Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Trojans Detected & Lan Settings Altered

Started by Versacci , Aug 04 2010 06:09 PM

  • Please log in to reply

#1
Versacci
Posted 04 August 2010 - 06:09 PM

Versacci

    Member

  • Member
  • PipPip
  • 42 posts
Hello geegkstogoers!

Please help with my logs. In the past week, I have noticed a definitive slowness in my computer and internet speeds. General sluggishness with the PC's light flashing, and high CPU Usage. Also, when wanting to use the internet, I've noticed tat I can;t connect and (from past experiences) dealt with this by going into I Explorers Connections/Lan Settings tab and unchecking 'Use a prox server for your LAN' which I hadn't checked in the first place.

Overall weirdness happening, and definitely something wrong with system atm.

Antivir also pickdetecting things, and MBAM detecting things also.

Please, I'd really appreciate someone's help, and I shall now post the request logs as mentioned in the 'please read before posting/ thread.

*NB* OTL only gave me an OTL.Txt log, and no Extras.Txt, so please let me know how to proivde you with this, and I shall do so.

Here are the logs:

MBAM LOG:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4390

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

04/08/2010 23:16:17
mbam-log-2010-08-04 (23-16-17).txt

Scan type: Quick scan
Objects scanned: 141080
Time elapsed: 9 minute(s), 27 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\Software\SolutionAV (Rogue.AntivirSolutionPro) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\osenycnk (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\osenycnk (Trojan.Downloader) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Owner\Local Settings\Application Data\diwvtofho\hlsqjnctssd.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\svchost.exe (Trojan.Downloader) -> Quarantined and deleted successfully.


GMER LOG:


GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-08-05 00:54:10
Windows 5.1.2600 Service Pack 2
Running: gmer.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\kfpyrpow.sys


---- System - GMER 1.0.15 ----

SSDT F7A945E6 ZwCreateKey
SSDT F7A945DC ZwCreateThread
SSDT F7A945EB ZwDeleteKey
SSDT F7A945F5 ZwDeleteValueKey
SSDT F7A945FA ZwLoadKey
SSDT F7A945C8 ZwOpenProcess
SSDT F7A945CD ZwOpenThread
SSDT F7A94604 ZwReplaceKey
SSDT F7A945FF ZwRestoreKey
SSDT F7A945F0 ZwSetValueKey
SSDT F7A945D7 ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

? bxfkrvn.sys The system cannot find the file specified. !
.text C:\WINDOWS\System32\DRIVERS\nv4_mini.sys section is writeable [0xF713C340, 0xFFF7F, 0xF8000020]
init C:\WINDOWS\System32\Drivers\sunkfilt.sys entry point in "init" section [0xF785F300]
.text C:\WINDOWS\System32\nv4_disp.dll section is writeable [0xBF012300, 0x238C20, 0xF8000020]

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip MpFirewall.sys
AttachedDevice \Driver\Tcpip \Device\Ip ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp MpFirewall.sys
AttachedDevice \Driver\Tcpip \Device\Tcp ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp MpFirewall.sys
AttachedDevice \Driver\Tcpip \Device\Udp ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp MpFirewall.sys
AttachedDevice \Driver\Tcpip \Device\RawIp ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Classes\TypeLib\{E6859F27-1554-40E2-984E-75B7D56A936A}
Reg HKLM\SOFTWARE\Classes\TypeLib\{E6859F27-1554-40E2-984E-75B7D56A936A}\1.0
Reg HKLM\SOFTWARE\Classes\TypeLib\{E6859F27-1554-40E2-984E-75B7D56A936A}\1.0@ SENSReachability 1.0 Type Library
Reg HKLM\SOFTWARE\Classes\TypeLib\{E6859F27-1554-40E2-984E-75B7D56A936A}\1.0\0
Reg HKLM\SOFTWARE\Classes\TypeLib\{E6859F27-1554-40E2-984E-75B7D56A936A}\1.0\0\win32
Reg HKLM\SOFTWARE\Classes\TypeLib\{E6859F27-1554-40E2-984E-75B7D56A936A}\1.0\0\win32@ C:\Program Files\Common Files\AOL\ACS\AOLdialr.dll
Reg HKLM\SOFTWARE\Classes\TypeLib\{E6859F27-1554-40E2-984E-75B7D56A936A}\1.0\FLAGS
Reg HKLM\SOFTWARE\Classes\TypeLib\{E6859F27-1554-40E2-984E-75B7D56A936A}\1.0\FLAGS@ 0
Reg HKLM\SOFTWARE\Classes\TypeLib\{E6859F27-1554-40E2-984E-75B7D56A936A}\1.0\HELPDIR
Reg HKLM\SOFTWARE\Classes\TypeLib\{E6859F27-1554-40E2-984E-75B7D56A936A}\1.0\HELPDIR@ C:\Program Files\Common Files\AOL\ACS\

---- Files - GMER 1.0.15 ----

File C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\65I5QZAP\Default[1].aspx 21454 bytes

---- EOF - GMER 1.0.15 ----



OTL.text log: (Didn't give me an Extras.Txt log?)


OTL logfile created on: 05/08/2010 00:56:37 - Run 3
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1,023.00 Mb Total Physical Memory | 627.00 Mb Available Physical Memory | 61.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 87.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 70.01 Gb Total Space | 54.95 Gb Free Space | 78.49% Space Free | Partition Type: NTFS
Drive D: | 4.50 Gb Total Space | 0.55 Gb Free Space | 12.23% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YOUR-G2ASVV4L2M
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Minimal
Quick Scan

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Owner\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.2.183.29\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files\Avant Browser\avant.exe (Avant Force)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\AOL\1209815663\ee\aolsoftware.exe (America Online, Inc.)
PRC - C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe (AOL LLC)
PRC - C:\Program Files\McAfee.com\Personal Firewall\MpfTray.exe (McAfee Security)
PRC - C:\Program Files\McAfee.com\Personal Firewall\MpfAgent.exe (McAfee Security)
PRC - C:\Program Files\McAfee.com\Personal Firewall\MpfService.exe (McAfee Corporation)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Owner\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\ddraw.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\dciman32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)
MOD - C:\WINDOWS\system32\nview.dll (NVIDIA Corporation)
MOD - C:\WINDOWS\system32\nvwrseng.dll (NVIDIA Corporation)


========== Win32 Services (SafeList) ==========

SRV - (WLSetupSvc) -- File not found
SRV - (usnjsvc) -- File not found
SRV - (ServiceLayer) -- File not found
SRV - (HidServ) -- C:\WINDOWS\System32\hidserv.dll File not found
SRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not found
SRV - (StumbleUponUpdateService) -- C:\Program Files\StumbleUpon\StumbleUponUpdateService.exe (stumbleupon.com)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- C:\Program Files\WinPcap\rpcapd.exe (CACE Technologies, Inc.)
SRV - (AOL ACS) -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe (AOL LLC)
SRV - (MpfService) -- C:\Program Files\McAfee.com\Personal Firewall\MpfService.exe (McAfee Corporation)


========== Driver Services (SafeList) ==========

DRV - (SysProtDrv.sys) -- C:\Documents and Settings\Owner\Desktop\SysProt\SysProt\SysProtDrv.sys File not found
DRV - (catchme) -- C:\DOCUME~1\Owner\LOCALS~1\Temp\catchme.sys File not found
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (taphss) -- C:\WINDOWS\system32\drivers\taphss.sys (AnchorFree Inc)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (NPF) -- C:\WINDOWS\system32\drivers\npf.sys (CACE Technologies, Inc.)
DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia)
DRV - (tap0901) -- C:\WINDOWS\system32\drivers\tap0901.sys (The OpenVPN Project)
DRV - (tap0801) -- C:\WINDOWS\system32\drivers\tap0801.sys (The SHVPN Project)
DRV - (DELTA) Service for Delta Driver (WDM) -- C:\WINDOWS\system32\drivers\delta.sys (Midiman/M-Audio)
DRV - (AFS2K) -- C:\WINDOWS\System32\drivers\AFS2K.SYS (Oak Technology Inc.)
DRV - (nm) -- C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation)
DRV - (pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)
DRV - (nv_agp) -- C:\WINDOWS\System32\DRIVERS\nv_agp.sys (NVIDIA Corporation)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (SunkFilt) -- C:\WINDOWS\system32\drivers\Sunkfilt.sys (Alcor Micro Corp.)
DRV - (viaagp1) -- C:\WINDOWS\System32\DRIVERS\viaagp1.sys (VIA Technologies, Inc.)
DRV - (HSFHWBS2) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.)
DRV - (SiS315) -- C:\WINDOWS\system32\drivers\sisgrp.sys (Silicon Integrated Systems Corporation)
DRV - (SiSkp) -- C:\WINDOWS\system32\drivers\srvkp.sys (Silicon Integrated Systems Corporation)
DRV - (SISAGP) -- C:\WINDOWS\System32\DRIVERS\SISAGPX.sys (Silicon Integrated Systems Corporation)
DRV - (wanatw) WAN Miniport (ATW) -- C:\WINDOWS\system32\drivers\wanatw4.sys (America Online, Inc.)
DRV - (MPFIREWL) -- C:\WINDOWS\system32\drivers\MpFirewall.sys ()
DRV - (rtl8139) -- C:\WINDOWS\system32\drivers\R8139n51.sys (Realtek Semiconductor Corporation )
DRV - (Ps2) -- C:\WINDOWS\system32\drivers\PS2.sys (Hewlett-Packard Company)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6522

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: the changes will be overwritten when the application exits. * * To make a manual change to preferences
FF - prefs.js..extensions.enabledItems: you can visit the URL about:config * For more information
FF - prefs.js..extensions.enabledItems: see http://www.mozilla.o...zing.html#prefs */user_pref("app.update.lastUpdateTime.addon-background-update-timer"
FF - prefs.js..extensions.enabledItems: 1218143593);user_pref("app.update.lastUpdateTime.background-update-timer"
FF - prefs.js..extensions.enabledItems: 1218143591);user_pref("app.update.lastUpdateTime.blocklist-background-update-timer"
FF - prefs.js..extensions.enabledItems: 1218143591);user_pref("app.update.lastUpdateTime.microsummary-generator-update-timer"
FF - prefs.js..extensions.enabledItems: 1218143594);user_pref("app.update.lastUpdateTime.search-engine-update-timer"
FF - prefs.js..extensions.enabledItems: 1218143597);user_pref("browser.migration.version"
FF - prefs.js..extensions.enabledItems: 1);user_pref("browser.places.importBookmarksHTML"
FF - prefs.js..extensions.enabledItems: false);user_pref("browser.places.importDefaults"
FF - prefs.js..extensions.enabledItems: false);user_pref("browser.places.leftPaneFolderId"
FF - prefs.js..extensions.enabledItems: -1);user_pref("browser.places.migratePostDataAnnotations"
FF - prefs.js..extensions.enabledItems: false);user_pref("browser.places.smartBookmarksVersion"
FF - prefs.js..extensions.enabledItems: 1);user_pref("browser.places.updateRecentTagsUri"
FF - prefs.js..extensions.enabledItems: false);user_pref("browser.startup.homepage"
FF - prefs.js..extensions.enabledItems: "http://www.google.co.uk/");user_pref("browser.startup.homepage_override.mstone"
FF - prefs.js..extensions.enabledItems: "rv:1.9.0.1");user_pref("extensions.enabledItems"
FF - prefs.js..extensions.enabledItems: "3.0.1");user_pref("intl.charsetmenu.browser.cache"
FF - prefs.js..extensions.enabledItems: "ISO-8859-1
FF - prefs.js..extensions.enabledItems: UTF-8");user_pref("network.cookie.prefsMigrated"
FF - prefs.js..extensions.enabledItems: true);user_pref("urlclassifier.keyupdatetime.https://sb-ssl.google.com/safebrowsing/newkey
FF - prefs.js..browser.search.selectedEngine: "Orbit Search (Powered By Google)"
FF - prefs.js..network.proxy.type: 1
FF - prefs.js..network.proxy.http: "67.69.254.247"
FF - prefs.js..network.proxy.http_port: 80


[2008/08/07 22:13:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2008/08/07 22:13:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\rlis8chp.default\extensions

O1 HOSTS File: ([2010/05/05 12:53:05 | 000,393,184 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 13576 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (StumbleUpon Launcher) - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll (stumbleupon.com)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKLM\..\Toolbar: (StumbleUpon Toolbar) - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll (stumbleupon.com)
O3 - HKLM\..\Toolbar: (HP View) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll (Hewlett-Packard Company)
O3 - HKCU\..\Toolbar\ShellBrowser: (HP View) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll (Hewlett-Packard Company)
O3 - HKCU\..\Toolbar\WebBrowser: (HP View) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll (Hewlett-Packard Company)
O4 - HKLM..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe (AOL LLC)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\AOL\1209815663\ee\aolsoftware.exe (America Online, Inc.)
O4 - HKLM..\Run: [MPFExe] C:\Program Files\McAfee.com\Personal Firewall\MpfTray.exe (McAfee Security)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [Acme.PCHButton] C:\Program Files\HP Pavilion PC Help\Pavilion\XPHWWBP4\plugin\bin\PCHButton.exe (Motive Communications, Inc.)
O4 - HKCU..\Run: [NVIEW] C:\WINDOWS\System32\nview.dll (NVIDIA Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Reg Error: Value error. File not found
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} http://www.kaspersky...can_unicode.cab (CKAVWebScan Object)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} http://download.macr...ash/swflash.cab (Reg Error: Key error.)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} https://signin3.valu...018/flashax.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003/01/01 09:36:50 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/27 21:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\System32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.LEAD - C:\WINDOWS\System32\LCodcCMP.dll (LEAD Technologies, Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902053519425536)

========== Files/Folders - Created Within 90 Days ==========

File not found -- C:\Documents and Settings\Owner\Desktop\CAIJ4923.
[2010/08/04 23:09:14 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2010/08/04 17:30:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\diwvtofho
[2010/08/04 17:03:26 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner\Recent
[2010/08/03 22:24:47 | 000,217,088 | R--- | C] (Propellerhead Software AB) -- C:\WINDOWS\System32\ReWire.dll
[2010/08/03 16:32:07 | 000,000,000 | ---D | C] -- C:\Program Files\Free History Eraser
[2010/07/30 20:14:35 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/07/30 12:30:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\North Wales
[2010/06/15 17:43:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\PCHealth
[2010/05/25 01:22:44 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Owner\My Documents\My Videos

========== Files - Modified Within 90 Days ==========

File not found -- C:\Documents and Settings\Owner\Desktop\CAIJ4923.
[2010/08/05 00:53:00 | 000,000,976 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-57929295-3719358328-2888033797-1003UA.job
[2010/08/04 23:21:05 | 000,088,064 | ---- | M] () -- C:\WINDOWS\System32\Status.MPF
[2010/08/04 23:20:01 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/08/04 23:19:59 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/08/04 23:19:58 | 1073,074,176 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/04 23:18:14 | 010,223,616 | ---- | M] () -- C:\Documents and Settings\Owner\ntuser.dat
[2010/08/04 23:18:14 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Owner\ntuser.ini
[2010/08/04 23:09:17 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2010/08/04 23:08:55 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\gmer.zip
[2010/08/04 22:57:30 | 004,837,278 | -H-- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db
[2010/08/04 13:11:05 | 000,032,768 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\d7ca8aca-1ff2-4065-bbf4-37aee7c98cc8.jpg
[2010/08/03 22:53:00 | 000,000,924 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-57929295-3719358328-2888033797-1003Core.job
[2010/08/03 20:47:03 | 000,000,775 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/08/01 22:00:12 | 000,000,384 | ---- | M] () -- C:\WINDOWS\tasks\SmartDefrag.job
[2010/07/31 12:53:57 | 000,002,295 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Google Chrome.lnk
[2010/07/31 12:53:57 | 000,002,273 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/07/29 22:07:59 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/07/19 11:41:21 | 000,041,358 | ---- | M] () -- C:\Documents and Settings\Owner\.ems.cfg
[2010/07/17 12:11:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/07/14 14:46:13 | 000,026,510 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\131.JPG
[2010/07/13 13:08:52 | 000,045,185 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\funny_commixed_pictures_640_29.jpg
[2010/06/25 13:37:30 | 000,089,172 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\What the...-pics-13-thumb-572xauto-170163.jpg
[2010/06/16 01:05:06 | 000,041,897 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\7.jpg
[2010/06/15 17:39:28 | 000,237,552 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/15 15:12:26 | 000,503,304 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/06/15 15:12:26 | 000,442,466 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/06/15 15:12:26 | 000,071,732 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/05/30 14:41:57 | 000,000,712 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\FLV Player.lnk
[2010/05/08 11:44:16 | 000,413,401 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Society Islands.jpg
[2010/05/08 11:34:00 | 000,072,629 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\pro.jpg
[2010/05/07 22:47:07 | 000,337,165 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Rio.jpeg

========== Files Created - No Company Name ==========

[2010/08/04 23:08:53 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\gmer.zip
[2010/08/04 13:11:05 | 000,032,768 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\d7ca8aca-1ff2-4065-bbf4-37aee7c98cc8.jpg
[2010/08/03 16:54:44 | 000,024,620 | ---- | C] () -- C:\WINDOWS\System32\alert2093.wav
[2010/07/30 22:45:13 | 1073,074,176 | -HS- | C] () -- C:\hiberfil.sys
[2010/07/14 14:46:13 | 000,026,510 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\131.JPG
[2010/07/13 13:08:52 | 000,045,185 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\funny_commixed_pictures_640_29.jpg
[2010/06/25 13:37:30 | 000,089,172 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\What the...-pics-13-thumb-572xauto-170163.jpg
[2010/06/07 18:34:26 | 000,041,897 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\7.jpg
[2010/06/02 21:49:23 | 010,223,616 | ---- | C] () -- C:\Documents and Settings\Owner\ntuser.dat
[2010/05/30 14:41:57 | 000,000,712 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\FLV Player.lnk
[2010/05/08 11:44:16 | 000,413,401 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Society Islands.jpg
[2010/05/08 11:34:00 | 000,072,629 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\pro.jpg
[2010/05/07 22:47:07 | 000,337,165 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Rio.jpeg
[2009/11/29 16:36:26 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\Implode.dll
[2009/08/08 19:35:48 | 000,173,384 | ---- | C] () -- C:\WINDOWS\System32\AVLibrary.dll
[2009/02/19 19:39:49 | 000,000,068 | ---- | C] () -- C:\WINDOWS\MyProg.ini
[2008/12/23 16:33:18 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2008/08/08 12:47:37 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\MpfApi.dll
[2008/08/08 12:47:36 | 000,055,936 | ---- | C] () -- C:\WINDOWS\System32\drivers\MpFirewall.sys
[2008/05/26 21:21:01 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\SimpleExt.dll
[2008/05/03 12:13:46 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2008/04/18 14:50:36 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/03/16 16:24:40 | 000,000,302 | ---- | C] () -- C:\WINDOWS\ARColorCodes.ini
[2007/12/05 14:43:31 | 000,000,540 | ---- | C] () -- C:\WINDOWS\AppRun.ini
[2003/06/09 20:25:04 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[2003/01/01 16:25:02 | 000,000,531 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/01/01 12:05:46 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\PCDrJNI_1_1.dll
[2003/01/01 11:53:15 | 000,028,986 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2003/01/01 11:52:51 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\syscontr.dll
[2003/01/01 11:52:15 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2003/01/01 10:48:22 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2003/01/01 10:20:42 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/01/01 10:11:43 | 000,299,073 | ---- | C] () -- C:\WINDOWS\System32\PythonCOM22.dll
[2003/01/01 10:11:43 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes22.dll
[2003/01/01 10:11:23 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2003/01/01 09:40:09 | 000,000,802 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2003/01/01 09:34:24 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003/01/01 09:14:03 | 000,000,438 | ---- | C] () -- C:\WINDOWS\System32\1_ssetup.ini
[2003/01/01 09:14:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\sunistlog.ini

========== LOP Check ==========

[2008/02/14 18:54:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AceBIT
[2009/11/28 19:41:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Arovax
[2009/11/28 19:39:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AutoHideIP
[2008/02/14 17:35:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GlobalSCAPE
[2003/01/01 11:47:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InterVideo
[2009/09/19 14:41:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2008/02/03 17:55:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MGS
[2008/12/21 15:22:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Microgaming
[2009/12/19 16:33:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NokiaMusic
[2010/07/30 20:07:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2010/01/16 20:54:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/02/14 18:54:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\AceBIT
[2009/09/20 14:03:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Auslogics
[2009/11/28 19:39:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\AutoHideIP
[2008/08/13 21:56:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2008/02/13 15:39:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\CoreFTP
[2008/03/01 13:48:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\FileZilla
[2008/03/22 04:39:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\GetRightToGo
[2008/02/14 17:35:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\GlobalSCAPE
[2009/12/24 18:47:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Hide IP NG
[2009/09/19 14:46:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\IObit
[2009/08/26 15:44:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mask Surf
[2009/12/19 16:34:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Nokia
[2009/10/17 14:46:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\OpenOffice.org
[2009/01/31 22:00:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Orbit
[2009/12/19 16:44:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\PC Suite
[2009/03/08 22:09:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Primal 3D Body
[2003/01/01 12:20:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SampleView
[2008/02/16 17:35:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SmartDraw
[2010/08/04 22:56:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\StumbleUpon
[2010/04/28 16:45:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Tenebril
[2009/09/19 14:07:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Uniblue
[2010/08/04 23:18:19 | 000,032,564 | ---- | M] () -- C:\WINDOWS\Tasks\SCHEDLGU.TXT
[2010/08/01 22:00:12 | 000,000,384 | ---- | M] () -- C:\WINDOWS\Tasks\SmartDefrag.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2003/01/01 09:36:50 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2008/08/07 23:47:12 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2003/09/23 20:19:00 | 000,245,920 | RHS- | M] () -- C:\cmldr
[2003/01/01 09:36:50 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt
[2007/11/07 08:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt
[2007/11/07 08:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt
[2007/11/07 08:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
[2010/08/04 23:19:58 | 1073,074,176 | -HS- | M] () -- C:\hiberfil.sys
[2007/11/07 08:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
[2007/11/07 08:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
[2007/11/07 08:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
[2007/11/07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
[2007/11/07 08:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
[2007/11/07 08:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
[2007/11/07 08:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
[2007/11/07 08:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
[2007/11/07 08:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
[2007/11/07 08:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
[2007/11/07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
[2003/01/01 09:36:50 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/11/28 19:47:17 | 000,000,125 | ---- | M] () -- C:\ioSpecial.ini
[2003/01/01 09:36:50 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2007/12/05 21:31:02 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2007/12/05 21:31:02 | 000,250,032 | RHS- | M] () -- C:\ntldr
[2010/08/04 23:19:57 | 1610,612,736 | -HS- | M] () -- C:\pagefile.sys
[2008/09/06 03:09:46 | 000,000,018 | -H-- | M] () -- C:\SYSREST
[2007/11/07 08:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
[2007/11/07 08:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab
[2007/11/07 08:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI

< %systemroot%\system32\*.wt >

< %systemroot%\system32\*.ruy >

< %systemroot%\Fonts\*.com >
[2006/04/18 16:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 15:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 16:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 15:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2003/01/01 09:35:54 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 13:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2008/07/06 11:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2009/05/17 01:50:56 | 000,000,712 | ---- | M] () -- C:\Program Files\FLV Player

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2003/01/01 09:27:42 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2003/01/01 09:27:42 | 000,602,112 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2003/01/01 09:27:42 | 000,389,120 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-07-14 16:53:24

========== Alternate Data Streams ==========

@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB0AACC9
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AF1D8F55
< End of report >
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP