Google Redirect? affecting chrome, IE, and firefox - Geeks to Go Forums

Jump to content

Log in Register Register Malware removal guide How it works

Google Redirect? affecting chrome, IE, and firefox slow browsers/computer, wrong websites, wrong search results

#1 noodlesaregood

  • Group: Member
  • Posts: 25
  • Joined: 18-July 10

Posted 19 July 2010 - 12:45 AM

Hey guys,

I've recently gotten some kind of redirect virus that slows down my browsers and entire computer, directs me to wrong websites (or just says this page can't be found) when i type in and click on links, or try to follow some google search results.

I've been having this problem on all Chrome, IE, and Firefox browsers. I've tried the general malware and spyware cleaning guide from http://www.geekstogo.com/forum/Malware-Spy...uide-t2852.html, and the google redirects self help guide. Gooredfix, TDSSKiller, and OTM didn't fix the problem, Malwarebytes found one infection and removed it but the problem persists. I know the guide also recommended GMER to scan for rootkits, but whenever I run it, partway through I get the blue "beginning dump of physical memory" screen. I ran OTL as well.

Please help, and thank you in advance!
Here are the logs...

Attached File(s)


#2 maser00

  • Group: GeekU Moderator
  • Posts: 1,453
  • Joined: 29-August 07

Posted 24 July 2010 - 07:20 AM

Hi, welcome to Geeks to Go :) !
My name is Maser00 and I will be helping you with your problem(s).

Before we start I need to mention a few things:
  • I am still in training (here at GeekU), therefore my instructions will be checked by someone of the malware staff first. It could take a little bit more time then usual because of this.
  • Please post all the requested logs directly in your reply, do not attach them unless asked to or unless you are unable to post them.
  • It's best to read all my instructions at least once before carrying them out, this will make sure you understand them before you start.
  • Try to reply every one-two days, I'll try to do the same. At some point your computer will run better (hopefully :)), but keep following my instructions because there can still be malware on your computer. I'll tell you when were done.
  • Please don't run any other malware removal tools/programs or instructions that I didn't asked for.

=======================

Please make a fresch OTL log because your other one is a bit too old now:

Download OTL to your Desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan box paste this in

    netsvcs
    drivers32 /all
    %SYSTEMDRIVE%\*.*
    %systemroot%\system32\*.wt
    %systemroot%\system32\*.ruy
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\user32.dll /md5
    %systemroot%\system32\ws2_32.dll /md5
    %systemroot%\system32\ws2help.dll /md5
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs


  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open a notepad window: OTL.Txt. This log is saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the content of this file and post it in your next reply.


Also post the log of TDSSKiller please.
- Maser00

#3 noodlesaregood

  • Group: Member
  • Posts: 25
  • Joined: 18-July 10

Posted 26 July 2010 - 02:42 PM

Hey maser00! thank you so much for helpin me out!

The OTL log is...


OTL logfile created on: 7/26/2010 1:32:25 PM - Run 2
OTL by OldTimer - Version 3.2.9.0 Folder = C:\Documents and Settings\Ray\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 198.00 Mb Available Physical Memory | 20.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 72.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.51 Gb Total Space | 13.09 Gb Free Space | 17.57% Space Free | Partition Type: NTFS
Drive D: | 50.72 Gb Total Space | 16.72 Gb Free Space | 32.97% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ABC-01FF56CCA5C
Current User Name: Ray
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/07/17 20:23:34 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ray\My Documents\Downloads\OTL.exe
PRC - [2010/06/28 19:27:23 | 000,945,720 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Ray\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2010/06/02 17:50:58 | 001,144,104 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/02/25 17:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\4.2.0.12\ccsvchst.exe
PRC - [2009/05/18 22:23:16 | 000,049,968 | ---- | M] (AOL LLC) -- C:\Program Files\AIM6\aim6.exe
PRC - [2009/03/31 15:14:54 | 000,114,840 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\vlc.exe
PRC - [2008/11/06 10:33:00 | 000,041,264 | ---- | M] (AOL LLC) -- C:\Program Files\AIM6\aolsoftware.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/10/14 15:42:54 | 001,404,928 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe


========== Modules (SafeList) ==========

MOD - [2010/07/17 20:23:34 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ray\My Documents\Downloads\OTL.exe
MOD - [2010/05/13 22:35:01 | 000,415,088 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\4.2.0.12\asoehook.dll
MOD - [2009/07/12 00:02:02 | 000,653,120 | R--- | M] (Microsoft Corporation) -- C:\Program Files\Norton 360\Engine\4.2.0.12\microsoft.vc90.crt\msvcr90.dll
MOD - [2009/07/12 00:02:00 | 000,569,664 | R--- | M] (Microsoft Corporation) -- C:\Program Files\Norton 360\Engine\4.2.0.12\microsoft.vc90.crt\msvcp90.dll
MOD - [2008/04/13 17:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2010/02/25 17:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton 360\Engine\4.2.0.12\ccSvcHst.exe -- (N360)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\usbaapl.sys -- (USBAAPL)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMNDIS.SYS -- (SYMNDIS)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMIDS.SYS -- (SYMIDS)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMFW.SYS -- (SYMFW)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\PTDUWWAN.sys -- (PTDUWWAN)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\PTDUVsp.sys -- (PTDUVsp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\PTDUMdm.sys -- (PTDUMdm)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\PTDUBus.sys -- (PTDUBus)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS -- (MRESP50a64)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS -- (MRESP50)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS -- (MRENDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS -- (MREMPR5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS -- (MREMP50a64)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS -- (MREMP50)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\EagleNT.sys -- (EagleNT)
DRV - [2010/07/25 12:35:03 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/07/25 10:24:03 | 000,016,968 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hitmanpro35.sys -- (hitmanpro35)
DRV - [2010/07/25 01:00:00 | 001,362,608 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\VirusDefs\20100726.007\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/07/25 01:00:00 | 000,085,424 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\VirusDefs\20100726.007\NAVENG.SYS -- (NAVENG)
DRV - [2010/06/18 17:45:05 | 000,691,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\BASHDefs\20100709.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2010/06/16 18:54:14 | 000,331,640 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\IPSDefs\20100723.001\IDSXpx86.sys -- (IDSxpx86)
DRV - [2010/05/26 01:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/05/26 01:00:00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/05/05 21:01:59 | 000,361,904 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\N360\0402000.00C\SYMTDI.SYS -- (SYMTDI)
DRV - [2010/04/28 22:03:51 | 000,116,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0402000.00C\Ironx86.SYS -- (SymIRON)
DRV - [2010/04/21 20:02:20 | 000,173,104 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0402000.00C\SYMEFA.SYS -- (SymEFA)
DRV - [2010/04/21 19:29:50 | 000,325,680 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\N360\0402000.00C\SRTSP.SYS -- (SRTSP)
DRV - [2010/04/21 19:29:50 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0402000.00C\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2010/02/25 17:22:57 | 000,501,888 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0402000.00C\ccHPx86.sys -- (ccHP)
DRV - [2010/02/11 05:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2010/02/03 18:40:47 | 000,328,752 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0402000.00C\SYMDS.SYS -- (SymDS)
DRV - [2010/01/06 20:56:29 | 000,002,944 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\bbcap.sys -- (bbcap)
DRV - [2008/04/13 11:56:49 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usb8023.sys -- (USB_RNDIS_XP)
DRV - [2008/04/13 11:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008/04/13 10:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2006/05/10 16:00:16 | 000,156,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2005/03/11 16:51:56 | 000,005,120 | R--- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\DELL\drivers\R105090\atidgllk.sys -- (atidgllk)
DRV - [2004/09/17 10:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2004/08/13 02:56:00 | 000,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\drvnddm.sys -- (drvnddm)
DRV - [2004/08/13 01:05:00 | 000,100,603 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnudfa.sys -- (tfsnudfa)
DRV - [2004/08/13 01:05:00 | 000,098,714 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnudf.sys -- (tfsnudf)
DRV - [2004/08/13 01:05:00 | 000,086,202 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnifs.sys -- (tfsnifs)
DRV - [2004/08/13 01:05:00 | 000,034,843 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsncofs.sys -- (tfsncofs)
DRV - [2004/08/13 01:05:00 | 000,025,723 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnboio.sys -- (tfsnboio)
DRV - [2004/08/13 01:05:00 | 000,014,715 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnopio.sys -- (tfsnopio)
DRV - [2004/08/13 01:05:00 | 000,006,363 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnpool.sys -- (tfsnpool)
DRV - [2004/08/13 01:05:00 | 000,004,123 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsndrct.sys -- (tfsndrct)
DRV - [2004/08/13 01:05:00 | 000,002,239 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsndres.sys -- (tfsndres)
DRV - [2004/08/04 05:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2004/08/04 05:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2004/08/04 03:21:00 | 000,087,136 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb)
DRV - [2004/07/14 11:29:04 | 000,005,627 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\sscdbhk5.sys -- (sscdbhk5)
DRV - [2004/07/14 11:28:50 | 000,023,545 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\ssrtln.sys -- (ssrtln)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoomail.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: browserhighlighter@ebay.com:1.0.14908
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:4.6

FF - HKLM\software\mozilla\Firefox\extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\IPSFFPlgn\ [2010/07/25 21:41:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\coFFPlgn\ [2010/07/25 12:40:29 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/05/25 21:38:33 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/24 14:08:53 | 000,000,000 | ---D | M]

[2010/05/25 21:39:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ray\Application Data\Mozilla\Extensions
[2010/07/25 13:18:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ray\Application Data\Mozilla\Firefox\Profiles\3hd9wgxi.default\extensions
[2010/06/24 18:23:56 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Ray\Application Data\Mozilla\Firefox\Profiles\3hd9wgxi.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/07/25 13:18:10 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/25 14:50:12 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\browserhighlighter@ebay.com
[2009/04/18 12:47:39 | 000,279,888 | ---- | M] (Musicnotes, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npmusicn.dll

O1 HOSTS File: ([2010/07/18 19:16:03 | 000,000,048 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\4.2.0.12\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\4.2.0.12\ipsbho.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\4.2.0.12\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\4.2.0.12\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HitmanPro35] C:\Program Files\Hitman Pro 3.5\HitmanPro35.exe (SurfRight B.V.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [UpdateManager] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
O4 - HKCU..\Run: [Aim6] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...tes/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 66.51.205.100
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Ray\Application Data\Mozilla\Firefox\Desktop Background.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Ray\Application Data\Mozilla\Firefox\Desktop Background.bmp
O28 - HKLM ShellExecuteHooks: {EDB0E980-90BD-11D4-8599-0008C7D3B6F8} - C:\Eudora\EuShlExt.dll (Qualcomm Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/11/27 16:25:14 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{9de230fd-e01f-11dd-83d6-001143c8460c}\Shell\AutoRun\command - "" = F:\fk.exe -- File not found
O33 - MountPoints2\{9de230fd-e01f-11dd-83d6-001143c8460c}\Shell\open\Command - "" = F:\fk.exe -- File not found
O33 - MountPoints2\{b58cdfb4-2308-11de-b8b9-001143c8460c}\Shell - "" = AutoRun
O33 - MountPoints2\{b58cdfb4-2308-11de-b8b9-001143c8460c}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b58cdfb4-2308-11de-b8b9-001143c8460c}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\{b58cdfb5-2308-11de-b8b9-001143c8460c}\Shell\Auto\command - "" = H:\fun.xls.exe -- File not found
O33 - MountPoints2\{b58cdfb5-2308-11de-b8b9-001143c8460c}\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: aux - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\WINDOWS\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.imaadpcm - C:\WINDOWS\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\WINDOWS\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msaudio1 - C:\WINDOWS\System32\msaud32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\WINDOWS\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msg723 - C:\WINDOWS\System32\msg723.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\WINDOWS\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.I420 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.IYUV - C:\WINDOWS\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.LEAD - LCODCCMP.DLL File not found
Drivers32: vidc.M261 - C:\WINDOWS\System32\msh261.drv (Microsoft Corporation)
Drivers32: vidc.M263 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.mrle - C:\WINDOWS\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\WINDOWS\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: VIDC.UYVY - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.XVID - xvidvfw.dll File not found
Drivers32: VIDC.YUY2 - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVU9 - C:\WINDOWS\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVYU - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\WINDOWS\System32\msacm32.drv (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17183584330711040)

