I've gone through the entire Malware and Spyware Cleaning Guide on both computers. On one, it identified the trojan horse, and I was able to remove it. On the other, as far as I can tell, I didn't find anything to remove.
Thanks for your help!
Here's the MBAM log:
Malwarebytes' Anti-Malware 1.44
Database version: 3739
Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180
2/14/2010 10:53:48 AM
mbam-log-2010-02-14 (10-53-48).txt
Scan type: Quick Scan
Objects scanned: 120117
Time elapsed: 6 minute(s), 19 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
Here's the GMER log:
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-02-14 18:12:33
Windows 5.1.2600 Service Pack 2
Running: gmer.exe; Driver: C:\DOCUME~1\MOUSET~1\LOCALS~1\Temp\axrdipog.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwConnectPort [0xEEA5BFC0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateFile [0xEEA58C80]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateKey [0xEEA73170]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreatePort [0xEEA5C580]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateProcess [0xEEA70900]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateProcessEx [0xEEA70B10]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateSection [0xEEA74B10]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateWaitablePort [0xEEA5C670]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDeleteFile [0xEEA59210]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDeleteKey [0xEEA739F0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDeleteValueKey [0xEEA737A0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDuplicateObject [0xEEA70280]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwLoadKey [0xEEA73F10]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwLoadKey2 [0xEEA73F90]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwOpenFile [0xEEA59070]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwOpenProcess [0xEEA72180]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwOpenThread [0xEEA71F40]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwRenameKey [0xEEA746F0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwReplaceKey [0xEEA74150]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwRequestWaitReplyPort [0xEEA5BBE0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwRestoreKey [0xEEA74540]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSecureConnectPort [0xEEA5C190]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSetInformationFile [0xEEA59440]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSetValueKey [0xEEA734E0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSystemDebugControl [0xEEA71200]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwTerminateProcess [0xEEA71080]
---- Devices - GMER 1.0.15 ----
Device \Driver\Tcpip \Device\Ip vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 EABFiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Company)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 EABFiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Company)
Device \Driver\Tcpip \Device\Tcp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\Udp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\RawIp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\IPMULTICAST vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Control\ShellExplorer\{B0D5CBA9-7917-44fa-AD19-42F93ED98E7B}@Version 50528257
Reg HKLM\SYSTEM\ControlSet002\Control\ShellExplorer\{B0D5CBA9-7917-44fa-AD19-42F93ED98E7B}@Version 50528257
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B165484B-1DDE-42FC-9C96-7C4529E7F023}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B165484B-1DDE-42FC-9C96-7C4529E7F023}@iaboicfhkeheckpflf 0x69 0x61 0x6C 0x70 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B165484B-1DDE-42FC-9C96-7C4529E7F023}@hapnofoldhmkelgf 0x6A 0x61 0x6D 0x61 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B165484B-1DDE-42FC-9C96-7C4529E7F023}@hacfllplllbbbbgn 0x66 0x61 0x6F 0x61 ...
