OTL:
OTL logfile created on: 9/8/2010 4:01:01 AM - Run 1
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Documents and Settings\Administrator\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1,007.00 Mb Total Physical Memory | 463.00 Mb Available Physical Memory | 46.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 54.00% Paging File free
Paging file location(s): C:\pagefile.sys 1512 3024 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 0.16 Gb Free Space | 0.11% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: EXPERIEN-36ACAF
Current User Name: Administrator
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
========== Processes (SafeList) ==========
PRC - [2010/09/08 03:57:17 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\My Documents\Downloads\OTL.exe
PRC - [2010/09/06 21:03:47 | 002,424,560 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\f88a988c-b662-482d-9df3-ef43bc25ff9b.com
PRC - [2010/07/22 20:07:03 | 000,014,808 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2010/07/22 20:06:53 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/07/14 15:19:20 | 003,973,464 | ---- | M] (Enigma Software Group USA, LLC.) -- C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe
PRC - [2010/04/09 00:29:18 | 000,232,896 | ---- | M] (Vuze Inc.) -- C:\Program Files\Vuze\Azureus.exe
PRC - [2009/09/29 08:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2009/01/03 20:00:28 | 000,151,552 | ---- | M] (South Bay Software) -- C:\Program Files\NoAds\NoAds.exe
PRC - [2008/10/15 13:31:53 | 000,068,865 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
PRC - [2008/10/15 13:30:02 | 000,151,297 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
PRC - [2008/06/12 13:28:45 | 000,266,497 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
PRC - [2008/05/03 06:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/21 06:08:15 | 000,215,552 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows NT\Accessories\wordpad.exe
PRC - [2007/09/05 09:53:48 | 000,020,480 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2006/10/18 15:46:20 | 000,064,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmplayer.exe
PRC - [2005/06/21 05:29:20 | 000,577,597 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2005/01/31 01:05:50 | 000,253,952 | ---- | M] (Atheros Communications, Inc.) -- C:\Program Files\Atheros\ACU.exe
PRC - [2004/12/27 10:12:16 | 000,036,864 | ---- | M] () -- C:\WINDOWS\system32\acs.exe
========== Modules (SafeList) ==========
MOD - [2010/09/08 03:57:17 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\My Documents\Downloads\OTL.exe
MOD - [2009/01/03 20:00:29 | 000,057,344 | ---- | M] () -- C:\Program Files\NoAds\NoAds.dll
MOD - [2008/05/03 06:00:00 | 001,054,208 | R--- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5508_x-ww_35d3ce4a\comctl32.dll
MOD - [2008/05/03 06:00:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
========== Win32 Services (SafeList) ==========
SRV - File not found [Disabled | Stopped] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - [2010/07/14 15:19:28 | 000,326,488 | ---- | M] (Enigma Software Group USA, LLC.) [Auto | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe -- (SpyHunter 4 Service)
SRV - [2010/05/05 00:09:00 | 000,137,560 | ---- | M] (WeFi) [On_Demand | Stopped] -- C:\Program Files\WeFi\WefiEngSvc.exe -- (WefiEngSvc)
SRV - [2010/03/26 11:16:04 | 000,093,320 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2009/09/29 08:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2008/10/15 13:31:53 | 000,068,865 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe -- (AntiVirScheduler)
SRV - [2008/10/15 13:30:02 | 000,151,297 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe -- (AntiVirService)
SRV - [2007/09/05 09:53:48 | 000,020,480 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2007/05/24 07:08:44 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2004/12/27 10:12:16 | 000,036,864 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\acs.exe -- (ACS)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\usbaapl.sys -- (USBAAPL)
DRV - File not found [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SABKUTIL.sys -- (SABKUTIL)
DRV - [2010/07/13 04:33:02 | 000,075,096 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2010/07/13 04:25:00 | 000,052,056 | ---- | M] (Avira GmbH) [File_System | On_Demand | Running] -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys -- (avgntflt)
DRV - [2010/07/13 04:24:48 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys -- (avgio)
DRV - [2010/05/10 12:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 12:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/01/27 18:10:44 | 000,005,248 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV - [2008/05/03 06:00:00 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/03/13 04:35:56 | 000,476,416 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt2870.sys -- (rt2870)
DRV - [2007/03/01 09:34:22 | 000,028,352 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2006/12/20 19:26:00 | 004,405,248 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2005/06/21 05:17:30 | 000,401,152 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2005/06/21 05:16:12 | 000,023,271 | ---- | M] (Broadcom Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\btserial.sys -- (BTSERIAL)
DRV - [2005/06/21 05:16:06 | 000,222,876 | ---- | M] (Broadcom Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\btslbcsp.sys -- (BTSLBCSP)
DRV - [2005/06/21 05:15:10 | 001,341,466 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2005/06/21 05:13:24 | 000,030,363 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2005/06/21 05:09:54 | 000,148,040 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2005/06/15 06:36:00 | 000,075,136 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp)
DRV - [2005/04/28 09:26:48 | 000,037,248 | R--- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ESD7SK.sys -- (ESDCR)
DRV - [2005/04/27 03:53:06 | 000,074,112 | R--- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ESM7SK.sys -- (ESMCR)
DRV - [2005/04/22 00:32:00 | 000,189,536 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2005/03/23 07:28:52 | 000,165,504 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2005/03/23 06:29:34 | 001,033,600 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/03/23 06:28:48 | 000,705,280 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/01/13 03:04:18 | 000,057,984 | R--- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\EMS7SK.sys -- (EMSCR)
DRV - [2005/01/10 08:47:14 | 000,449,888 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211)
DRV - [2004/12/09 03:54:12 | 000,046,592 | ---- | M] (SMSC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie_rsearch.html
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-57989841-790525478-1177238915-500\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKU\S-1-5-21-57989841-790525478-1177238915-500\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-57989841-790525478-1177238915-500\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-57989841-790525478-1177238915-500\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKU\S-1-5-21-57989841-790525478-1177238915-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-57989841-790525478-1177238915-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {fe0258ab-4f74-43a1-8781-bcdf340f9ee9}:2.6.4
FF - prefs.js..network.proxy.type: 0
FF - HKLM\software\mozilla\Firefox\extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/07/21 21:14:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/09/04 04:19:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/20 04:12:54 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Sunbird 1.0b1\extensions\\Components: C:\Program Files\Mozilla Sunbird\components
FF - HKLM\software\mozilla\Mozilla Sunbird 1.0b1\extensions\\Plugins: C:\Program Files\Mozilla Sunbird\plugins
[2010/08/20 04:14:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2010/07/27 02:31:57 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions\{718e30fb-e89b-41dd-9da7-e25a45638b28}
[2010/07/27 02:31:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions\{92650c4d-4b8e-4d2a-b7eb-24ecf4f6b63a}
[2010/09/07 15:55:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\g5lborpc.default\extensions
[2010/08/20 05:20:57 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\g5lborpc.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/09/07 15:55:01 | 000,000,000 | ---D | M] (Redirect Remover) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\g5lborpc.default\extensions\{fe0258ab-4f74-43a1-8781-bcdf340f9ee9}
[2010/07/27 02:31:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\SeaMonkey\Profiles\20m4spot.default\extensions
[2010/07/27 02:31:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Sunbird\Profiles\e346ms0s.default\extensions
[2010/08/20 04:12:57 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
O1 HOSTS File: ([2010/09/05 01:13:03 | 000,408,909 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 14139 more lines...
O3 - HKU\S-1-5-21-57989841-790525478-1177238915-500\..\Toolbar\WebBrowser: (no name) - {52A9AD99-CC4B-44B2-8493-3D0CA9040134} - No CLSID value found.
O3 - HKU\S-1-5-21-57989841-790525478-1177238915-500\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\S-1-5-21-57989841-790525478-1177238915-500\..\Toolbar\WebBrowser: (no name) - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - No CLSID value found.
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [SkyTel] C:\WINDOWS\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SpyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe (Enigma Software Group USA, LLC.)
O4 - HKU\S-1-5-21-57989841-790525478-1177238915-500..\Run: [NoAds] C:\Program Files\NoAds\NoAds.exe (South Bay Software)
O4 - HKU\S-1-5-21-57989841-790525478-1177238915-500..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-21-57989841-790525478-1177238915-500..\Run: [wefi] C:\Program Files\WeFi\\WeFi.exe ()
O4 - HKU\S-1-5-21-57989841-790525478-1177238915-500..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil10h_Plugin.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRemoteRecursiveEvents = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: MemCheckBoxInRunDlg = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuFavorites = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Start_ShowMyComputer = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Start_ShowMyDocs = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Start_ShowMyMusic = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Start_ShowRun = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Start_ShowSearch = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoInternetOpenWith = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: MemCheckBoxInRunDlg = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSharedDocuments = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: MemCheckBoxInRunDlg = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSharedDocuments = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: MemCheckBoxInRunDlg = 1
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSharedDocuments = 1
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: MemCheckBoxInRunDlg = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSharedDocuments = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O7 - HKU\S-1-5-21-57989841-790525478-1177238915-500\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-57989841-790525478-1177238915-500\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-57989841-790525478-1177238915-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-57989841-790525478-1177238915-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\S-1-5-21-57989841-790525478-1177238915-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKU\S-1-5-21-57989841-790525478-1177238915-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\S-1-5-21-57989841-790525478-1177238915-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKU\S-1-5-21-57989841-790525478-1177238915-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: MemCheckBoxInRunDlg = 1
O7 - HKU\S-1-5-21-57989841-790525478-1177238915-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSharedDocuments = 1
O7 - HKU\S-1-5-21-57989841-790525478-1177238915-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O15 - HKU\S-1-5-21-57989841-790525478-1177238915-500\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\intu-help-qb1 {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll (TODO: <Company name>)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/10/17 19:10:13 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: 6to4 - File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
Unable to start service SrService!
========== Files/Folders - Created Within 90 Days ==========
[2010/09/05 01:12:13 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2010/09/05 01:11:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\95431C66CF9A4913BFFF6050785AFB65.TMP
[2010/09/05 01:11:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2010/09/05 01:11:01 | 000,000,000 | ---D | C] -- C:\Program Files\RegTweaker
[2010/08/30 03:40:59 | 000,000,000 | ---D | C] -- C:\Program Files\WeFi
[2010/08/21 04:10:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\New Folder
[2010/08/20 04:12:50 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/08/19 18:18:03 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2010/08/18 18:29:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/08/18 18:29:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
[2010/08/18 18:29:12 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/08/14 20:06:15 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2010/08/14 20:02:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Batchwork
[2010/08/09 01:33:52 | 000,000,000 | ---D | C] -- C:\Program Files\Calc98
[2010/07/29 12:28:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\supportsoft
[2010/07/29 12:28:28 | 001,843,200 | ---- | C] (Apache Software Foundation) -- C:\WINDOWS\System32\acXMLParser.dll
[2010/07/29 12:28:24 | 003,518,464 | ---- | C] (Amyuni Technologies
http://www.amyuni.com) -- C:\WINDOWS\System32\cdintf300.dll
[2010/07/29 12:22:14 | 000,000,000 | ---D | C] -- C:\Program Files\Intuit
[2010/07/29 12:22:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Intuit
[2010/07/29 01:58:53 | 000,000,000 | -H-D | C] -- C:\VritualRoot
[2010/07/29 01:29:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Comodo
[2010/07/29 01:05:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Comodo Downloader
[2010/07/29 00:39:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Panda Security
[2010/07/29 00:37:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Panda Security
[2010/07/24 01:23:06 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2010/07/13 04:21:44 | 000,045,376 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2010/07/13 04:21:44 | 000,028,352 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2010/07/13 04:21:44 | 000,022,336 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2010/07/13 04:21:43 | 000,075,096 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2010/07/13 04:21:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2010/07/11 12:52:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\SafeReturner
[2010/07/11 12:51:57 | 000,000,000 | ---D | C] -- C:\Program Files\Safe Returner
[2010/07/11 05:00:45 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/06/27 18:57:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/06/27 04:47:55 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/06/27 04:15:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2010/06/27 03:15:16 | 000,090,624 | ---- | C] (KDC) -- C:\WINDOWS\System32\GradientButtonS.ocx
[2010/06/27 01:47:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\KB905474
[2010/06/26 03:01:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie7updates
[2010/06/26 03:00:57 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2010/06/26 00:13:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
[2010/06/24 22:26:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/06/22 03:46:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2010/06/21 16:56:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\.SunDownloadManager
[2010/06/21 15:01:40 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2010/06/21 05:24:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SITEguard
[2010/06/21 05:22:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2010/06/17 03:03:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/06/17 03:03:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 90 Days ==========
[2010/09/08 03:42:28 | 000,247,296 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/05 04:48:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/09/05 01:13:03 | 000,408,909 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/09/05 01:12:26 | 008,912,896 | -H-- | M] () -- C:\Documents and Settings\Administrator\NTUSER.DAT
[2010/09/05 01:12:24 | 000,001,989 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\SpyHunter.lnk
[2010/09/05 01:11:09 | 000,000,706 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\RegTweaker.lnk
[2010/08/31 22:06:32 | 000,000,324 | ---- | M] () -- C:\WINDOWS\tasks\WefiStartup.job
[2010/08/31 22:06:12 | 000,000,654 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\WeFi.lnk
[2010/08/31 22:02:35 | 000,000,274 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2010/08/31 15:35:25 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2010/08/31 15:34:36 | 000,000,599 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Documen2t.rtf
[2010/08/29 13:16:38 | 000,001,505 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Vuze.lnk
[2010/08/29 13:16:38 | 000,001,505 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Vuze.lnk
[2010/08/27 12:54:59 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/08/27 12:40:28 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/08/27 12:40:26 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/08/20 04:13:12 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/08/20 04:13:12 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/08/18 18:29:15 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/08/15 18:29:21 | 000,020,584 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/08/14 22:06:47 | 000,126,912 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/08/14 20:02:04 | 000,001,069 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Batch XLSX to XLS Converter.lnk
[2010/08/14 20:02:04 | 000,001,053 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Batch XLSX to XLS Converter.lnk
[2010/08/12 18:40:41 | 000,000,816 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\realestate.rtf
[2010/08/11 00:14:41 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/08/11 00:13:39 | 000,489,254 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/08/11 00:13:39 | 000,432,924 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/08/11 00:13:39 | 000,067,714 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/08/09 01:34:09 | 000,000,720 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Calc98.LNK
[2010/08/02 16:10:01 | 004,833,950 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db
[2010/07/29 12:28:06 | 000,002,109 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
[2010/07/29 12:28:06 | 000,001,906 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickBooks Premier - Accountant Edition 2008.lnk
[2010/07/29 12:25:48 | 000,000,212 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Process Credit Cards in QuickBooks.url
[2010/07/29 12:25:48 | 000,000,208 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Support for QuickBooks.url
[2010/07/29 12:25:48 | 000,000,188 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Checks & More for QuickBooks.url
[2010/07/29 12:25:48 | 000,000,173 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Payroll for QuickBooks.url
[2010/07/29 11:17:03 | 001,474,832 | ---- | M] () -- C:\WINDOWS\System32\drivers\sfi.dat
[2010/07/27 02:31:37 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Sunbird.lnk
[2010/07/27 02:31:37 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Sunbird.lnk
[2010/07/24 01:23:09 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\SpywareBlaster.lnk
[2010/07/16 16:12:10 | 000,000,000 | ---- | M] () -- C:\Program Files\Messenger
[2010/07/16 02:30:24 | 000,008,445 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\resumehelp.rtf
[2010/07/13 04:33:02 | 000,075,096 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2010/07/13 04:22:09 | 000,001,851 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AntiVir PE Classic.lnk
[2010/07/11 12:46:27 | 000,020,936 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\bookmarks-2010-07-11.json
[2010/07/11 05:00:46 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\HijackThis.lnk
[2010/07/08 22:54:14 | 000,000,474 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\receipts.rtf
[2010/07/08 22:39:42 | 000,000,090 | ---- | M] () -- C:\WINDOWS\QBChanUtil_Trigger.ini
[2010/07/06 00:48:32 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/07/05 20:28:39 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/06/27 04:47:20 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/06/22 03:35:17 | 000,000,231 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/06/21 17:05:13 | 000,000,714 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2010/06/21 16:59:55 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Administrator\jre-6u20-windows-i586.exe
[2010/06/21 16:57:09 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Administrator\jre-6u20-windows-i586.exe.bak
[2010/06/21 16:56:44 | 000,001,188 | ---- | M] () -- C:\Documents and Settings\Administrator\jre-6u20-windows-i586.exe.sdm
[2010/06/21 06:17:27 | 000,000,136 | ---- | M] () -- C:\WINDOWS\System32\drivers\kgpfr2.cfg
[2010/06/21 05:33:14 | 000,001,264 | ---- | M] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2010/06/21 05:26:33 | 000,016,384 | -H-- | M] () -- C:\SZKGFS.dat
[2010/06/17 21:51:44 | 000,007,849 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\different.rtf
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2010/09/08 03:30:41 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\gmer.exe
[2010/09/06 20:22:49 | 000,000,451 | ---- | C] () -- C:\Documents and Settings\Administrator\ATHTEMP.TXT
[2010/09/05 01:12:24 | 000,001,989 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\SpyHunter.lnk
[2010/09/05 01:11:09 | 000,000,706 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\RegTweaker.lnk
[2010/08/31 22:06:32 | 000,000,324 | ---- | C] () -- C:\WINDOWS\tasks\WefiStartup.job
[2010/08/31 15:34:36 | 000,000,599 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Documen2t.rtf
[2010/08/30 03:41:14 | 000,000,654 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\WeFi.lnk
[2010/08/20 04:13:12 | 000,001,620 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/08/20 04:13:12 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/08/18 18:29:15 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/08/14 20:02:04 | 000,001,069 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Batch XLSX to XLS Converter.lnk
[2010/08/14 20:02:04 | 000,001,053 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Batch XLSX to XLS Converter.lnk
[2010/08/12 18:40:40 | 000,000,816 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\realestate.rtf
[2010/08/09 01:34:09 | 000,000,720 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Calc98.LNK
[2010/07/29 12:28:06 | 000,002,109 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
[2010/07/29 12:28:06 | 000,001,906 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickBooks Premier - Accountant Edition 2008.lnk
[2010/07/29 12:25:48 | 000,000,212 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Process Credit Cards in QuickBooks.url
[2010/07/29 12:25:48 | 000,000,208 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Support for QuickBooks.url
[2010/07/29 12:25:48 | 000,000,188 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Checks & More for QuickBooks.url
[2010/07/29 12:25:48 | 000,000,173 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Payroll for QuickBooks.url
[2010/07/29 01:56:41 | 001,474,832 | ---- | C] () -- C:\WINDOWS\System32\drivers\sfi.dat
[2010/07/27 02:31:37 | 000,001,620 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Sunbird.lnk
[2010/07/27 02:31:37 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Sunbird.lnk
[2010/07/24 01:23:09 | 000,000,690 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\SpywareBlaster.lnk
[2010/07/16 16:12:10 | 000,000,000 | ---- | C] () -- C:\Program Files\Messenger
[2010/07/16 01:25:37 | 000,008,445 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\resumehelp.rtf
[2010/07/13 04:22:08 | 000,001,851 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AntiVir PE Classic.lnk
[2010/07/11 12:46:27 | 000,020,936 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\bookmarks-2010-07-11.json
[2010/07/11 05:00:46 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\HijackThis.lnk
[2010/07/10 20:04:32 | 000,002,032 | ---- | C] () -- C:\Program Files\Common Files\Report-Scan-20100710-200432.txt
[2010/07/08 22:54:37 | 000,070,728 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/07/08 22:54:14 | 000,000,474 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\receipts.rtf
[2010/06/27 04:51:58 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/06/27 01:47:30 | 000,000,274 | ---- | C] () -- C:\WINDOWS\tasks\WGASetup.job
[2010/06/21 16:57:09 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator\jre-6u20-windows-i586.exe.bak
[2010/06/21 16:57:09 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator\jre-6u20-windows-i586.exe
[2010/06/21 16:56:44 | 000,001,188 | ---- | C] () -- C:\Documents and Settings\Administrator\jre-6u20-windows-i586.exe.sdm
[2010/06/21 06:17:27 | 000,000,136 | ---- | C] () -- C:\WINDOWS\System32\drivers\kgpfr2.cfg
[2010/06/21 05:31:38 | 000,001,264 | ---- | C] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2010/06/21 05:26:33 | 000,016,384 | -H-- | C] () -- C:\SZKGFS.dat
[2010/06/17 21:51:43 | 000,007,849 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\different.rtf
[2010/05/22 14:55:24 | 000,000,090 | ---- | C] () -- C:\WINDOWS\QBChanUtil_Trigger.ini
[2010/04/06 03:51:22 | 000,247,296 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/11/05 22:56:53 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2008/10/20 01:54:51 | 000,356,352 | R--- | C] () -- C:\WINDOWS\EMCRI.dll
[2008/10/19 20:02:08 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2008/10/19 20:02:08 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2008/10/19 20:02:05 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/10/19 20:02:04 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008/10/19 20:02:04 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2008/10/17 19:12:40 | 000,000,135 | ---- | C] () -- C:\WINDOWS\System32\prio.ini
[2008/10/17 19:12:17 | 000,462,848 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2007/02/09 03:25:06 | 000,230,424 | ---- | C] () -- C:\WINDOWS\ptm_nt.dll
[2006/09/18 14:37:50 | 000,000,530 | ---- | C] () -- C:\WINDOWS\System32\tx12_ic.ini
[2006/09/18 14:37:48 | 000,667,280 | ---- | C] () -- C:\WINDOWS\System32\tx12.dll
[2005/06/21 05:19:28 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2002/05/15 16:29:04 | 000,000,607 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2001/11/23 11:18:00 | 000,000,597 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
[2001/11/14 06:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
========== LOP Check ==========
[2009/01/05 23:11:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\acccore
[2010/09/08 04:03:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Azureus
[2010/07/29 00:39:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Panda Security
[2010/08/17 23:53:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SafeReturner
[2010/06/27 02:21:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SkyDownloader
[2010/06/10 00:02:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Vip Torrent
[2010/06/27 18:57:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/04/28 02:30:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2010/05/22 14:55:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\COMMON FILES
[2010/07/29 00:37:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Panda Security
[2010/06/21 05:24:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SITEguard
[2010/05/22 14:55:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SQL Anywhere 11
[2010/06/21 14:37:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2010/09/06 21:56:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/01/05 23:28:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2008/12/19 15:01:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2009/07/06 00:44:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore
[2010/09/05 04:48:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2010/08/31 22:06:32 | 000,000,324 | ---- | M] () -- C:\WINDOWS\Tasks\WefiStartup.job
[2010/08/31 22:02:35 | 000,000,274 | ---- | M] () -- C:\WINDOWS\Tasks\WGASetup.job
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.* >
[2010/06/29 18:15:22 | 000,000,668 | ---- | M] () -- C:\aaw7boot.log
[2008/10/17 19:10:13 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/01/10 04:54:31 | 000,000,212 | RHS- | M] () -- C:\boot.ini
[2008/10/17 19:10:13 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2008/10/17 19:10:13 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/01/05 23:17:52 | 000,001,036 | -H-- | M] () -- C:\IPH.PH
[2008/10/17 19:10:13 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008/05/03 06:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/05/03 06:00:00 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/08/27 12:40:23 | 1585,446,912 | -HS- | M] () -- C:\pagefile.sys
[2010/06/21 05:26:33 | 000,016,384 | -H-- | M] () -- C:\SZKGFS.dat
< %systemroot%\Fonts\*.com >
[2006/04/18 14:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 13:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 14:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 13:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
< %systemroot%\Fonts\*.dll >
< %systemroot%\Fonts\*.ini >
[2008/10/17 19:09:39 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini
< %systemroot%\Fonts\*.ini2 >
< %systemroot%\Fonts\*.exe >
< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 06:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2008/07/06 04:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
< %systemroot%\REPAIR\*.bak1 >
< %systemroot%\REPAIR\*.ini >
< %systemroot%\system32\*.jpg >
< %systemroot%\*.jpg >
< %systemroot%\*.png >
< %systemroot%\*.scr >
< %systemroot%\*._sy >
< %APPDATA%\Adobe\Update\*.* >
< %ALLUSERSPROFILE%\Favorites\*.* >
< %APPDATA%\Microsoft\*.* >
< %PROGRAMFILES%\*.* >
[2010/07/16 16:12:10 | 000,000,000 | ---- | M] () -- C:\Program Files\Messenger
< %APPDATA%\Update\*.* >
< %systemroot%\*. /mp /s >
< %systemroot%\System32\config\*.sav >
[2008/10/17 19:58:15 | 000,102,400 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2008/10/17 19:58:14 | 001,085,440 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2008/10/17 19:58:14 | 000,913,408 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
< %PROGRAMFILES%\Common Files\*.* >
[2010/07/10 20:04:32 | 000,002,032 | ---- | M] () -- C:\Program Files\Common Files\Report-Scan-20100710-200432.txt
< %systemroot%\*.src >
< %systemroot%\install\*.* >
< %systemroot%\system32\DLL\*.* >
< %systemroot%\system32\HelpFiles\*.* >
< %systemroot%\system32\rundll\*.* >
< %systemroot%\winn32\*.* >
< %systemroot%\Java\*.* >
< %systemroot%\system32\test\*.* >
< %systemroot%\system32\Rundll32\*.* >
< %PROGRAMFILES%\bak. /s >
< %systemroot%\system32\bak. /s >
< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2008/10/17 19:10:19 | 000,000,231 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini
< %systemroot%\system32\config\systemprofile\*.dat /x >
< %systemroot%\*.config >
< %systemroot%\system32\*.db >
< %PROGRAMFILES%\Internet Explorer\*.dat >
< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2008/05/03 06:00:00 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
< %USERPROFILE%\Desktop\*.exe >
[2009/02/11 11:54:46 | 034,590,128 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\263_Nero-6.6.1.4_no_yt.exe
[2009/06/23 14:50:41 | 049,811,272 | ---- | M] (Emsi Software GmbH ) -- C:\Documents and Settings\Administrator\Desktop\a2FreeSetup.exe
[2008/11/20 00:56:19 | 035,124,856 | ---- | M] ( ) -- C:\Documents and Settings\Administrator\Desktop\AdbeRdr90_en_US.exe
[2008/12/10 03:43:08 | 022,058,104 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\antivir_workstation_winu_en_h.exe
[2008/10/29 21:19:35 | 007,508,608 | ---- | M] (Mozilla) -- C:\Documents and Settings\Administrator\Desktop\Firefox Setup 3.0.3.exe
[2008/11/19 20:53:54 | 007,508,624 | ---- | M] (Mozilla) -- C:\Documents and Settings\Administrator\Desktop\Firefox Setup 3.0.4.exe
[2009/07/19 19:52:21 | 008,117,208 | ---- | M] (Mozilla) -- C:\Documents and Settings\Administrator\Desktop\Firefox Setup 3.5.1.exe
[2009/12/15 11:24:48 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\gmer.exe
[2009/07/03 13:16:39 | 001,878,888 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\Administrator\Desktop\install_flash_player.exe
[2008/11/08 17:53:44 | 018,895,728 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Administrator\Desktop\Install_Messenger.exe
[2008/10/29 23:05:29 | 067,167,528 | ---- | M] (Apple Inc.) -- C:\Documents and Settings\Administrator\Desktop\iTunes801Setup.exe
[2009/06/08 15:59:41 | 077,690,152 | ---- | M] (Apple Inc.) -- C:\Documents and Settings\Administrator\Desktop\iTunesSetup.exe
[2008/11/30 13:29:20 | 000,607,640 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\Administrator\Desktop\jre-6u10-windows-i586-p-iftw.exe
[2008/12/12 17:38:15 | 002,538,872 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator\Desktop\mbam-setup.exe
[2009/01/03 19:50:48 | 000,280,328 | ---- | M] (South Bay Software) -- C:\Documents and Settings\Administrator\Desktop\NASetup.exe
[2009/02/11 12:13:48 | 406,903,544 | ---- | M] (Igor Pavlov) -- C:\Documents and Settings\Administrator\Desktop\Nero-7.11.10.0_all_update.exe
[2009/02/13 13:42:53 | 021,953,104 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\nero60023.exe
[2008/12/12 18:21:10 | 008,459,704 | ---- | M] (PokerStars) -- C:\Documents and Settings\Administrator\Desktop\PokerStarsInstall.exe
[2009/03/12 07:12:18 | 001,000,480 | ---- | M] (Johannes Wallroth ) -- C:\Documents and Settings\Administrator\Desktop\setup_jumbotimer.exe
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-08-11 06:15:33
========== Alternate Data Streams ==========
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
< End of report >
GMER:
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-09-08 03:57:03
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\kwkcqkob.sys
---- System - GMER 1.0.15 ----
SSDT \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys ZwCreateSection [0xF7A95700]
SSDT F7C3434C ZwCreateThread
SSDT F7C34338 ZwOpenProcess
SSDT F7C3433D ZwOpenThread
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xA9B8A620]
SSDT F7C34342 ZwWriteVirtualMemory
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[252] USER32.dll!TrackPopupMenu 7E46531E 5 Bytes JMP 1044721D C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2680] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 004013F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- EOF - GMER 1.0.15 ----
What steps do I need to take now?
Edited by mississippiA1, 08 September 2010 - 03:22 AM.