========== Files/Folders - Created Within 90 Days ==========

[2010/07/25 11:32:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Norton
[2010/07/25 11:29:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ray\Local Settings\Application Data\Symantec
[2010/07/24 08:33:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ray\Local Settings\Application Data\PCHealth
[2010/07/24 08:33:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\PCHealth
[2010/07/20 22:34:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ray\My Documents\How I Met Your Mother
[2010/07/20 22:34:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ray\My Documents\The Big Bang Theory
[2010/07/18 23:27:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DivX Shared
[2010/07/18 22:38:47 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/07/18 22:38:44 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/07/18 22:38:43 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/07/18 19:47:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2010/07/18 19:36:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
[2010/07/18 19:26:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2010/07/18 19:26:32 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2010/07/18 18:25:27 | 001,013,584 | ---- | C] (Kaspersky Lab) -- C:\Documents and Settings\Ray\Desktop\TDSSKiller.exe
[2010/07/18 18:23:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ray\Desktop\GooredFix Backups
[2010/07/18 18:17:07 | 000,000,000 | ---D | C] -- C:\_OTM
[2010/07/18 18:15:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/07/18 18:14:50 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Ray\Recent
[2010/07/17 22:00:39 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/06/26 10:39:24 | 000,000,000 | ---D | C] -- C:\Updates
[2010/06/25 19:15:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Blizzard Entertainment
[2010/06/25 19:13:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Blizzard
[2010/06/25 11:45:31 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrent
[2010/05/30 16:47:01 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2010/05/30 16:46:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2010/05/30 16:36:08 | 000,657,304 | ---- | C] (Enigma Software Group USA, LLC.) -- C:\Documents and Settings\Ray\My Documents\SpyHunter-Installer.exe
[2010/05/30 01:44:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ray\Application Data\DivX
[2010/05/30 01:12:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DivX
[2010/05/25 21:58:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ray\Desktop\PRINT
[2010/05/19 20:48:06 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[6 C:\Documents and Settings\Ray\My Documents\*.tmp files -> C:\Documents and Settings\Ray\My Documents\*.tmp -> ]
[12 C:\Documents and Settings\Ray\Desktop\*.tmp files -> C:\Documents and Settings\Ray\Desktop\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/07/26 13:07:46 | 000,664,174 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\Cat.DB
[2010/07/26 13:07:01 | 000,000,970 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-73586283-1677128483-839522115-1003UA.job
[2010/07/26 10:07:01 | 000,000,918 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-73586283-1677128483-839522115-1003Core.job
[2010/07/26 08:51:27 | 000,091,648 | ---- | M] () -- C:\Documents and Settings\Ray\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/25 19:53:42 | 000,002,155 | ---- | M] () -- C:\Documents and Settings\Ray\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2010/07/25 19:52:36 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/07/25 19:52:10 | 000,001,900 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton 360.LNK
[2010/07/25 19:51:20 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/25 19:51:16 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/07/25 19:49:42 | 006,553,600 | -H-- | M] () -- C:\Documents and Settings\Ray\NTUSER.DAT
[2010/07/25 19:49:42 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Ray\ntuser.ini
[2010/07/25 18:10:28 | 000,000,554 | -H-- | M] () -- C:\WINDOWS\tasks\Norton Security Scan for Ray.job
[2010/07/25 12:36:59 | 000,000,780 | ---- | M] () -- C:\Documents and Settings\Ray\Desktop\Norton Installation Files.lnk
[2010/07/25 12:35:03 | 000,124,976 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2010/07/25 12:35:03 | 000,060,808 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2010/07/25 12:35:03 | 000,007,443 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2010/07/25 12:35:03 | 000,000,805 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2010/07/25 10:24:03 | 000,016,968 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/07/24 14:08:53 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/07/24 11:23:28 | 000,020,480 | ---- | M] () -- C:\Documents and Settings\Ray\My Documents\This project library.doc
[2010/07/24 10:57:51 | 000,020,992 | ---- | M] () -- C:\Documents and Settings\Ray\My Documents\This project will answer three questions.doc
[2010/07/21 08:27:53 | 000,059,557 | ---- | M] () -- C:\Documents and Settings\Ray\Desktop\100721-102753.jpg
[2010/07/19 00:37:53 | 006,190,366 | -H-- | M] () -- C:\Documents and Settings\Ray\Local Settings\Application Data\IconCache.db
[2010/07/18 23:07:30 | 000,000,679 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/07/18 23:07:30 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/07/18 23:07:30 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2010/07/18 22:38:50 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/18 19:26:38 | 000,001,663 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Hitman Pro 3.5.lnk
[2010/07/18 19:16:03 | 000,000,048 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2010/07/11 09:30:30 | 000,020,635 | ---- | M] () -- C:\Documents and Settings\Ray\My Documents\Data_07112010.pxj
[2010/07/02 20:08:24 | 000,002,268 | ---- | M] () -- C:\Documents and Settings\Ray\Desktop\Google Chrome.lnk
[2010/06/30 17:25:08 | 001,013,584 | ---- | M] (Kaspersky Lab) -- C:\Documents and Settings\Ray\Desktop\TDSSKiller.exe
[2010/06/26 10:41:11 | 000,000,617 | ---- | M] () -- C:\Documents and Settings\Ray\Application Data\myMPQ.ini
[2010/06/25 11:46:39 | 000,000,630 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\µTorrent.lnk
[2010/06/24 00:07:28 | 000,501,230 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/06/24 00:07:28 | 000,441,124 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/06/24 00:07:28 | 000,071,060 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/06/19 19:37:57 | 000,027,136 | ---- | M] () -- C:\Documents and Settings\Ray\My Documents\Senior Will.doc
[2010/06/14 02:49:28 | 000,028,160 | ---- | M] () -- C:\Documents and Settings\Ray\My Documents\Shanghai.doc
[2010/06/13 00:24:03 | 000,021,504 | ---- | M] () -- C:\Documents and Settings\Ray\My Documents\oyama.doc
[2010/06/11 15:32:07 | 000,029,184 | ---- | M] () -- C:\Documents and Settings\Ray\My Documents\Source List.doc
[2010/06/11 11:57:59 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Ray\My Documents\~$vic Duty.doc
[2010/06/11 11:55:08 | 000,212,080 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/11 00:49:01 | 000,022,528 | ---- | M] () -- C:\Documents and Settings\Ray\My Documents\Civic Duty.doc
[2010/06/08 01:00:17 | 000,023,040 | ---- | M] () -- C:\Documents and Settings\Ray\My Documents\Consitutional Morality.doc
[2010/06/07 23:13:28 | 000,050,640 | ---- | M] () -- C:\Documents and Settings\Ray\Application Data\GDIPFONTCACHEV1.DAT
[2010/06/06 13:49:21 | 000,023,552 | ---- | M] () -- C:\Documents and Settings\Ray\My Documents\Successor letter 1.doc
[2010/06/06 13:49:17 | 000,027,648 | ---- | M] () -- C:\Documents and Settings\Ray\My Documents\Successor letter 2.doc
[2010/06/04 06:57:24 | 000,025,600 | ---- | M] () -- C:\Documents and Settings\Ray\My Documents\Summary of Scientific Journal Article.doc
[2010/06/04 06:36:22 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Ray\My Documents\~$urce List.doc
[2010/06/02 18:48:30 | 000,024,576 | ---- | M] () -- C:\Documents and Settings\Ray\My Documents\e_mail_to_agilent.doc
[2010/06/02 02:14:10 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\Ray\My Documents\MORAL PRESIDENCY.doc
[2010/05/30 16:36:15 | 000,657,304 | ---- | M] (Enigma Software Group USA, LLC.) -- C:\Documents and Settings\Ray\My Documents\SpyHunter-Installer.exe
[2010/05/30 10:34:15 | 000,279,446 | ---- | M] () -- C:\Documents and Settings\Ray\My Documents\si-01735.pdf
[2010/05/30 10:34:01 | 000,083,503 | ---- | M] () -- C:\Documents and Settings\Ray\My Documents\SI-01511.pdf
[2010/05/29 15:34:30 | 000,050,640 | ---- | M] () -- C:\Documents and Settings\Ray\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/05/29 09:54:16 | 000,038,394 | ---- | M] () -- C:\Documents and Settings\Ray\My Documents\eugene_to_shida.pdf
[2010/05/28 05:04:52 | 000,118,317 | ---- | M] () -- C:\Documents and Settings\Ray\My Documents\lcms-reference.pdf
[2010/05/28 01:32:55 | 000,021,504 | ---- | M] () -- C:\Documents and Settings\Ray\My Documents\Current Event.doc
[2010/05/25 21:37:47 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\Ray\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/05/25 21:37:47 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/05/24 00:41:01 | 000,021,504 | ---- | M] () -- C:\Documents and Settings\Ray\My Documents\Essay Topic Proposal.doc
[2010/05/24 00:06:15 | 000,090,112 | ---- | M] () -- C:\Documents and Settings\Ray\My Documents\International Day JUDGING SHEET.doc
[2010/05/19 20:48:34 | 000,001,548 | ---- | M] () -- C:\Documents and Settings\Ray\Desktop\CCleaner.lnk
[2010/05/14 10:19:26 | 000,022,528 | ---- | M] () -- C:\Documents and Settings\Ray\My Documents\CIVICS Politics and Satire.doc
[2010/05/13 23:40:03 | 000,000,172 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\isolate.ini
[2010/05/13 23:16:56 | 000,142,255 | ---- | M] () -- C:\Documents and Settings\Ray\My Documents\paper23.pdf
[2010/05/12 01:35:22 | 000,023,552 | ---- | M] () -- C:\Documents and Settings\Ray\My Documents\Bias in Media.doc
[2010/05/12 01:09:33 | 000,022,016 | ---- | M] () -- C:\Documents and Settings\Ray\My Documents\Slouching Towards Bethlehem Response Journals LOS ANGELSE NOTEBOOK.doc
[2010/05/12 00:51:33 | 000,022,016 | ---- | M] () -- C:\Documents and Settings\Ray\My Documents\Slouching Towards Bethlehem On Self Respect.doc
[2010/05/12 00:14:51 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Ray\My Documents\~$ouching Towards Bethlehem On Self Respect.doc
[2010/05/11 22:21:57 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Ray\My Documents\~$ouching Towards Bethlehem Response Journals On Morality.docx
[2010/05/11 22:15:54 | 000,027,648 | ---- | M] () -- C:\Documents and Settings\Ray\My Documents\Raymond Chang Resume FINAL for recommends.doc
[2010/05/05 21:01:59 | 000,361,904 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0402000.00C\symtdi.sys
[2010/05/05 21:01:59 | 000,339,504 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0402000.00C\symtdiv.sys
[2010/05/05 21:01:43 | 000,001,473 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\symnetv.inf
[2010/05/05 21:01:43 | 000,001,445 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\symnet.inf
[2010/05/03 22:15:34 | 000,432,395 | ---- | M] () -- C:\Documents and Settings\Ray\My Documents\correlation_study.pdf
[2010/05/03 01:34:24 | 000,012,406 | ---- | M] () -- C:\Documents and Settings\Ray\My Documents\Slouching Towards Bethlehem Response Journals On Morality.docx
[2010/05/03 01:17:05 | 000,012,836 | ---- | M] () -- C:\Documents and Settings\Ray\My Documents\Slouching Towards Bethlehem Response Journals Slouching Towards Bethlehem.docx
[2010/05/01 10:08:25 | 002,882,410 | ---- | M] () -- C:\Documents and Settings\Ray\My Documents\scan.tif
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/28 22:03:51 | 000,116,784 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0402000.00C\ironx86.sys
[2010/04/28 22:03:51 | 000,007,438 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\iron.cat
[2010/04/28 22:03:51 | 000,000,741 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\iron.inf
[2010/04/28 01:04:34 | 000,039,424 | ---- | M] () -- C:\Documents and Settings\Ray\My Documents\2010 SENIORSERVICE Santa Monica Directions.doc
[6 C:\Documents and Settings\Ray\My Documents\*.tmp files -> C:\Documents and Settings\Ray\My Documents\*.tmp -> ]
[12 C:\Documents and Settings\Ray\Desktop\*.tmp files -> C:\Documents and Settings\Ray\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/07/25 11:32:57 | 000,000,780 | ---- | C] () -- C:\Documents and Settings\Ray\Desktop\Norton Installation Files.lnk
[2010/07/24 14:08:53 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/07/24 11:19:05 | 000,020,480 | ---- | C] () -- C:\Documents and Settings\Ray\My Documents\This project library.doc
[2010/07/24 10:57:50 | 000,020,992 | ---- | C] () -- C:\Documents and Settings\Ray\My Documents\This project will answer three questions.doc
[2010/07/20 22:28:48 | 000,059,557 | ---- | C] () -- C:\Documents and Settings\Ray\Desktop\100721-102753.jpg
[2010/07/18 22:38:50 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/18 19:26:56 | 000,016,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/07/18 19:26:38 | 000,001,663 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Hitman Pro 3.5.lnk
[2010/07/11 09:30:30 | 000,020,635 | ---- | C] () -- C:\Documents and Settings\Ray\My Documents\Data_07112010.pxj
[2010/06/25 21:48:11 | 002,219,426 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\(6) - AI - Metalopolis (4x).s2ma
[2010/06/25 21:48:11 | 002,215,112 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\(6) - AI - Metalopolis (5x).s2ma
[2010/06/25 21:48:11 | 001,703,090 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\(4) - AI - Shakuras Plateau (3x).s2ma
[2010/06/25 21:48:11 | 001,703,076 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\(4) - AI - Shakuras Plateau (1x).s2ma
[2010/06/25 21:48:11 | 001,435,725 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\(4) - AI - Twilight Fortress (1x).s2ma
[2010/06/25 21:48:11 | 001,435,716 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\(4) - AI - Twilight Fortress (3x).s2ma
[2010/06/25 21:48:11 | 001,188,690 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\(4) - AI - Metalopolis (3x).s2ma
[2010/06/25 21:48:10 | 001,970,155 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\(4) - AI - Kulas Ravine (3x).s2ma
[2010/06/25 21:48:10 | 001,575,712 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\(4) - AI - Lost Temple (1x).s2ma
[2010/06/25 21:48:10 | 001,575,708 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\(4) - AI - Lost Temple (3x).s2ma
[2010/06/25 21:48:10 | 001,475,908 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\(2) - AI - Desert Oasis.s2ma
[2010/06/25 21:48:10 | 001,259,729 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\(2) - AI - Blistering Sands.s2ma
[2010/06/25 21:48:10 | 001,188,691 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\(4) - AI - Metalopolis (1x).s2ma
[2010/06/25 21:48:10 | 000,803,907 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\(2) - AI - Scrap Station.s2ma
[2010/06/25 19:44:13 | 000,000,617 | ---- | C] () -- C:\Documents and Settings\Ray\Application Data\myMPQ.ini
[2010/06/25 11:46:32 | 000,000,630 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\µTorrent.lnk
[2010/06/13 00:24:03 | 000,021,504 | ---- | C] () -- C:\Documents and Settings\Ray\My Documents\oyama.doc
[2010/06/11 11:57:59 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Ray\My Documents\~$vic Duty.doc
[2010/06/11 00:43:19 | 000,022,528 | ---- | C] () -- C:\Documents and Settings\Ray\My Documents\Civic Duty.doc
[2010/06/10 01:08:02 | 000,027,136 | ---- | C] () -- C:\Documents and Settings\Ray\My Documents\Senior Will.doc
[2010/06/08 00:35:29 | 000,023,040 | ---- | C] () -- C:\Documents and Settings\Ray\My Documents\Consitutional Morality.doc
[2010/06/06 13:49:21 | 000,023,552 | ---- | C] () -- C:\Documents and Settings\Ray\My Documents\Successor letter 1.doc
[2010/06/06 13:49:16 | 000,027,648 | ---- | C] () -- C:\Documents and Settings\Ray\My Documents\Successor letter 2.doc
[2010/06/04 06:57:23 | 000,025,600 | ---- | C] () -- C:\Documents and Settings\Ray\My Documents\Summary of Scientific Journal Article.doc
[2010/06/04 06:36:22 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Ray\My Documents\~$urce List.doc
[2010/06/02 02:13:43 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\Ray\My Documents\MORAL PRESIDENCY.doc
[2010/05/30 10:59:25 | 000,024,576 | ---- | C] () -- C:\Documents and Settings\Ray\My Documents\e_mail_to_agilent.doc
[2010/05/30 10:34:13 | 000,279,446 | ---- | C] () -- C:\Documents and Settings\Ray\My Documents\si-01735.pdf
[2010/05/30 10:33:59 | 000,083,503 | ---- | C] () -- C:\Documents and Settings\Ray\My Documents\SI-01511.pdf
[2010/05/29 09:54:15 | 000,038,394 | ---- | C] () -- C:\Documents and Settings\Ray\My Documents\eugene_to_shida.pdf
[2010/05/28 05:04:52 | 000,118,317 | ---- | C] () -- C:\Documents and Settings\Ray\My Documents\lcms-reference.pdf
[2010/05/28 02:40:55 | 000,029,184 | ---- | C] () -- C:\Documents and Settings\Ray\My Documents\Source List.doc
[2010/05/28 01:32:33 | 000,021,504 | ---- | C] () -- C:\Documents and Settings\Ray\My Documents\Current Event.doc
[2010/05/26 01:06:17 | 000,028,160 | ---- | C] () -- C:\Documents and Settings\Ray\My Documents\Shanghai.doc
[2010/05/25 21:37:47 | 000,001,620 | ---- | C] () -- C:\Documents and Settings\Ray\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/05/25 21:37:47 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/05/24 00:40:40 | 000,021,504 | ---- | C] () -- C:\Documents and Settings\Ray\My Documents\Essay Topic Proposal.doc
[2010/05/24 00:05:25 | 000,090,112 | ---- | C] () -- C:\Documents and Settings\Ray\My Documents\International Day JUDGING SHEET.doc
[2010/05/19 20:48:34 | 000,001,548 | ---- | C] () -- C:\Documents and Settings\Ray\Desktop\CCleaner.lnk
[2010/05/15 15:21:43 | 000,142,255 | ---- | C] () -- C:\Documents and Settings\Ray\My Documents\paper23.pdf
[2010/05/15 15:19:55 | 003,932,214 | ---- | C] () -- C:\Documents and Settings\Ray\My Documents\Endeavosil.bmp
[2010/05/14 10:18:48 | 000,022,528 | ---- | C] () -- C:\Documents and Settings\Ray\My Documents\CIVICS Politics and Satire.doc
[2010/05/12 01:35:14 | 000,023,552 | ---- | C] () -- C:\Documents and Settings\Ray\My Documents\Bias in Media.doc
[2010/05/12 01:09:33 | 000,022,016 | ---- | C] () -- C:\Documents and Settings\Ray\My Documents\Slouching Towards Bethlehem Response Journals LOS ANGELSE NOTEBOOK.doc
[2010/05/12 00:14:51 | 000,022,016 | ---- | C] () -- C:\Documents and Settings\Ray\My Documents\Slouching Towards Bethlehem On Self Respect.doc
[2010/05/12 00:14:51 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Ray\My Documents\~$ouching Towards Bethlehem On Self Respect.doc
[2010/05/11 22:21:57 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Ray\My Documents\~$ouching Towards Bethlehem Response Journals On Morality.docx
[2010/05/03 22:15:34 | 000,432,395 | ---- | C] () -- C:\Documents and Settings\Ray\My Documents\correlation_study.pdf
[2010/05/02 23:28:03 | 000,012,836 | ---- | C] () -- C:\Documents and Settings\Ray\My Documents\Slouching Towards Bethlehem Response Journals Slouching Towards Bethlehem.docx
[2010/05/02 23:28:02 | 000,012,406 | ---- | C] () -- C:\Documents and Settings\Ray\My Documents\Slouching Towards Bethlehem Response Journals On Morality.docx
[2010/05/01 09:52:01 | 002,882,410 | ---- | C] () -- C:\Documents and Settings\Ray\My Documents\scan.tif
[2010/04/28 01:04:33 | 000,039,424 | ---- | C] () -- C:\Documents and Settings\Ray\My Documents\2010 SENIORSERVICE Santa Monica Directions.doc
[2010/01/06 20:56:29 | 000,003,584 | ---- | C] () -- C:\WINDOWS\System32\bbchlp.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/03/07 09:51:36 | 000,000,038 | ---- | C] () -- C:\WINDOWS\wwwbatch.ini
[2009/01/17 10:48:44 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2008/11/30 09:17:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\HPMProp.INI
[2008/11/27 23:30:37 | 000,000,523 | ---- | C] () -- C:\WINDOWS\ATICIM.INI
[2008/11/27 21:43:19 | 000,000,354 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/11/27 20:17:25 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/09/22 12:17:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini

========== LOP Check ==========

[2008/11/28 16:34:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore
[2010/01/06 20:58:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Blueberry
[2010/07/18 19:26:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2009/04/18 14:23:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Musicnotes
[2009/09/06 11:12:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2009/05/15 21:05:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCSettings
[2010/01/06 18:13:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SlySoft
[2010/07/18 18:39:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/08/13 00:17:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WiFiTemp
[2009/06/06 11:22:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2008/11/28 00:01:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2009/10/30 00:48:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/08/18 18:58:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{7B6BA59A-FB0E-4499-8536-A7420338BF3B}
[2009/05/16 08:14:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2008/11/28 16:36:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ray\Application Data\acccore
[2010/01/03 11:39:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ray\Application Data\Audacity
[2010/01/06 20:58:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ray\Application Data\Blueberry
[2009/02/04 21:02:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ray\Application Data\FMZilla
[2009/12/13 22:12:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ray\Application Data\ImgBurn
[2009/03/29 11:15:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ray\Application Data\ImTOO Software Studio
[2008/11/27 23:54:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ray\Application Data\Infineon
[2009/03/14 21:51:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ray\Application Data\Leadertech
[2010/06/25 11:33:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ray\Application Data\LimeWire
[2009/03/27 21:27:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ray\Application Data\Moyea
[2008/11/27 21:00:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ray\Application Data\MSNInstaller
[2009/02/12 17:42:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ray\Application Data\OpenOffice.org
[2010/01/06 20:55:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ray\Application Data\Seven Zip
[2009/04/10 06:40:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ray\Application Data\Smith Micro
[2010/06/26 01:19:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ray\Application Data\uTorrent

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2008/11/27 16:25:14 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/07/18 23:07:30 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2008/11/27 16:25:14 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2008/11/27 16:25:14 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/06/18 13:21:04 | 000,000,902 | -H-- | M] () -- C:\IPH.PH
[2008/11/27 16:25:14 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2009/08/12 23:04:25 | 000,000,571 | ---- | M] () -- C:\NTDClient.log
[2004/08/04 05:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2009/01/31 16:53:29 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/07/25 19:51:07 | 1598,029,824 | -HS- | M] () -- C:\pagefile.sys
[2010/07/18 18:26:30 | 000,042,194 | ---- | M] () -- C:\TDSSKiller.2.3.2.2_18.07.2010_18.26.16_log.txt
[2010/07/18 18:40:06 | 000,041,972 | ---- | M] () -- C:\TDSSKiller.2.3.2.2_18.07.2010_18.39.53_log.txt
[2010/07/18 18:58:41 | 000,041,988 | ---- | M] () -- C:\TDSSKiller.2.3.2.2_18.07.2010_18.57.39_log.txt
[2010/07/20 11:59:38 | 000,041,706 | ---- | M] () -- C:\TDSSKiller.2.3.2.2_20.07.2010_11.59.19_log.txt
[2009/06/06 11:16:27 | 000,000,918 | ---- | M] () -- C:\updatedatfix.log

< %systemroot%\system32\*.wt >

< %systemroot%\system32\*.ruy >

< %systemroot%\Fonts\*.com >
[2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2008/11/27 16:24:48 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 05:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2008/11/04 13:46:44 | 000,280,576 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpcpp083.dll
[2007/02/13 21:22:00 | 000,286,208 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp4wm.DLL
[2008/07/06 03:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2008/04/13 17:11:51 | 001,267,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\comsvcs.dll
[2009/03/08 05:31:44 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2009/03/08 05:31:38 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll
[2010/05/06 03:41:50 | 000,184,320 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\iepeers.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2008/11/27 08:13:46 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2008/11/27 08:13:46 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2008/11/27 08:13:45 | 000,905,216 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\user32.dll /md5 >
[2008/04/13 17:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\system32\user32.dll

< %systemroot%\system32\ws2_32.dll /md5 >
[2008/04/13 17:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\system32\ws2_32.dll

< %systemroot%\system32\ws2help.dll /md5 >
[2008/04/13 17:12:10 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=9789E95E1D88EEB4B922BF3EA7779C28 -- C:\WINDOWS\system32\ws2help.dll

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-07-15 07:19:35

========== Files - Unicode (All) ==========
[2010/07/25 17:23:28 | 000,022,016 | ---- | M] ()(C:\Documents and Settings\Ray\My Documents\?????.doc) -- C:\Documents and Settings\Ray\My Documents\打电话进来.doc
[2010/07/25 17:23:28 | 000,022,016 | ---- | C] ()(C:\Documents and Settings\Ray\My Documents\?????.doc) -- C:\Documents and Settings\Ray\My Documents\打电话进来.doc
[2010/07/08 20:51:51 | 000,000,162 | -H-- | M] ()(C:\Documents and Settings\Ray\My Documents\~$?????.doc) -- C:\Documents and Settings\Ray\My Documents\~$华尔街日报.doc
[2010/07/08 20:51:51 | 000,000,162 | -H-- | C] ()(C:\Documents and Settings\Ray\My Documents\~$?????.doc) -- C:\Documents and Settings\Ray\My Documents\~$华尔街日报.doc
[2010/07/05 22:33:35 | 000,000,162 | -H-- | M] ()(C:\Documents and Settings\Ray\My Documents\~$? ?1.doc) -- C:\Documents and Settings\Ray\My Documents\~$导 语1.doc
[2010/07/05 22:33:35 | 000,000,162 | -H-- | C] ()(C:\Documents and Settings\Ray\My Documents\~$? ?1.doc) -- C:\Documents and Settings\Ray\My Documents\~$导 语1.doc
[2010/01/22 21:41:03 | 000,365,568 | ---- | M] ()(C:\Documents and Settings\Ray\My Documents\?????????????.doc) -- C:\Documents and Settings\Ray\My Documents\食品安全国家标准审评委员会.doc
[2010/01/22 21:41:03 | 000,365,568 | ---- | C] ()(C:\Documents and Settings\Ray\My Documents\?????????????.doc) -- C:\Documents and Settings\Ray\My Documents\食品安全国家标准审评委员会.doc
< End of report >

#4 noodlesaregood

  • Group: Member
  • Posts: 25
  • Joined: 18-July 10

Posted 26 July 2010 - 02:43 PM

And this is the TDSSkiller log


13:38:41:078 3448 TDSS rootkit removing tool 2.3.2.2 Jun 30 2010 17:23:49
13:38:41:078 3448 ================================================================================
13:38:41:078 3448 SystemInfo:

13:38:41:078 3448 OS Version: 5.1.2600 ServicePack: 3.0
13:38:41:078 3448 Product type: Workstation
13:38:41:078 3448 ComputerName: ABC-01FF56CCA5C
13:38:41:078 3448 UserName: Ray
13:38:41:078 3448 Windows directory: C:\WINDOWS
13:38:41:078 3448 System windows directory: C:\WINDOWS
13:38:41:078 3448 Processor architecture: Intel x86
13:38:41:078 3448 Number of processors: 1
13:38:41:078 3448 Page size: 0x1000
13:38:41:078 3448 Boot type: Normal boot
13:38:41:078 3448 ================================================================================
13:38:41:609 3448 Initialize success
13:38:41:609 3448
13:38:41:609 3448 Scanning Services ...
13:38:42:000 3448 Raw services enum returned 376 services
13:38:42:000 3448
13:38:42:000 3448 Scanning Drivers ...
13:38:42:953 3448 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
13:38:42:984 3448 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
13:38:43:015 3448 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
13:38:43:062 3448 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
13:38:43:171 3448 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
13:38:43:187 3448 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
13:38:43:265 3448 atidgllk (e19f6a79782238de07323a53014c9728) C:\dell\drivers\R105090\atidgllk.sys
13:38:43:281 3448 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
13:38:43:312 3448 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
13:38:43:343 3448 b57w2k (3a3a82ffd268bcfb7ae6a48cecf00ad9) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
13:38:43:359 3448 bbcap (7fc61edc0b094270b7a42921599a3d0e) C:\WINDOWS\system32\DRIVERS\bbcap.sys
13:38:43:390 3448 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
13:38:43:578 3448 BHDrvx86 (87c00decc19bd995217a4a5fdd4d638c) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\BASHDefs\20100709.001\BHDrvx86.sys
13:38:43:640 3448 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
13:38:43:656 3448 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
13:38:43:750 3448 ccHP (e941e709847fa00e0dd6d58d2b8fb5e1) C:\WINDOWS\system32\drivers\N360\0402000.00C\ccHPx86.sys
13:38:43:781 3448 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
13:38:43:812 3448 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
13:38:43:843 3448 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
13:38:43:875 3448 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys
13:38:43:937 3448 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
13:38:43:968 3448 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
13:38:44:000 3448 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
13:38:44:015 3448 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
13:38:44:031 3448 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
13:38:44:062 3448 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
13:38:44:093 3448 drvmcdb (b15f9e526ba511a48b1b1b8537815740) C:\WINDOWS\system32\drivers\drvmcdb.sys
13:38:44:093 3448 drvnddm (fa4670cae95ae2bb857c68e535661145) C:\WINDOWS\system32\drivers\drvnddm.sys
13:38:44:218 3448 eeCtrl (089296aedb9b72b4916ac959752bdc89) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
13:38:44:250 3448 EraserUtilRebootDrv (850259334652d392e33ee3412562e583) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
13:38:44:296 3448 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
13:38:44:312 3448 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
13:38:44:343 3448 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
13:38:44:359 3448 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
13:38:44:390 3448 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
13:38:44:437 3448 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
13:38:44:437 3448 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
13:38:44:468 3448 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
13:38:44:484 3448 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
13:38:44:484 3448 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
13:38:44:515 3448 hitmanpro35 (9a035acdb3202e3894252c4c4e0874c8) C:\WINDOWS\system32\drivers\hitmanpro35.sys
13:38:44:546 3448 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
13:38:44:562 3448 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
13:38:44:593 3448 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
13:38:44:640 3448 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
13:38:44:671 3448 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\drivers\i8042prt.sys
13:38:44:734 3448 ialm (0f0194c4b635c10c3f785e4fee52d641) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
13:38:44:953 3448 IDSxpx86 (231c3f6d5c520e99924e1e37401a90c4) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\IPSDefs\20100723.001\IDSxpx86.sys
13:38:44:953 3448 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
13:38:44:984 3448 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
13:38:45:015 3448 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
13:38:45:046 3448 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
13:38:45:078 3448 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
13:38:45:093 3448 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
13:38:45:125 3448 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
13:38:45:140 3448 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
13:38:45:171 3448 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
13:38:45:171 3448 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
13:38:45:203 3448 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
13:38:45:218 3448 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
13:38:45:250 3448 klmd23 (316353165feba3d0538eaa9c2f60c5b7) C:\WINDOWS\system32\drivers\klmd.sys
13:38:45:281 3448 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
13:38:45:312 3448 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
13:38:45:343 3448 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
13:38:45:375 3448 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
13:38:45:375 3448 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
13:38:45:390 3448 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
13:38:45:406 3448 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
13:38:45:484 3448 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
13:38:45:515 3448 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
13:38:45:531 3448 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
13:38:45:546 3448 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
13:38:45:562 3448 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
13:38:45:578 3448 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
13:38:45:625 3448 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
13:38:45:656 3448 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
13:38:45:671 3448 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
13:38:45:703 3448 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
13:38:45:890 3448 NAVENG (0953bb24c1e70a99c315f44f15993c17) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\VirusDefs\20100726.007\NAVENG.SYS
13:38:45:953 3448 NAVEX15 (3ddb0bef60b65df6b110c23e17cd67dc) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\VirusDefs\20100726.007\NAVEX15.SYS
13:38:46:000 3448 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
13:38:46:015 3448 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
13:38:46:046 3448 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
13:38:46:062 3448 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
13:38:46:093 3448 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
13:38:46:125 3448 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
13:38:46:140 3448 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
13:38:46:156 3448 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
13:38:46:171 3448 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
13:38:46:187 3448 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
13:38:46:234 3448 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
13:38:46:265 3448 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
13:38:46:296 3448 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
13:38:46:328 3448 NwlnkIpx (8b8b1be2dba4025da6786c645f77f123) C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
13:38:46:468 3448 NwlnkNb (56d34a67c05e94e16377c60609741ff8) C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
13:38:46:578 3448 NwlnkSpx (c0bb7d1615e1acbdc99757f6ceaf8cf0) C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
13:38:46:593 3448 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
13:38:46:609 3448 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
13:38:46:640 3448 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
13:38:46:671 3448 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
13:38:46:734 3448 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
13:38:46:765 3448 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
13:38:46:968 3448 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
13:38:46:984 3448 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
13:38:47:046 3448 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
13:38:47:125 3448 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
13:38:47:140 3448 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
13:38:47:171 3448 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
13:38:47:187 3448 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
13:38:47:203 3448 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
13:38:47:218 3448 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
13:38:47:234 3448 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
13:38:47:265 3448 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
13:38:47:296 3448 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
13:38:47:328 3448 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
13:38:47:375 3448 senfilt (b9c7617c1e8ab6fdff75d3c8dafcb4c8) C:\WINDOWS\system32\drivers\senfilt.sys
13:38:47:421 3448 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
13:38:47:437 3448 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
13:38:47:453 3448 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
13:38:47:500 3448 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
13:38:47:515 3448 smwdm (0066ff77aeb4ae70066f7e94d5a6d866) C:\WINDOWS\system32\drivers\smwdm.sys
13:38:47:562 3448 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
13:38:47:578 3448 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
13:38:47:656 3448 SRTSP (ec5c3c6260f4019b03dfaa03ec8cbf6a) C:\WINDOWS\System32\Drivers\N360\0402000.00C\SRTSP.SYS
13:38:47:687 3448 SRTSPX (55d5c37ed41231e3ac2063d16df50840) C:\WINDOWS\system32\drivers\N360\0402000.00C\SRTSPX.SYS
13:38:47:718 3448 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys
13:38:47:765 3448 sscdbhk5 (d7968049be0adbb6a57cee3960320911) C:\WINDOWS\system32\drivers\sscdbhk5.sys
13:38:47:781 3448 ssrtln (c3ffd65abfb6441e7606cf74f1155273) C:\WINDOWS\system32\drivers\ssrtln.sys
13:38:47:796 3448 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
13:38:47:828 3448 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
13:38:47:859 3448 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
13:38:47:937 3448 SymDS (56890bf9d9204b93042089d4b45ae671) C:\WINDOWS\system32\drivers\N360\0402000.00C\SYMDS.SYS
13:38:47:968 3448 SymEFA (1c91df5188150510a6f0cf78f7d94b69) C:\WINDOWS\system32\drivers\N360\0402000.00C\SYMEFA.SYS
13:38:48:000 3448 SymEvent (961b48b86f94d4cc8ceb483f8aa89374) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
13:38:48:062 3448 SymIRON (dc80fbf0a348e54853ef82eed4e11e35) C:\WINDOWS\system32\drivers\N360\0402000.00C\Ironx86.SYS
13:38:48:109 3448 SYMTDI (41aad61f87ca8e3b5d0f7fe7fba0797d) C:\WINDOWS\System32\Drivers\N360\0402000.00C\SYMTDI.SYS
13:38:48:218 3448 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
13:38:48:265 3448 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
13:38:48:296 3448 Tcpip6 (4e53bbcc4be37d7a4bd6ef1098c89ff7) C:\WINDOWS\system32\DRIVERS\tcpip6.sys
13:38:48:343 3448 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
13:38:48:359 3448 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
13:38:48:390 3448 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
13:38:48:453 3448 tfsnboio (1d265cd2fb1673a0873bf8cec19ddc7f) C:\WINDOWS\system32\dla\tfsnboio.sys
13:38:48:468 3448 tfsncofs (62e4901295e0467cac78e5b4b131ae5c) C:\WINDOWS\system32\dla\tfsncofs.sys
13:38:48:484 3448 tfsndrct (a2f380f9252ab3464c859adf91eead9c) C:\WINDOWS\system32\dla\tfsndrct.sys
13:38:48:500 3448 tfsndres (eee79bbefe9c6a2a3ce6c8753cfea950) C:\WINDOWS\system32\dla\tfsndres.sys
13:38:48:531 3448 tfsnifs (9d644eb11fec9487450c4cfcd63a5df4) C:\WINDOWS\system32\dla\tfsnifs.sys
13:38:48:562 3448 tfsnopio (e656af05c67edb7c0e9230a5df71ed1b) C:\WINDOWS\system32\dla\tfsnopio.sys
13:38:48:578 3448 tfsnpool (64fccb9cce703ca507dffc3cebf6b2cb) C:\WINDOWS\system32\dla\tfsnpool.sys
13:38:48:593 3448 tfsnudf (48bc9d8ab4e4b9bff70fb18e55cec3d6) C:\WINDOWS\system32\dla\tfsnudf.sys
13:38:48:609 3448 tfsnudfa (79f60822224256b49bfc855da8d651d5) C:\WINDOWS\system32\dla\tfsnudfa.sys
13:38:48:640 3448 tunmp (8f861eda21c05857eb8197300a92501c) C:\WINDOWS\system32\DRIVERS\tunmp.sys
13:38:48:656 3448 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
13:38:48:703 3448 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
13:38:48:765 3448 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
13:38:48:765 3448 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
13:38:48:796 3448 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
13:38:48:812 3448 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
13:38:48:828 3448 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
13:38:48:875 3448 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
13:38:48:953 3448 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
13:38:48:968 3448 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
13:38:49:000 3448 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
13:38:49:015 3448 USB_RNDIS_XP (bee793d4a059caea55d6ac20e19b3a8f) C:\WINDOWS\system32\DRIVERS\usb8023.sys
13:38:49:031 3448 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
13:38:49:062 3448 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
13:38:49:078 3448 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
13:38:49:093 3448 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
13:38:49:140 3448 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
13:38:49:234 3448 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
13:38:49:234 3448
13:38:49:234 3448 Completed
13:38:49:234 3448
13:38:49:234 3448 Results:
13:38:49:234 3448 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
13:38:49:234 3448 File objects infected / cured / cured on reboot: 0 / 0 / 0
13:38:49:234 3448
13:38:49:343 3448 KLMD(ARK) unloaded successfully


Thanks again for the help!

#5 maser00

  • Group: GeekU Moderator
  • Posts: 1,453
  • Joined: 29-August 07

Posted 27 July 2010 - 08:36 AM

Hi

  • Are you having these problems on other computers too?

  • Do you know these files?

    [2010/07/25 17:23:28 | 000,022,016 | ---- | M] ()(C:\Documents and Settings\Ray\My Documents\?????.doc) -- C:\Documents and Settings\Ray\My Documents\打电话进来.doc
    [2010/07/25 17:23:28 | 000,022,016 | ---- | C] ()(C:\Documents and Settings\Ray\My Documents\?????.doc) -- C:\Documents and Settings\Ray\My Documents\打电话进来.doc
    [2010/07/08 20:51:51 | 000,000,162 | -H-- | M] ()(C:\Documents and Settings\Ray\My Documents\~$?????.doc) -- C:\Documents and Settings\Ray\My Documents\~$华尔街日报.doc
    [2010/07/08 20:51:51 | 000,000,162 | -H-- | C] ()(C:\Documents and Settings\Ray\My Documents\~$?????.doc) -- C:\Documents and Settings\Ray\My Documents\~$华尔街日报.doc
    [2010/07/05 22:33:35 | 000,000,162 | -H-- | M] ()(C:\Documents and Settings\Ray\My Documents\~$? ?1.doc) -- C:\Documents and Settings\Ray\My Documents\~$导 语1.doc
    [2010/07/05 22:33:35 | 000,000,162 | -H-- | C] ()(C:\Documents and Settings\Ray\My Documents\~$? ?1.doc) -- C:\Documents and Settings\Ray\My Documents\~$导 语1.doc
    [2010/01/22 21:41:03 | 000,365,568 | ---- | M] ()(C:\Documents and Settings\Ray\My Documents\?????????????.doc) -- C:\Documents and Settings\Ray\My Documents\食品安全国家标准审评委员会.doc
    [2010/01/22 21:41:03 | 000,365,568 | ---- | C] ()(C:\Documents and Settings\Ray\My Documents\?????????????.doc) -- C:\Documents and Settings\Ray\My Documents\食品安全国家标准审评委员会.doc

Please follow these steps:

============ Step one ============

Run OTL again

  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
O33 - MountPoints2\{9de230fd-e01f-11dd-83d6-001143c8460c}\Shell\AutoRun\command - "" = F:\fk.exe -- File not found
O33 - MountPoints2\{9de230fd-e01f-11dd-83d6-001143c8460c}\Shell\open\Command - "" = F:\fk.exe -- File not found
O33 - MountPoints2\{b58cdfb4-2308-11de-b8b9-001143c8460c}\Shell - "" = AutoRun
O33 - MountPoints2\{b58cdfb4-2308-11de-b8b9-001143c8460c}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b58cdfb4-2308-11de-b8b9-001143c8460c}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\{b58cdfb5-2308-11de-b8b9-001143c8460c}\Shell\Auto\command - "" = H:\fun.xls.exe -- File not found
O33 - MountPoints2\{b58cdfb5-2308-11de-b8b9-001143c8460c}\Shell\AutoRun - "" = Auto&Play

:Services

:Reg

:Files

:Commands
[emptytemp]
[EMPTYFLASH]
[Reboot]


  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done and save the log it produces.
  • Open OTL again and click the Quick Scan button. Now post the log it produces together with the log you saved from running the fix. Post both logs in your next reply please.


============ Step two ============

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic


============ Step three ============

Download RootRepeal from one of the following locations and save it to your desktop:
  • Double click Posted Image to start the program
  • Click on the Report tab at the bottom of the program window
  • Click the Posted Image button
  • In the Select Scan dialog, check:

    • Drivers
    • Files
    • Processes
    • SSDT
    • Stealth Objects
    • Hidden Services
    • Shadow SSDT

  • Click the OK button
  • In the next dialog, select all drives showing
  • Click OK to start the scan
    Note: The scan can take some time. DO NOT run any other programs while the scan is running

  • When the scan is complete, click the Posted Image button and save the report to your Desktop as RootRepeal.txt
  • Go to File, then Exit to close the program

If the report is not too long, post the contents of RootRepeal.txt in your next reply. If the report is very long, it will not be complete if you post it, so please attach it to your reply instead.

#6 noodlesaregood

  • Group: Member
  • Posts: 25
  • Joined: 18-July 10

Posted 27 July 2010 - 10:40 AM

Hey Maser00,

1. YES i have another computer that started acting exactly the same way just a couple days ago! You guys are amazing..
2. And yup i know the files, they're my dads chinese news articles.


The only problem i had was with the online scanner from ESET, after i accept the terms of agreement, the page turns blank and nothing loads. There is a little picture icon in the top left corner of the screen. No ActiveX control bar pops down, and after a while the window automatically reloads to the terms of agreement screen again.

For the logs, here's the OTL fix log


All processes killed
========== OTL ==========
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9de230fd-e01f-11dd-83d6-001143c8460c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9de230fd-e01f-11dd-83d6-001143c8460c}\ not found.
File F:\fk.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9de230fd-e01f-11dd-83d6-001143c8460c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9de230fd-e01f-11dd-83d6-001143c8460c}\ not found.
File F:\fk.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b58cdfb4-2308-11de-b8b9-001143c8460c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b58cdfb4-2308-11de-b8b9-001143c8460c}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b58cdfb4-2308-11de-b8b9-001143c8460c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b58cdfb4-2308-11de-b8b9-001143c8460c}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b58cdfb4-2308-11de-b8b9-001143c8460c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b58cdfb4-2308-11de-b8b9-001143c8460c}\ not found.
File F:\LaunchU3.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b58cdfb5-2308-11de-b8b9-001143c8460c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b58cdfb5-2308-11de-b8b9-001143c8460c}\ not found.
File H:\fun.xls.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b58cdfb5-2308-11de-b8b9-001143c8460c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b58cdfb5-2308-11de-b8b9-001143c8460c}\ not found.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 27524 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: Ray
->Temp folder emptied: 306409 bytes
->Temporary Internet Files folder emptied: 59747314 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 35168221 bytes
->Google Chrome cache emptied: 234066317 bytes
->Flash cache emptied: 5228 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2444830 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 994249173 bytes

Total Files Cleaned = 1,265.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User

User: LocalService

User: NetworkService

User: Ray
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.9.0 log created on 07272010_083945

Files\Folders moved on Reboot...
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_360.dat not found!

Registry entries deleted on Reboot...

#7 noodlesaregood

  • Group: Member
  • Posts: 25
  • Joined: 18-July 10

Posted 27 July 2010 - 10:41 AM

Here's the OTL Scan log after i ran the custom fix


OTL logfile created on: 7/27/2010 8:45:15 AM - Run 3
OTL by OldTimer - Version 3.2.9.0 Folder = C:\Documents and Settings\Ray\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 482.00 Mb Available Physical Memory | 48.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.51 Gb Total Space | 14.30 Gb Free Space | 19.19% Space Free | Partition Type: NTFS
Drive D: | 50.72 Gb Total Space | 16.72 Gb Free Space | 32.97% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ABC-01FF56CCA5C
Current User Name: Ray
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/07/17 20:23:34 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ray\My Documents\Downloads\OTL.exe
PRC - [2010/06/28 19:27:23 | 000,945,720 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Ray\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2010/06/02 17:50:58 | 001,144,104 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/02/25 17:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\4.2.0.12\ccsvchst.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/10/14 15:42:54 | 001,404,928 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe
PRC - [2004/01/07 01:01:00 | 000,110,592 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe


========== Modules (SafeList) ==========

MOD - [2010/07/17 20:23:34 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ray\My Documents\Downloads\OTL.exe
MOD - [2010/05/13 22:35:01 | 000,415,088 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\4.2.0.12\asoehook.dll
MOD - [2009/07/12 00:02:02 | 000,653,120 | R--- | M] (Microsoft Corporation) -- C:\Program Files\Norton 360\Engine\4.2.0.12\microsoft.vc90.crt\msvcr90.dll
MOD - [2009/07/12 00:02:00 | 000,569,664 | R--- | M] (Microsoft Corporation) -- C:\Program Files\Norton 360\Engine\4.2.0.12\microsoft.vc90.crt\msvcp90.dll
MOD - [2008/04/13 17:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2010/02/25 17:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton 360\Engine\4.2.0.12\ccSvcHst.exe -- (N360)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\usbaapl.sys -- (USBAAPL)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMNDIS.SYS -- (SYMNDIS)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMIDS.SYS -- (SYMIDS)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMFW.SYS -- (SYMFW)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\PTDUWWAN.sys -- (PTDUWWAN)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\PTDUVsp.sys -- (PTDUVsp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\PTDUMdm.sys -- (PTDUMdm)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\PTDUBus.sys -- (PTDUBus)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS -- (MRESP50a64)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS -- (MRESP50)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS -- (MRENDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS -- (MREMPR5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS -- (MREMP50a64)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS -- (MREMP50)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\EagleNT.sys -- (EagleNT)
DRV - [2010/07/25 12:35:03 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/07/25 01:00:00 | 001,362,608 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\VirusDefs\20100726.041\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/07/25 01:00:00 | 000,085,424 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\VirusDefs\20100726.041\NAVENG.SYS -- (NAVENG)
DRV - [2010/06/18 17:45:05 | 000,691,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\BASHDefs\20100709.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2010/06/16 18:54:14 | 000,331,640 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\IPSDefs\20100723.001\IDSXpx86.sys -- (IDSxpx86)
DRV - [2010/05/26 01:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/05/26 01:00:00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/05/05 21:01:59 | 000,361,904 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\N360\0402000.00C\SYMTDI.SYS -- (SYMTDI)
DRV - [2010/04/28 22:03:51 | 000,116,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0402000.00C\Ironx86.SYS -- (SymIRON)
DRV - [2010/04/21 20:02:20 | 000,173,104 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0402000.00C\SYMEFA.SYS -- (SymEFA)
DRV - [2010/04/21 19:29:50 | 000,325,680 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\N360\0402000.00C\SRTSP.SYS -- (SRTSP)
DRV - [2010/04/21 19:29:50 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0402000.00C\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2010/02/25 17:22:57 | 000,501,888 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0402000.00C\ccHPx86.sys -- (ccHP)
DRV - [2010/02/11 05:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2010/02/03 18:40:47 | 000,328,752 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0402000.00C\SYMDS.SYS -- (SymDS)
DRV - [2010/01/06 20:56:29 | 000,002,944 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\bbcap.sys -- (bbcap)
DRV - [2008/04/13 11:56:49 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usb8023.sys -- (USB_RNDIS_XP)
DRV - [2008/04/13 11:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008/04/13 10:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2006/05/10 16:00:16 | 000,156,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2005/03/11 16:51:56 | 000,005,120 | R--- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\DELL\drivers\R105090\atidgllk.sys -- (atidgllk)
DRV - [2004/09/17 10:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2004/08/13 02:56:00 | 000,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\drvnddm.sys -- (drvnddm)
DRV - [2004/08/13 01:05:00 | 000,100,603 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnudfa.sys -- (tfsnudfa)
DRV - [2004/08/13 01:05:00 | 000,098,714 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnudf.sys -- (tfsnudf)
DRV - [2004/08/13 01:05:00 | 000,086,202 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnifs.sys -- (tfsnifs)
DRV - [2004/08/13 01:05:00 | 000,034,843 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsncofs.sys -- (tfsncofs)
DRV - [2004/08/13 01:05:00 | 000,025,723 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnboio.sys -- (tfsnboio)
DRV - [2004/08/13 01:05:00 | 000,014,715 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnopio.sys -- (tfsnopio)
DRV - [2004/08/13 01:05:00 | 000,006,363 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnpool.sys -- (tfsnpool)
DRV - [2004/08/13 01:05:00 | 000,004,123 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsndrct.sys -- (tfsndrct)
DRV - [2004/08/13 01:05:00 | 000,002,239 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsndres.sys -- (tfsndres)
DRV - [2004/08/04 05:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2004/08/04 05:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2004/08/04 03:21:00 | 000,087,136 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb)
DRV - [2004/07/14 11:29:04 | 000,005,627 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\sscdbhk5.sys -- (sscdbhk5)
DRV - [2004/07/14 11:28:50 | 000,023,545 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\ssrtln.sys -- (ssrtln)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoomail.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: browserhighlighter@ebay.com:1.0.14908
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:4.6

FF - HKLM\software\mozilla\Firefox\extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\IPSFFPlgn\ [2010/07/25 21:41:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\coFFPlgn\ [2010/07/25 12:40:29 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/05/25 21:38:33 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/24 14:08:53 | 000,000,000 | ---D | M]

[2010/05/25 21:39:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ray\Application Data\Mozilla\Extensions
[2010/07/25 13:18:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ray\Application Data\Mozilla\Firefox\Profiles\3hd9wgxi.default\extensions
[2010/06/24 18:23:56 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Ray\Application Data\Mozilla\Firefox\Profiles\3hd9wgxi.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/07/26 15:57:39 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/26 16:08:18 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\browserhighlighter@ebay.com
[2009/04/18 12:47:39 | 000,279,888 | ---- | M] (Musicnotes, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npmusicn.dll

O1 HOSTS File: ([2010/07/18 19:16:03 | 000,000,048 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\4.2.0.12\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\4.2.0.12\ipsbho.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\4.2.0.12\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\4.2.0.12\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HitmanPro35] C:\Program Files\Hitman Pro 3.5\HitmanPro35.exe (SurfRight B.V.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [UpdateManager] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
O4 - HKCU..\Run: [Aim6] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...tes/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 66.51.205.100
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Ray\Application Data\Mozilla\Firefox\Desktop Background.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Ray\Application Data\Mozilla\Firefox\Desktop Background.bmp
O28 - HKLM ShellExecuteHooks: {EDB0E980-90BD-11D4-8599-0008C7D3B6F8} - C:\Eudora\EuShlExt.dll (Qualcomm Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/11/27 16:25:14 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/07/27 08:39:45 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/07/25 11:32:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Norton
[2010/07/25 11:29:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ray\Local Settings\Application Data\Symantec
[2010/07/24 08:33:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ray\Local Settings\Application Data\PCHealth
[2010/07/24 08:33:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\PCHealth
[2010/07/20 22:34:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ray\My Documents\How I Met Your Mother
[2010/07/20 22:34:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ray\My Documents\The Big Bang Theory
[2010/07/18 23:27:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DivX Shared
[2010/07/18 22:38:47 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/07/18 22:38:44 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/07/18 22:38:43 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/07/18 19:47:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2010/07/18 19:36:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
[2010/07/18 19:26:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2010/07/18 19:26:32 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2010/07/18 18:25:27 | 001,013,584 | ---- | C] (Kaspersky Lab) -- C:\Documents and Settings\Ray\Desktop\TDSSKiller.exe
[2010/07/18 18:23:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ray\Desktop\GooredFix Backups
[2010/07/18 18:17:07 | 000,000,000 | ---D | C] -- C:\_OTM
[2010/07/18 18:15:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/07/18 18:14:50 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Ray\Recent
[2010/07/17 22:00:39 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/06/26 10:39:24 | 000,000,000 | ---D | C] -- C:\Updates
[2010/06/25 19:15:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Blizzard Entertainment
[2010/06/25 19:13:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Blizzard
[2010/06/25 11:45:31 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrent
[2010/05/30 16:47:01 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2010/05/30 16:46:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2010/05/30 01:44:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ray\Application Data\DivX
[2010/05/30 01:12:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DivX
[2010/05/25 21:58:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ray\Desktop\PRINT
[2010/05/19 20:48:06 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[6 C:\Documents and Settings\Ray\My Documents\*.tmp files -> C:\Documents and Settings\Ray\My Documents\*.tmp -> ]
[12 C:\Documents and Settings\Ray\Desktop\*.tmp files -> C:\Documents and Settings\Ray\Desktop\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/07/27 08:42:11 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/07/27 08:41:42 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/27 08:41:39 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/07/27 08:41:01 | 006,553,600 | -H-- | M] () -- C:\Documents and Settings\Ray\NTUSER.DAT
[2010/07/27 08:40:51 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Ray\ntuser.ini
[2010/07/27 08:07:00 | 000,000,970 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-73586283-1677128483-839522115-1003UA.job
[2010/07/27 06:26:54 | 000,016,968 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/07/26 22:30:27 | 014,184,987 | ---- | M] () -- C:\Documents and Settings\Ray\My Documents\eleanorRiches.pdf
[2010/07/26 17:29:22 | 000,000,554 | -H-- | M] () -- C:\WINDOWS\tasks\Norton Security Scan for Ray.job
[2010/07/26 13:07:46 | 000,664,174 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\Cat.DB
[2010/07/26 10:07:01 | 000,000,918 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-73586283-1677128483-839522115-1003Core.job
[2010/07/26 08:51:27 | 000,091,648 | ---- | M] () -- C:\Documents and Settings\Ray\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/25 19:53:42 | 000,002,155 | ---- | M] () -- C:\Documents and Settings\Ray\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2010/07/25 19:52:10 | 000,001,900 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton 360.LNK
[2010/07/25 12:36:59 | 000,000,780 | ---- | M] () -- C:\Documents and Settings\Ray\Desktop\Norton Installation Files.lnk
[2010/07/25 12:35:03 | 000,124,976 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2010/07/25 12:35:03 | 000,060,808 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2010/07/25 12:35:03 | 000,007,443 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2010/07/25 12:35:03 | 000,000,805 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2010/07/24 14:08:53 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/07/24 11:23:28 | 000,020,480 | ---- | M] () -- C:\Documents and Settings\Ray\My Documents\This project library.doc
[2010/07/24 10:57:51 | 000,020,992 | ---- | M] () -- C:\Documents and Settings\Ray\My Documents\This project will answer three questions.doc
[2010/07/21 08:27:53 | 000,059,557 | ---- | M] () -- C:\Documents and Settings\Ray\Desktop\100721-102753.jpg
[2010/07/19 00:37:53 | 006,190,366 | -H-- | M] () -- C:\Documents and Settings\Ray\Local Settings\Application Data\IconCache.db
[2010/07/18 23:07:30 | 000,000,679 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/07/18 23:07:30 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/07/18 23:07:30 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2010/07/18 22:38:50 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/18 19:26:38 | 000,001,663 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Hitman Pro 3.5.lnk
[2010/07/18 19:16:03 | 000,000,048 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2010/07/11 09:30:30 | 000,020,635 | ---- | M] () -- C:\Documents and Settings\Ray\My Documents\Data_07112010.pxj
[2010/07/02 20:08:24 | 000,002,268 | ---- | M] () -- C:\Documents and Settings\Ray\Desktop\Google Chrome.lnk
[2010/06/30 17:25:08 | 001,013,584 | ---- | M] (Kaspersky Lab) -- C:\Documents and Settings\Ray\Desktop\TDSSKiller.exe
[2010/06/26 10:41:11 | 000,000,617 | ---- | M] () -- C:\Documents and Settings\Ray\Application Data\myMPQ.ini
[2010/06/25 11:46:39 | 000,000,630 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\µTorrent.lnk
[2010/06/24 00:07:28 | 000,501,230 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/06/24 00:07:28 | 000,441,124 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/06/24 00:07:28 | 000,071,060 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/06/19 19:37:57 | 000,027,136 | ---- | M] () -- C:\Documents and Settings\Ray\My Documents\Senior Will.doc
[2010/06/14 02:49:28 | 000,028,160 | ---- | M] () -- C:\Documents and Settings\Ray\My Documents\Shanghai.doc
[2010/06/13 00:24:03 | 000,021,504 | ---- | M] () -- C:\Documents and Settings\Ray\My Documents\oyama.doc
[2010/06/11 15:32:07 | 000,029,184 | ---- | M] () -- C:\Documents and Settings\Ray\My Documents\Source List.doc
[2010/06/11 11:57:59 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Ray\My Documents\~$vic Duty.doc
[2010/06/11 11:55:08 | 000,212,080 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/11 00:49:01 | 000,022,528 | ---- | M] () -- C:\Documents and Settings\Ray\My Documents\Civic Duty.doc
[2010/06/08 01:00:17 | 000,023,040 | ---- | M] () -- C:\Documents and Settings\Ray\My Documents\Consitutional Morality.doc
[2010/06/07 23:13:28 | 000,050,640 | ---- | M] () -- C:\Documents and Settings\Ray\Application Data\GDIPFONTCACHEV1.DAT
[2010/06/06 13:49:21 | 000,023,552 | ---- | M] () -- C:\Documents and Settings\Ray\My Documents\Successor letter 1.doc
[2010/06/06 13:49:17 | 000,027,648 | ---- | M] () -- C:\Documents and Settings\Ray\My Documents\Successor letter 2.doc
[2010/06/04 06:57:24 | 000,025,600 | ---- | M] () -- C:\Documents and Settings\Ray\My Documents\Summary of Scientific Journal Article.doc
[2010/06/04 06:36:22 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Ray\My Documents\~$urce List.doc
[2010/06/02 18:48:30 | 000,024,576 | ---- | M] () -- C:\Documents and Settings\Ray\My Documents\e_mail_to_agilent.doc
[2010/06/02 02:14:10 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\Ray\My Documents\MORAL PRESIDENCY.doc
[2010/05/30 10:34:15 | 000,279,446 | ---- | M] () -- C:\Documents and Settings\Ray\My Documents\si-01735.pdf
[2010/05/30 10:34:01 | 000,083,503 | ---- | M] () -- C:\Documents and Settings\Ray\My Documents\SI-01511.pdf
[2010/05/29 15:34:30 | 000,050,640 | ---- | M] () -- C:\Documents and Settings\Ray\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/05/29 09:54:16 | 000,038,394 | ---- | M] () -- C:\Documents and Settings\Ray\My Documents\eugene_to_shida.pdf
[2010/05/28 05:04:52 | 000,118,317 | ---- | M] () -- C:\Documents and Settings\Ray\My Documents\lcms-reference.pdf
[2010/05/28 01:32:55 | 000,021,504 | ---- | M] () -- C:\Documents and Settings\Ray\My Documents\Current Event.doc
[2010/05/25 21:37:47 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\Ray\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/05/25 21:37:47 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/05/24 00:41:01 | 000,021,504 | ---- | M] () -- C:\Documents and Settings\Ray\My Documents\Essay Topic Proposal.doc
[2010/05/24 00:06:15 | 000,090,112 | ---- | M] () -- C:\Documents and Settings\Ray\My Documents\International Day JUDGING SHEET.doc
[2010/05/19 20:48:34 | 000,001,548 | ---- | M] () -- C:\Documents and Settings\Ray\Desktop\CCleaner.lnk
[2010/05/14 10:19:26 | 000,022,528 | ---- | M] () -- C:\Documents and Settings\Ray\My Documents\CIVICS Politics and Satire.doc
[2010/05/13 23:40:03 | 000,000,172 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\isolate.ini
[2010/05/13 23:16:56 | 000,142,255 | ---- | M] () -- C:\Documents and Settings\Ray\My Documents\paper23.pdf
[2010/05/12 01:35:22 | 000,023,552 | ---- | M] () -- C:\Documents and Settings\Ray\My Documents\Bias in Media.doc
[2010/05/12 01:09:33 | 000,022,016 | ---- | M] () -- C:\Documents and Settings\Ray\My Documents\Slouching Towards Bethlehem Response Journals LOS ANGELSE NOTEBOOK.doc
[2010/05/12 00:51:33 | 000,022,016 | ---- | M] () -- C:\Documents and Settings\Ray\My Documents\Slouching Towards Bethlehem On Self Respect.doc
[2010/05/12 00:14:51 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Ray\My Documents\~$ouching Towards Bethlehem On Self Respect.doc
[2010/05/11 22:21:57 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Ray\My Documents\~$ouching Towards Bethlehem Response Journals On Morality.docx
[2010/05/11 22:15:54 | 000,027,648 | ---- | M] () -- C:\Documents and Settings\Ray\My Documents\Raymond Chang Resume FINAL for recommends.doc
[2010/05/05 21:01:59 | 000,361,904 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0402000.00C\symtdi.sys
[2010/05/05 21:01:59 | 000,339,504 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0402000.00C\symtdiv.sys
[2010/05/05 21:01:43 | 000,001,473 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\symnetv.inf
[2010/05/05 21:01:43 | 000,001,445 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\symnet.inf
[2010/05/03 22:15:34 | 000,432,395 | ---- | M] () -- C:\Documents and Settings\Ray\My Documents\correlation_study.pdf
[2010/05/03 01:34:24 | 000,012,406 | ---- | M] () -- C:\Documents and Settings\Ray\My Documents\Slouching Towards Bethlehem Response Journals On Morality.docx
[2010/05/03 01:17:05 | 000,012,836 | ---- | M] () -- C:\Documents and Settings\Ray\My Documents\Slouching Towards Bethlehem Response Journals Slouching Towards Bethlehem.docx
[2010/05/01 10:08:25 | 002,882,410 | ---- | M] () -- C:\Documents and Settings\Ray\My Documents\scan.tif
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/28 22:03:51 | 000,116,784 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0402000.00C\ironx86.sys
[2010/04/28 22:03:51 | 000,007,438 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\iron.cat
[2010/04/28 22:03:51 | 000,000,741 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\iron.inf
[6 C:\Documents and Settings\Ray\My Documents\*.tmp files -> C:\Documents and Settings\Ray\My Documents\*.tmp -> ]
[12 C:\Documents and Settings\Ray\Desktop\*.tmp files -> C:\Documents and Settings\Ray\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/07/26 21:29:32 | 014,184,987 | ---- | C] () -- C:\Documents and Settings\Ray\My Documents\eleanorRiches.pdf
[2010/07/25 11:32:57 | 000,000,780 | ---- | C] () -- C:\Documents and Settings\Ray\Desktop\Norton Installation Files.lnk
[2010/07/24 14:08:53 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/07/24 11:19:05 | 000,020,480 | ---- | C] () -- C:\Documents and Settings\Ray\My Documents\This project library.doc
[2010/07/24 10:57:50 | 000,020,992 | ---- | C] () -- C:\Documents and Settings\Ray\My Documents\This project will answer three questions.doc
[2010/07/20 22:28:48 | 000,059,557 | ---- | C] () -- C:\Documents and Settings\Ray\Desktop\100721-102753.jpg
[2010/07/18 22:38:50 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/18 19:26:56 | 000,016,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/07/18 19:26:38 | 000,001,663 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Hitman Pro 3.5.lnk
[2010/07/11 09:30:30 | 000,020,635 | ---- | C] () -- C:\Documents and Settings\Ray\My Documents\Data_07112010.pxj
[2010/06/25 21:48:11 | 002,219,426 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\(6) - AI - Metalopolis (4x).s2ma
[2010/06/25 21:48:11 | 002,215,112 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\(6) - AI - Metalopolis (5x).s2ma
[2010/06/25 21:48:11 | 001,703,090 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\(4) - AI - Shakuras Plateau (3x).s2ma
[2010/06/25 21:48:11 | 001,703,076 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\(4) - AI - Shakuras Plateau (1x).s2ma
[2010/06/25 21:48:11 | 001,435,725 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\(4) - AI - Twilight Fortress (1x).s2ma
[2010/06/25 21:48:11 | 001,435,716 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\(4) - AI - Twilight Fortress (3x).s2ma
[2010/06/25 21:48:11 | 001,188,690 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\(4) - AI - Metalopolis (3x).s2ma
[2010/06/25 21:48:10 | 001,970,155 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\(4) - AI - Kulas Ravine (3x).s2ma
[2010/06/25 21:48:10 | 001,575,712 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\(4) - AI - Lost Temple (1x).s2ma
[2010/06/25 21:48:10 | 001,575,708 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\(4) - AI - Lost Temple (3x).s2ma
[2010/06/25 21:48:10 | 001,475,908 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\(2) - AI - Desert Oasis.s2ma
[2010/06/25 21:48:10 | 001,259,729 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\(2) - AI - Blistering Sands.s2ma
[2010/06/25 21:48:10 | 001,188,691 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\(4) - AI - Metalopolis (1x).s2ma
[2010/06/25 21:48:10 | 000,803,907 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\(2) - AI - Scrap Station.s2ma
[2010/06/25 19:44:13 | 000,000,617 | ---- | C] () -- C:\Documents and Settings\Ray\Application Data\myMPQ.ini
[2010/06/25 11:46:32 | 000,000,630 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\µTorrent.lnk
[2010/06/13 00:24:03 | 000,021,504 | ---- | C] () -- C:\Documents and Settings\Ray\My Documents\oyama.doc
[2010/06/11 11:57:59 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Ray\My Documents\~$vic Duty.doc
[2010/06/11 00:43:19 | 000,022,528 | ---- | C] () -- C:\Documents and Settings\Ray\My Documents\Civic Duty.doc
[2010/06/10 01:08:02 | 000,027,136 | ---- | C] () -- C:\Documents and Settings\Ray\My Documents\Senior Will.doc
[2010/06/08 00:35:29 | 000,023,040 | ---- | C] () -- C:\Documents and Settings\Ray\My Documents\Consitutional Morality.doc
[2010/06/06 13:49:21 | 000,023,552 | ---- | C] () -- C:\Documents and Settings\Ray\My Documents\Successor letter 1.doc
[2010/06/06 13:49:16 | 000,027,648 | ---- | C] () -- C:\Documents and Settings\Ray\My Documents\Successor letter 2.doc
[2010/06/04 06:57:23 | 000,025,600 | ---- | C] () -- C:\Documents and Settings\Ray\My Documents\Summary of Scientific Journal Article.doc
[2010/06/04 06:36:22 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Ray\My Documents\~$urce List.doc
[2010/06/02 02:13:43 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\Ray\My Documents\MORAL PRESIDENCY.doc
[2010/05/30 10:59:25 | 000,024,576 | ---- | C] () -- C:\Documents and Settings\Ray\My Documents\e_mail_to_agilent.doc
[2010/05/30 10:34:13 | 000,279,446 | ---- | C] () -- C:\Documents and Settings\Ray\My Documents\si-01735.pdf
[2010/05/30 10:33:59 | 000,083,503 | ---- | C] () -- C:\Documents and Settings\Ray\My Documents\SI-01511.pdf
[2010/05/29 09:54:15 | 000,038,394 | ---- | C] () -- C:\Documents and Settings\Ray\My Documents\eugene_to_shida.pdf
[2010/05/28 05:04:52 | 000,118,317 | ---- | C] () -- C:\Documents and Settings\Ray\My Documents\lcms-reference.pdf
[2010/05/28 02:40:55 | 000,029,184 | ---- | C] () -- C:\Documents and Settings\Ray\My Documents\Source List.doc
[2010/05/28 01:32:33 | 000,021,504 | ---- | C] () -- C:\Documents and Settings\Ray\My Documents\Current Event.doc
[2010/05/26 01:06:17 | 000,028,160 | ---- | C] () -- C:\Documents and Settings\Ray\My Documents\Shanghai.doc
[2010/05/25 21:37:47 | 000,001,620 | ---- | C] () -- C:\Documents and Settings\Ray\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/05/25 21:37:47 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/05/24 00:40:40 | 000,021,504 | ---- | C] () -- C:\Documents and Settings\Ray\My Documents\Essay Topic Proposal.doc
[2010/05/24 00:05:25 | 000,090,112 | ---- | C] () -- C:\Documents and Settings\Ray\My Documents\International Day JUDGING SHEET.doc
[2010/05/19 20:48:34 | 000,001,548 | ---- | C] () -- C:\Documents and Settings\Ray\Desktop\CCleaner.lnk
[2010/05/15 15:21:43 | 000,142,255 | ---- | C] () -- C:\Documents and Settings\Ray\My Documents\paper23.pdf
[2010/05/15 15:19:55 | 003,932,214 | ---- | C] () -- C:\Documents and Settings\Ray\My Documents\Endeavosil.bmp
[2010/05/14 10:18:48 | 000,022,528 | ---- | C] () -- C:\Documents and Settings\Ray\My Documents\CIVICS Politics and Satire.doc
[2010/05/12 01:35:14 | 000,023,552 | ---- | C] () -- C:\Documents and Settings\Ray\My Documents\Bias in Media.doc
[2010/05/12 01:09:33 | 000,022,016 | ---- | C] () -- C:\Documents and Settings\Ray\My Documents\Slouching Towards Bethlehem Response Journals LOS ANGELSE NOTEBOOK.doc
[2010/05/12 00:14:51 | 000,022,016 | ---- | C] () -- C:\Documents and Settings\Ray\My Documents\Slouching Towards Bethlehem On Self Respect.doc
[2010/05/12 00:14:51 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Ray\My Documents\~$ouching Towards Bethlehem On Self Respect.doc
[2010/05/11 22:21:57 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Ray\My Documents\~$ouching Towards Bethlehem Response Journals On Morality.docx
[2010/05/03 22:15:34 | 000,432,395 | ---- | C] () -- C:\Documents and Settings\Ray\My Documents\correlation_study.pdf
[2010/05/02 23:28:03 | 000,012,836 | ---- | C] () -- C:\Documents and Settings\Ray\My Documents\Slouching Towards Bethlehem Response Journals Slouching Towards Bethlehem.docx
[2010/05/02 23:28:02 | 000,012,406 | ---- | C] () -- C:\Documents and Settings\Ray\My Documents\Slouching Towards Bethlehem Response Journals On Morality.docx
[2010/05/01 09:52:01 | 002,882,410 | ---- | C] () -- C:\Documents and Settings\Ray\My Documents\scan.tif
[2010/01/06 20:56:29 | 000,003,584 | ---- | C] () -- C:\WINDOWS\System32\bbchlp.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/03/07 09:51:36 | 000,000,038 | ---- | C] () -- C:\WINDOWS\wwwbatch.ini
[2009/01/17 10:48:44 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2008/11/30 09:17:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\HPMProp.INI
[2008/11/27 23:30:37 | 000,000,523 | ---- | C] () -- C:\WINDOWS\ATICIM.INI
[2008/11/27 21:43:19 | 000,000,354 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/11/27 20:17:25 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/09/22 12:17:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini

========== LOP Check ==========

[2008/11/28 16:34:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore
[2010/01/06 20:58:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Blueberry
[2010/07/18 19:26:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2009/04/18 14:23:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Musicnotes
[2009/09/06 11:12:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2009/05/15 21:05:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCSettings
[2010/01/06 18:13:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SlySoft
[2010/07/18 18:39:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/08/13 00:17:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WiFiTemp
[2009/06/06 11:22:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2008/11/28 00:01:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2009/10/30 00:48:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/08/18 18:58:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{7B6BA59A-FB0E-4499-8536-A7420338BF3B}
[2009/05/16 08:14:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2008/11/28 16:36:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ray\Application Data\acccore
[2010/01/03 11:39:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ray\Application Data\Audacity
[2010/01/06 20:58:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ray\Application Data\Blueberry
[2009/02/04 21:02:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ray\Application Data\FMZilla
[2009/12/13 22:12:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ray\Application Data\ImgBurn
[2009/03/29 11:15:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ray\Application Data\ImTOO Software Studio
[2008/11/27 23:54:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ray\Application Data\Infineon
[2009/03/14 21:51:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ray\Application Data\Leadertech
[2010/06/25 11:33:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ray\Application Data\LimeWire
[2009/03/27 21:27:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ray\Application Data\Moyea
[2008/11/27 21:00:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ray\Application Data\MSNInstaller
[2009/02/12 17:42:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ray\Application Data\OpenOffice.org
[2010/01/06 20:55:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ray\Application Data\Seven Zip
[2009/04/10 06:40:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ray\Application Data\Smith Micro
[2010/06/26 01:19:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ray\Application Data\uTorrent

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2010/07/25 17:23:28 | 000,022,016 | ---- | M] ()(C:\Documents and Settings\Ray\My Documents\?????.doc) -- C:\Documents and Settings\Ray\My Documents\打电话进来.doc
[2010/07/25 17:23:28 | 000,022,016 | ---- | C] ()(C:\Documents and Settings\Ray\My Documents\?????.doc) -- C:\Documents and Settings\Ray\My Documents\打电话进来.doc
[2010/07/08 20:51:51 | 000,000,162 | -H-- | M] ()(C:\Documents and Settings\Ray\My Documents\~$?????.doc) -- C:\Documents and Settings\Ray\My Documents\~$华尔街日报.doc
[2010/07/08 20:51:51 | 000,000,162 | -H-- | C] ()(C:\Documents and Settings\Ray\My Documents\~$?????.doc) -- C:\Documents and Settings\Ray\My Documents\~$华尔街日报.doc
[2010/07/05 22:33:35 | 000,000,162 | -H-- | M] ()(C:\Documents and Settings\Ray\My Documents\~$? ?1.doc) -- C:\Documents and Settings\Ray\My Documents\~$导 语1.doc
[2010/07/05 22:33:35 | 000,000,162 | -H-- | C] ()(C:\Documents and Settings\Ray\My Documents\~$? ?1.doc) -- C:\Documents and Settings\Ray\My Documents\~$导 语1.doc
[2010/01/22 21:41:03 | 000,365,568 | ---- | M] ()(C:\Documents and Settings\Ray\My Documents\?????????????.doc) -- C:\Documents and Settings\Ray\My Documents\食品安全国家标准审评委员会.doc
[2010/01/22 21:41:03 | 000,365,568 | ---- | C] ()(C:\Documents and Settings\Ray\My Documents\?????????????.doc) -- C:\Documents and Settings\Ray\My Documents\食品安全国家标准审评委员会.doc
< End of report >

#8 noodlesaregood

  • Group: Member
  • Posts: 25
  • Joined: 18-July 10

Posted 27 July 2010 - 10:41 AM

And here's the rootrepeal

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2010/07/27 08:54
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xAA22B000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF7AD6000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal[1].sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal[1].sys
Address: 0xA9006000 Size: 49152 File Visible: No Signed: -
Status: -

Name: SYMDS.SYS
Image Path: SYMDS.SYS
Address: 0xF7353000 Size: 352256 File Visible: No Signed: -
Status: -

Name: SYMEFA.SYS
Image Path: SYMEFA.SYS
Address: 0xF7314000 Size: 184320 File Visible: No Signed: -
Status: -

SSDT
-------------------
#: 012 Function Name: NtAlertResumeThread
Status: Hooked by "<unknown>" at address 0x86804050

#: 013 Function Name: NtAlertThread
Status: Hooked by "<unknown>" at address 0x867f6050

#: 017 Function Name: NtAllocateVirtualMemory
Status: Hooked by "<unknown>" at address 0x86c27ef0

#: 019 Function Name: NtAssignProcessToJobObject
Status: Hooked by "<unknown>" at address 0x867bf050

#: 031 Function Name: NtConnectPort
Status: Hooked by "<unknown>" at address 0x86c1ec18

#: 041 Function Name: NtCreateKey
Status: Hooked by "C:\WINDOWS\system32\Drivers\SYMEVENT.SYS" at address 0xaa5e0210

#: 043 Function Name: NtCreateMutant
Status: Hooked by "<unknown>" at address 0x86063148

#: 052 Function Name: NtCreateSymbolicLinkObject
Status: Hooked by "<unknown>" at address 0x86c36530

#: 053 Function Name: NtCreateThread
Status: Hooked by "<unknown>" at address 0x86853318

#: 057 Function Name: NtDebugActiveProcess
Status: Hooked by "<unknown>" at address 0x867e0050

#: 063 Function Name: NtDeleteKey
Status: Hooked by "C:\WINDOWS\system32\Drivers\SYMEVENT.SYS" at address 0xaa5e0490

#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "C:\WINDOWS\system32\Drivers\SYMEVENT.SYS" at address 0xaa5e09f0

#: 068 Function Name: NtDuplicateObject
Status: Hooked by "<unknown>" at address 0x867cc098

#: 083 Function Name: NtFreeVirtualMemory
Status: Hooked by "<unknown>" at address 0x867bd660

#: 089 Function Name: NtImpersonateAnonymousToken
Status: Hooked by "<unknown>" at address 0x8681d050

#: 091 Function Name: NtImpersonateThread
Status: Hooked by "<unknown>" at address 0x8681f050

#: 097 Function Name: NtLoadDriver
Status: Hooked by "<unknown>" at address 0x86c32690

#: 108 Function Name: NtMapViewOfSection
Status: Hooked by "<unknown>" at address 0x85fb0d80

#: 114 Function Name: NtOpenEvent
Status: Hooked by "<unknown>" at address 0x860a0050

#: 122 Function Name: NtOpenProcess
Status: Hooked by "<unknown>" at address 0x86024ef8

#: 123 Function Name: NtOpenProcessToken
Status: Hooked by "<unknown>" at address 0x867f8050

#: 125 Function Name: NtOpenSection
Status: Hooked by "<unknown>" at address 0x86803050

#: 128 Function Name: NtOpenThread
Status: Hooked by "<unknown>" at address 0x867bc3b8

#: 137 Function Name: NtProtectVirtualMemory
Status: Hooked by "<unknown>" at address 0x86c36600

#: 206 Function Name: NtResumeThread
Status: Hooked by "<unknown>" at address 0x860a1050

#: 213 Function Name: NtSetContextThread
Status: Hooked by "<unknown>" at address 0x867f7050

#: 228 Function Name: NtSetInformationProcess
Status: Hooked by "<unknown>" at address 0x85fb0bb0

#: 240 Function Name: NtSetSystemInformation
Status: Hooked by "<unknown>" at address 0x867e2050

#: 247 Function Name: NtSetValueKey
Status: Hooked by "C:\WINDOWS\system32\Drivers\SYMEVENT.SYS" at address 0xaa5e0c40

#: 253 Function Name: NtSuspendProcess
Status: Hooked by "<unknown>" at address 0x867c0050

#: 254 Function Name: NtSuspendThread
Status: Hooked by "<unknown>" at address 0x8611f050

#: 257 Function Name: NtTerminateProcess
Status: Hooked by "<unknown>" at address 0x867cc120

#: 258 Function Name: NtTerminateThread
Status: Hooked by "<unknown>" at address 0x86805050

#: 267 Function Name: NtUnmapViewOfSection
Status: Hooked by "<unknown>" at address 0x867e6050

#: 277 Function Name: NtWriteVirtualMemory
Status: Hooked by "<unknown>" at address 0x86c403b8

Shadow SSDT
-------------------
#: 307 Function Name: NtUserAttachThreadInput
Status: Hooked by "<unknown>" at address 0x85f16f48

#: 383 Function Name: NtUserGetAsyncKeyState
Status: Hooked by "<unknown>" at address 0x85f7b9f8

#: 414 Function Name: NtUserGetKeyboardState
Status: Hooked by "<unknown>" at address 0x85f17590

#: 416 Function Name: NtUserGetKeyState
Status: Hooked by "<unknown>" at address 0x85f7bab8

#: 428 Function Name: NtUserGetRawInputData
Status: Hooked by "<unknown>" at address 0x85f16e78

#: 460 Function Name: NtUserMessageCall
Status: Hooked by "<unknown>" at address 0x86c0d580

#: 475 Function Name: NtUserPostMessage
Status: Hooked by "<unknown>" at address 0x85f174c0

#: 476 Function Name: NtUserPostThreadMessage
Status: Hooked by "<unknown>" at address 0x85f173f0

#: 549 Function Name: NtUserSetWindowsHookEx
Status: Hooked by "<unknown>" at address 0x85f0fe30

#: 552 Function Name: NtUserSetWinEventHook
Status: Hooked by "<unknown>" at address 0x85f0fe78

==EOF==

#9 maser00

  • Group: GeekU Moderator
  • Posts: 1,453
  • Joined: 29-August 07

Posted 27 July 2010 - 12:51 PM

Hi

Save these instructions so you can have access to them while in Safe Mode.

Please click here to download AVP Tool by Kaspersky.

  • Save it to your desktop.
  • Reboot your computer into SafeMode.

    You can do this by restarting your computer and continually tapping the F8 key until a menu appears.
    Use your up arrow key to highlight SafeMode then hit enter    .

  • Double click the setup file to run it.
  • Click Next to continue.
  • Accept the Licence agreement and click on next
  • It will by default install it to your desktop folder.Click Next.
  • It will then open a box There will be a tab that says Automatic scan.
  • Under Automatic scan make sure these are checked.

  • Hidden Startup Objects
  • System Memory
  • Disk Boot Sectors.
  • My Computer.
  • Also any other drives (Removable that you may have)

Leave the rest of the settings as they appear as default.

  • Then click on Scan at the to right hand Corner.
  • It will automatically Neutralize any objects found.
  • If some objects are left un-neutralized then click the button that says Neutralize all
  • If it says it cannot be Neutralized then chooose The delete option when prompted.
  • After that is done click on the reports button at the bottom and save it to file name it Kas.
  • Save it somewhere convenient like your desktop and just post only the detected Virus\malware in the report it will be at the very top under Detected post those results in your next reply.

    Note: This tool will self uninstall when you close it so please save the log before closing it.

#10 noodlesaregood

  • Group: Member
  • Posts: 25
  • Joined: 18-July 10

Posted 29 July 2010 - 11:28 AM

Hey maser,

i ran the scan and it took a while, but it come up with any neutralized or objects needed to be deleted. i couldn't find the way to save the report, but looking through the report window, it didn't report any detected objects. is there a specific way to save the report as a text file?

#11 maser00

  • Group: GeekU Moderator
  • Posts: 1,453
  • Joined: 29-August 07

Posted 29 July 2010 - 01:01 PM

Quote

After that is done click on the reports button at the bottom and save it to file name it Kas.

So there should be a report button at the top :) So it didn't find anything?

#12 Essexboy

  • Group: GeekU Moderator
  • Posts: 55,513
  • Joined: 31-May 06

Posted 01 August 2010 - 12:36 PM

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.

#13 noodlesaregood

  • Group: Member
  • Posts: 25
  • Joined: 18-July 10

Posted 03 August 2010 - 09:32 AM

Hey maser00,

I ran Kaspersky again, and I still couldn't save the report as a text file. When i click the report button, a window comes up with tabs for what types of files were scanned, detected, etc., but I can't copy it down and there's no button to save the report. I looked through the detected files again though and it still didn't report any infected files. But the redirect is still happening to some google search result pages, facebook, etc.

and sorry about the delay last time! ill try to respond more frequently from now on

#14 maser00

  • Group: GeekU Moderator
  • Posts: 1,453
  • Joined: 29-August 07

Posted 03 August 2010 - 10:07 AM

OK, I need a fresh OTL log to start with:

Download OTL to your Desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Select Scan all users
Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\system32\*.wt
%systemroot%\system32\*.ruy
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them in your next reply.

#15 noodlesaregood

  • Group: Member
  • Posts: 25
  • Joined: 18-July 10

Posted 03 August 2010 - 11:35 PM

Hey Maser00,

The OTL scan came up with only the OTL.txt file, it didn't change the extras.txt file

Heres the OTL.txt file


OTL logfile created on: 8/3/2010 10:30:25 PM - Run 4
OTL by OldTimer - Version 3.2.9.0 Folder = C:\Documents and Settings\Ray\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 367.00 Mb Available Physical Memory | 36.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 72.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.51 Gb Total Space | 13.50 Gb Free Space | 18.11% Space Free | Partition Type: NTFS
Drive D: | 50.72 Gb Total Space | 16.72 Gb Free Space | 32.97% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ABC-01FF56CCA5C
Current User Name: Ray
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/07/22 15:02:16 | 000,945,720 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Ray\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2010/07/17 20:23:34 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ray\My Documents\Downloads\OTL.exe
PRC - [2010/06/02 17:50:58 | 001,144,104 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/02/25 17:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\4.2.0.12\ccsvchst.exe
PRC - [2009/05/18 22:23:16 | 000,049,968 | ---- | M] (AOL LLC) -- C:\Program Files\AIM6\aim6.exe
PRC - [2008/11/06 10:33:00 | 000,041,264 | ---- | M] (AOL LLC) -- C:\Program Files\AIM6\aolsoftware.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/10/18 22:46:20 | 000,064,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmplayer.exe
PRC - [2004/10/14 15:42:54 | 001,404,928 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe


========== Modules (SafeList) ==========

MOD - [2010/07/17 20:23:34 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ray\My Documents\Downloads\OTL.exe
MOD - [2010/05/13 22:35:01 | 000,415,088 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\4.2.0.12\asoehook.dll
MOD - [2009/07/12 00:02:02 | 000,653,120 | R--- | M] (Microsoft Corporation) -- C:\Program Files\Norton 360\Engine\4.2.0.12\microsoft.vc90.crt\msvcr90.dll
MOD - [2009/07/12 00:02:00 | 000,569,664 | R--- | M] (Microsoft Corporation) -- C:\Program Files\Norton 360\Engine\4.2.0.12\microsoft.vc90.crt\msvcp90.dll
MOD - [2008/04/13 17:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2010/02/25 17:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton 360\Engine\4.2.0.12\ccSvcHst.exe -- (N360)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\usbaapl.sys -- (USBAAPL)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMNDIS.SYS -- (SYMNDIS)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMIDS.SYS -- (SYMIDS)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMFW.SYS -- (SYMFW)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\PTDUWWAN.sys -- (PTDUWWAN)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\PTDUVsp.sys -- (PTDUVsp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\PTDUMdm.sys -- (PTDUMdm)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\PTDUBus.sys -- (PTDUBus)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS -- (MRESP50a64)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS -- (MRESP50)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS -- (MRENDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS -- (MREMPR5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS -- (MREMP50a64)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS -- (MREMP50)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\EagleNT.sys -- (EagleNT)
DRV - [2010/07/25 12:35:03 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/07/25 01:00:00 | 001,362,608 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\VirusDefs\20100803.024\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/07/25 01:00:00 | 000,085,424 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\VirusDefs\20100803.024\NAVENG.SYS -- (NAVENG)
DRV - [2010/06/18 17:45:05 | 000,691,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\BASHDefs\20100709.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2010/06/16 18:54:14 | 000,331,640 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\IPSDefs\20100803.001\IDSXpx86.sys -- (IDSxpx86)
DRV - [2010/05/26 01:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/05/26 01:00:00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/05/05 21:01:59 | 000,361,904 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\N360\0402000.00C\SYMTDI.SYS -- (SYMTDI)
DRV - [2010/04/28 22:03:51 | 000,116,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0402000.00C\Ironx86.SYS -- (SymIRON)
DRV - [2010/04/21 20:02:20 | 000,173,104 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0402000.00C\SYMEFA.SYS -- (SymEFA)
DRV - [2010/04/21 19:29:50 | 000,325,680 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\N360\0402000.00C\SRTSP.SYS -- (SRTSP)
DRV - [2010/04/21 19:29:50 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0402000.00C\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2010/02/25 17:22:57 | 000,501,888 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0402000.00C\ccHPx86.sys -- (ccHP)
DRV - [2010/02/11 05:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2010/02/03 18:40:47 | 000,328,752 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0402000.00C\SYMDS.SYS -- (SymDS)
DRV - [2010/01/06 20:56:29 | 000,002,944 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\bbcap.sys -- (bbcap)
DRV - [2008/04/13 11:56:49 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usb8023.sys -- (USB_RNDIS_XP)
DRV - [2008/04/13 11:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008/04/13 10:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2006/05/10 16:00:16 | 000,156,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2005/03/11 16:51:56 | 000,005,120 | R--- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\DELL\drivers\R105090\atidgllk.sys -- (atidgllk)
DRV - [2004/09/17 10:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2004/08/13 02:56:00 | 000,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\drvnddm.sys -- (drvnddm)
DRV - [2004/08/13 01:05:00 | 000,100,603 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnudfa.sys -- (tfsnudfa)
DRV - [2004/08/13 01:05:00 | 000,098,714 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnudf.sys -- (tfsnudf)
DRV - [2004/08/13 01:05:00 | 000,086,202 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnifs.sys -- (tfsnifs)
DRV - [2004/08/13 01:05:00 | 000,034,843 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsncofs.sys -- (tfsncofs)
DRV - [2004/08/13 01:05:00 | 000,025,723 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnboio.sys -- (tfsnboio)
DRV - [2004/08/13 01:05:00 | 000,014,715 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnopio.sys -- (tfsnopio)
DRV - [2004/08/13 01:05:00 | 000,006,363 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnpool.sys -- (tfsnpool)
DRV - [2004/08/13 01:05:00 | 000,004,123 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsndrct.sys -- (tfsndrct)
DRV - [2004/08/13 01:05:00 | 000,002,239 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsndres.sys -- (tfsndres)
DRV - [2004/08/04 05:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2004/08/04 05:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2004/08/04 03:21:00 | 000,087,136 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb)
DRV - [2004/07/14 11:29:04 | 000,005,627 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\sscdbhk5.sys -- (sscdbhk5)
DRV - [2004/07/14 11:28:50 | 000,023,545 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\ssrtln.sys -- (ssrtln)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoomail.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: browserhighlighter@ebay.com:1.0.14908
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:4.6

FF - HKLM\software\mozilla\Firefox\extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\IPSFFPlgn\ [2010/07/25 21:41:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\coFFPlgn\ [2010/07/25 12:40:29 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/05/25 21:38:33 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/29 01:54:46 | 000,000,000 | ---D | M]

[2010/05/25 21:39:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ray\Application Data\Mozilla\Extensions
[2010/07/27 16:59:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ray\Application Data\Mozilla\Firefox\Profiles\3hd9wgxi.default\extensions
[2010/06/24 18:23:56 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Ray\Application Data\Mozilla\Firefox\Profiles\3hd9wgxi.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/07/27 16:59:11 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/08/03 08:45:21 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\browserhighlighter@ebay.com
[2009/04/18 12:47:39 | 000,279,888 | ---- | M] (Musicnotes, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npmusicn.dll

O1 HOSTS File: ([2010/07/18 19:16:03 | 000,000,048 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\4.2.0.12\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\4.2.0.12\ipsbho.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\4.2.0.12\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\4.2.0.12\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HitmanPro35] C:\Program Files\Hitman Pro 3.5\HitmanPro35.exe (SurfRight B.V.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [UpdateManager] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
O4 - HKCU..\Run: [Aim6] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...tes/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 66.51.205.100
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Ray\Application Data\Mozilla\Firefox\Desktop Background.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Ray\Application Data\Mozilla\Firefox\Desktop Background.bmp
O28 - HKLM ShellExecuteHooks: {EDB0E980-90BD-11D4-8599-0008C7D3B6F8} - C:\Eudora\EuShlExt.dll (Qualcomm Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/11/27 16:25:14 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.LEAD - LCODCCMP.DLL File not found
Drivers32: vidc.XVID - xvidvfw.dll File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17183584330711040)

========== Files/Folders - Created Within 90 Days ==========

[2010/08/03 13:09:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2010/08/03 08:44:59 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Ray\Recent
[2010/08/01 00:30:17 | 000,000,000 | ---D | C] -- C:\downloads
[2010/08/01 00:06:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ray\My Documents\FrostWire
[2010/08/01 00:06:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ray\Application Data\FrostWire
[2010/08/01 00:05:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ray\Local Settings\Application Data\OpenCandy
[2010/08/01 00:05:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ray\Application Data\OpenCandy
[2010/08/01 00:04:59 | 000,000,000 | ---D | C] -- C:\Program Files\FrostWire
[2010/07/27 08:39:45 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/07/25 11:32:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Norton
[2010/07/25 11:29:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ray\Local Settings\Application Data\Symantec
[2010/07/24 08:33:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ray\Local Settings\Application Data\PCHealth
[2010/07/24 08:33:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\PCHealth
[2010/07/20 22:34:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ray\My Documents\How I Met Your Mother
[2010/07/20 22:34:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ray\My Documents\The Big Bang Theory
[2010/07/18 23:27:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DivX Shared
[2010/07/18 22:38:47 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/07/18 22:38:44 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/07/18 22:38:43 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/07/18 19:47:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2010/07/18 19:36:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
[2010/07/18 19:26:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2010/07/18 19:26:32 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2010/07/18 18:25:27 | 001,013,584 | ---- | C] (Kaspersky Lab) -- C:\Documents and Settings\Ray\Desktop\TDSSKiller.exe
[2010/07/18 18:23:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ray\Desktop\GooredFix Backups
[2010/07/18 18:17:07 | 000,000,000 | ---D | C] -- C:\_OTM
[2010/07/18 18:15:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/07/17 22:00:39 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/06/26 10:39:24 | 000,000,000 | ---D | C] -- C:\Updates
[2010/06/25 19:15:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Blizzard Entertainment
[2010/06/25 19:13:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Blizzard
[2010/06/25 11:45:31 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrent
[2010/05/30 16:47:01 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2010/05/30 16:46:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2010/05/30 01:44:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ray\Application Data\DivX
[2010/05/30 01:12:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DivX
[2010/05/25 21:58:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ray\Desktop\PRINT
[2010/05/19 20:48:06 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[6 C:\Documents and Settings\Ray\My Documents\*.tmp files -> C:\Documents and Settings\Ray\My Documents\*.tmp -> ]
[12 C:\Documents and Settings\Ray\Desktop\*.tmp files -> C:\Documents and Settings\Ray\Desktop\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/08/03 22:07:00 | 000,000,970 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-73586283-1677128483-839522115-1003UA.job
[2010/08/03 15:53:16 | 000,000,554 | -H-- | M] () -- C:\WINDOWS\tasks\Norton Security Scan for Ray.job
[2010/08/03 10:07:00 | 000,000,918 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-73586283-1677128483-839522115-1003Core.job
[2010/08/03 09:17:08 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/08/03 09:15:53 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/08/03 09:15:49 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/08/03 09:15:11 | 006,553,600 | -H-- | M] () -- C:\Documents and Settings\Ray\NTUSER.DAT
[2010/08/03 09:15:00 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Ray\ntuser.ini
[2010/08/03 08:08:11 | 000,016,968 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/08/02 23:08:24 | 003,657,212 | -H-- | M] () -- C:\Documents and Settings\Ray\Local Settings\Application Data\IconCache.db
[2010/08/02 22:55:43 | 000,664,174 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\Cat.DB
[2010/08/02 21:40:27 | 000,100,352 | ---- | M] () -- C:\Documents and Settings\Ray\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/02 11:53:28 | 000,028,269 | ---- | M] () -- C:\Documents and Settings\Ray\Desktop\tr205.pdf
[2010/08/01 20:27:53 | 000,002,155 | ---- | M] () -- C:\Documents and Settings\Ray\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2010/08/01 18:46:49 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\Ray\Desktop\Dad's PIN YALE.doc
[2010/08/01 00:28:02 | 000,090,205 | ---- | M] () -- C:\Documents and Settings\Ray\Desktop\YaleStudentAccountBrochure.pdf
[2010/08/01 00:05:42 | 000,000,852 | ---- | M] () -- C:\Documents and Settings\Ray\Desktop\FrostWire 4.20.7.lnk
[2010/07/29 01:54:47 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/07/29 01:31:59 | 000,025,088 | ---- | M] () -- C:\Documents and Settings\Ray\Desktop\Maser Instructions.doc
[2010/07/28 19:08:05 | 000,002,268 | ---- | M] () -- C:\Documents and Settings\Ray\Desktop\Google Chrome.lnk
[2010/07/28 08:26:39 | 000,050,640 | ---- | M] () -- C:\Documents and Settings\Ray\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/07/28 08:25:28 | 000,212,080 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/07/26 22:30:27 | 014,184,987 | ---- | M] () -- C:\Documents and Settings\Ray\My Documents\eleanorRiches.pdf
[2010/07/25 19:52:10 | 000,001,900 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton 360.LNK
[2010/07/25 12:36:59 | 000,000,780 | ---- | M] () -- C:\Documents and Settings\Ray\Desktop\Norton Installation Files.lnk
[2010/07/25 12:35:03 | 000,124,976 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2010/07/25 12:35:03 | 000,060,808 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2010/07/25 12:35:03 | 000,007,443 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2010/07/25 12:35:03 | 000,000,805 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2010/07/24 11:23:28 | 000,020,480 | ---- | M] () -- C:\Documents and Settings\Ray\My Documents\This project library.doc
[2010/07/24 10:57:51 | 000,020,992 | ---- | M] () -- C:\Documents and Settings\Ray\My Documents\This project will answer three questions.doc
[2010/07/21 08:27:53 | 000,059,557 | ---- | M] () -- C:\Documents and Settings\Ray\Desktop\100721-102753.jpg
[2010/07/18 23:07:30 | 000,000,679 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/07/18 23:07:30 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/07/18 23:07:30 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2010/07/18 22:38:50 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/18 19:26:38 | 000,001,663 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Hitman Pro 3.5.lnk
[2010/07/18 19:16:03 | 000,000,048 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2010/07/11 09:30:30 | 000,020,635 | ---- | M] () -- C:\Documents and Settings\Ray\My Documents\Data_07112010.pxj
[2010/06/30 17:25:08 | 001,013,584 | ---- | M] (Kaspersky Lab) -- C:\Documents and Settings\Ray\Desktop\TDSSKiller.exe
[2010/06/26 10:41:11 | 000,000,617 | ---- | M] () -- C:\Documents and Settings\Ray\Application Data\myMPQ.ini
[2010/06/25 11:46:39 | 000,000,630 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\µTorrent.lnk
[2010/06/24 00:07:28 | 000,501,230 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/06/24 00:07:28 | 000,441,124 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/06/24 00:07:28 | 000,071,060 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/06/19 19:37:57 | 000,027,136 | ---- | M] () -- C:\Documents and Settings\Ray\My Documents\Senior Will.doc
[2010/06/14 02:49:28 | 000,028,160 | ---- | M] () -- C:\Documents and Settings\Ray\My Documents\Shanghai.doc
[2010/06/13 00:24:03 | 000,021,504 | ---- | M] () -- C:\Documents and Settings\Ray\My Documents\oyama.doc
[2010/06/11 15:32:07 | 000,029,184 | ---- | M] () -- C:\Documents and Settings\Ray\My Documents\Source List.doc
[2010/06/11 11:57:59 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Ray\My Documents\~$vic Duty.doc
[2010/06/11 00:49:01 | 000,022,528 | ---- | M] () -- C:\Documents and Settings\Ray\My Documents\Civic Duty.doc
[2010/06/08 01:00:17 | 000,023,040 | ---- | M] () -- C:\Documents and Settings\Ray\My Documents\Consitutional Morality.doc
[2010/06/07 23:13:28 | 000,050,640 | ---- | M] () -- C:\Documents and Settings\Ray\Application Data\GDIPFONTCACHEV1.DAT
[2010/06/06 13:49:21 | 000,023,552 | ---- | M] () -- C:\Documents and Settings\Ray\My Documents\Successor letter 1.doc
[2010/06/06 13:49:17 | 000,027,648 | ---- | M] () -- C:\Documents and Settings\Ray\My Documents\Successor letter 2.doc
[2010/06/04 06:57:24 | 000,025,600 | ---- | M] () -- C:\Documents and Settings\Ray\My Documents\Summary of Scientific Journal Article.doc
[2010/06/04 06:36:22 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Ray\My Documents\~$urce List.doc
[2010/06/02 18:48:30 | 000,024,576 | ---- | M] () -- C:\Documents and Settings\Ray\My Documents\e_mail_to_agilent.doc
[2010/06/02 02:14:10 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\Ray\My Documents\MORAL PRESIDENCY.doc
[2010/05/30 10:34:15 | 000,279,446 | ---- | M] () -- C:\Documents and Settings\Ray\My Documents\si-01735.pdf
[2010/05/30 10:34:01 | 000,083,503 | ---- | M] () -- C:\Documents and Settings\Ray\My Documents\SI-01511.pdf
[2010/05/29 09:54:16 | 000,038,394 | ---- | M] () -- C:\Documents and Settings\Ray\My Documents\eugene_to_shida.pdf
[2010/05/28 05:04:52 | 000,118,317 | ---- | M] () -- C:\Documents and Settings\Ray\My Documents\lcms-reference.pdf
[2010/05/28 01:32:55 | 000,021,504 | ---- | M] () -- C:\Documents and Settings\Ray\My Documents\Current Event.doc
[2010/05/25 21:37:47 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\Ray\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/05/25 21:37:47 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/05/24 00:41:01 | 000,021,504 | ---- | M] () -- C:\Documents and Settings\Ray\My Documents\Essay Topic Proposal.doc
[2010/05/24 00:06:15 | 000,090,112 | ---- | M] () -- C:\Documents and Settings\Ray\My Documents\International Day JUDGING SHEET.doc
[2010/05/19 20:48:34 | 000,001,548 | ---- | M] () -- C:\Documents and Settings\Ray\Desktop\CCleaner.lnk
[2010/05/14 10:19:26 | 000,022,528 | ---- | M] () -- C:\Documents and Settings\Ray\My Documents\CIVICS Politics and Satire.doc
[2010/05/13 23:40:03 | 000,000,172 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\isolate.ini
[2010/05/13 23:16:56 | 000,142,255 | ---- | M] () -- C:\Documents and Settings\Ray\My Documents\paper23.pdf
[2010/05/12 01:35:22 | 000,023,552 | ---- | M] () -- C:\Documents and Settings\Ray\My Documents\Bias in Media.doc
[2010/05/12 01:09:33 | 000,022,016 | ---- | M] () -- C:\Documents and Settings\Ray\My Documents\Slouching Towards Bethlehem Response Journals LOS ANGELSE NOTEBOOK.doc
[2010/05/12 00:51:33 | 000,022,016 | ---- | M] () -- C:\Documents and Settings\Ray\My Documents\Slouching Towards Bethlehem On Self Respect.doc
[2010/05/12 00:14:51 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Ray\My Documents\~$ouching Towards Bethlehem On Self Respect.doc
[2010/05/11 22:21:57 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Ray\My Documents\~$ouching Towards Bethlehem Response Journals On Morality.docx
[2010/05/11 22:15:54 | 000,027,648 | ---- | M] () -- C:\Documents and Settings\Ray\My Documents\Raymond Chang Resume FINAL for recommends.doc
[6 C:\Documents and Settings\Ray\My Documents\*.tmp files -> C:\Documents and Settings\Ray\My Documents\*.tmp -> ]
[12 C:\Documents and Settings\Ray\Desktop\*.tmp files -> C:\Documents and Settings\Ray\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/08/02 11:53:28 | 000,028,269 | ---- | C] () -- C:\Documents and Settings\Ray\Desktop\tr205.pdf
[2010/08/01 18:46:49 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\Ray\Desktop\Dad's PIN YALE.doc
[2010/08/01 00:27:56 | 000,090,205 | ---- | C] () -- C:\Documents and Settings\Ray\Desktop\YaleStudentAccountBrochure.pdf
[2010/08/01 00:05:42 | 000,000,852 | ---- | C] () -- C:\Documents and Settings\Ray\Desktop\FrostWire 4.20.7.lnk
[2010/07/29 01:53:38 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/07/29 01:31:58 | 000,025,088 | ---- | C] () -- C:\Documents and Settings\Ray\Desktop\Maser Instructions.doc
[2010/07/26 21:29:32 | 014,184,987 | ---- | C] () -- C:\Documents and Settings\Ray\My Documents\eleanorRiches.pdf
[2010/07/25 11:32:57 | 000,000,780 | ---- | C] () -- C:\Documents and Settings\Ray\Desktop\Norton Installation Files.lnk
[2010/07/24 11:19:05 | 000,020,480 | ---- | C] () -- C:\Documents and Settings\Ray\My Documents\This project library.doc
[2010/07/24 10:57:50 | 000,020,992 | ---- | C] () -- C:\Documents and Settings\Ray\My Documents\This project will answer three questions.doc
[2010/07/20 22:28:48 | 000,059,557 | ---- | C] () -- C:\Documents and Settings\Ray\Desktop\100721-102753.jpg
[2010/07/18 22:38:50 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/18 19:26:56 | 000,016,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/07/18 19:26:38 | 000,001,663 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Hitman Pro 3.5.lnk
[2010/07/11 09:30:30 | 000,020,635 | ---- | C] () -- C:\Documents and Settings\Ray\My Documents\Data_07112010.pxj
[2010/06/25 21:48:11 | 002,219,426 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\(6) - AI - Metalopolis (4x).s2ma
[2010/06/25 21:48:11 | 002,215,112 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\(6) - AI - Metalopolis (5x).s2ma
[2010/06/25 21:48:11 | 001,703,090 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\(4) - AI - Shakuras Plateau (3x).s2ma
[2010/06/25 21:48:11 | 001,703,076 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\(4) - AI - Shakuras Plateau (1x).s2ma
[2010/06/25 21:48:11 | 001,435,725 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\(4) - AI - Twilight Fortress (1x).s2ma
[2010/06/25 21:48:11 | 001,435,716 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\(4) - AI - Twilight Fortress (3x).s2ma
[2010/06/25 21:48:11 | 001,188,690 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\(4) - AI - Metalopolis (3x).s2ma
[2010/06/25 21:48:10 | 001,970,155 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\(4) - AI - Kulas Ravine (3x).s2ma
[2010/06/25 21:48:10 | 001,575,712 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\(4) - AI - Lost Temple (1x).s2ma
[2010/06/25 21:48:10 | 001,575,708 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\(4) - AI - Lost Temple (3x).s2ma
[2010/06/25 21:48:10 | 001,475,908 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\(2) - AI - Desert Oasis.s2ma
[2010/06/25 21:48:10 | 001,259,729 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\(2) - AI - Blistering Sands.s2ma
[2010/06/25 21:48:10 | 001,188,691 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\(4) - AI - Metalopolis (1x).s2ma
[2010/06/25 21:48:10 | 000,803,907 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\(2) - AI - Scrap Station.s2ma
[2010/06/25 19:44:13 | 000,000,617 | ---- | C] () -- C:\Documents and Settings\Ray\Application Data\myMPQ.ini
[2010/06/25 11:46:32 | 000,000,630 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\µTorrent.lnk
[2010/06/13 00:24:03 | 000,021,504 | ---- | C] () -- C:\Documents and Settings\Ray\My Documents\oyama.doc
[2010/06/11 11:57:59 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Ray\My Documents\~$vic Duty.doc
[2010/06/11 00:43:19 | 000,022,528 | ---- | C] () -- C:\Documents and Settings\Ray\My Documents\Civic Duty.doc
[2010/06/10 01:08:02 | 000,027,136 | ---- | C] () -- C:\Documents and Settings\Ray\My Documents\Senior Will.doc
[2010/06/08 00:35:29 | 000,023,040 | ---- | C] () -- C:\Documents and Settings\Ray\My Documents\Consitutional Morality.doc
[2010/06/06 13:49:21 | 000,023,552 | ---- | C] () -- C:\Documents and Settings\Ray\My Documents\Successor letter 1.doc
[2010/06/06 13:49:16 | 000,027,648 | ---- | C] () -- C:\Documents and Settings\Ray\My Documents\Successor letter 2.doc
[2010/06/04 06:57:23 | 000,025,600 | ---- | C] () -- C:\Documents and Settings\Ray\My Documents\Summary of Scientific Journal Article.doc
[2010/06/04 06:36:22 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Ray\My Documents\~$urce List.doc
[2010/06/02 02:13:43 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\Ray\My Documents\MORAL PRESIDENCY.doc
[2010/05/30 10:59:25 | 000,024,576 | ---- | C] () -- C:\Documents and Settings\Ray\My Documents\e_mail_to_agilent.doc
[2010/05/30 10:34:13 | 000,279,446 | ---- | C] () -- C:\Documents and Settings\Ray\My Documents\si-01735.pdf
[2010/05/30 10:33:59 | 000,083,503 | ---- | C] () -- C:\Documents and Settings\Ray\My Documents\SI-01511.pdf
[2010/05/29 09:54:15 | 000,038,394 | ---- | C] () -- C:\Documents and Settings\Ray\My Documents\eugene_to_shida.pdf
[2010/05/28 05:04:52 | 000,118,317 | ---- | C] () -- C:\Documents and Settings\Ray\My Documents\lcms-reference.pdf
[2010/05/28 02:40:55 | 000,029,184 | ---- | C] () -- C:\Documents and Settings\Ray\My Documents\Source List.doc
[2010/05/28 01:32:33 | 000,021,504 | ---- | C] () -- C:\Documents and Settings\Ray\My Documents\Current Event.doc
[2010/05/26 01:06:17 | 000,028,160 | ---- | C] () -- C:\Documents and Settings\Ray\My Documents\Shanghai.doc
[2010/05/25 21:37:47 | 000,001,620 | ---- | C] () -- C:\Documents and Settings\Ray\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/05/25 21:37:47 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/05/24 00:40:40 | 000,021,504 | ---- | C] () -- C:\Documents and Settings\Ray\My Documents\Essay Topic Proposal.doc
[2010/05/24 00:05:25 | 000,090,112 | ---- | C] () -- C:\Documents and Settings\Ray\My Documents\International Day JUDGING SHEET.doc
[2010/05/19 20:48:34 | 000,001,548 | ---- | C] () -- C:\Documents and Settings\Ray\Desktop\CCleaner.lnk
[2010/05/15 15:21:43 | 000,142,255 | ---- | C] () -- C:\Documents and Settings\Ray\My Documents\paper23.pdf
[2010/05/15 15:19:55 | 003,932,214 | ---- | C] () -- C:\Documents and Settings\Ray\My Documents\Endeavosil.bmp
[2010/05/14 10:18:48 | 000,022,528 | ---- | C] () -- C:\Documents and Settings\Ray\My Documents\CIVICS Politics and Satire.doc
[2010/05/12 01:35:14 | 000,023,552 | ---- | C] () -- C:\Documents and Settings\Ray\My Documents\Bias in Media.doc
[2010/05/12 01:09:33 | 000,022,016 | ---- | C] () -- C:\Documents and Settings\Ray\My Documents\Slouching Towards Bethlehem Response Journals LOS ANGELSE NOTEBOOK.doc
[2010/05/12 00:14:51 | 000,022,016 | ---- | C] () -- C:\Documents and Settings\Ray\My Documents\Slouching Towards Bethlehem On Self Respect.doc
[2010/05/12 00:14:51 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Ray\My Documents\~$ouching Towards Bethlehem On Self Respect.doc
[2010/05/11 22:21:57 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Ray\My Documents\~$ouching Towards Bethlehem Response Journals On Morality.docx
[2010/01/06 20:56:29 | 000,003,584 | ---- | C] () -- C:\WINDOWS\System32\bbchlp.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/03/07 09:51:36 | 000,000,038 | ---- | C] () -- C:\WINDOWS\wwwbatch.ini
[2009/01/17 10:48:44 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2008/11/30 09:17:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\HPMProp.INI
[2008/11/27 23:30:37 | 000,000,523 | ---- | C] () -- C:\WINDOWS\ATICIM.INI
[2008/11/27 21:43:19 | 000,000,354 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/11/27 20:17:25 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/09/22 12:17:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini

========== LOP Check ==========

[2008/11/28 16:34:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore
[2010/01/06 20:58:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Blueberry
[2010/07/18 19:26:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2009/04/18 14:23:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Musicnotes
[2009/09/06 11:12:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2009/05/15 21:05:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCSettings
[2010/01/06 18:13:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SlySoft
[2010/07/18 18:39:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/08/13 00:17:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WiFiTemp
[2009/06/06 11:22:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2008/11/28 00:01:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2009/10/30 00:48:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/08/18 18:58:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{7B6BA59A-FB0E-4499-8536-A7420338BF3B}
[2009/05/16 08:14:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2008/11/28 16:36:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ray\Application Data\acccore
[2010/01/03 11:39:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ray\Application Data\Audacity
[2010/01/06 20:58:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ray\Application Data\Blueberry
[2009/02/04 21:02:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ray\Application Data\FMZilla
[2010/08/03 10:11:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ray\Application Data\FrostWire
[2009/12/13 22:12:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ray\Application Data\ImgBurn
[2009/03/29 11:15:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ray\Application Data\ImTOO Software Studio
[2008/11/27 23:54:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ray\Application Data\Infineon
[2009/03/14 21:51:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ray\Application Data\Leadertech
[2010/06/25 11:33:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ray\Application Data\LimeWire
[2009/03/27 21:27:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ray\Application Data\Moyea
[2008/11/27 21:00:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ray\Application Data\MSNInstaller
[2010/08/01 09:14:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ray\Application Data\OpenCandy
[2009/02/12 17:42:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ray\Application Data\OpenOffice.org
[2010/01/06 20:55:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ray\Application Data\Seven Zip
[2009/04/10 06:40:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ray\Application Data\Smith Micro
[2010/06/26 01:19:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ray\Application Data\uTorrent

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2008/11/27 16:25:14 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/07/18 23:07:30 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2008/11/27 16:25:14 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2008/11/27 16:25:14 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/06/18 13:21:04 | 000,000,902 | -H-- | M] () -- C:\IPH.PH
[2008/11/27 16:25:14 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2009/08/12 23:04:25 | 000,000,571 | ---- | M] () -- C:\NTDClient.log
[2004/08/04 05:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2009/01/31 16:53:29 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/08/03 09:15:46 | 1598,029,824 | -HS- | M] () -- C:\pagefile.sys
[2010/07/27 08:59:48 | 000,011,034 | ---- | M] () -- C:\RootRepeal report 07-27-10 (08-59-48).txt
[2010/07/18 18:26:30 | 000,042,194 | ---- | M] () -- C:\TDSSKiller.2.3.2.2_18.07.2010_18.26.16_log.txt
[2010/07/18 18:40:06 | 000,041,972 | ---- | M] () -- C:\TDSSKiller.2.3.2.2_18.07.2010_18.39.53_log.txt
[2010/07/18 18:58:41 | 000,041,988 | ---- | M] () -- C:\TDSSKiller.2.3.2.2_18.07.2010_18.57.39_log.txt
[2010/07/20 11:59:38 | 000,041,706 | ---- | M] () -- C:\TDSSKiller.2.3.2.2_20.07.2010_11.59.19_log.txt
[2010/07/26 13:38:49 | 000,041,054 | ---- | M] () -- C:\TDSSKiller.2.3.2.2_26.07.2010_13.38.41_log.txt
[2009/06/06 11:16:27 | 000,000,918 | ---- | M] () -- C:\updatedatfix.log

< %systemroot%\system32\*.wt >

< %systemroot%\system32\*.ruy >

< %systemroot%\Fonts\*.com >
[2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2008/11/27 16:24:48 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 05:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2008/11/04 13:46:44 | 000,280,576 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpcpp083.dll
[2007/02/13 21:22:00 | 000,286,208 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp4wm.DLL
[2008/07/06 03:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2008/11/27 08:13:46 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2008/11/27 08:13:46 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2008/11/27 08:13:45 | 000,905,216 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-07-15 07:19:35

========== Files - Unicode (All) ==========
[2010/08/01 14:11:12 | 000,022,016 | ---- | M] ()(C:\Documents and Settings\Ray\My Documents\??????????.doc) -- C:\Documents and Settings\Ray\My Documents\首先是刮胡子用的乳液.doc
[2010/08/01 14:11:11 | 000,022,016 | ---- | C] ()(C:\Documents and Settings\Ray\My Documents\??????????.doc) -- C:\Documents and Settings\Ray\My Documents\首先是刮胡子用的乳液.doc
[2010/07/25 17:23:28 | 000,022,016 | ---- | M] ()(C:\Documents and Settings\Ray\My Documents\?????.doc) -- C:\Documents and Settings\Ray\My Documents\打电话进来.doc
[2010/07/25 17:23:28 | 000,022,016 | ---- | C] ()(C:\Documents and Settings\Ray\My Documents\?????.doc) -- C:\Documents and Settings\Ray\My Documents\打电话进来.doc
[2010/07/08 20:51:51 | 000,000,162 | -H-- | M] ()(C:\Documents and Settings\Ray\My Documents\~$?????.doc) -- C:\Documents and Settings\Ray\My Documents\~$华尔街日报.doc
[2010/07/08 20:51:51 | 000,000,162 | -H-- | C] ()(C:\Documents and Settings\Ray\My Documents\~$?????.doc) -- C:\Documents and Settings\Ray\My Documents\~$华尔街日报.doc
[2010/07/05 22:33:35 | 000,000,162 | -H-- | M] ()(C:\Documents and Settings\Ray\My Documents\~$? ?1.doc) -- C:\Documents and Settings\Ray\My Documents\~$导 语1.doc
[2010/07/05 22:33:35 | 000,000,162 | -H-- | C] ()(C:\Documents and Settings\Ray\My Documents\~$? ?1.doc) -- C:\Documents and Settings\Ray\My Documents\~$导 语1.doc
[2010/01/22 21:41:03 | 000,365,568 | ---- | M] ()(C:\Documents and Settings\Ray\My Documents\?????????????.doc) -- C:\Documents and Settings\Ray\My Documents\食品安全国家标准审评委员会.doc
[2010/01/22 21:41:03 | 000,365,568 | ---- | C] ()(C:\Documents and Settings\Ray\My Documents\?????????????.doc) -- C:\Documents and Settings\Ray\My Documents\食品安全国家标准审评委员会.doc
< End of report >

Share this topic:


  • 3 Pages +
  • 1
  • 2
  • 3