---- EOF - GMER 1.0.15 ----
Here's the extras.txt log:
OTL Extras logfile created on: 2/14/2010 6:14:01 PM - Run 1
OTL by OldTimer - Version 3.1.28.0 Folder = C:\Documents and Settings\Mousethief\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 53.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.25 Gb Total Space | 8.54 Gb Free Space | 22.91% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: MAINMOUSE
Current User Name: Mousethief
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan
========== Extra Registry (SafeList) ==========
Here's the OTL.txt log:
OTL logfile created on: 2/14/2010 6:14:01 PM - Run 1
OTL by OldTimer - Version 3.1.28.0 Folder = C:\Documents and Settings\Mousethief\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 53.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.25 Gb Total Space | 8.54 Gb Free Space | 22.91% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: MAINMOUSE
Current User Name: Mousethief
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan
========== Processes (SafeList) ==========
PRC - [2010/02/14 18:13:15 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mousethief\Desktop\OTL.exe
PRC - [2010/01/16 20:28:59 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/12/02 01:13:59 | 000,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
PRC - [2009/12/02 01:13:58 | 000,693,016 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgcsrvx.exe
PRC - [2009/12/02 01:13:56 | 000,595,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe
PRC - [2009/12/02 01:13:48 | 002,000,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
PRC - [2009/12/02 01:13:29 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2009/12/02 01:13:24 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe
PRC - [2009/10/09 16:47:24 | 025,623,336 | R--- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Phone\Skype.exe
PRC - [2009/10/09 16:47:24 | 000,078,008 | R--- | M] (Skype Technologies) -- C:\Program Files\Skype\Plugin Manager\skypePM.exe
PRC - [2009/04/07 15:37:30 | 000,467,240 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Pure Networks\Network Magic\nmapp.exe
PRC - [2009/04/07 14:34:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
PRC - [2009/04/07 14:34:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
PRC - [2009/02/15 23:10:22 | 002,402,184 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe
PRC - [2009/02/15 23:10:22 | 000,981,384 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2008/07/07 07:15:18 | 000,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
PRC - [2008/06/24 15:06:06 | 001,840,424 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
PRC - [2008/06/24 15:05:56 | 000,537,896 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
PRC - [2008/06/08 08:31:04 | 000,877,864 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
PRC - [2008/04/24 17:44:54 | 000,104,960 | ---- | M] () -- C:\WINDOWS\svcadmin.exe
PRC - [2008/02/22 03:25:21 | 000,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
PRC - [2008/02/22 03:25:20 | 000,329,104 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe
PRC - [2008/01/28 10:43:40 | 002,097,488 | RHS- | M] (Safer Networking Limited) -- C:\Program Files\Spybot\TeaTimer.exe
PRC - [2007/11/21 04:25:28 | 000,240,128 | ---- | M] () -- C:\Program Files\AutoHotkey\AutoHotkey.exe
PRC - [2007/06/13 02:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/01/10 12:52:16 | 000,135,168 | ---- | M] (Torosoft Software) -- C:\Program Files\ToroSoft Software\AutoRun USB Service\autorunusb.exe
PRC - [2006/12/19 09:30:26 | 000,081,920 | ---- | M] (Prolific Technology Inc.) -- C:\WINDOWS\system32\IoctlSvc.exe
PRC - [2005/04/11 10:00:00 | 000,339,968 | ---- | M] (ATI Technologies, Inc.) -- C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
PRC - [2005/04/11 05:31:26 | 000,360,448 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
PRC - [2005/04/01 15:11:14 | 000,794,624 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe
PRC - [2005/03/04 12:16:18 | 000,098,304 | R--- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HPQ\shared\hpqwmi.exe
PRC - [2005/02/17 07:23:16 | 000,014,848 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\CTHELPER.EXE
PRC - [2005/02/16 23:11:42 | 000,049,152 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
PRC - [2005/02/02 04:12:22 | 000,102,492 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2005/02/02 04:11:12 | 000,692,316 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2004/12/03 13:24:20 | 000,290,816 | ---- | M] (Hewlett-Packard ) -- C:\Program Files\HPQ\Quick Launch Buttons\eabservr.exe
========== Modules (SafeList) ==========
MOD - [2010/02/14 18:13:15 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mousethief\Desktop\OTL.exe
MOD - [2006/08/25 07:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2005/02/02 04:12:14 | 000,069,724 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\SynTPFcs.dll
========== Win32 Services (SafeList) ==========
SRV - [2009/12/02 01:13:29 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd)
SRV - [2009/12/02 01:13:24 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc)
SRV - [2009/09/03 10:53:00 | 000,048,368 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®
SRV - [2009/04/07 14:34:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2009/02/15 23:10:22 | 002,402,184 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2008/07/07 07:15:18 | 000,611,664 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice)
SRV - [2008/06/24 15:05:56 | 000,537,896 | ---- | M] (Nero AG) [On_Demand | Running] -- C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe -- (NMIndexingService)
SRV - [2008/06/08 08:31:04 | 000,877,864 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe -- (Nero BackItUp Scheduler 3)
SRV - [2008/04/24 17:44:54 | 000,104,960 | ---- | M] () [Auto | Running] -- C:\WINDOWS\svcadmin.exe -- (Anyplace Control Security)
SRV - [2007/01/10 12:52:16 | 000,135,168 | ---- | M] (Torosoft Software) [Auto | Running] -- C:\Program Files\ToroSoft Software\AutoRun USB Service\autorunusb.exe -- (AutoRun USB)
SRV - [2006/12/19 09:30:26 | 000,081,920 | ---- | M] (Prolific Technology Inc.) [Auto | Running] -- C:\WINDOWS\system32\IoctlSvc.exe -- (PLFlash DeviceIoControl Service)
SRV - [2005/04/11 05:31:26 | 000,360,448 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller)
SRV - [2005/03/04 12:16:18 | 000,098,304 | R--- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Running] -- C:\Program Files\HPQ\shared\hpqwmi.exe -- (hpqwmi)
SRV - [2003/07/28 12:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://chattcafe.blogspot.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "http://www.mousethief.com/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.2
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1
FF - prefs.js..extensions.enabledItems: 6
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 44
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2009/12/22 02:48:13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/16 20:29:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/16 20:29:18 | 000,000,000 | ---D | M]
[2008/08/25 22:43:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mousethief\Application Data\Mozilla\Extensions
[2010/02/14 10:37:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mousethief\Application Data\Mozilla\Firefox\Profiles\xnyr9lvx.default\extensions
[2009/12/24 07:58:29 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Mousethief\Application Data\Mozilla\Firefox\Profiles\xnyr9lvx.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/09/29 12:09:27 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Documents and Settings\Mousethief\Application Data\Mozilla\Firefox\Profiles\xnyr9lvx.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010/02/14 10:37:23 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
O1 HOSTS File: ([2004/08/04 04:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll File not found
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\Cpqset.exe ()
O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\CTHELPER.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe (Hewlett-Packard )
O4 - HKLM..\Run: [HP Component Manager] C:\Program Files\HP\hpcoretech\hpcmpmgr.exe File not found
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe (Hewlett-Packard Co.)
O4 - HKLM..\Run: [hpWirelessAssistant] C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [nmapp] C:\Program Files\Pure Networks\Network Magic\nmapp.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)
O4 - HKLM..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE (FUJI PHOTO FILM CO., LTD.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe File not found
O4 - HKLM..\Run: [WMC_AutoUpdate] File not found
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - HKCU..\Run: [P2kAutostart] File not found
O4 - HKCU..\Run: [Skype] C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot\TeaTimer.exe (Safer Networking Limited)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Shortcut to AutoHotkey.lnk = C:\Program Files\AutoHotkey\AutoHotkey.exe ()
O4 - Startup: C:\Documents and Settings\Mousethief\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll (Sun Microsystems, Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: aol.com ([free] http in Trusted sites)
O15 - HKCU\..Trusted Domains: 2 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} http://catalog.updat...b?1218811560343 (MUCatalogWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 206.124.128.1 206.124.128.3
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\Hp\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O22 - SharedTaskScheduler: {CF1E45B8-56B8-44A6-AB69-B42B0906B1CA} - FndryodoD3d - C:\WINDOWS\system32\fndryodo.dll ( )
O24 - Desktop WallPaper: C:\Documents and Settings\Mousethief\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Mousethief\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/01/12 20:49:50 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\##Mainmouse#LTSF#Disk1\Shell - "" = AutoRun
O33 - MountPoints2\##Mainmouse#LTSF#Disk1\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\##Mainmouse#LTSF#Disk1\Shell\AutoRun\command - "" = T:\SETUP.EXE -- File not found
O33 - MountPoints2\##Mainmouse#LTSF#Disk1\Shell\install\command - "" = T:\INSTALL\CINSTALL\CINSTALL.EXE -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*
NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2008/01/12 12:01:29 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16891891626803200)
========== Files/Folders - Created Within 14 Days ==========
[2010/02/14 18:13:04 | 000,549,376 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Mousethief\Desktop\OTL.exe
[2010/02/14 10:41:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mousethief\Application Data\Malwarebytes
[2010/02/14 10:41:00 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/02/14 10:40:58 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/02/14 10:40:58 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/02/14 10:40:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/02/14 10:36:33 | 005,115,840 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Mousethief\Desktop\mbam-setup.exe
[2010/02/14 10:33:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/02/14 10:31:57 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/02/14 10:30:59 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Mousethief\Desktop\erunt_setup.exe
[2010/02/14 10:09:41 | 000,439,808 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Mousethief\Desktop\TFC.exe
[2008/05/27 23:44:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2008/05/27 23:44:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2008/05/27 23:44:20 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2008/05/27 23:44:20 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2008/02/02 08:11:26 | 000,032,768 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[2001/03/30 11:08:30 | 000,372,736 | RHS- | C] ( ) -- C:\WINDOWS\System32\fndryodo.dll
========== Files - Modified Within 14 Days ==========
[2010/02/14 18:13:15 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mousethief\Desktop\OTL.exe
[2010/02/14 17:25:09 | 000,000,810 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/02/14 17:24:17 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Mousethief\Desktop\gmer.zip
[2010/02/14 15:14:24 | 055,595,572 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/02/14 12:15:16 | 006,029,312 | -H-- | M] () -- C:\Documents and Settings\Mousethief\NTUSER.DAT
[2010/02/14 12:15:16 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Mousethief\ntuser.ini
[2010/02/14 11:18:27 | 000,000,588 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2010/02/14 11:18:27 | 000,000,588 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2010/02/14 11:01:24 | 000,350,194 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2010/02/14 11:00:35 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/02/14 10:58:43 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/02/14 10:58:32 | 2011,746,304 | -HS- | M] () -- C:\hiberfil.sys
[2010/02/14 10:57:26 | 000,018,117 | ---- | M] () -- C:\WINDOWS\UEDIT32.INI
[2010/02/14 10:41:03 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/02/14 10:39:08 | 005,115,840 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Mousethief\Desktop\mbam-setup.exe
[2010/02/14 10:32:26 | 000,000,767 | ---- | M] () -- C:\Documents and Settings\Mousethief\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/02/14 10:32:02 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\Mousethief\Desktop\NTREGOPT.lnk
[2010/02/14 10:32:01 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Mousethief\Desktop\ERUNT.lnk
[2010/02/14 10:31:04 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Mousethief\Desktop\erunt_setup.exe
[2010/02/14 10:09:43 | 000,439,808 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mousethief\Desktop\TFC.exe
[2010/02/01 16:24:04 | 007,590,581 | ---- | M] () -- C:\Documents and Settings\Mousethief\Desktop\Gary Jules - Mad World.mp3
========== Files Created - No Company Name ==========
[2010/02/14 17:25:03 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Mousethief\Desktop\gmer.exe
[2010/02/14 17:23:52 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\Mousethief\Desktop\gmer.zip
[2010/02/14 10:41:03 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/02/14 10:32:26 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\Mousethief\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/02/14 10:32:02 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\Mousethief\Desktop\NTREGOPT.lnk
[2010/02/14 10:32:01 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Mousethief\Desktop\ERUNT.lnk
[2010/02/01 16:01:09 | 007,590,581 | ---- | C] () -- C:\Documents and Settings\Mousethief\Desktop\Gary Jules - Mad World.mp3
[2009/05/18 20:32:14 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/05/15 18:08:01 | 008,892,928 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\atscie.msi
[2008/11/10 19:56:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2008/05/08 21:44:46 | 000,000,021 | ---- | C] () -- C:\WINDOWS\ShellIcon32.dll
[2008/04/12 06:48:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\muveeapp.INI
[2008/02/15 21:31:29 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\ispnet.dll
[2008/02/02 08:11:30 | 000,068,096 | ---- | C] () -- C:\WINDOWS\System32\CTMMACTL.DLL
[2008/02/02 08:11:28 | 000,030,720 | ---- | C] () -- C:\WINDOWS\System32\CTBURST.DLL
[2008/02/02 08:11:26 | 000,000,194 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI
[2008/02/02 08:10:54 | 000,032,343 | ---- | C] () -- C:\WINDOWS\System32\e10kxwdm.ini
[2008/02/02 08:10:53 | 000,000,055 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2008/01/13 13:51:33 | 000,003,982 | ---- | C] () -- C:\WINDOWS\87t98.sys
[2008/01/13 13:51:33 | 000,000,132 | ---- | C] () -- C:\WINDOWS\flash-lock.ini
[2008/01/13 10:44:53 | 000,018,117 | ---- | C] () -- C:\WINDOWS\UEDIT32.INI
[2008/01/13 09:54:10 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/01/13 01:01:43 | 000,086,446 | ---- | C] () -- C:\WINDOWS\System32\instwdm.ini
[2008/01/12 23:16:57 | 000,001,445 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2008/01/12 22:20:47 | 000,018,944 | ---- | C] () -- C:\Documents and Settings\Mousethief\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/01/12 21:28:56 | 000,796,048 | ---- | C] () -- C:\WINDOWS\System32\libeay32_0.9.6l.dll
[2008/01/12 21:03:41 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2008/01/12 21:03:41 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2008/01/12 21:03:41 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2008/01/12 21:03:41 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2008/01/12 21:03:41 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2008/01/12 21:03:41 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2008/01/12 20:46:09 | 000,015,669 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005/02/12 00:33:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/02/25 22:18:04 | 000,565,248 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[2001/03/30 11:08:22 | 000,032,768 | RHS- | C] () -- C:\WINDOWS\System32\efcsr.dll
========== LOP Check ==========
[2008/05/27 23:46:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG7
[2009/10/04 19:55:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2008/01/12 21:49:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2008/01/12 21:29:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MailFrontier
[2008/01/12 20:49:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\muvee Technologies
[2008/11/13 07:10:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2008/01/13 13:53:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RiseFly
[2008/05/31 21:07:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SuperFlexibleSynchronizer
[2009/10/09 08:58:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mousethief\Application Data\Azureus
[2008/01/12 23:28:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mousethief\Application Data\CoffeeCup Software
[2008/01/13 00:36:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mousethief\Application Data\CoreFTP
[2008/11/08 20:07:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mousethief\Application Data\FUJIFILM
[2009/12/15 22:22:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mousethief\Application Data\gtk-2.0
[2008/03/22 08:02:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mousethief\Application Data\InterVideo
[2008/06/13 21:31:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mousethief\Application Data\Mp3tag
[2008/04/12 06:48:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mousethief\Application Data\muvee Technologies
[2008/11/01 20:23:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mousethief\Application Data\NCH Swift Sound
[2008/01/13 13:53:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mousethief\Application Data\RiseFly
[2008/05/31 21:07:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mousethief\Application Data\SuperFlexibleSynchronizer
[2009/10/04 19:46:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mousethief\Application Data\uTorrent
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.exe >
< MD5 for: AGP440.SYS >
[2004/08/04 04:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/04/13 10:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\agp440.sys
< MD5 for: ATAPI.SYS >
[2004/08/04 04:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/04/13 10:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\atapi.sys
[2004/08/04 04:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys
< MD5 for: EVENTLOG.DLL >
[2008/04/13 16:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\eventlog.dll
[2004/08/04 04:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2004/08/04 04:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\eventlog.dll
< MD5 for: NETLOGON.DLL >
[2008/04/13 16:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\netlogon.dll
[2009/02/06 10:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009/02/06 10:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[2004/08/04 04:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2004/08/04 04:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\netlogon.dll
< MD5 for: SCECLI.DLL >
[2004/08/04 04:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\dllcache\scecli.dll
[2004/08/04 04:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\scecli.dll
[2008/04/13 16:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\scecli.dll
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
< %systemroot%\Tasks\*.job /lockedfiles >
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
[2008/01/12 12:07:41 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2008/01/12 12:07:41 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2008/01/12 12:07:41 | 000,876,544 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
< End of report >