[heyeddie]

I get the pop ups telling me to purchase Av security suite and every time i try to use a program it tells me its infected and wont let me use it.

I went into safe mode and followed the instructions of the malware and spyware cleaning guide and also the specific topic regarding "AV security suite" virus. Malwarebytes seems to have detected the proble, however i am uncertain if getting rid of certain infected files will screw up my computer even more! Is it OK to delete everything that was infected or should I be a little more cautious about what i remove?

Thanks in advance!

Here are the logs I obtained:


MBAM:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4602

Windows 5.1.2600 Service Pack 1 (Safe Mode)
Internet Explorer 6.0.2800.1106

13/09/2010 7:02:09 PM
mbam-log-2010-09-13 (19-02-09).txt

Scan type: Quick scan
Objects scanned: 128330
Time elapsed: 10 minute(s), 49 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 8
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 12

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\wnxmal (Rogue.SecuritySuite) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\YXE7DXCQ37 (Trojan.FakeAlert) -> No action taken.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\qwahodadu (Trojan.Hiloti) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\krecujgx (Rogue.SecuritySuite) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\krecujgx (Rogue.SecuritySuite) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yxe7dxcq37 (Trojan.Downloader) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\byivqr (Trojan.Onlinegames) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\a5x3tq (Trojan.Downloader) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\winid (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lsass (Trojan.Alphabet) -> No action taken.

Registry Data Items Infected:
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("%1") Good: (regedit.exe "%1") -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\odapcl.dll (Trojan.Hiloti) -> No action taken.
C:\Documents and Settings\Administrator\Local Settings\Application Data\nwsutqlvf\vcgrfutuqiw.exe (Rogue.SecuritySuite) -> No action taken.
C:\Documents and Settings\Administrator\Local Settings\Temp\Zll.exe (Trojan.Downloader) -> No action taken.
C:\WINDOWS\system32\msllhsjn.dll (Trojan.Onlinegames) -> No action taken.
C:\Documents and Settings\Administrator\Local Settings\Temp\202fbh.exe (Trojan.Downloader) -> No action taken.
C:\WINDOWS\system32\gkgb57io1.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\l0hrnyuhy.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\y2nfut.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\Zmakaa.exe (Trojan.Downloader) -> No action taken.
C:\WINDOWS\Zmakab.exe (Trojan.Downloader) -> No action taken.
C:\WINDOWS\system32\taskkill.com (Worm.P2P) -> No action taken.
C:\WINDOWS\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job (Trojan.Downloader) -> No action taken.



GMER:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-09-13 21:08:18
Windows 5.1.2600 Service Pack 1
Running: 0u4fsr51.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\pxtdrpow.sys


---- Kernel code sections - GMER 1.0.15 ----

.text bmritah.sys F746C099 146 Bytes [9C, 8F, 44, 24, 34, E9, 66, ...]
.text bmritah.sys F746C12C 9 Bytes [B3, C1, C0, F5, 05, 66, 0F, ...] {MOV BL, 0xc1; SAL CH, 0x5; MOVZX CX, DL}
.text bmritah.sys F746C136 13 Bytes [C6, 01, 01, D1, 0F, B6, C0, ...]
.text bmritah.sys F746C144 43 Bytes JMP 7C534CC1
.text bmritah.sys F746C1C7 160 Bytes [E7, FE, CB, 89, F3, 66, 0F, ...]
.text ...
? C:\WINDOWS\system32\drivers\bmritah.sys A device attached to the system is not functioning.
PAGE Ntfs.sys F73953DE 4 Bytes CALL 857E87E1
.rsrc C:\WINDOWS\System32\DRIVERS\mouclass.sys entry point in ".rsrc" section [0xF78A0414]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\svchost.exe[504] ntdll.dll!NtProtectVirtualMemory 77F5BCC8 5 Bytes JMP 006D000A
.text C:\WINDOWS\system32\svchost.exe[504] ntdll.dll!NtWriteVirtualMemory 77F5C588 5 Bytes JMP 006E000A
.text C:\WINDOWS\system32\svchost.exe[504] ntdll.dll!KiUserExceptionDispatcher 77F75DAC 5 Bytes JMP 0067000C
.text C:\WINDOWS\system32\svchost.exe[504] ole32.dll!CoCreateInstance 4FEDF9E6 5 Bytes JMP 0074000B
.text C:\WINDOWS\system32\svchost.exe[504] USER32.dll!GetCursorPos 77D48DF4 5 Bytes JMP 00E7000B
.text C:\WINDOWS\Explorer.EXE[764] ntdll.dll!NtProtectVirtualMemory 77F5BCC8 5 Bytes JMP 0098000A
.text C:\WINDOWS\Explorer.EXE[764] ntdll.dll!NtWriteVirtualMemory 77F5C588 5 Bytes JMP 0099000A
.text C:\WINDOWS\Explorer.EXE[764] ntdll.dll!KiUserExceptionDispatcher 77F75DAC 5 Bytes JMP 0097000C

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 856DF4C0

AttachedDevice \FileSystem\Ntfs \Ntfs avgntmgr.sys (Avira AntiVir File Filter Driver Manager/Avira GmbH)
AttachedDevice \FileSystem\Fastfat \Fat avgntmgr.sys (Avira AntiVir File Filter Driver Manager/Avira GmbH)

Device -> \Driver\atapi \Device\Harddisk0\DR0 8557DEC5

---- Services - GMER 1.0.15 ----

Service (*** hidden *** ) [BOOT] bmritah <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\Services\bmritah@Type 1
Reg HKLM\SYSTEM\ControlSet001\Services\bmritah@Start 0
Reg HKLM\SYSTEM\ControlSet001\Services\bmritah@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet001\Services\bmritah@Group Boot Bus Extender
Reg HKLM\SYSTEM\CurrentControlSet\Services\bmritah@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\bmritah@Start 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\bmritah@ErrorControl 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\bmritah@Group Boot Bus Extender
Reg HKLM\SYSTEM\ControlSet003\Services\bmritah@Type 1
Reg HKLM\SYSTEM\ControlSet003\Services\bmritah@Start 0
Reg HKLM\SYSTEM\ControlSet003\Services\bmritah@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet003\Services\bmritah@Group Boot Bus Extender
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{851E7748-C1C1-5A14-7F0F-9840C190F489}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{851E7748-C1C1-5A14-7F0F-9840C190F489}@oaebjbifdnkmobicmaknmekhidjohf 0x63 0x61 0x6E 0x6B ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{851E7748-C1C1-5A14-7F0F-9840C190F489}@oaaakiafjmhpkjfpbmhmoijlaahjhh 0x6A 0x61 0x6E 0x6B ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{851E7748-C1C1-5A14-7F0F-9840C190F489}@nacdahnghnanblfkinokcpdhkmoe 0x6A 0x61 0x6E 0x6B ...

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\System32\DRIVERS\mouclass.sys suspicious modification
File C:\WINDOWS\system32\drivers\atapi.sys suspicious modification

---- EOF - GMER 1.0.15 ----


OTL:

OTL logfile created on: 13/09/2010 9:12:12 PM - Run 1
OTL by OldTimer - Version 3.2.12.0 Folder = E:\
Windows XP Professional Edition Service Pack 1 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2800.1106)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

959.00 Mb Total Physical Memory | 725.00 Mb Available Physical Memory | 76.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 95.00% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 30.66 Gb Free Space | 41.14% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 1.88 Gb Total Space | 1.07 Gb Free Space | 56.99% Space Free | Partition Type: FAT
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ADZ
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: SafeMode
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/09/13 13:46:34 | 000,576,000 | ---- | M] (OldTimer Tools) -- E:\OTL.exe
PRC - [2008/09/05 23:29:58 | 000,917,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\WgaTray.exe
PRC - [2003/05/11 21:12:10 | 000,996,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2010/09/13 13:46:34 | 000,576,000 | ---- | M] (OldTimer Tools) -- E:\OTL.exe
MOD - [2006/08/26 01:53:52 | 000,925,184 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.1891_x-ww_7d3bbc01\comctl32.dll
MOD - [2006/05/03 22:53:54 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\framedyn.dll
MOD - [2003/10/01 10:00:00 | 000,106,547 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - [2009/07/02 16:32:22 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/07/02 16:32:22 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2007/10/24 16:33:03 | 000,418,816 | ---- | M] (GRISOFT, s.r.o.) [Auto | Stopped] -- C:\Program Files\Grisoft\AVG7\avgamsvr.exe -- (Avg7Alrt)
SRV - [2007/07/10 21:40:12 | 000,049,664 | ---- | M] (GRISOFT, s.r.o.) [Auto | Stopped] -- C:\Program Files\Grisoft\AVG7\avgupsvc.exe -- (Avg7UpdSvc)
SRV - [2007/01/19 12:54:14 | 000,097,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\MSN Messenger\usnsvc.exe -- (usnjsvc)
SRV - [2006/12/14 17:00:00 | 000,544,768 | ---- | M] (Magix AG) [On_Demand | Stopped] -- C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe -- (UPnPService)
SRV - [2005/11/17 15:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2004/10/22 13:42:44 | 000,049,152 | ---- | M] (Alpha Networks Inc.) [Auto | Stopped] -- C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe -- (ANIWZCSdService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\NSDriver.sys -- (Ad-Watch Connect Filter)
DRV - [2010/01/08 01:12:00 | 000,022,232 | ---- | M] (KORG INC.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\KORGUMDS.SYS -- (KORGUMDS)
DRV - [2009/07/02 16:32:23 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/06/09 21:05:05 | 000,005,632 | ---- | M] () [File_System | System | Stopped] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009/03/30 10:33:07 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2009/02/13 12:29:11 | 000,022,360 | ---- | M] (Avira GmbH) [File_System | Boot | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\avgntmgr.sys -- (avgntmgr)
DRV - [2009/02/13 12:17:49 | 000,045,416 | ---- | M] (Avira GmbH) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgntdd.sys -- (avgntdd)
DRV - [2008/09/24 10:40:22 | 004,122,368 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2007/12/23 09:11:38 | 000,010,760 | ---- | M] (GRISOFT, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgclean.sys -- (AvgClean)
DRV - [2007/10/24 16:32:58 | 000,821,856 | ---- | M] (GRISOFT, s.r.o.) [Kernel | System | Stopped] -- C:\WINDOWS\System32\Drivers\avg7core.sys -- (Avg7Core)
DRV - [2007/07/10 21:40:16 | 000,027,776 | ---- | M] (GRISOFT, s.r.o.) [Kernel | System | Stopped] -- C:\WINDOWS\System32\Drivers\avg7rsxp.sys -- (Avg7RsXP)
DRV - [2007/07/10 21:40:15 | 000,004,224 | ---- | M] (GRISOFT, s.r.o.) [Kernel | System | Stopped] -- C:\WINDOWS\System32\Drivers\avg7rsw.sys -- (Avg7RsW)
DRV - [2007/07/03 16:58:20 | 000,106,792 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2007/07/03 16:57:24 | 000,011,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2007/07/03 16:54:24 | 000,080,552 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV - [2006/10/18 09:23:40 | 000,391,866 | ---- | M] (ZSMC Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZS211.sys -- (ZSMC211)
DRV - [2006/02/23 13:39:06 | 000,011,264 | R--- | M] (VIA Technologies,Inc) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\xfilt.sys -- (xfilt)
DRV - [2006/02/23 13:38:32 | 000,009,728 | R--- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\videX32.sys -- (videX32)
DRV - [2005/06/04 20:07:56 | 000,319,104 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt61.sys -- (RT61)
DRV - [2004/08/13 20:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2004/07/27 11:20:46 | 000,028,205 | ---- | M] (Alpha Networks Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\ANIO.sys -- (ANIO)
DRV - [2003/07/02 06:42:00 | 000,027,904 | R--- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\viaagp1.sys -- (viaagp1)
DRV - [2002/08/29 01:32:32 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2001/08/15 15:20:44 | 000,057,696 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = 68 00 74 00 74 00 70 00 3A 00 2F 00 2F 00 77 00 77 00 77 00 2E 00 67 00 6F 00 6F 00 67 00 6C 00 65 00 2E 00 63 00 6F 00 6D 00 2F 00 00 00 0C 00 E8 4F 22 06 38 04 46 06 00 00 00 00 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ninemsn.com.au/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll (Vendio Services, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6092

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.google.com.au"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {1650a312-02bc-40ee-977e-83f158701739}:28.0
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.64
FF - prefs.js..extensions.enabledItems: [email protected]:3.6.8.107
FF - prefs.js..extensions.enabledItems: {A3827053-F596-4E7E-91A2-5BF226744CB2}:1.9.1

FF - HKLM\software\mozilla\Firefox\extensions\\{A3827053-F596-4E7E-91A2-5BF226744CB2}: C:\Documents and Settings\Administrator\Local Settings\Application Data\{A3827053-F596-4E7E-91A2-5BF226744CB2} [2010/09/10 23:37:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/09/10 17:03:33 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/09/10 17:03:33 | 000,000,000 | ---D | M]

[2009/06/22 17:31:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2009/02/15 15:47:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions\[email protected]
[2010/09/10 23:48:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\u4udulex.default\extensions
[2009/11/03 11:43:28 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\u4udulex.default\extensions\{1650a312-02bc-40ee-977e-83f158701739}
[2010/06/26 12:54:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\u4udulex.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2010/07/03 11:01:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\u4udulex.default\extensions\[email protected]
[2010/09/12 19:10:04 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/09/10 17:03:27 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/09/10 17:03:27 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/09/10 17:03:28 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/09/10 17:03:28 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2010/09/13 18:19:57 | 000,000,002 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (LimeWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O2 - BHO: (SearchSettings Class) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll (Vendio Services, Inc.)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (&Radio) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx ()
O3 - HKLM\..\Toolbar: (LimeWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (LimeWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe (Alpha Networks Inc.)
O4 - HKLM..\Run: [AVG7_CC] C:\Program Files\Grisoft\AVG7\avgcc.exe (GRISOFT, s.r.o.)
O4 - HKLM..\Run: [Byisulecugofudo] C:\WINDOWS\ohewasax.DLL ()
O4 - HKLM..\Run: [byivqr] C:\WINDOWS\System32\msllhsjn.DLL ()
O4 - HKLM..\Run: [Domino] C:\WINDOWS\Domino.EXE ()
O4 - HKLM..\Run: [krecujgx] C:\Documents and Settings\Administrator\Local Settings\Application Data\nwsutqlvf\vcgrfutuqiw.exe (Security Suites Corporation)
O4 - HKLM..\Run: [lsass] File not found
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe (Vendio Services, Inc.)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [ZSSnp211] C:\WINDOWS\ZSSnp211.EXE (ZSMCSNAP)
O4 - HKCU..\Run: [krecujgx] C:\Documents and Settings\Administrator\Local Settings\Application Data\nwsutqlvf\vcgrfutuqiw.exe (Security Suites Corporation)
O4 - HKCU..\Run: [lsass] File not found
O4 - HKCU..\Run: [Qwahodadu] C:\WINDOWS\odapcl.DLL ()
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [YXE7DXCQ37] C:\Documents and Settings\Administrator\Local Settings\Temp\Zll.exe (Don HO [email protected])
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\lsass.lnk = File not found
F3 - HKCU WinNT: Load - (C:\WINDOWS\System32\bnqxakczhv\lsass.exe) - C:\WINDOWS\System32\bnqxakczhv\lsass.exe File not found
F3 - HKCU WinNT: Run - (C:\WINDOWS\System32\bnqxakczhv\lsass.exe) - C:\WINDOWS\System32\bnqxakczhv\lsass.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: a5x3tq = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\202fbh.exe ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoAdminPage = 1
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\vnd.ms.radio {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\WINDOWS\system32\msdxm.ocx ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 () - http://images.thebig...ack_titties.jpg
O24 - Desktop Components:1 () - http://a433.ac-image...e3f8fbfc298.jpg
O24 - Desktop Components:2 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/05/17 19:30:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: midi2 - C:\WINDOWS\System32\KORGUMDD.DRV (KORG INC.)
Drivers32: msacm.ac3filter - C:\WINDOWS\System32\ac3filter.acm ()
Drivers32: msacm.at3 - C:\WINDOWS\System32\atrac3.acm ()
Drivers32: msacm.divxa32 - C:\WINDOWS\System32\DivXa32.acm (Packed With Joy !)
Drivers32: msacm.iac2 - C:\WINDOWS\System32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\WINDOWS\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corp.)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.divx - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.ffds - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: vidc.hfyu - C:\WINDOWS\System32\huffyuv.dll (Disappearing Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.MP42 - C:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: VIDC.MPG4 - C:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: vidc.vp60 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.vp61 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.vp62 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.xvid - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Unable to start service SrService!

========== Files/Folders - Created Within 90 Days ==========

[2010/09/13 19:10:31 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
[2010/09/13 18:25:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2010/09/13 18:20:07 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/09/13 18:20:06 | 000,019,288 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/09/13 18:20:06 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/09/13 18:20:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/09/10 23:37:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\AskToolbar
[2010/09/10 23:37:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\{A3827053-F596-4E7E-91A2-5BF226744CB2}
[2010/09/10 23:36:33 | 000,210,432 | ---- | C] (Don HO [email protected]) -- C:\WINDOWS\Zmakab.exe
[2010/09/10 23:36:03 | 000,210,432 | ---- | C] (Don HO [email protected]) -- C:\WINDOWS\Zmakaa.exe
[2010/09/10 23:35:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\nwsutqlvf
[2010/08/24 15:16:52 | 000,000,000 | ---D | C] -- C:\Program Files\BitTorrent
[2010/08/24 15:16:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\BitTorrent
[2010/07/11 14:32:04 | 000,000,000 | ---D | C] -- C:\Program Files\etax2010
[2010/07/08 15:52:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\Desktop
[2010/06/28 23:26:38 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com
[2010/06/25 21:24:22 | 000,000,000 | ---D | C] -- C:\Program Files\KORG
[2009/04/28 20:41:48 | 000,018,944 | ---- | C] ( ) -- C:\WINDOWS\System32\Implode.dll
[2007/05/24 17:42:39 | 020,006,472 | ---- | C] (Apple Inc.) -- C:\Program Files\QuickTimeInstaller.exe
[3 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/09/13 21:16:38 | 000,777,216 | ---- | M] () -- C:\WINDOWS\System32\drivers\bmritah.sys
[2010/09/13 19:11:14 | 000,003,564 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cc_20100913_191107.reg
[2010/09/13 18:22:40 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/09/13 18:22:11 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/09/13 18:20:44 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/09/13 18:20:42 | 006,029,312 | -H-- | M] () -- C:\Documents and Settings\Administrator\NTUSER.DAT
[2010/09/13 18:20:42 | 000,000,280 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2010/09/13 18:20:10 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/13 18:20:00 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\Symantec NetDetect.job
[2010/09/13 18:19:55 | 000,002,838 | ---- | M] () -- C:\WINDOWS\idehucuc.dll
[2010/09/13 18:19:44 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Upoqeyajofoye.bin
[2010/09/13 18:17:35 | 000,000,896 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/09/13 18:17:30 | 000,000,304 | -H-- | M] () -- C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2010/09/12 22:08:34 | 000,278,944 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/09/12 22:04:21 | 000,002,838 | ---- | M] () -- C:\WINDOWS\irohunicapaqeko.dll
[2010/09/12 21:39:43 | 000,002,838 | ---- | M] () -- C:\WINDOWS\eranabonatana.dll
[2010/09/12 21:39:31 | 000,354,092 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cc_20100912_213916.reg
[2010/09/12 20:22:52 | 000,189,410 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cc_20100912_202117.reg
[2010/09/12 19:45:11 | 000,002,838 | ---- | M] () -- C:\WINDOWS\ajerafiqejivul.dll
[2010/09/12 19:13:01 | 000,000,900 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/09/12 19:08:51 | 000,002,838 | ---- | M] () -- C:\WINDOWS\ewifinohazoz.dll
[2010/09/11 00:01:00 | 000,000,250 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2010/09/10 23:40:48 | 000,030,000 | ---- | M] () -- C:\WINDOWS\System32\y2nfut.dll
[2010/09/10 23:40:48 | 000,030,000 | ---- | M] () -- C:\WINDOWS\System32\l0hrnyuhy.dll
[2010/09/10 23:40:48 | 000,030,000 | ---- | M] () -- C:\WINDOWS\System32\gkgb57io1.dll
[2010/09/10 23:37:25 | 000,036,865 | ---- | M] () -- C:\WINDOWS\System32\msllhsjn.dll
[2010/09/10 23:37:24 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Rdaxusa.dat
[2010/09/10 23:35:40 | 000,210,432 | ---- | M] (Don HO [email protected]) -- C:\WINDOWS\Zmakab.exe
[2010/09/10 23:35:40 | 000,210,432 | ---- | M] (Don HO [email protected]) -- C:\WINDOWS\Zmakaa.exe
[2010/09/10 23:23:36 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/09/09 23:01:26 | 000,054,272 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/28 19:28:18 | 019,657,194 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\vlc-1.1.4-win32.exe
[2010/08/24 15:16:53 | 000,000,668 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\BitTorrent.lnk
[2010/08/24 15:16:52 | 000,000,650 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\BitTorrent.lnk
[2010/08/24 00:47:32 | 000,000,714 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to BitTorrent-7.0.lnk
[2010/08/17 23:08:02 | 000,001,580 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\LimeWire 5.5.13.lnk
[2010/08/06 20:23:31 | 000,409,045 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\stray-cats.jpg
[2010/08/05 21:32:03 | 000,041,369 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\matt hall.jpg
[2010/07/27 00:41:14 | 000,076,341 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\mh6.jpg
[2010/07/27 00:40:42 | 000,094,744 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\mh5.jpg
[2010/07/27 00:40:29 | 000,061,629 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\mh4.jpg
[2010/07/27 00:40:03 | 000,064,428 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\mh3.jpg
[2010/07/27 00:38:11 | 000,016,005 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\mh2.jpg
[2010/07/27 00:37:57 | 000,012,047 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\mh1.jpg
[2010/07/21 22:39:33 | 000,565,023 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Induction Pack.pdf
[2010/07/12 17:15:21 | 000,076,072 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\DURRTAX.TAX
[2010/07/12 17:14:15 | 000,076,064 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\DURRTAX.BAK
[2010/07/11 14:32:15 | 000,001,722 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\e-tax 2010.lnk
[2010/07/09 00:46:04 | 003,179,512 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db
[2010/07/07 12:54:30 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2010/07/07 00:48:16 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\New song riff.doc
[2010/06/30 20:43:54 | 000,042,496 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Durwin Anderson resume.doc
[2010/06/28 22:00:15 | 000,039,936 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\University Timetable sem 2.doc
[2010/06/27 14:23:32 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\To tv eyes.doc
[2010/06/25 01:47:53 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Floor.doc
[2010/06/20 22:37:17 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\The bones tell a story.doc
[2010/06/20 00:31:04 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Glamour puss.doc
[3 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/09/13 19:11:11 | 000,003,564 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\cc_20100913_191107.reg
[2010/09/13 18:20:10 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/13 18:19:55 | 000,002,838 | ---- | C] () -- C:\WINDOWS\idehucuc.dll
[2010/09/12 22:04:21 | 000,002,838 | ---- | C] () -- C:\WINDOWS\irohunicapaqeko.dll
[2010/09/12 21:39:42 | 000,002,838 | ---- | C] () -- C:\WINDOWS\eranabonatana.dll
[2010/09/12 21:39:24 | 000,354,092 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\cc_20100912_213916.reg
[2010/09/12 20:21:26 | 000,189,410 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\cc_20100912_202117.reg
[2010/09/12 19:45:09 | 000,002,838 | ---- | C] () -- C:\WINDOWS\ajerafiqejivul.dll
[2010/09/12 19:08:51 | 000,002,838 | ---- | C] () -- C:\WINDOWS\ewifinohazoz.dll
[2010/09/10 23:40:48 | 000,030,000 | ---- | C] () -- C:\WINDOWS\System32\y2nfut.dll
[2010/09/10 23:40:48 | 000,030,000 | ---- | C] () -- C:\WINDOWS\System32\l0hrnyuhy.dll
[2010/09/10 23:40:48 | 000,030,000 | ---- | C] () -- C:\WINDOWS\System32\gkgb57io1.dll
[2010/09/10 23:37:25 | 000,036,865 | ---- | C] () -- C:\WINDOWS\System32\msllhsjn.dll
[2010/09/10 23:37:24 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Rdaxusa.dat
[2010/09/10 23:37:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Upoqeyajofoye.bin
[2010/09/10 23:36:29 | 000,000,304 | -H-- | C] () -- C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2010/09/10 23:35:41 | 000,777,216 | ---- | C] () -- C:\WINDOWS\System32\drivers\bmritah.sys
[2010/08/28 19:27:57 | 019,657,194 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\vlc-1.1.4-win32.exe
[2010/08/24 15:16:53 | 000,000,668 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\BitTorrent.lnk
[2010/08/24 15:16:52 | 000,000,650 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\BitTorrent.lnk
[2010/08/24 00:47:32 | 000,000,714 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to BitTorrent-7.0.lnk
[2010/08/17 23:08:01 | 000,001,580 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\LimeWire 5.5.13.lnk
[2010/08/06 20:23:31 | 000,409,045 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\stray-cats.jpg
[2010/08/05 21:32:03 | 000,041,369 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\matt hall.jpg
[2010/07/27 00:41:13 | 000,076,341 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\mh6.jpg
[2010/07/27 00:40:42 | 000,094,744 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\mh5.jpg
[2010/07/27 00:40:29 | 000,061,629 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\mh4.jpg
[2010/07/27 00:40:02 | 000,064,428 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\mh3.jpg
[2010/07/27 00:38:11 | 000,016,005 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\mh2.jpg
[2010/07/27 00:37:56 | 000,012,047 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\mh1.jpg
[2010/07/21 22:39:33 | 000,565,023 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Induction Pack.pdf
[2010/07/11 14:49:29 | 000,076,072 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\DURRTAX.TAX
[2010/07/11 14:49:29 | 000,076,064 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\DURRTAX.BAK
[2010/07/11 14:32:15 | 000,001,722 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\e-tax 2010.lnk
[2010/07/07 00:48:15 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\New song riff.doc
[2010/06/28 23:26:43 | 000,000,250 | ---- | C] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2010/06/28 22:00:14 | 000,039,936 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\University Timetable sem 2.doc
[2010/06/27 14:23:32 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\To tv eyes.doc
[2010/06/25 01:47:53 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Floor.doc
[2010/06/20 22:37:16 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\The bones tell a story.doc
[2010/06/20 00:29:17 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Glamour puss.doc
[2009/04/28 20:41:48 | 000,748,160 | ---- | C] () -- C:\WINDOWS\System32\Co2c40en.dll
[2009/04/28 20:41:48 | 000,054,272 | ---- | C] () -- C:\WINDOWS\System32\P2irdao.dll
[2009/04/28 20:41:48 | 000,050,176 | ---- | C] () -- C:\WINDOWS\System32\P2ctdao.dll
[2009/04/04 20:17:32 | 000,000,614 | ---- | C] () -- C:\WINDOWS\BeatBox.INI
[2009/04/04 15:41:15 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\mgxasio2.dll
[2009/04/04 15:25:35 | 000,120,200 | ---- | C] () -- C:\WINDOWS\System32\DLLDEV32i.dll
[2009/04/04 15:24:17 | 000,005,937 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini
[2009/03/31 15:44:44 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt
[2009/03/31 15:39:09 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2009/02/23 03:57:52 | 004,421,889 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2009/02/19 22:04:54 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\CNMVS5y.DLL
[2009/02/18 23:57:22 | 000,557,451 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2009/02/18 19:15:03 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2009/02/17 03:19:42 | 000,790,190 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/02/17 02:32:20 | 000,425,040 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2009/02/17 02:30:30 | 000,903,703 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2009/02/17 02:23:50 | 000,145,081 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2009/02/17 00:49:30 | 000,328,334 | ---- | C] () -- C:\WINDOWS\System32\ff_kernelDeint.dll
[2009/02/16 14:13:44 | 000,000,169 | ---- | C] () -- C:\WINDOWS\RtlRack.ini
[2009/02/15 01:15:42 | 000,486,400 | ---- | C] () -- C:\WINDOWS\System32\ff_libfaad2.dll
[2009/02/10 08:28:18 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2009/02/10 06:19:18 | 000,183,296 | ---- | C] () -- C:\WINDOWS\System32\ff_samplerate.dll
[2009/02/10 06:19:12 | 000,178,688 | ---- | C] () -- C:\WINDOWS\System32\ff_libmad.dll
[2009/02/10 06:18:52 | 000,113,152 | ---- | C] () -- C:\WINDOWS\System32\ff_unrar.dll
[2009/02/10 06:18:32 | 000,146,944 | ---- | C] () -- C:\WINDOWS\System32\ff_tremor.dll
[2009/02/10 06:18:24 | 000,257,024 | ---- | C] () -- C:\WINDOWS\System32\ff_libdts.dll
[2009/02/10 06:18:20 | 000,142,848 | ---- | C] () -- C:\WINDOWS\System32\ff_liba52.dll
[2009/02/10 05:56:22 | 000,067,584 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/01/11 08:17:32 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\ts.dll
[2009/01/11 08:16:56 | 000,148,480 | ---- | C] () -- C:\WINDOWS\System32\mkx.dll
[2009/01/11 08:16:50 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\avi.dll
[2009/01/11 08:16:14 | 000,141,312 | ---- | C] () -- C:\WINDOWS\System32\mp4.dll
[2009/01/11 08:15:54 | 000,120,832 | ---- | C] () -- C:\WINDOWS\System32\ogm.dll
[2009/01/11 08:15:44 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\mmfinfo.dll
[2009/01/11 08:15:32 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\avss.dll
[2009/01/11 08:15:28 | 000,246,784 | ---- | C] () -- C:\WINDOWS\System32\dxr.dll
[2009/01/11 08:15:12 | 000,097,280 | ---- | C] () -- C:\WINDOWS\System32\avs.dll
[2009/01/11 08:14:08 | 000,079,360 | ---- | C] () -- C:\WINDOWS\System32\mkzlib.dll
[2009/01/11 08:14:06 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\mkunicode.dll
[2008/12/04 08:11:50 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/11/07 02:37:32 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/11/07 02:34:00 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008/11/07 02:34:00 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2008/02/28 07:07:19 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\CNMVS3m.DLL
[2008/02/04 18:23:10 | 000,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2008/01/19 21:12:16 | 000,001,751 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2008/01/13 21:54:19 | 000,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI
[2007/10/13 19:30:20 | 000,000,137 | ---- | C] () -- C:\WINDOWS\System32\Registration.ini
[2007/07/12 16:51:31 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2007/07/11 03:10:12 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2007/07/10 21:38:02 | 023,649,352 | ---- | C] () -- C:\Program Files\avg75free_476a1048.exe
[2007/07/07 13:15:31 | 000,001,024 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\WavCodec.wff
[2007/06/22 18:49:33 | 000,054,272 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/06/22 18:06:05 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\JJAKEn.dll
[2007/06/12 16:17:11 | 000,000,135 | ---- | C] () -- C:\WINDOWS\CROCCLIP.INI
[2007/06/11 15:45:51 | 000,432,552 | ---- | C] () -- C:\Program Files\wpsetup.exe
[2007/05/20 19:16:48 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/05/20 10:36:28 | 000,014,248 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2007/05/20 10:36:25 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2007/05/20 10:36:19 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2007/05/18 19:00:20 | 005,917,258 | ---- | C] () -- C:\Program Files\powertab.zip
[2003/10/01 10:00:00 | 000,203,776 | ---- | C] () -- C:\WINDOWS\ohewasax.dll
[2003/10/01 10:00:00 | 000,076,288 | ---- | C] () -- C:\WINDOWS\odapcl.dll
[2003/10/01 10:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2009/11/01 14:58:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\AVG7
[2010/09/11 00:00:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\BitTorrent
[2010/01/31 12:58:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Cakewalk
[2008/05/04 18:27:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\com.adobe.example.SecretParty.051598BBDA4C06817B6C7233F287674C25248625.1
[2008/02/21 16:32:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\EasyJob Resume Builder
[2007/08/30 21:10:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Leadertech
[2010/08/24 00:53:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\LimeWire
[2009/04/04 15:57:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\MAGIX
[2009/04/20 20:56:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\NCH Swift Sound
[2007/06/11 15:49:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\RecordPad
[2009/03/31 16:12:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Samsung
[2009/04/12 22:42:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Search Settings
[2007/09/25 21:44:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Sony
[2010/09/12 20:31:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg7
[2008/09/19 17:24:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2010/09/12 20:25:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cakewalk
[2007/07/10 21:40:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2009/04/04 15:51:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MAGIX
[2007/06/11 15:49:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2009/09/21 10:21:17 | 000,000,396 | ---- | M] () -- C:\WINDOWS\Tasks\NSSstub.job
[2010/09/11 00:01:00 | 000,000,250 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
[2010/09/13 18:17:30 | 000,000,304 | -H-- | M] () -- C:\WINDOWS\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2007/11/15 21:25:43 | 000,230,454 | ---- | M] () -- C:\a4.bmp
[2007/11/15 21:25:15 | 000,230,454 | ---- | M] () -- C:\ar3.bmp
[2007/11/15 21:26:04 | 000,230,454 | ---- | M] () -- C:\ar4.bmp
[2007/11/15 21:27:42 | 000,230,454 | ---- | M] () -- C:\ar6.bmp
[2007/11/15 21:28:24 | 000,230,454 | ---- | M] () -- C:\ar7.bmp
[2007/05/17 19:30:04 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2002/10/06 20:00:19 | 011,934,054 | ---- | M] () -- C:\ava, rach.bmp
[2002/08/01 15:34:43 | 001,567,774 | ---- | M] () -- C:\bdo.bmp
[2002/08/01 15:19:06 | 001,187,742 | ---- | M] () -- C:\bold & the beautiful.bmp
[2007/05/17 19:22:13 | 000,000,194 | -HS- | M] () -- C:\boot.ini
[2002/08/20 18:25:40 | 001,896,726 | ---- | M] () -- C:\bronson.bmp
[2003/03/29 15:27:23 | 002,769,834 | ---- | M] () -- C:\chloe,max,mum.bmp
[2003/03/29 15:25:22 | 000,484,262 | ---- | M] () -- C:\chloe.bmp
[2003/03/28 19:40:58 | 004,650,030 | ---- | M] () -- C:\close eye.bmp
[2003/03/29 16:15:28 | 011,934,054 | ---- | M] () -- C:\colour drowning eye.bmp
[2007/05/17 19:30:04 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2003/04/20 09:57:15 | 002,182,410 | ---- | M] () -- C:\dad & koala.bmp
[2003/04/20 09:58:31 | 002,163,222 | ---- | M] () -- C:\dad & snake.bmp
[2002/08/28 13:57:17 | 001,538,774 | ---- | M] () -- C:\eating.bmp
[2002/11/26 18:09:57 | 000,012,897 | ---- | M] () -- C:\formal.jpg
[2002/11/26 18:10:39 | 000,012,081 | ---- | M] () -- C:\formal2.jpg
[2007/11/15 21:26:29 | 000,230,454 | ---- | M] () -- C:\funnie ness.bmp
[2003/03/29 15:22:33 | 001,473,706 | ---- | M] () -- C:\gordy & bridgette.bmp
[2002/08/01 14:50:39 | 002,034,222 | ---- | M] () -- C:\group.bmp
[2002/08/01 15:10:02 | 001,984,246 | ---- | M] () -- C:\happy days.bmp
[2003/03/29 15:29:30 | 002,739,774 | ---- | M] () -- C:\hope,max,chloe.bmp
[2002/08/01 15:22:41 | 001,363,402 | ---- | M] () -- C:\im great.bmp
[2007/12/24 07:57:31 | 000,647,228 | ---- | M] () -- C:\IMG_0509.jpg
[2007/12/24 07:57:38 | 000,576,092 | ---- | M] () -- C:\IMG_0510.jpg
[2007/11/16 20:32:15 | 000,565,016 | ---- | M] () -- C:\IMG_0511.jpg
[2007/11/17 14:24:43 | 000,466,581 | ---- | M] () -- C:\IMG_0512.jpg
[2007/11/17 14:24:52 | 000,526,383 | ---- | M] () -- C:\IMG_0513.jpg
[2007/11/17 14:24:57 | 000,553,405 | ---- | M] () -- C:\IMG_0514.jpg
[2007/11/17 14:25:00 | 000,542,584 | ---- | M] () -- C:\IMG_0515.jpg
[2007/11/17 14:25:03 | 000,586,359 | ---- | M] () -- C:\IMG_0516.jpg
[2007/11/17 14:25:07 | 000,445,211 | ---- | M] () -- C:\IMG_0517.jpg
[2007/11/17 14:25:11 | 000,480,030 | ---- | M] () -- C:\IMG_0518.jpg
[2007/11/17 12:51:03 | 000,663,545 | ---- | M] () -- C:\IMG_0519.jpg
[2007/11/17 12:51:27 | 000,648,785 | ---- | M] () -- C:\IMG_0520.jpg
[2007/11/17 12:51:36 | 000,601,084 | ---- | M] () -- C:\IMG_0521.jpg
[2007/11/17 12:51:51 | 000,601,903 | ---- | M] () -- C:\IMG_0522.jpg
[2007/11/17 12:54:10 | 000,582,237 | ---- | M] () -- C:\IMG_0524.jpg
[2007/11/17 12:54:36 | 000,597,329 | ---- | M] () -- C:\IMG_0525.jpg
[2007/11/17 12:55:02 | 000,586,819 | ---- | M] () -- C:\IMG_0526.jpg
[2007/11/17 12:56:33 | 000,584,353 | ---- | M] () -- C:\IMG_0527.jpg
[2007/11/17 12:57:08 | 000,639,232 | ---- | M] () -- C:\IMG_0528.jpg
[2007/11/17 12:57:19 | 000,670,599 | ---- | M] () -- C:\IMG_0529.jpg
[2007/11/17 12:57:33 | 000,663,544 | ---- | M] () -- C:\IMG_0530.jpg
[2007/11/17 16:42:52 | 000,819,861 | ---- | M] () -- C:\IMG_0531.jpg
[2007/11/17 16:43:06 | 000,560,133 | ---- | M] () -- C:\IMG_0532.jpg
[2007/11/17 16:43:17 | 000,509,578 | ---- | M] () -- C:\IMG_0533.jpg
[2007/11/17 13:51:54 | 000,742,520 | ---- | M] () -- C:\IMG_0534.jpg
[2007/11/17 14:25:32 | 000,800,745 | ---- | M] () -- C:\IMG_0535.jpg
[2007/11/17 14:25:35 | 000,868,557 | ---- | M] () -- C:\IMG_0536.jpg
[2007/11/17 16:44:41 | 000,722,421 | ---- | M] () -- C:\IMG_0537.jpg
[2007/11/17 14:25:42 | 000,471,625 | ---- | M] () -- C:\IMG_0538.jpg
[2007/11/17 14:25:41 | 000,487,668 | ---- | M] () -- C:\IMG_0539.jpg
[2007/11/17 13:52:12 | 000,504,812 | ---- | M] () -- C:\IMG_0540.jpg
[2007/11/17 14:26:46 | 000,475,371 | ---- | M] () -- C:\IMG_0541.jpg
[2007/11/17 14:26:51 | 000,489,238 | ---- | M] () -- C:\IMG_0542.jpg
[2007/11/17 18:25:10 | 000,470,332 | ---- | M] () -- C:\IMG_0543.jpg
[2007/11/17 14:26:59 | 000,443,173 | ---- | M] () -- C:\IMG_0544.jpg
[2007/11/17 14:27:07 | 000,523,470 | ---- | M] () -- C:\IMG_0545.jpg
[2007/11/17 18:29:06 | 000,572,210 | ---- | M] () -- C:\IMG_0546.jpg
[2007/11/17 14:27:27 | 000,395,410 | ---- | M] () -- C:\IMG_0547.jpg
[2007/11/17 18:30:08 | 000,522,289 | ---- | M] () -- C:\IMG_0548.jpg
[2007/11/17 18:45:20 | 000,678,711 | ---- | M] () -- C:\IMG_0551.jpg
[2007/11/17 18:46:15 | 000,519,413 | ---- | M] () -- C:\IMG_0552.jpg
[2007/11/17 18:46:40 | 000,638,473 | ---- | M] () -- C:\IMG_0553.jpg
[2007/11/17 18:47:44 | 000,539,036 | ---- | M] () -- C:\IMG_0554.jpg
[2007/11/17 18:54:00 | 000,637,610 | ---- | M] () -- C:\IMG_0555.jpg
[2007/11/17 13:43:46 | 000,508,366 | ---- | M] () -- C:\IMG_0556.jpg
[2007/11/17 18:54:35 | 000,527,483 | ---- | M] () -- C:\IMG_0557.jpg
[2007/11/17 18:55:29 | 000,576,092 | ---- | M] () -- C:\IMG_0558.jpg
[2007/11/17 18:55:46 | 000,538,483 | ---- | M] () -- C:\IMG_0559.jpg
[2007/11/17 18:56:41 | 000,551,453 | ---- | M] () -- C:\IMG_0560.jpg
[2007/11/17 18:56:59 | 000,557,390 | ---- | M] () -- C:\IMG_0561.jpg
[2007/11/17 13:49:08 | 000,451,825 | ---- | M] () -- C:\IMG_0562.jpg
[2007/11/17 18:57:26 | 000,560,463 | ---- | M] () -- C:\IMG_0563.jpg
[2007/11/17 14:28:33 | 000,603,947 | ---- | M] () -- C:\IMG_0564.jpg
[2007/11/17 14:28:36 | 000,438,861 | ---- | M] () -- C:\IMG_0565.jpg
[2007/11/17 18:58:32 | 000,516,824 | ---- | M] () -- C:\IMG_0566.jpg
[2007/11/17 18:58:43 | 000,469,470 | ---- | M] () -- C:\IMG_0567.jpg
[2007/11/17 13:49:47 | 000,614,497 | ---- | M] () -- C:\IMG_0568.jpg
[2007/11/17 13:50:19 | 000,512,792 | ---- | M] () -- C:\IMG_0569.jpg
[2007/11/17 18:59:50 | 000,491,666 | ---- | M] () -- C:\IMG_0570.jpg
[2007/11/17 19:00:00 | 000,596,072 | ---- | M] () -- C:\IMG_0571.jpg
[2007/11/17 19:00:31 | 000,582,064 | ---- | M] () -- C:\IMG_0572.jpg
[2007/11/17 19:52:46 | 000,791,342 | ---- | M] () -- C:\IMG_0573.jpg
[2007/11/17 19:53:18 | 000,627,522 | ---- | M] () -- C:\IMG_0574.jpg
[2007/12/24 08:01:27 | 000,805,623 | ---- | M] () -- C:\IMG_0575.jpg
[2007/11/17 19:54:26 | 000,728,978 | ---- | M] () -- C:\IMG_0576.jpg
[2007/11/17 19:54:51 | 000,680,734 | ---- | M] () -- C:\IMG_0577.jpg
[2007/11/17 19:55:10 | 000,692,857 | ---- | M] () -- C:\IMG_0578.jpg
[2007/11/17 19:55:32 | 000,712,359 | ---- | M] () -- C:\IMG_0579.jpg
[2007/11/18 06:58:31 | 000,506,334 | ---- | M] () -- C:\IMG_0580.jpg
[2007/11/18 06:58:39 | 000,533,041 | ---- | M] () -- C:\IMG_0581.jpg
[2007/11/18 06:58:56 | 000,634,979 | ---- | M] () -- C:\IMG_0582.jpg
[2007/11/18 06:59:12 | 000,548,196 | ---- | M] () -- C:\IMG_0583.jpg
[2007/11/18 06:59:33 | 000,505,923 | ---- | M] () -- C:\IMG_0584.jpg
[2007/11/18 06:59:55 | 000,559,788 | ---- | M] () -- C:\IMG_0585.jpg
[2007/11/18 07:01:11 | 000,468,208 | ---- | M] () -- C:\IMG_0588.jpg
[2007/11/18 11:17:55 | 000,596,987 | ---- | M] () -- C:\IMG_0589.jpg
[2007/11/18 11:19:09 | 000,611,132 | ---- | M] () -- C:\IMG_0590.jpg
[2007/11/18 11:20:15 | 000,278,222 | ---- | M] () -- C:\IMG_0591.jpg
[2007/11/15 21:28:47 | 000,230,454 | ---- | M] () -- C:\imv thdrnunk.bmp
[2008/01/13 21:54:28 | 000,001,120 | ---- | M] () -- C:\INSTALL.LOG
[2007/05/17 19:30:04 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2002/08/01 15:35:48 | 000,663,654 | ---- | M] () -- C:\joey.bmp
[2003/04/20 09:56:05 | 000,976,542 | ---- | M] () -- C:\joy & val.bmp
[2002/08/01 15:16:10 | 001,286,622 | ---- | M] () -- C:\kyles and faz.bmp
[2002/08/20 17:56:48 | 002,663,094 | ---- | M] () -- C:\kyles and i.bmp
[2002/08/20 18:05:23 | 002,181,414 | ---- | M] () -- C:\kyles.bmp
[2002/08/01 15:21:34 | 001,056,866 | ---- | M] () -- C:\loz sar kez.bmp
[2002/08/01 15:11:15 | 002,120,066 | ---- | M] () -- C:\lunch.bmp
[2007/11/23 14:48:06 | 000,027,519 | ---- | M] () -- C:\l_4eb5fd3b20eb41d5ed7b4e16d759728a.jpg
[2007/12/03 23:04:13 | 000,027,445 | ---- | M] () -- C:\l_5cd0788eff50d454fa1ced4dd4f3e036.jpg
[2003/03/29 15:31:35 | 001,585,542 | ---- | M] () -- C:\max&i.bmp
[2007/05/17 19:30:04 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2003/09/22 16:06:04 | 000,064,146 | ---- | M] () -- C:\MVC-019F.JPG
[2003/09/22 15:45:50 | 000,065,534 | ---- | M] () -- C:\MVC-033F.JPG
[2003/10/01 10:00:00 | 000,047,580 | RHS- | M] () -- C:\NTDETECT.COM
[2003/10/01 10:00:00 | 000,233,632 | RHS- | M] () -- C:\ntldr
[2010/09/13 18:21:50 | 1509,949,440 | -HS- | M] () -- C:\pagefile.sys
[2002/09/10 21:18:17 | 000,329,104 | ---- | M] () -- C:\pathegg.PSF
[2002/08/01 15:04:00 | 002,524,554 | ---- | M] () -- C:\porn shot 1.bmp
[2002/08/01 15:05:37 | 002,279,130 | ---- | M] () -- C:\porn shot 2.bmp
[2002/09/11 00:04:53 | 000,491,808 | ---- | M] () -- C:\relateggs.PSF
[2002/08/01 14:51:54 | 001,851,414 | ---- | M] () -- C:\sarah.bmp
[2002/08/01 15:25:30 | 002,560,274 | ---- | M] () -- C:\serious sarah.bmp
[2002/08/01 15:12:44 | 000,255,114 | ---- | M] () -- C:\shorts.bmp
[2003/01/18 16:04:11 | 000,926,702 | ---- | M] () -- C:\sik drawing.bmp
[2002/08/01 15:23:59 | 000,536,782 | ---- | M] () -- C:\sista.bmp
[2002/08/01 15:40:50 | 002,199,314 | ---- | M] () -- C:\sly.bmp
[2007/06/16 10:40:06 | 000,000,268 | -H-- | M] () -- C:\sqmdata00.sqm
[2007/06/30 14:34:48 | 000,000,232 | -H-- | M] () -- C:\sqmdata01.sqm
[2007/07/14 17:18:08 | 000,000,268 | -H-- | M] () -- C:\sqmdata02.sqm
[2007/07/29 12:23:33 | 000,000,268 | -H-- | M] () -- C:\sqmdata03.sqm
[2007/07/29 12:23:33 | 000,000,268 | -H-- | M] () -- C:\sqmdata04.sqm
[2007/08/12 12:45:06 | 000,000,268 | -H-- | M] () -- C:\sqmdata05.sqm
[2007/08/27 15:39:18 | 000,000,268 | -H-- | M] () -- C:\sqmdata06.sqm
[2007/08/27 15:39:18 | 000,000,160 | -H-- | M] () -- C:\sqmdata07.sqm
[2007/09/10 16:32:46 | 000,000,268 | -H-- | M] () -- C:\sqmdata08.sqm
[2007/09/10 16:32:46 | 000,000,232 | -H-- | M] () -- C:\sqmdata09.sqm
[2007/09/25 19:14:10 | 000,000,268 | -H-- | M] () -- C:\sqmdata10.sqm
[2007/06/16 10:40:06 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2007/06/30 14:34:48 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2007/07/14 17:18:08 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2007/07/29 12:23:33 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2007/07/29 12:23:33 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2007/08/12 12:45:06 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2007/08/27 15:39:18 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[2007/08/27 15:39:18 | 000,000,172 | -H-- | M] () -- C:\sqmnoopt07.sqm
[2007/09/10 16:32:44 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
[2007/09/10 16:32:46 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
[2007/09/25 19:14:10 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
[2002/08/01 15:38:01 | 000,573,998 | ---- | M] () -- C:\STUMPY.bmp
[2002/08/20 18:17:28 | 001,528,038 | ---- | M] () -- C:\tahni.bmp
[2010/07/08 15:31:41 | 000,954,880 | -HS- | M] () -- C:\Thumbs.db
[2003/03/29 16:01:38 | 011,934,054 | ---- | M] () -- C:\tool drowning eye.bmp
[2001/05/24 12:59:30 | 000,162,304 | ---- | M] () -- C:\UNWISE.EXE
[2002/08/05 17:08:11 | 001,569,942 | ---- | M] () -- C:\what an achievement.bmp
[2002/08/01 15:08:50 | 002,380,374 | ---- | M] () -- C:\whatever 2.bmp
[2002/08/01 15:07:29 | 002,067,754 | ---- | M] () -- C:\whatever.bmp
[2002/08/01 15:15:03 | 002,175,630 | ---- | M] () -- C:\yeah 2.bmp
[2002/08/01 15:13:53 | 001,959,606 | ---- | M] () -- C:\yeah.bmp
[2002/08/01 15:37:05 | 000,621,054 | ---- | M] () -- C:\yr 10.bmp

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2007/05/18 03:20:03 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2007/05/18 03:20:03 | 000,626,688 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2007/05/18 03:20:03 | 000,430,080 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2009-07-09 09:56:01
< End of report >


OTL Extras:

OTL Extras logfile created on: 13/09/2010 9:12:12 PM - Run 1
OTL by OldTimer - Version 3.2.12.0 Folder = E:\
Windows XP Professional Edition Service Pack 1 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2800.1106)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

959.00 Mb Total Physical Memory | 725.00 Mb Available Physical Memory | 76.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 95.00% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 30.66 Gb Free Space | 41.14% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 1.88 Gb Total Space | 1.07 Gb Free Space | 56.99% Space Free | Partition Type: FAT
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ADZ
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: SafeMode
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.reg [@ = regfile] -- "%1"

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [open] -- "%1"
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
"DisableSR" = 1

========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{020032F6-05D6-42CE-9835-F24BDF8D4F7F}" = KORG microKORG XL Sound Editor
"{08094E03-AFE4-4853-9D31-6D0743DF5328}" = QuickTime
"{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}" = WD Diagnostics
"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0
"{0EA44599-1E9D-4517-A088-9588A9FAB211}" = AirPlus G
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{25DC2DF7-3E29-494E-8086-7A882FF9925D}" = Samsung PC Studio 3
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 15
"{3248F0A8-6813-11D6-A77B-00B0D0150000}" = J2SE Runtime Environment 5.0
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3A7DDC0A-B576-47E4-B061-2DD5D91E432F}" = KORG USB-MIDI Driver Tools for Windows
"{44D02D8B-FFB3-4245-8D26-68D10B4C4023}" = TGE
"{4C590030-7469-453E-8589-D15DA9D03F52}" = ANIWZCS2 Service
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{571700F0-DB9D-4B3A-B03D-35A14BB5939F}" = Windows Live Messenger
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}" = Text-To-Speech-Runtime
"{7B5CE976-C7A9-4E38-A7F3-6C8EF025DD8E}" = ANIO Service
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90840409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Excel Viewer 2003
"{961034C0-58DF-11DF-97FD-005056806466}" = Google Earth Plug-in
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A260B422-70E1-41E2-957D-F76FA21266D5}" = Apple Software Update
"{A654A805-41D9-40C7-AA46-4AF04F044D61}" = Adobe® Photoshop® Album Starter Edition 3.2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.5
"{AC76BA86-7AD7-1033-7B44-A81300000003}_814" = KB408682
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D0C73318-7B4A-4D16-A0C4-3B83F075EA88}" = Search Settings 1.2
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer
"{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}" = Samsung PC Studio 3 USB Driver Installer
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FBE569CA-BFEB-4E57-A674-F94D938E1AEF}" = e-tax 2010
"Acoustica Beatcraft" = Acoustica Beatcraft
"Acoustica Effects Pack" = Acoustica Effects Pack
"Acoustica Mixcraft" = Acoustica Mixcraft
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe® Photoshop® Album Starter Edition 3.2" = Adobe® Photoshop® Album Starter Edition 3.2
"AV Music Morpher Gold" = AV Music Morpher Gold
"AVG7Uninstall" = AVG 7.5
"BitTorrent" = BitTorrent
"Cakewalk Studio Instruments_is1" = Studio Instruments 1.0
"Cakewalk XL Pack_is1" = Cakewalk XL Pack
"CCleaner" = CCleaner
"DVD Shrink_is1" = DVD Shrink 3.2
"ExpressBurn" = Express Burn
"ExpressRip" = Express Rip
"Firebird SQL Server US" = Firebird SQL Server - MAGIX Edition
"Free RAR Extract Frog 1.00" = Free RAR Extract Frog 1.00
"Guitar Pro 5_is1" = Guitar Pro 5.0
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
"LimeWire" = LimeWire 5.5.13
"LiveReg" = LiveReg (Symantec Corporation)
"LiveUpdate1.6" = LiveUpdate 1.6 (Symantec Corporation)
"Logic Audio Platinum 5.2" = Logic Audio Platinum 5.2
"MAGIX Australian Idol Music Maker US" = MAGIX Australian Idol Music Maker 4.0.0.12 (US)
"MAGIX Music Manager 2007 US" = MAGIX Music Manager 2007 8.1.1.114 (US)
"MAGIX Photo Manager 2007 US" = MAGIX Photo Manager 2007 4.1.1.77 (US)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Media Player - Codec Pack" = Media Player Codec Pack 3.4.0
"MID Converter 4.0" = MID Converter 4.0
"Mozilla Firefox (3.6.9)" = Mozilla Firefox (3.6.9)
"Q329441" = Windows XP Hotfix (SP2) Q329441
"Q817287" = Windows XP Hotfix (SP2) Q817287
"Q828026" = Windows Media Player Hotfix [See wm828026 for more information]
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"Shuangs WAV to MP3 Converter_is1" = Shuangs WAV to MP3 Converter 2.1
"Switch" = Switch Sound File Converter
"VLC media player" = VLC media player 0.9.9

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/09/2010 7:38:57 AM | Computer Name = ADZ | Source = Avira AntiVir | ID = 4112
Description = An error occurred during a resource request to the Windows NT system.
The resource <INIT11> has not been allocated. This could be due to an out-of-memory
error or any other system failure. Returned error code: 0x2

Error - 12/09/2010 7:39:09 AM | Computer Name = ADZ | Source = PerfNet | ID = 2004
Description = Unable to open the Server service. Server performance data will not
be returned. Error code returned is in data DWORD 0.

Error - 12/09/2010 7:42:54 AM | Computer Name = ADZ | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 8007043C from line 44 of d:\nt_qxp\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 12/09/2010 7:42:54 AM | Computer Name = ADZ | Source = VSS | ID = 8193
Description = Volume Shadow Copy Service error: Unexpected error calling routine
CoCreateInstance. hr = 0x80040206.

Error - 12/09/2010 8:03:40 AM | Computer Name = ADZ | Source = Avira AntiVir | ID = 4112
Description = An error occurred during a resource request to the Windows NT system.
The resource <INIT11> has not been allocated. This could be due to an out-of-memory
error or any other system failure. Returned error code: 0x2

Error - 12/09/2010 8:09:12 AM | Computer Name = ADZ | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 8007043C from line 44 of d:\nt_qxp\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 12/09/2010 8:09:13 AM | Computer Name = ADZ | Source = VSS | ID = 8193
Description = Volume Shadow Copy Service error: Unexpected error calling routine
CoCreateInstance. hr = 0x80040206.

Error - 13/09/2010 4:19:19 AM | Computer Name = ADZ | Source = Avira AntiVir | ID = 4112
Description = An error occurred during a resource request to the Windows NT system.
The resource <INIT11> has not been allocated. This could be due to an out-of-memory
error or any other system failure. Returned error code: 0x2

Error - 13/09/2010 4:22:25 AM | Computer Name = ADZ | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 8007043C from line 44 of d:\nt_qxp\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 13/09/2010 4:22:25 AM | Computer Name = ADZ | Source = VSS | ID = 8193
Description = Volume Shadow Copy Service error: Unexpected error calling routine
CoCreateInstance. hr = 0x80040206.

[ System Events ]
Error - 13/09/2010 5:08:59 AM | Computer Name = ADZ | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\redist.dll.
Reference
error message: The operation completed successfully. .

Error - 13/09/2010 5:09:07 AM | Computer Name = ADZ | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service MSIServer with
arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}

Error - 13/09/2010 5:09:07 AM | Computer Name = ADZ | Source = SideBySide | ID = 16842784
Description = Dependent Assembly Microsoft.VC90.CRT could not be found and Last
Error was The referenced assembly is not installed on your system.

Error - 13/09/2010 5:09:07 AM | Computer Name = ADZ | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.VC90.CRT. Reference error
message: The referenced assembly is not installed on your system. .

Error - 13/09/2010 5:09:07 AM | Computer Name = ADZ | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\redist.dll.
Reference
error message: The operation completed successfully. .

Error - 13/09/2010 5:47:05 AM | Computer Name = ADZ | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 13/09/2010 7:08:00 AM | Computer Name = ADZ | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 13/09/2010 7:08:04 AM | Computer Name = ADZ | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 13/09/2010 7:12:26 AM | Computer Name = ADZ | Source = SRService | ID = 104
Description = The System Restore initialization process failed.

Error - 13/09/2010 7:12:26 AM | Computer Name = ADZ | Source = Service Control Manager | ID = 7023
Description = The System Restore Service service terminated with the following error:
%%2


< End of report >

[Advertisements]

I'm reviewing your logs.

I'll be back shortly.

[heir]

I'm reviewing your logs.

I'll be back shortly.

[heir]

Hello heyeddie !

Welcome to the site! My nickname is heir and I'll be helping clean up your computer.

Before we proceed to clean your computer from malware, let's go over some points that will help both me and you, and prevent causing damage to your computer:

• Please don't be afraid to ask questions! No question is considered dumb here. It's better to be safe than sorry!
• Please follow the steps exactly in the same order posted. If you can't perform a certain step, or you're unsure on what to do, please stop and let me know.
• NEVER fix anything with the tools or other programs on your own! This can be very dangerous and cause harm to your system. If you see a certain entry or program you're unsure about, please don't hesitate to ask!
• Make sure you reply to this thread using the Add Reply button:

Please read my posts completely before following the instructions.
It may be easier for you if you copy and paste a post to a new text document or print it for reference later.
This is required when you won't have access to Internet.

Windows XP Professional Edition Service Pack 1 (Version = 5.1.2600) - Type = NTWorkstation

Running on Service Pack 1 leaves your computer with a lot of security holes open to let the malware on to your computer.

Why haven't you updated your Windows XP Pro to the latest service pack?



Step 1.
WVCheck:

Please download WVCheck from Artellos.com.

• Double click WVCheck.exe. (If you downloaded the zipped version you will need to extract it.)
• As indicated by the prompt, This program can take a while depending on your hard drive space.
• Once the program is done, copy the contents of the notepad file as a reply.

Step 2.
CKScanner:

Download CKScanner from here:http://downloads.mal...m/CKScanner.exe
Important - Save it to your desktop.
Doubleclick CKScanner.exe and click Search For Files.
After a very short time, when the cursor hourglass disappears, click Save List To File.
A message box will verify the file saved.
Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.


Step 3.
Things I would like to see in your reply:

• The answer to my question in the beginning of this post.
• The content of the report from WVCheck in step 1.
• The content of CKFiles.txt from step 2.

[heyeddie]

Hey thanks for the fast reply!

The AV security suite pop up is no longer appearing on my screen and I am able to use all my programs, however when I try to use internet I get a message saying "The proxy server is refusing connections". Is it normal for the virus to do this?

In answer to your question I am unable to upgrade to the latest service pack as it tells me I need genuine windows to do so.

here are the results from WVcheck and CKscanner:

Windows Validation Check
Version: 1.8.8.3
Log Created On: 2029_16-09-2010
------------------------

Windows Information
-----------------------
Windows Version: Windows XP Service Pack 1
Windows Mode: Normal


WVCheck's Auto Update Check
-----------------------
WVCheck could not read the Auto-Update Option.
------------------------------
Last Success Time for Update Detection: 2010-09-10 07:09:46
Last Success Time for Update Download: 2010-08-14 02:04:38
Last Success Time for Update Installation: 2009-07-09 09:56:01


WVCheck's File Dump
-------------------
WVCheck found no known bad files.


WVCheck's Dir Dump
-------------------
C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
Size: 0 bytes
Matched: *Genuine?Advantage*
------------------------------


WVCheck's Missing File Check
-------------------
WVCheck found no missing Windows files.


WVCheck's MBAM Quarantine Check
-------------------
There were no bad files quarantined by MBAM.


WVCheck's HOSTS File Check
-------------------
WVCheck found no bad lines in the hosts file.


WVCheck's MD5 Check
EXPERIMENTAL!!
-------------------
user32.dll - 74202eb1bd67e8be9509e38c8d2234b0


-------- End of File, program close at 2032_16-09-2010 --------



CKScanner - Additional Security Risks - These are not necessarily bad
c:\documents and settings\administrator\my documents\adobe photoshop cs3 v10 with crack full version.zip
c:\documents and settings\administrator\my documents\my received files\beatcraft & mixcraft\acoustica beatcraft v1.02.13 +keygen.rar
c:\documents and settings\administrator\my documents\my received files\beatcraft & mixcraft\acoustica mixcraft v2.01.33 +keygen.rar
c:\documents and settings\administrator\my documents\my received files\beatcraft & mixcraft\acoustica beatcraft v1.02.13 +keygen\acoustica-beatcraft-installer.exe
c:\documents and settings\administrator\my documents\my received files\beatcraft & mixcraft\acoustica beatcraft v1.02.13 +keygen\keygen.exe
c:\documents and settings\administrator\my documents\my received files\beatcraft & mixcraft\acoustica beatcraft v1.02.13 +keygen\ucf.nfo
c:\documents and settings\administrator\my documents\my received files\beatcraft & mixcraft\acoustica mixcraft v2.01.33 +keygen\acoustica-mixcraft-installer.exe
c:\documents and settings\administrator\my documents\my received files\beatcraft & mixcraft\acoustica mixcraft v2.01.33 +keygen\keygen.exe
c:\documents and settings\administrator\my documents\my received files\beatcraft & mixcraft\acoustica mixcraft v2.01.33 +keygen\ucf.nfo
scanner sequence 3.CF.11
----- EOF -----

[heir]

In answer to your question I am unable to upgrade to the latest service pack as it tells me I need genuine windows to do so.

Then it need to be validated.


Go to this link

Validate

and follow the instruction.


--------------------------------------------
Please do this when the validation is complete.

Please run the MGA Diagnostic Tool and post back the report it shall produce:

• Download MGADiag to your desktop.
• Double-click on MGADiag.exe to launch the program
• Click "Continue"
• Ensure that the "Windows" tab is selected (it should be by default).
• Click the "Copy" button to copy the MGA Diagnostic Report to the Windows clipboard.
• Paste the MGA Diagnostic Report back here in your next reply.

[heyeddie]

I can't validate windows because the virus won't let me connect to the internet on my infected computer. Is there another way?

[heir]

Do this.

Run OTL.exe

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :OTL
  IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
  IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
  IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6092
  :Commands
  [emptytemp]
  [emptyflash]
  

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot when it is done
• Then post the OTL fixlog

Internet access?

If so, according to my previous post, Validate and run MGA Diagnostic Tool and post the log.

[heyeddie]

I have internet access now, but it says my copy of windows did not pass genuine validation.

Here is the MGA diagnositc report:

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Status: Blocked VLK
Validation Code: 3
Cached Validation Code: N/A
Windows Product Key: *****-*****-GXFK3-KPGG4-GM36T
Windows Product Key Hash: ++wGjeCeJjF8cHTuhtGP538sQCM=
Windows Product ID: 55274-647-3188384-23490
Windows Product ID Type: 1
Windows License Type: Volume
Windows OS version: 5.1.2600.2.00010100.1.0.pro
ID: {F297AEA1-3778-4411-8DC0-EB40702883F8}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: Registered, 1.8.31.9
Signed By: Microsoft
Product Name: N/A
Architecture: N/A
Build lab: N/A
TTS Error: N/A
Validation Diagnostic: 025D1FF3-230-1
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A
Version: N/A

Windows XP Notifications Data-->
Cached Result: 3
File Exists: Yes
Version: 1.8.31.9
WgaTray.exe Signed By: Microsoft
WgaLogon.dll Signed By: Microsoft

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 114 Blocked VLK 2
Microsoft Office Professional Edition 2003 - 114 Blocked VLK 2
OGA Version: Registered, 1.6.28.0
Signed By: Microsoft
Office Diagnostics: 77F760FE-153-80070002_7E90FEE8-175-80070002_025D1FF3-230-1

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 6.0; Win32)
Default Browser: C:\Program Files\Mozilla Firefox\firefox.exe
Download signed ActiveX controls: Allowed
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Allowed
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{F297AEA1-3778-4411-8DC0-EB40702883F8}</UGUID><Version>1.9.0027.0</Version><OS>5.1.2600.2.00010100.1.0.pro</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-GM36T</PKey><PID>55274-647-3188384-23490</PID><PIDType>1</PIDType><SID>S-1-5-21-343818398-838170752-725345543</SID><SYSTEM><Manufacturer>System manufacturer</Manufacturer><Model>System Product Name</Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc.</Manufacturer><Version>0712 </Version><SMBIOSVersion major="2" minor="3"/><Date>20061101******.******+***</Date></BIOS><HWID>2AD33C070184206D</HWID><UserLCID>0C09</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>E. Australia Standard Time(GMT+10:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification><File Name="WgaTray.exe" Version="1.8.31.9"/><File Name="WgaLogon.dll" Version="1.8.31.9"/></GANotification></MachineData> <Software><Office><Result>114</Result><Products><Product GUID="{90110409-6000-11D3-8CFE-0150048383C9}"><LegitResult>114</LegitResult><Name>Microsoft Office Professional Edition 2003</Name><Ver>11</Ver><Val>59D1605114E3500</Val><Hash>vfZmaSmFPIYrLWTcZSZErUQg+Fo=</Hash><Pid>73931-640-0000106-57745</Pid><PidType>14</PidType></Product></Products><Applications><App Id="15" Version="11" Result="114"/><App Id="16" Version="11" Result="114"/><App Id="18" Version="11" Result="114"/><App Id="19" Version="11" Result="114"/><App Id="1A" Version="11" Result="114"/><App Id="1B" Version="11" Result="114"/><App Id="44" Version="11" Result="114"/></Applications></Office></Software></GenuineResults>

Licensing Data-->
N/A

Windows Activation Technologies-->
N/A

HWID Data-->
N/A

OEM Activation 1.0 Data-->
BIOS string matches: yes
Marker string from BIOS: 136B0:ASUSTeK Computer Inc|1586D:GENUINE C&C INC
Marker string from OEMBIOS.DAT: N/A, hr = 0x80004005

OEM Activation 2.0 Data-->
N/A

[heir]

CKScanner - Additional Security Risks - These are not necessarily bad
c:\documents and settings\administrator\my documents\adobe photoshop cs3 v10 with crack full version.zip
c:\documents and settings\administrator\my documents\my received files\beatcraft & mixcraft\acoustica beatcraft v1.02.13 +keygen.rar
c:\documents and settings\administrator\my documents\my received files\beatcraft & mixcraft\acoustica mixcraft v2.01.33 +keygen.rar
c:\documents and settings\administrator\my documents\my received files\beatcraft & mixcraft\acoustica beatcraft v1.02.13 +keygen\acoustica-beatcraft-installer.exe
c:\documents and settings\administrator\my documents\my received files\beatcraft & mixcraft\acoustica beatcraft v1.02.13 +keygen\keygen.exe
c:\documents and settings\administrator\my documents\my received files\beatcraft & mixcraft\acoustica beatcraft v1.02.13 +keygen\ucf.nfo
c:\documents and settings\administrator\my documents\my received files\beatcraft & mixcraft\acoustica mixcraft v2.01.33 +keygen\acoustica-mixcraft-installer.exe
c:\documents and settings\administrator\my documents\my received files\beatcraft & mixcraft\acoustica mixcraft v2.01.33 +keygen\keygen.exe
c:\documents and settings\administrator\my documents\my received files\beatcraft & mixcraft\acoustica mixcraft v2.01.33 +keygen\ucf.nfo
scanner sequence 3.CF.11
----- EOF -----

The source of your infections is likely related to all the cracks and keygens that I found on your computer. If you are truly interested in staying clean in the future, I strongly recommend that you stay away from Cracks and Keygens. Failure to heed my warning may result in the reinfection of your computer. If you choose to continue down this path, we may not be able to help you here in the future.

I have internet access now, but it says my copy of windows did not pass genuine validation.

That's not good.



While we understand that you may not have been aware, your copy of Windows is not legitimate. Unfortunately, we are unable to help you any further on this site, as we adhere to a strict policy of only helping people who have legitimate copies of Windows. Thank you for understanding.

Please contact the reseller that you purchased your PC from. If your reseller is unable to help you, contact your local Microsoft call center. The Microsoft call center agent can help you verify whether the Product Key installed on your PC is genuine. The majority of customers who fail validation purchased their PCs from system builders. The PCs came with a genuine COA, but Windows was installed using an invalid Product Key. For customers who have a legal Product Key from the COA or the backup media that came with the PC, the call center agent can point customers to a Product Key Update tool which customers can use to validate their system using the legitimate Product Key they have.

If you wish to disable the WGA notification, the Microsoft representative will also be able to give you instructions to do so. Due to the fact that your installation of Windows was not able to be validated, we can not be sure that your copy is legitimate. Consequently, we will unfortunately not be able to continue offering our services to you until this issue is resolved.

If you have any issues with this policy, please PM a member of the Admin team or another Moderator.


I'm closing this topic now.