\Local\itqwdu" deleted successfully.
Folder "C:\Users\Michele\AppData\Local\xolihh" deleted successfully.
Folder "C:\Users\Michele\AppData\Local\avwvhl" deleted successfully.
Folder "C:\Users\Michele\AppData\Local\tefipt" deleted successfully.
Folder "C:\Users\Michele\AppData\Local\wjdlqw" deleted successfully.
Folder "C:\Users\Michele\AppData\Local\fhxmng" deleted successfully.
Folder "C:\Users\Michele\AppData\Local\ogbneb" deleted successfully.
Folder "C:\Users\Michele\AppData\Local\axjhfl" deleted successfully.
Folder "C:\Users\Michele\AppData\Local\npigrm" deleted successfully.
Folder "C:\Users\Michele\AppData\Local\qwtuqp" deleted successfully.
Folder "C:\Users\Michele\AppData\Local\dqffbr" deleted successfully.
Folder "C:\Users\Michele\AppData\Local\bhhgdo" deleted successfully.
Folder "C:\Users\Michele\AppData\Local\dxanpd" deleted successfully.
Folder "C:\Users\Michele\AppData\Local\qpymcf" deleted successfully.
Folder "C:\Users\Michele\AppData\Local\hdypqg" deleted successfully.
Folder "C:\Users\Michele\AppData\Local\rnmbde" deleted successfully.
Folder "C:\Users\Michele\AppData\Local\xcidcl" deleted successfully.
Folder "C:\Users\Michele\AppData\Local\gxqsau" deleted successfully.
Folder "C:\Users\Michele\AppData\Local\xpfywo" deleted successfully.
Folder "C:\Users\Michele\AppData\Local\gshwjj" deleted successfully.
Folder "C:\Users\Michele\AppData\Local\uitkwl" deleted successfully.
Folder "C:\Users\Michele\AppData\Local\bwqmvr" deleted successfully.
Folder "C:\Users\Michele\AppData\Local\udloga" deleted successfully.
Folder "C:\Users\Michele\AppData\Local\majqtf" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP