Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

netbook wont boot

Started by carebear100 , Nov 13 2010 07:26 AM

  • This topic is locked This topic is locked

#1
carebear100
Posted 13 November 2010 - 07:26 AM

carebear100

    Member

  • Member
  • PipPip
  • 20 posts
Hi Guys,

I really hope you can help!

My daughters netbook wouldnt boot up, i would just get a flashing underscore on the screen.eventually using xp emergency boot on a ufd i managed to access and boot into windows. At this point i realised she had a helluva lot of virus on her computer. my web search, funweb products fraud defense products, virtumonde.sdn,win32.fraudload.pc and .ss to name just a few
I used spybot sd to take out most of these and have deleted all extra remains i could find in my reg and such.

Also avg has been disabled and wont install giving me an install error, but with no error code. super anti spyware freezes every time i try to update.
the system will still not boot up without using the usb flash drive

i have include a hijack this log file hope this helps


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:25:32, on 14/01/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Acer\Acer VCM\RS_Service.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Acer\Acer VCM\AcerVCM.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Kirsty\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer...09&m=aspire_one
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://homepage.acer...09&m=aspire_one
R3 - URLSearchHook: (no name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe,,c:\program files\microsoft\desktoplayer.exe
O1 - Hosts: 74.208.10.249 gs.apple.com
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: wit for ie - {75ED56AF-4DC9-4243-A30C-4EF4DD0CA28F} - C:\Program Files\ChameleonTom\wit4ie.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
O2 - BHO: chameleontom - {cd0639ea-e14d-f247-9780-8dbf6ca0f6b0} - C:\WINDOWS\system32\--ZJ8b-B.dll (file missing)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\Audio\Drivers\AzMixerSel.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [PLFSetL] C:\WINDOWS\PLFSetL.exe
O4 - HKLM\..\Run: [snp2uvc] rundll32.exe C:\WINDOWS\system32\csnp2uvc.dll,ResetCIDS
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [nonep] C:\Program Files\riv87\oops.exe
O4 - HKLM\..\Run: [MFARestart] "C:\Documents and Settings\All Users\Application Data\MFAData\pack\avgrunasx.exe" /usereg
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [{1B59DC2C-1F7B-65F8-FE23-3CE801944D78}] "C:\Documents and Settings\Kirsty\Application Data\Wipeo\isry.exe"
O4 - HKCU\..\Run: [{4104F668-DB57-C9DE-79D5-C878220D65C0}] "C:\Documents and Settings\Kirsty\Application Data\Inti\maima.exe"
O4 - HKCU\..\Run: [{673FEFE4-B939-7968-E57E-40EABA2EA1EE}] "C:\Documents and Settings\Kirsty\Application Data\Kuyp\wore.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Jqafesola] rundll32.exe "C:\WINDOWS\mplextu.dll",Startup (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [dfrgsnapnt.exe] C:\WINDOWS\TEMP\dfrgsnapnt.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - .DEFAULT User Startup: abkamu.exe (User 'Default user')
O4 - .DEFAULT User Startup: gudo.exe (User 'Default user')
O4 - .DEFAULT User Startup: utno.exe (User 'Default user')
O4 - .DEFAULT User Startup: uxvaeq.exe (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Acer VCM.lnk = ?
O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
O8 - Extra context menu item: &Search - ?s=100000343&p=ZKman000&si=&a=YHArYURAaypX2x.wHjUQGQ&n=2010100209
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} (Bebo Uploader Control) - http://www.bebo.com/...ader.5.8.05.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zon...kr.cab56986.cab
O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - http://messenger.zon...S.cab109791.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zon...wn.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zon...1/GAME_UNO1.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebo...oUploader55.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.ad...Plus/1.6/gp.cab
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx1.hotmail....ol/MSNPUpld.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Acer\Acer VCM\Skype4COM.dll
O20 - AppInit_DLLs:
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: Raw Socket Service (RS_Service) - Acer Incorporated - C:\Program Files\Acer\Acer VCM\RS_Service.exe

--
End of file - 12081 bytes
  • 0

Advertisements

#2
carebear100
Posted 13 November 2010 - 07:40 AM

carebear100

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
i have also tried using acers boot recovery tool with no effect.

Any help would be greatly appreciated.
  • 0

#3
Salagubang
Posted 14 November 2010 - 01:05 AM

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,891 posts
Hi carebear100,

Welcome to Geekstogo. My name is Salagubang and I'll be helping you with this problem.

I am still a trainee so all my posts will be checked by an Expert. It's your advantage that there are two people looking at your log but responses may be a little delayed so please be patient.

  • Please read all of my response through at least once before attempting to follow the procedures described. I would recommend printing them out, if you can, as you can check off each step as you complete it. If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you
  • English is not my first language, so please do not use slang or idioms, as this makes it difficult to understand for me.

On the clean computer.

  • Download the attached Scan.txt and save it to your USB stick.
    Attached File  scan.txt   394bytes   510 downloads
  • Download OTLPEStd.exe to your desktop
  • Ensure that you have a blank CD in the drive
  • Double click OTLPEStd.exe and this will then open imgburn to burn the file to CD

On the infected computer.

  • Reboot your system using the boot CD you just created.
    Note : If you do not know how to set your computer to boot from CD follow the steps here
  • As the CD needs to detect your hardware and load the operating system, I would recommend a nice cup of tea whilst it loads :D
  • Your system should now display a Reatogo desktop.
    Note : as you are running from CD it is not exactly speedy
  • Double-click on the OTLPE icon.
  • Select the Windows folder of the infected drive if it asks for a location
  • When asked "Do you wish to load the remote registry", select Yes
  • When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start.
  • Double click Custom scans and fixes box, a dialogue box will appear. Choose the scan.txt saved previously on your USB drive.
  • Press Run Scan to start the scan.
  • When finished, the file will be saved in drive C:\OTL.txt
  • Copy this file to your USB drive if you do not have internet connection on this system.
  • Right click the file and select send to : select the USB drive.
  • Confirm that it has copied to the USB drive by selecting it
  • You can backup any files that you wish from this OS
  • Please post the contents of the C:\OTL.txt file in your reply.


  • 0

#4
carebear100
Posted 14 November 2010 - 06:37 AM

carebear100

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
hi salagubang,

Thank you so much for getting back to me.
The problem i have with this is that the acer notebook doesn't have a cd drive,

could i do it all from a usb..?

or would i need to get an external cd player.?
  • 0

#5
Salagubang
Posted 14 November 2010 - 06:54 AM

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,891 posts
Hi carebear100,

Lets try this instead.

Boot using your emergency boot usb and follow these instructions:

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan box paste this in

    netsvcs
    drivers32
    /md5start
    explorer.exe
    userinit.exe
    winlogon.exe
    svchost.exe
    /md5stop
    %SYSTEMDRIVE%\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them if you need to start a new topic.

  • 0

#6
carebear100
Posted 14 November 2010 - 08:42 AM

carebear100

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
OTL logfile created on: 15/01/2010 14:34:11 - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Kirsty\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1,014.00 Mb Total Physical Memory | 605.00 Mb Available Physical Memory | 60.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 142.05 Gb Total Space | 101.85 Gb Free Space | 71.70% Space Free | Partition Type: NTFS
Drive D: | 243.71 Mb Total Space | 210.67 Mb Free Space | 86.44% Space Free | Partition Type: FAT

Computer Name: KIRSTYSCOMP | User Name: Kirsty | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/10/27 06:13:43 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/08/13 11:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/02/18 10:43:20 | 000,490,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2010/01/15 14:31:48 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kirsty\Desktop\OTL.exe
PRC - [2010/01/15 12:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/02/11 15:46:28 | 000,565,248 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer VCM\AcerVCM.exe
PRC - [2009/02/05 08:14:56 | 000,237,568 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer VCM\RS_Service.exe
PRC - [2008/12/30 07:09:54 | 000,875,016 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\LManager.exe
PRC - [2008/05/28 10:33:34 | 001,506,544 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2008/04/15 17:54:42 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/04/15 17:54:40 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008/04/14 12:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/02/28 01:00:10 | 000,170,520 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxext.exe
PRC - [2008/01/31 02:09:28 | 000,604,920 | ---- | M] (iExpert Software) -- C:\Program Files\Registry Clean Expert\RCHelper.exe


========== Modules (SafeList) ==========

MOD - [2010/08/23 16:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2010/01/15 14:31:48 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kirsty\Desktop\OTL.exe


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/08/13 11:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/01/15 12:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/02/05 08:14:56 | 000,237,568 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer VCM\RS_Service.exe -- (RS_Service)
SRV - [2008/04/15 17:54:42 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\Rts5161ccid.sys -- (USBCCID)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\Rts516xIR.sys -- (Rts516xIR)
DRV - File not found [Kernel | On_Demand | Stopped] -- c:\acernb\int15.sys -- (int15.sys)
DRV - [2009/03/02 05:03:46 | 000,038,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l1c51x86.sys -- (L1c)
DRV - [2009/02/25 19:17:52 | 001,344,224 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\athw.sys -- (AR5416)
DRV - [2009/02/24 08:49:44 | 005,032,448 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009/02/05 10:33:04 | 000,205,232 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2009/02/03 06:42:30 | 000,162,816 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2008/08/05 12:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2008/05/28 10:33:38 | 000,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Running] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2008/05/28 10:33:36 | 000,055,024 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2008/05/28 10:33:36 | 000,008,944 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2008/04/15 17:53:44 | 000,312,344 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor)
DRV - [2008/04/14 12:00:00 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2008/04/14 12:00:00 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/04/14 12:00:00 | 000,052,352 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\volsnap.sys -- (VolSnap)
DRV - [2008/04/14 12:00:00 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2008/04/14 12:00:00 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2008/04/14 12:00:00 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2008/04/14 12:00:00 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2008/04/14 12:00:00 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2008/04/14 12:00:00 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2008/04/14 12:00:00 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2008/04/14 12:00:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2008/04/14 12:00:00 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2008/04/14 12:00:00 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2008/04/14 12:00:00 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2008/04/14 12:00:00 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2008/04/14 12:00:00 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2008/04/14 12:00:00 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2008/04/14 00:06:40 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/14 00:06:40 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/02/14 23:12:06 | 005,854,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2007/10/01 13:59:46 | 001,769,984 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2006/11/02 13:27:36 | 000,020,112 | ---- | M] (Dritek System Inc.) [Kernel | System | Running] -- C:\Program Files\Launch Manager\DPortIO.sys -- (DritekPortIO)
DRV - [2006/01/04 07:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2004/12/08 06:10:00 | 000,016,896 | ---- | M] (Dritek System Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\DKbFltr.SYS -- (DKbFltr)
DRV - [2001/08/17 12:11:30 | 000,096,640 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer...09&m=aspire_one
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E4 4B 6B AD 4C D0 CA 01 [binary data]
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========



FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/14 01:51:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/14 01:51:19 | 000,000,000 | ---D | M]

[2010/01/14 01:51:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kirsty\Application Data\Mozilla\Extensions
[2010/01/14 01:51:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kirsty\Application Data\Mozilla\Firefox\Profiles\z2ztpp00.default\extensions
[2010/01/14 01:51:19 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/10/27 05:24:34 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/10/27 05:24:34 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/10/27 05:24:34 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/08/12 08:21:14 | 000,002,486 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\iMeshWebSearch.xml
[2010/10/27 05:24:34 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2010/10/11 11:26:16 | 000,000,816 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 74.208.10.249 gs.apple.com
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - {75ED56AF-4DC9-4243-A30C-4EF4DD0CA28F} - No CLSID value found.
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O2 - BHO: (no name) - {cd0639ea-e14d-f247-9780-8dbf6ca0f6b0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AzMixerSel] C:\Program Files\Realtek\Audio\Drivers\AzMixerSel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [MFARestart] C:\Documents and Settings\All Users\Application Data\MFAData\pack\avgrunasx.exe ()
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [nonep] C:\Program Files\riv87\oops.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PLFSetL] C:\WINDOWS\PLFSetL.exe (sonix)
O4 - HKLM..\Run: [snp2uvc] C:\WINDOWS\System32\csnp2uvc.DLL ( )
O4 - HKCU..\Run: [{1B59DC2C-1F7B-65F8-FE23-3CE801944D78}] C:\Documents and Settings\Kirsty\Application Data\Wipeo\isry.exe ()
O4 - HKCU..\Run: [RegClean Expert Scheduler] C:\Program Files\Registry Clean Expert\RCHelper.exe (iExpert Software)
O4 - HKCU..\Run: [RegistryBooster] C:\Program Files\Uniblue\RegistryBooster\launcher.exe File not found
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acer VCM.lnk = C:\Program Files\Acer\Acer VCM\AcerVCM.exe (Acer Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll (Google Inc.)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} http://www.bebo.com/...ader.5.8.05.cab (Bebo Uploader Control)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zon...kr.cab56986.cab (Checkers Class)
O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} http://messenger.zon...S.cab109791.cab ()
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} http://messenger.zon...wn.cab56986.cab (Solitaire Showdown Class)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zon...1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail....ol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Acer\Acer VCM\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (c:\program files\microsoft\desktoplayer.exe) - c:\Program Files\Microsoft\DesktopLayer.exe ()
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Kirsty\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Kirsty\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/03/11 18:34:33 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (92470645882880)

========== Files/Folders - Created Within 30 Days ==========

[2010/11/07 22:27:57 | 000,000,000 | ---D | C] -- C:\Adobe
[2010/11/07 22:24:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\1B1D4
[2010/11/07 22:18:58 | 000,000,000 | ---D | C] -- C:\Program Files\iMesh Applications
[2010/11/07 22:18:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\iMesh
[2010/11/07 22:17:36 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{74E513D3-4879-4E42-A0B8-F85EE8C789EA}
[2010/11/07 21:57:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2010/11/03 19:18:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kirsty\Application Data\Wuapa
[2010/11/03 19:18:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kirsty\Application Data\Qyvau
[2010/11/02 23:11:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2010/10/28 21:38:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/10/28 21:38:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/10/28 14:01:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kirsty\Application Data\Ikytv
[2010/10/28 14:01:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kirsty\Application Data\Erzybu
[2010/10/28 14:01:14 | 000,000,000 | ---D | C] -- C:\Program Files\windows
[2010/10/28 14:01:08 | 000,000,000 | ---D | C] -- C:\Program Files\riv87
[2010/10/26 10:28:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2010/10/21 20:13:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Identities
[2010/10/18 11:53:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/10/18 11:52:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/10/16 20:21:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/10/16 20:21:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/10/14 17:21:08 | 000,000,000 | ---D | C] -- C:\a1b9162fcf2f5925588d
[2010/10/10 00:48:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kirsty\Application Data\Xegi
[2010/09/29 16:47:23 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/09/20 20:37:32 | 000,000,000 | ---D | C] -- C:\Program Files\LimeWire
[2010/09/19 11:40:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kirsty\Application Data\Apple Computer
[2010/09/19 11:40:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kirsty\Local Settings\Application Data\Apple Computer
[2010/09/18 18:25:24 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/09/18 18:07:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2010/09/18 17:13:55 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/09/18 17:13:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/09/18 17:12:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2010/09/18 17:12:30 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2010/09/18 17:12:01 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/09/18 17:11:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2010/09/18 17:11:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple
[2010/09/10 14:05:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kirsty\Local Settings\Application Data\AVG Security Toolbar
[2010/09/07 01:50:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kirsty\Application Data\Qawico
[2010/09/02 13:04:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games
[2010/08/27 16:12:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kirsty\Application Data\vlc
[2010/08/27 16:10:39 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2010/08/27 11:12:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kirsty\Desktop\Films
[2010/08/24 03:24:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kirsty\Application Data\Onufog
[2010/07/31 06:22:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\.jagex_cache_32
[2010/06/17 04:33:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kirsty\Application Data\Cona
[2010/06/11 13:53:13 | 000,000,000 | ---D | C] -- C:\d4e2d7ec836274b1f46b02f3aa
[2010/05/05 22:40:34 | 000,000,000 | -H-D | C] -- C:\$AVG
[2010/04/29 18:47:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kirsty\Application Data\SulusGames
[2010/04/29 18:46:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/04/19 09:06:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kirsty\Application Data\Oxigxe
[2010/04/08 09:27:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/04/08 09:22:51 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2010/03/21 20:27:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kirsty\Application Data\Wiycu
[2010/03/20 02:28:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kirsty\Application Data\Kaiqr
[2010/02/25 00:29:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kirsty\Local Settings\Application Data\Temp
[2010/02/21 10:42:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2010/02/21 10:42:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/02/21 10:41:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kirsty\Application Data\Sun
[2010/02/17 22:45:12 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
[2010/02/17 22:44:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2010/02/15 22:26:51 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Connect 2
[2010/02/15 22:24:29 | 000,000,000 | ---D | C] -- C:\51d0d94291cc930c39bf
[2010/02/15 22:24:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF
[2010/02/15 22:24:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
[2010/02/12 16:43:54 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Kirsty\My Documents\My Videos
[2010/02/12 16:36:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kirsty\Application Data\Facebook
[2010/02/12 16:32:52 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Kirsty\IECompatCache
[2010/02/12 10:42:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\McAfee
[2010/02/11 10:33:12 | 000,000,000 | ---D | C] -- C:\Program Files\Defraggler
[2010/02/11 10:28:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kirsty\My Documents\payslips
[2010/02/10 10:41:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2010/02/10 10:40:58 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan
[2010/02/10 10:40:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kirsty\Local Settings\Application Data\Adobe
[2010/02/10 10:40:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS
[2010/02/04 13:32:40 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Kirsty\PrivacIE
[2010/02/03 21:37:10 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Kirsty\IETldCache
[2010/02/03 21:33:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2010/02/03 21:32:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2010/02/03 21:32:46 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010/02/03 21:01:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/02/03 19:55:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kirsty\Local Settings\Application Data\Mozilla
[2010/02/03 19:55:16 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/02/03 19:42:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kirsty\My Documents\Downloads
[2010/02/01 16:51:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2010/02/01 16:24:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2010/01/25 18:50:31 | 000,000,000 | R-SD | C] -- C:\Documents and Settings\Kirsty\My Documents\My Stationery
[2010/01/15 14:31:42 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Kirsty\Desktop\OTL.exe
[2010/01/14 19:07:58 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/01/14 18:43:59 | 000,000,000 | ---D | C] -- C:\Program Files\Registry Clean Expert
[2010/01/14 18:27:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kirsty\Application Data\Uniblue
[2010/01/14 18:27:12 | 000,000,000 | ---D | C] -- C:\Program Files\Uniblue
[2010/01/14 12:07:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kirsty\My Documents\OneNote Notebooks
[2010/01/14 02:02:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/01/14 02:02:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kirsty\Application Data\SUPERAntiSpyware.com
[2010/01/14 02:02:47 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/01/14 02:02:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2010/01/14 01:51:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kirsty\Application Data\Mozilla
[2010/01/14 01:44:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kirsty\Application Data\Ynke
[2010/01/14 01:44:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kirsty\Application Data\Wipeo
[2010/01/14 01:24:07 | 004,329,496 | ---- | C] (AVG Technologies) -- C:\Documents and Settings\Kirsty\Desktop\avg_free_stb_all_2011_1153_upgrade.exe
[2010/01/14 00:32:53 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/01/14 00:32:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2010/01/14 00:30:53 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\Kirsty\Desktop\spybotsd162.exe
[2010/01/14 00:12:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kirsty\Local Settings\Application Data\PackageAware
[2010/01/14 00:02:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kirsty\Desktop\backups
[2010/01/14 00:00:02 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Kirsty\Desktop\HijackThis.exe
[2010/01/13 23:34:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kirsty\Application Data\Tizia
[2010/01/13 23:34:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kirsty\Application Data\Inti
[2010/01/13 23:33:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kirsty\Application Data\Yqucu
[2010/01/13 23:33:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kirsty\Application Data\Awafw
[2010/01/07 01:27:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kirsty\Application Data\Zyagt
[2010/01/01 09:39:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kirsty\Application Data\Yfesa
[2009/12/29 20:45:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kirsty\Local Settings\Application Data\Identities
[2009/12/23 22:41:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee Security Scan
[2009/12/22 01:10:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kirsty\My Documents\My Received Files
[2009/12/20 15:50:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2009/12/20 15:50:17 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2009/12/20 15:50:04 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2009/12/20 15:49:22 | 000,000,000 | ---D | C] -- C:\c6b62c82ab27f6c0113403686579d6
[2009/12/19 11:15:16 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2009/12/18 09:58:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kirsty\Application Data\Kuyp
[2009/12/18 09:05:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie7updates
[2009/12/18 08:47:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
[2009/12/18 04:37:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kirsty\Tracing
[2009/12/18 04:20:44 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2009/12/18 03:53:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2009/12/18 03:53:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kirsty\Application Data\Google
[2009/12/18 03:45:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google
[2009/12/18 03:44:43 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Kirsty\Application Data\Microsoft
[2009/12/18 03:44:43 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Kirsty\SendTo
[2009/12/18 03:44:43 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Kirsty\Recent
[2009/12/18 03:44:43 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Kirsty\Application Data
[2009/12/18 03:44:43 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Kirsty\Start Menu
[2009/12/18 03:44:43 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Kirsty\My Documents\My Pictures
[2009/12/18 03:44:43 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Kirsty\My Documents\My Music
[2009/12/18 03:44:43 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Kirsty\My Documents
[2009/12/18 03:44:43 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Kirsty\Favorites
[2009/12/18 03:44:43 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Kirsty\Cookies
[2009/12/18 03:44:43 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Kirsty\Templates
[2009/12/18 03:44:43 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Kirsty\PrintHood
[2009/12/18 03:44:43 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Kirsty\NetHood
[2009/12/18 03:44:43 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Kirsty\Local Settings
[2009/12/18 03:44:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kirsty\Application Data\Super-Cow
[2009/12/18 03:44:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kirsty\Local Settings\Application Data\Oberon Games
[2009/12/18 03:44:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kirsty\My Documents\My Google Gadgets
[2009/12/18 03:44:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kirsty\Local Settings\Application Data\Microsoft Help
[2009/12/18 03:44:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kirsty\Local Settings\Application Data\Microsoft
[2009/12/18 03:44:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kirsty\Application Data\Macromedia
[2009/12/18 03:44:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kirsty\Application Data\InstallShield
[2009/12/18 03:44:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kirsty\Application Data\Identities
[2009/12/18 03:44:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kirsty\Local Settings\Application Data\Grubby Games
[2009/12/18 03:44:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kirsty\Local Settings\Application Data\Google
[2009/12/18 03:44:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kirsty\Desktop
[2009/12/18 03:44:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kirsty\Application Data\Adobe
[2009/12/18 03:44:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kirsty\Application Data\Acer GameZone Console
[2009/12/18 03:44:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kirsty\Application Data\Acer
[2009/12/17 20:22:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\SACore
[2009/12/17 20:18:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Acer
[2009/05/30 03:26:56 | 000,196,608 | ---- | C] ( ) -- C:\WINDOWS\System32\csnp2uvc.dll
[2009/05/30 03:26:54 | 000,172,032 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnp2uvc.dll
[2009/03/11 10:19:58 | 000,049,152 | ---- | C] ( ) -- C:\WINDOWS\Interop.IWshRuntimeLibrary.dll
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/11/13 00:28:24 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\Kirsty\Desktop\spybotsd162.exe
[2010/11/12 23:57:46 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Kirsty\Desktop\HijackThis.exe
[2010/11/07 22:31:17 | 000,000,893 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\2481634561.dat
[2010/11/07 22:19:40 | 000,000,138 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Emoticons for your messenger!.url
[2010/11/07 22:10:15 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/11/07 19:43:40 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Kirsty\Local Settings\Application Data\prvlcl.dat
[2010/11/07 17:06:44 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{6E8ED68A-DFB9-468F-AE1B-0DDC1B66C577}.job
[2010/11/06 17:46:37 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/11/03 17:17:15 | 000,003,581 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\recipes.rtf
[2010/11/01 08:15:00 | 000,030,208 | -HS- | M] () -- C:\WINDOWS\System32\csncui.dll
[2010/10/31 01:28:52 | 000,434,266 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/10/31 01:28:52 | 000,068,386 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/10/27 23:23:22 | 004,329,496 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\Kirsty\Desktop\avg_free_stb_all_2011_1153_upgrade.exe
[2010/10/26 10:28:54 | 000,001,733 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/10/15 15:46:25 | 000,001,275 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\the christaning.rtf
[2010/10/15 11:15:41 | 000,253,472 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/10/14 21:49:46 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/10/14 21:04:40 | 000,029,184 | ---- | M] () -- C:\Documents and Settings\Kirsty\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/14 21:01:33 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/10/14 17:19:32 | 000,000,300 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\smile.rtf
[2010/10/11 11:26:16 | 000,000,816 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.msn
[2010/10/11 11:26:16 | 000,000,816 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/10/11 11:26:16 | 000,000,787 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.umbrella
[2010/09/29 17:07:15 | 000,054,788 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/09/18 18:25:38 | 000,001,608 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/09/18 17:59:15 | 000,002,341 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\eSobi v2.lnk
[2010/09/18 17:12:38 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/09/17 23:34:09 | 000,000,200 | ---- | M] () -- C:\Documents and Settings\Kirsty\Desktop\08-redman-smoke_buddah-r3d.mp3
[2010/04/07 21:18:52 | 000,105,482 | ---- | M] () -- C:\WINDOWS\System32\fILX-_-p-9vYJ.exe
[2010/04/06 11:58:42 | 000,013,255 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\application letter for treds.docx
[2010/04/06 11:58:37 | 000,039,424 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\kirsty CV.docUMENTS.doc
[2010/03/10 12:26:14 | 000,035,460 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\love life.docx
[2010/02/17 22:45:07 | 000,000,804 | ---- | M] () -- C:\Documents and Settings\Kirsty\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2010/02/17 22:45:07 | 000,000,786 | ---- | M] () -- C:\Documents and Settings\Kirsty\Desktop\Windows Media Player.lnk
[2010/02/16 05:07:44 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/02/16 05:07:44 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/02/15 22:25:34 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2010/02/15 22:24:27 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2010/02/12 10:41:32 | 000,001,619 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Scan Plus.lnk
[2010/02/12 10:41:32 | 000,001,611 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2010/02/11 16:25:22 | 000,010,002 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\LEO TYLER PAUL.docx
[2010/02/11 10:33:14 | 000,001,584 | ---- | M] () -- C:\Documents and Settings\Kirsty\Desktop\Defraggler.lnk
[2010/02/05 18:27:45 | 001,291,776 | ---- | M] () -- C:\WINDOWS\System32\dllcache\quartz.dll
[2010/02/05 17:20:31 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2010/02/03 21:39:02 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\Kirsty\Desktop\Shortcut to ATF-Cleaner.lnk
[2010/02/03 21:37:17 | 000,000,819 | ---- | M] () -- C:\Documents and Settings\Kirsty\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/02/03 19:55:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2010/02/01 15:12:25 | 000,406,740 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\31012010625.jpg
[2010/02/01 15:11:59 | 000,382,523 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\29012010624.jpg
[2010/02/01 15:11:40 | 000,258,723 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\29012010621.jpg
[2010/02/01 15:11:20 | 000,285,650 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\29012010620-002.jpg
[2010/02/01 15:11:01 | 000,280,797 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\29012010620-001.jpg
[2010/02/01 15:10:37 | 000,394,086 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\29012010620.jpg
[2010/02/01 15:10:18 | 000,469,173 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\29012010619.jpg
[2010/02/01 15:10:03 | 000,369,378 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\29012010616.jpg
[2010/02/01 15:09:32 | 000,453,811 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\29012010615.jpg
[2010/02/01 15:09:10 | 000,502,938 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\29012010614.jpg
[2010/01/18 19:24:04 | 000,501,054 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\06122009148.jpg
[2010/01/18 19:22:48 | 000,456,379 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\06122009149.jpg
[2010/01/18 19:22:17 | 000,378,757 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\06122009158.jpg
[2010/01/18 19:21:32 | 000,244,626 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\06122009159.jpg
[2010/01/18 19:21:08 | 000,398,559 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\06122009160.jpg
[2010/01/18 19:20:43 | 000,518,107 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\06122009161.jpg
[2010/01/18 19:19:55 | 000,515,213 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\06122009162.jpg
[2010/01/18 19:18:56 | 000,375,283 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\06122009164.jpg
[2010/01/18 19:18:34 | 000,401,013 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\06122009165.jpg
[2010/01/18 19:18:02 | 000,540,519 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\06122009166.jpg
[2010/01/18 19:17:36 | 000,516,584 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\06122009167.jpg
[2010/01/18 19:16:12 | 000,175,502 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\06122009167-001.jpg
[2010/01/18 19:15:50 | 000,225,604 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\06122009167-002.jpg
[2010/01/18 19:15:19 | 000,388,769 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\06122009171.jpg
[2010/01/18 19:12:59 | 000,275,152 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\06122009180.jpg
[2010/01/18 19:12:12 | 000,314,469 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\06122009182.jpg
[2010/01/18 19:11:48 | 000,382,420 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\06122009184.jpg
[2010/01/18 19:11:09 | 000,292,846 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\06122009186.jpg
[2010/01/18 19:10:41 | 000,250,768 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\06122009187.jpg
[2010/01/18 19:10:11 | 000,488,819 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\14122009251.jpg
[2010/01/18 19:04:44 | 000,477,513 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\14122009255.jpg
[2010/01/18 19:03:46 | 000,392,022 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\14122009256.jpg
[2010/01/18 19:03:12 | 000,427,207 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\14122009257.jpg
[2010/01/18 19:02:01 | 000,653,550 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\14122009258.jpg
[2010/01/18 19:01:34 | 000,510,764 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\14122009260.jpg
[2010/01/18 19:01:04 | 000,573,685 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\14122009261.jpg
[2010/01/18 19:00:16 | 000,355,661 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\14122009262.jpg
[2010/01/18 18:55:09 | 000,432,860 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\14122009263.jpg
[2010/01/18 18:52:11 | 000,459,249 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\14122009266.jpg
[2010/01/18 18:50:25 | 000,413,719 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\14122009268.jpg
[2010/01/18 18:50:05 | 000,495,545 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\14122009269.jpg
[2010/01/18 18:49:23 | 000,459,612 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\14122009270.jpg
[2010/01/18 18:48:06 | 000,697,457 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\14122009271.jpg
[2010/01/18 18:46:34 | 000,669,623 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\14122009272.jpg
[2010/01/18 18:46:06 | 000,540,121 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\14122009273.jpg
[2010/01/18 18:44:41 | 000,387,370 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\14122009274.jpg
[2010/01/18 18:44:10 | 000,486,407 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\14122009275.jpg
[2010/01/18 18:43:39 | 000,292,979 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\14122009264.jpg
[2010/01/18 18:42:35 | 000,505,294 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\24122009279.jpg
[2010/01/18 18:41:09 | 000,488,739 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\24122009280.jpg
[2010/01/18 18:40:45 | 000,495,514 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\24122009281.jpg
[2010/01/18 18:40:02 | 000,395,758 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\31122009309.jpg
[2010/01/18 18:39:24 | 000,449,456 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\31122009312.jpg
[2010/01/18 18:38:43 | 000,409,912 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\31122009317.jpg
[2010/01/18 18:38:14 | 000,596,562 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\31122009318.jpg
[2010/01/18 18:37:47 | 000,515,996 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\31122009319.jpg
[2010/01/18 18:37:20 | 000,364,466 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\31122009322.jpg
[2010/01/18 18:36:50 | 000,497,102 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\31122009324.jpg
[2010/01/18 18:36:23 | 000,469,861 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\31122009325.jpg
[2010/01/18 18:35:53 | 000,427,295 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\31122009327.jpg
[2010/01/18 18:35:27 | 000,378,158 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\31122009328.jpg
[2010/01/18 18:35:04 | 000,377,369 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\31122009329.jpg
[2010/01/18 18:33:56 | 000,424,938 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\31122009330.jpg
[2010/01/18 18:33:32 | 000,404,249 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\31122009331.jpg
[2010/01/18 18:33:11 | 000,479,593 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\31122009332.jpg
[2010/01/18 18:32:40 | 000,386,281 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\31122009333.jpg
[2010/01/18 18:32:19 | 000,422,428 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\31122009334.jpg
[2010/01/18 18:30:44 | 000,518,457 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\31122009336.jpg
[2010/01/18 18:29:38 | 000,458,266 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\31122009338.jpg
[2010/01/18 18:29:00 | 000,458,125 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\31122009339.jpg
[2010/01/18 18:25:24 | 000,426,550 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\31122009343.jpg
[2010/01/18 18:24:13 | 000,492,437 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\31122009347.jpg
[2010/01/18 18:23:24 | 000,378,764 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\31122009350.jpg
[2010/01/18 18:22:38 | 000,399,473 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\31122009353.jpg
[2010/01/18 18:22:10 | 000,404,277 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\31122009354.jpg
[2010/01/18 18:13:27 | 000,259,804 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\31122009312-001.jpg
[2010/01/18 18:02:23 | 000,580,786 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\06012010406.jpg
[2010/01/18 18:01:25 | 000,377,609 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\06012010432.jpg
[2010/01/18 18:00:47 | 000,351,375 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\06012010434.jpg
[2010/01/18 18:00:01 | 000,342,411 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\06012010441.jpg
[2010/01/18 17:59:26 | 000,605,756 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\06012010443.jpg
[2010/01/18 17:58:54 | 000,567,595 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\06012010444.jpg
[2010/01/18 17:58:15 | 000,636,737 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\06012010446.jpg
[2010/01/18 17:57:48 | 000,415,676 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\06012010447.jpg
[2010/01/18 17:55:38 | 000,651,161 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\06012010448.jpg
[2010/01/18 17:54:32 | 000,452,919 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\06012010450.jpg
[2010/01/18 17:54:04 | 000,009,652 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\06012010451.jpg
[2010/01/18 17:53:19 | 000,011,412 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\06012010452.jpg
[2010/01/18 17:52:55 | 000,011,125 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\06012010453.jpg
[2010/01/18 17:52:12 | 000,356,665 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\06012010454.jpg
[2010/01/18 17:50:18 | 000,427,432 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\06012010455.jpg
[2010/01/18 17:49:57 | 000,362,767 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\06012010456.jpg
[2010/01/18 17:47:56 | 000,373,908 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\06012010457.jpg
[2010/01/18 03:15:07 | 000,422,377 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\07012010484.jpg
[2010/01/18 03:14:34 | 000,407,374 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\07012010488.jpg
[2010/01/18 03:14:09 | 000,575,050 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\07012010489.jpg
[2010/01/18 03:13:34 | 000,459,870 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\07012010492.jpg
[2010/01/18 03:13:07 | 000,413,324 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\07012010493.jpg
[2010/01/18 03:12:43 | 000,424,219 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\07012010494.jpg
[2010/01/18 03:12:21 | 000,453,280 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\07012010495.jpg
[2010/01/18 03:11:57 | 000,587,413 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\07012010496.jpg
[2010/01/18 03:11:16 | 000,541,789 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\07012010497.jpg
[2010/01/18 03:10:24 | 000,497,452 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\07012010505.jpg
[2010/01/18 03:10:00 | 000,421,124 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\07012010506.jpg
[2010/01/18 03:09:30 | 000,501,099 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\07012010507.jpg
[2010/01/18 03:08:43 | 000,572,141 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\07012010512.jpg
[2010/01/18 03:07:49 | 000,559,423 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\07012010513.jpg
[2010/01/18 03:07:20 | 000,414,189 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\07012010514.jpg
[2010/01/18 03:06:48 | 000,525,000 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\07012010516.jpg
[2010/01/18 03:06:22 | 000,514,093 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\07012010518.jpg
[2010/01/18 03:05:14 | 000,482,380 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\07012010523.jpg
[2010/01/18 03:04:11 | 000,510,581 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\08012010533.jpg
[2010/01/18 02:22:24 | 000,360,384 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\17012010571.jpg
[2010/01/18 02:21:58 | 000,290,260 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\17012010576.jpg
[2010/01/18 02:21:30 | 000,294,398 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\17012010577.jpg
[2010/01/18 02:21:02 | 000,194,195 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\17012010575-001.jpg
[2010/01/15 14:31:48 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kirsty\Desktop\OTL.exe
[2010/01/15 14:24:00 | 000,000,298 | -H-- | M] () -- C:\WINDOWS\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job
[2010/01/15 14:18:00 | 000,000,256 | -H-- | M] () -- C:\WINDOWS\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
[2010/01/15 13:55:00 | 000,000,298 | -H-- | M] () -- C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2010/01/15 12:08:30 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/01/15 11:00:09 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/01/15 11:00:07 | 1063,198,720 | -HS- | M] () -- C:\hiberfil.sys
[2010/01/15 10:59:24 | 000,000,012 | ---- | M] () -- C:\WINDOWS\bthservsdp.dat
[2010/01/14 19:21:17 | 000,000,042 | ---- | M] () -- C:\WINDOWS\System32\AK083E209605E394C.lie
[2010/01/14 18:47:03 | 008,661,490 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\reg backup.cab
[2010/01/14 18:44:00 | 000,000,699 | ---- | M] () -- C:\Documents and Settings\Kirsty\Desktop\Registry Clean Expert.lnk
[2010/01/14 12:07:03 | 000,000,951 | ---- | M] () -- C:\Documents and Settings\Kirsty\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
[2010/01/14 02:02:50 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/01/14 01:51:23 | 000,001,624 | ---- | M] () -- C:\Documents and Settings\Kirsty\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/01/14 01:51:23 | 000,001,606 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/01/14 01:18:06 | 000,001,408 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2010/01/14 00:33:00 | 000,000,937 | ---- | M] () -- C:\Documents and Settings\Kirsty\Desktop\Spybot - Search & Destroy.lnk
[2010/01/13 23:26:45 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/12/27 21:59:13 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Kirsty\Desktop\New Bitmap Image.bmp
[2009/12/24 13:59:44 | 000,000,000 | -H-- | M] () -- C:\Documents and Settings\Kirsty\My Documents\Default.rdp
[2009/12/19 15:11:51 | 000,001,861 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\MSN Installer.lnk
[2009/12/19 14:28:54 | 000,000,375 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics
[2009/12/18 09:12:09 | 000,000,886 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Works.lnk
[2009/12/18 03:46:54 | 000,000,530 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Acer Store.lnk
[2009/12/18 03:44:35 | 000,037,732 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2009/12/18 03:44:21 | 000,005,208 | ---- | M] () -- C:\WINDOWS\System32\pid.PNF
[2009/12/18 03:09:42 | 000,008,192 | ---- | M] () -- C:\WINDOWS\REGLOCS.OLD
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/11/07 22:31:17 | 000,000,893 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\2481634561.dat
[2010/11/07 22:19:40 | 000,000,138 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Emoticons for your messenger!.url
[2010/11/03 17:17:15 | 000,003,581 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\recipes.rtf
[2010/11/03 03:49:16 | 000,000,298 | -H-- | C] () -- C:\WINDOWS\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job
[2010/11/03 03:49:11 | 000,000,298 | -H-- | C] () -- C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2010/11/03 03:49:02 | 000,000,256 | -H-- | C] () -- C:\WINDOWS\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
[2010/10/29 22:22:49 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/10/26 10:28:54 | 000,001,733 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/10/24 20:58:55 | 000,030,208 | -HS- | C] () -- C:\WINDOWS\System32\csncui.dll
[2010/10/15 15:46:24 | 000,001,275 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\the christaning.rtf
[2010/10/14 17:19:32 | 000,000,300 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\smile.rtf
[2010/09/29 16:48:38 | 000,002,137 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/09/20 20:05:10 | 000,054,788 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/09/18 18:25:38 | 000,001,608 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/09/18 17:12:37 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/09/17 23:34:08 | 000,000,200 | ---- | C] () -- C:\Documents and Settings\Kirsty\Desktop\08-redman-smoke_buddah-r3d.mp3
[2010/07/31 07:14:38 | 000,001,408 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010/05/31 13:40:27 | 002,212,619 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\IMAG0017.JPG
[2010/04/07 21:18:52 | 000,105,482 | ---- | C] () -- C:\WINDOWS\System32\fILX-_-p-9vYJ.exe
[2010/03/10 12:26:13 | 000,035,460 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\love life.docx
[2010/02/18 11:24:39 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Kirsty\Local Settings\Application Data\prvlcl.dat
[2010/02/15 22:24:27 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2010/02/12 16:32:40 | 000,000,424 | -H-- | C] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{6E8ED68A-DFB9-468F-AE1B-0DDC1B66C577}.job
[2010/02/11 16:25:21 | 000,010,002 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\LEO TYLER PAUL.docx
[2010/02/11 10:33:14 | 000,001,584 | ---- | C] () -- C:\Documents and Settings\Kirsty\Desktop\Defraggler.lnk
[2010/02/10 10:41:01 | 000,001,611 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2010/02/10 10:41:00 | 000,001,619 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Scan Plus.lnk
[2010/02/03 21:39:02 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\Kirsty\Desktop\Shortcut to ATF-Cleaner.lnk
[2010/02/03 19:55:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/02/01 16:24:32 | 000,000,884 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/02/01 16:24:31 | 000,000,880 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/02/01 15:12:25 | 000,406,740 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\31012010625.jpg
[2010/02/01 15:11:59 | 000,382,523 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\29012010624.jpg
[2010/02/01 15:11:40 | 000,258,723 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\29012010621.jpg
[2010/02/01 15:11:20 | 000,285,650 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\29012010620-002.jpg
[2010/02/01 15:11:01 | 000,280,797 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\29012010620-001.jpg
[2010/02/01 15:10:37 | 000,394,086 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\29012010620.jpg
[2010/02/01 15:10:18 | 000,469,173 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\29012010619.jpg
[2010/02/01 15:10:03 | 000,369,378 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\29012010616.jpg
[2010/02/01 15:09:32 | 000,453,811 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\29012010615.jpg
[2010/02/01 15:09:10 | 000,502,938 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\29012010614.jpg
[2010/01/18 19:24:04 | 000,501,054 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\06122009148.jpg
[2010/01/18 19:22:48 | 000,456,379 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\06122009149.jpg
[2010/01/18 19:22:17 | 000,378,757 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\06122009158.jpg
[2010/01/18 19:21:32 | 000,244,626 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\06122009159.jpg
[2010/01/18 19:21:08 | 000,398,559 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\06122009160.jpg
[2010/01/18 19:20:43 | 000,518,107 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\06122009161.jpg
[2010/01/18 19:19:55 | 000,515,213 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\06122009162.jpg
[2010/01/18 19:18:56 | 000,375,283 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\06122009164.jpg
[2010/01/18 19:18:34 | 000,401,013 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\06122009165.jpg
[2010/01/18 19:18:02 | 000,540,519 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\06122009166.jpg
[2010/01/18 19:17:36 | 000,516,584 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\06122009167.jpg
[2010/01/18 19:16:12 | 000,175,502 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\06122009167-001.jpg
[2010/01/18 19:15:50 | 000,225,604 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\06122009167-002.jpg
[2010/01/18 19:15:19 | 000,388,769 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\06122009171.jpg
[2010/01/18 19:12:59 | 000,275,152 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\06122009180.jpg
[2010/01/18 19:12:12 | 000,314,469 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\06122009182.jpg
[2010/01/18 19:11:48 | 000,382,420 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\06122009184.jpg
[2010/01/18 19:11:09 | 000,292,846 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\06122009186.jpg
[2010/01/18 19:10:41 | 000,250,768 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\06122009187.jpg
[2010/01/18 19:10:11 | 000,488,819 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\14122009251.jpg
[2010/01/18 19:04:44 | 000,477,513 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\14122009255.jpg
[2010/01/18 19:03:46 | 000,392,022 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\14122009256.jpg
[2010/01/18 19:03:12 | 000,427,207 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\14122009257.jpg
[2010/01/18 19:02:01 | 000,653,550 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\14122009258.jpg
[2010/01/18 19:01:34 | 000,510,764 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\14122009260.jpg
[2010/01/18 19:01:04 | 000,573,685 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\14122009261.jpg
[2010/01/18 19:00:16 | 000,355,661 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\14122009262.jpg
[2010/01/18 18:55:09 | 000,432,860 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\14122009263.jpg
[2010/01/18 18:52:11 | 000,459,249 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\14122009266.jpg
[2010/01/18 18:50:25 | 000,413,719 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\14122009268.jpg
[2010/01/18 18:50:05 | 000,495,545 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\14122009269.jpg
[2010/01/18 18:49:23 | 000,459,612 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\14122009270.jpg
[2010/01/18 18:48:06 | 000,697,457 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\14122009271.jpg
[2010/01/18 18:46:34 | 000,669,623 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\14122009272.jpg
[2010/01/18 18:46:06 | 000,540,121 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\14122009273.jpg
[2010/01/18 18:44:41 | 000,387,370 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\14122009274.jpg
[2010/01/18 18:44:10 | 000,486,407 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\14122009275.jpg
[2010/01/18 18:43:39 | 000,292,979 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\14122009264.jpg
[2010/01/18 18:42:35 | 000,505,294 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\24122009279.jpg
[2010/01/18 18:41:09 | 000,488,739 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\24122009280.jpg
[2010/01/18 18:40:45 | 000,495,514 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\24122009281.jpg
[2010/01/18 18:40:02 | 000,395,758 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\31122009309.jpg
[2010/01/18 18:39:24 | 000,449,456 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\31122009312.jpg
[2010/01/18 18:38:43 | 000,409,912 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\31122009317.jpg
[2010/01/18 18:38:14 | 000,596,562 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\31122009318.jpg
[2010/01/18 18:37:47 | 000,515,996 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\31122009319.jpg
[2010/01/18 18:37:20 | 000,364,466 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\31122009322.jpg
[2010/01/18 18:36:50 | 000,497,102 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\31122009324.jpg
[2010/01/18 18:36:23 | 000,469,861 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\31122009325.jpg
[2010/01/18 18:35:53 | 000,427,295 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\31122009327.jpg
[2010/01/18 18:35:27 | 000,378,158 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\31122009328.jpg
[2010/01/18 18:35:04 | 000,377,369 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\31122009329.jpg
[2010/01/18 18:33:56 | 000,424,938 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\31122009330.jpg
[2010/01/18 18:33:32 | 000,404,249 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\31122009331.jpg
[2010/01/18 18:33:11 | 000,479,593 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\31122009332.jpg
[2010/01/18 18:32:40 | 000,386,281 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\31122009333.jpg
[2010/01/18 18:32:19 | 000,422,428 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\31122009334.jpg
[2010/01/18 18:30:44 | 000,518,457 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\31122009336.jpg
[2010/01/18 18:29:38 | 000,458,266 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\31122009338.jpg
[2010/01/18 18:29:00 | 000,458,125 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\31122009339.jpg
[2010/01/18 18:25:24 | 000,426,550 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\31122009343.jpg
[2010/01/18 18:24:13 | 000,492,437 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\31122009347.jpg
[2010/01/18 18:23:24 | 000,378,764 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\31122009350.jpg
[2010/01/18 18:22:38 | 000,399,473 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\31122009353.jpg
[2010/01/18 18:22:10 | 000,404,277 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\31122009354.jpg
[2010/01/18 18:13:27 | 000,259,804 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\31122009312-001.jpg
[2010/01/18 18:02:23 | 000,580,786 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\06012010406.jpg
[2010/01/18 18:01:25 | 000,377,609 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\06012010432.jpg
[2010/01/18 18:00:47 | 000,351,375 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\06012010434.jpg
[2010/01/18 18:00:01 | 000,342,411 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\06012010441.jpg
[2010/01/18 17:59:26 | 000,605,756 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\06012010443.jpg
[2010/01/18 17:58:54 | 000,567,595 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\06012010444.jpg
[2010/01/18 17:58:15 | 000,636,737 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\06012010446.jpg
[2010/01/18 17:57:48 | 000,415,676 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\06012010447.jpg
[2010/01/18 17:55:38 | 000,651,161 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\06012010448.jpg
[2010/01/18 17:54:32 | 000,452,919 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\06012010450.jpg
[2010/01/18 17:54:03 | 000,009,652 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\06012010451.jpg
[2010/01/18 17:53:19 | 000,011,412 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\06012010452.jpg
[2010/01/18 17:52:55 | 000,011,125 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\06012010453.jpg
[2010/01/18 17:52:11 | 000,356,665 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\06012010454.jpg
[2010/01/18 17:50:18 | 000,427,432 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\06012010455.jpg
[2010/01/18 17:49:57 | 000,362,767 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\06012010456.jpg
[2010/01/18 17:47:56 | 000,373,908 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\06012010457.jpg
[2010/01/18 06:02:07 | 000,000,012 | ---- | C] () -- C:\WINDOWS\bthservsdp.dat
[2010/01/18 03:15:07 | 000,422,377 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\07012010484.jpg
[2010/01/18 03:14:34 | 000,407,374 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\07012010488.jpg
[2010/01/18 03:14:09 | 000,575,050 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\07012010489.jpg
[2010/01/18 03:13:34 | 000,459,870 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\07012010492.jpg
[2010/01/18 03:13:07 | 000,413,324 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\07012010493.jpg
[2010/01/18 03:12:43 | 000,424,219 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\07012010494.jpg
[2010/01/18 03:12:21 | 000,453,280 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\07012010495.jpg
[2010/01/18 03:11:57 | 000,587,413 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\07012010496.jpg
[2010/01/18 03:11:16 | 000,541,789 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\07012010497.jpg
[2010/01/18 03:10:24 | 000,497,452 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\07012010505.jpg
[2010/01/18 03:10:00 | 000,421,124 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\07012010506.jpg
[2010/01/18 03:09:30 | 000,501,099 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\07012010507.jpg
[2010/01/18 03:08:43 | 000,572,141 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\07012010512.jpg
[2010/01/18 03:07:49 | 000,559,423 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\07012010513.jpg
[2010/01/18 03:07:20 | 000,414,189 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\07012010514.jpg
[2010/01/18 03:06:48 | 000,525,000 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\07012010516.jpg
[2010/01/18 03:06:22 | 000,514,093 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\07012010518.jpg
[2010/01/18 03:05:14 | 000,482,380 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\07012010523.jpg
[2010/01/18 03:04:11 | 000,510,581 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\08012010533.jpg
[2010/01/18 02:22:24 | 000,360,384 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\17012010571.jpg
[2010/01/18 02:21:58 | 000,290,260 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\17012010576.jpg
[2010/01/18 02:21:30 | 000,294,398 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\17012010577.jpg
[2010/01/18 02:21:02 | 000,194,195 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\17012010575-001.jpg
[2010/01/14 23:43:08 | 000,039,424 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\kirsty CV.docUMENTS.doc
[2010/01/14 20:01:23 | 1063,198,720 | -HS- | C] () -- C:\hiberfil.sys
[2010/01/14 19:21:17 | 000,000,042 | ---- | C] () -- C:\WINDOWS\System32\AK083E209605E394C.lie
[2010/01/14 18:47:03 | 008,661,490 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\reg backup.cab
[2010/01/14 18:44:00 | 000,000,699 | ---- | C] () -- C:\Documents and Settings\Kirsty\Desktop\Registry Clean Expert.lnk
[2010/01/14 12:07:03 | 000,000,951 | ---- | C] () -- C:\Documents and Settings\Kirsty\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
[2010/01/14 02:02:49 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/01/14 02:02:19 | 006,467,096 | ---- | C] () -- C:\Documents and Settings\Kirsty\Desktop\SUPERAntiSpyware.exe
[2010/01/14 01:51:23 | 000,001,624 | ---- | C] () -- C:\Documents and Settings\Kirsty\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/01/14 01:51:23 | 000,001,606 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/01/14 00:33:00 | 000,000,937 | ---- | C] () -- C:\Documents and Settings\Kirsty\Desktop\Spybot - Search & Destroy.lnk
[2010/01/13 22:32:59 | 000,013,255 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\application letter for treds.docx
[2009/12/27 21:59:13 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Kirsty\Desktop\New Bitmap Image.bmp
[2009/12/24 13:59:44 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\Kirsty\My Documents\Default.rdp
[2009/12/24 10:06:26 | 000,000,804 | ---- | C] () -- C:\Documents and Settings\Kirsty\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2009/12/20 16:55:07 | 000,029,184 | ---- | C] () -- C:\Documents and Settings\Kirsty\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/19 15:11:51 | 000,001,861 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\MSN Installer.lnk
[2009/12/18 03:46:54 | 000,000,530 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Acer Store.lnk
[2009/12/18 03:44:53 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\Kirsty\Desktop\Windows Media Player.lnk
[2009/12/18 03:44:43 | 000,000,819 | ---- | C] () -- C:\Documents and Settings\Kirsty\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2009/12/18 03:44:43 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Kirsty\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2009/12/18 03:09:42 | 000,008,192 | ---- | C] () -- C:\WINDOWS\REGLOCS.OLD
[2009/05/30 03:26:56 | 001,769,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\snp2uvc.sys
[2009/05/30 03:26:56 | 000,028,160 | ---- | C] () -- C:\WINDOWS\System32\drivers\sncduvc.sys
[2009/05/30 03:26:56 | 000,000,245 | ---- | C] () -- C:\WINDOWS\PidList.ini
[2009/03/11 20:13:45 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009/03/11 19:22:17 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2009/03/11 18:37:01 | 000,006,782 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2009/03/11 18:32:09 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2009/03/11 18:30:15 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/03/11 10:19:52 | 000,052,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\volsnap.sys

========== LOP Check ==========

[2010/11/07 22:24:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\1B1D4
[2009/03/11 19:33:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acer GameZone Console
[2010/11/07 22:07:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/09/18 18:00:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eSobi
[2010/11/07 22:19:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iMesh
[2010/11/07 22:06:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2010/09/02 13:04:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games
[2010/09/19 19:11:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/09/19 11:57:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2010/09/18 17:14:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/11/07 22:19:58 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{74E513D3-4879-4E42-A0B8-F85EE8C789EA}
[2009/03/11 19:59:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kirsty\Application Data\Acer
[2009/03/11 19:33:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kirsty\Application Data\Acer GameZone Console
[2010/01/14 01:18:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kirsty\Application Data\Awafw
[2010/11/05 21:40:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kirsty\Application Data\Cona
[2010/11/04 17:35:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kirsty\Application Data\Erzybu
[2010/04/12 17:13:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kirsty\Application Data\Facebook
[2010/11/05 21:40:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kirsty\Application Data\Ikytv
[2010/01/14 01:18:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kirsty\Application Data\Inti
[2010/11/01 08:15:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kirsty\Application Data\Kaiqr
[2010/01/14 01:18:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kirsty\Application Data\Kuyp
[2010/10/25 16:27:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kirsty\Application Data\Onufog
[2010/11/03 17:23:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kirsty\Application Data\Oxigxe
[2010/10/29 19:55:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kirsty\Application Data\Qawico
[2010/11/05 21:40:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kirsty\Application Data\Qyvau
[2010/04/29 18:47:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kirsty\Application Data\SulusGames
[2009/03/11 19:54:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kirsty\Application Data\Super-Cow
[2010/01/14 01:15:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kirsty\Application Data\Tizia
[2010/01/14 18:27:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kirsty\Application Data\Uniblue
[2010/01/14 01:44:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kirsty\Application Data\Wipeo
[2010/11/01 08:16:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kirsty\Application Data\Wiycu
[2010/11/03 19:43:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kirsty\Application Data\Wuapa
[2010/10/29 20:58:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kirsty\Application Data\Xegi
[2010/10/29 22:42:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kirsty\Application Data\Yfesa
[2010/01/15 12:46:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kirsty\Application Data\Ynke
[2010/01/14 01:23:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kirsty\Application Data\Yqucu
[2010/01/13 23:35:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kirsty\Application Data\Zyagt
[2010/11/07 17:06:44 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{6E8ED68A-DFB9-468F-AE1B-0DDC1B66C577}.job
[2010/01/15 13:55:00 | 000,000,298 | -H-- | M] () -- C:\WINDOWS\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2010/01/15 14:18:00 | 000,000,256 | -H-- | M] () -- C:\WINDOWS\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
[2010/01/15 14:24:00 | 000,000,298 | -H-- | M] () -- C:\WINDOWS\Tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job

========== Purity Check ==========



========== Custom Scans ==========



< MD5 for: EXPLORER.EXE >
[2008/04/14 12:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/14 12:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\system32\dllcache\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/04/14 12:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\dllcache\svchost.exe
[2008/04/14 12:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/04/14 12:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008/04/14 12:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2008/04/14 12:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008/04/14 12:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< %SYSTEMDRIVE%\*.* >
[2009/03/11 18:34:33 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/02/05 17:20:31 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2009/03/11 18:34:33 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/01/15 11:00:07 | 1063,198,720 | -HS- | M] () -- C:\hiberfil.sys
[2009/03/11 18:34:33 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/02/18 09:26:30 | 000,002,016 | ---- | M] () -- C:\MOD01SET0J00P2000K.enc
[2008/08/07 01:16:21 | 000,002,488 | ---- | M] () -- C:\MOD01WOS02ENP20001.enc
[2009/03/11 18:34:33 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008/04/14 12:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/04/14 12:00:00 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/01/15 11:00:06 | 1598,029,824 | -HS- | M] () -- C:\pagefile.sys
[2009/03/11 19:23:42 | 000,001,883 | ---- | M] () -- C:\RHDSetup.log
[2010/07/31 07:14:40 | 000,005,867 | ---- | M] () -- C:\scramble.log
[2009/05/30 03:26:16 | 000,000,190 | ---- | M] () -- C:\Setup.log

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2009/03/11 18:29:15 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2009/03/11 18:29:15 | 001,064,960 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2009/03/11 18:29:15 | 000,901,120 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-10-14 21:50:09

========== Alternate Data Streams ==========

@Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4CF61E54
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AB689DEA
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:94213A87
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7091055F
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ADE16379

< End of report >
  • 0

#7
carebear100
Posted 14 November 2010 - 08:43 AM

carebear100

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
OTL Extras logfile created on: 15/01/2010 14:34:11 - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Kirsty\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1,014.00 Mb Total Physical Memory | 605.00 Mb Available Physical Memory | 60.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 142.05 Gb Total Space | 101.85 Gb Free Space | 71.70% Space Free | Partition Type: NTFS
Drive D: | 243.71 Mb Total Space | 210.67 Mb Free Space | 86.44% Space Free | Partition Type: FAT

Computer Name: KIRSTYSCOMP | User Name: Kirsty | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" File not found
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" File not found
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Program Files\iMesh Applications\iMesh\iMesh.exe" = C:\Program Files\iMesh Applications\iMesh\iMesh.exe:*:Enabled:iMesh -- (iMesh, Inc)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Program Files\Acer\Acer VCM\VC.exe" = C:\Program Files\Acer\Acer VCM\VC.exe:*:Enabled:Acer Video Quality Enhancement -- (Acer Incoporated)
"C:\WINDOWS\system32\rtcshare.exe" = C:\WINDOWS\system32\rtcshare.exe:*:Enabled:RTC App Sharing -- (Microsoft Corporation)
"C:\Program Files\NetMeeting\conf.exe" = C:\Program Files\NetMeeting\conf.exe:*:Enabled:Windows® NetMeeting® -- (Microsoft Corporation)
"C:\Documents and Settings\Monkey Boy\My Documents\Downloads\umbrella-4.1.3.exe" = C:\Documents and Settings\Monkey Boy\My Documents\Downloads\umbrella-4.1.3.exe:*:Enabled:Umbrella - Save your SHSH! -- File not found
"C:\Documents and Settings\Monkey Boy\My Documents\Downloads\umbrella-4.02.09.exe" = C:\Documents and Settings\Monkey Boy\My Documents\Downloads\umbrella-4.02.09.exe:*:Enabled:Umbrella - Save your SHSH! -- File not found
"C:\Documents and Settings\Monkey Boy\My Documents\Downloads\umbrella-4.1.4.exe" = C:\Documents and Settings\Monkey Boy\My Documents\Downloads\umbrella-4.1.4.exe:*:Enabled:Umbrella - Save your SHSH! -- ()
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\iMesh Applications\iMesh\iMesh.exe" = C:\Program Files\iMesh Applications\iMesh\iMesh.exe:*:Enabled:iMesh -- (iMesh, Inc)
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Disabled:Windows Explorer -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216019FF}" = Java™ 6 Update 19
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program
"{2CE5A2E7-3437-4CE7-BCF4-85ED6EEFF9E4}" = iTunes
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = WebCam
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{67E03279-F703-408F-B4BF-46B5FC8D70CD}" = Microsoft Works
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}" = Chicken Invaders 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11109097}" = Luxor - Amun Rising
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}" = Galapago
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111940693}" = Bookworm Adventures
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11198580}" = Fizzball
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113297350}" = Cake Mania 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113644907}" = Gold Miner Vegas
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}" = Dream Day First Home
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113938743}" = Supercow
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115329757}" = Jewelleria
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{8FB495A1-4A3F-4C1D-BD27-3F3AB2E66763}" = iMesh
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = USB2.0 Card Reader Software
"{9D2B0720-4787-437E-A949-97D01BF64BAE}_is1" = C:\Program Files\Acer GameZone\GameConsole
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{DA20E1A8-07CB-4EE7-9B72-A7E28C953F0E}" = Acer Product Registration
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"Acer Screensaver" = Acer ScreenSaver
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Defraggler" = Defraggler
"fILX-_-p-9vYJ" = LoudMo Contextual Ad Assistant
"HDMI" = Intel® Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"iMesh" = iMesh
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"LManager" = Launch Manager
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Registry Clean Expert_is1" = Registry Clean Expert
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VLC media player" = VLC media player 1.1.4
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 07/11/2010 18:06:24 | Computer Name = KIRSTYSCOMP | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

Error - 07/11/2010 18:35:27 | Computer Name = KIRSTYSCOMP | Source = Application Error | ID = 1000
Description = Faulting application asde6.tmp.exe, version 0.0.0.0, faulting module
asde6.tmp.exe, version 0.0.0.0, fault address 0x00002695.

Error - 07/11/2010 18:35:32 | Computer Name = KIRSTYSCOMP | Source = Application Error | ID = 1001
Description = Fault bucket -2125010694.

Error - 13/01/2010 19:49:26 | Computer Name = KIRSTYSCOMP | Source = Application Error | ID = 1000
Description = Faulting application syntpenh.exe, version 12.2.2.0, faulting module
unknown, version 0.0.0.0, fault address 0x7dcbe4c1.

Error - 13/01/2010 19:49:32 | Computer Name = KIRSTYSCOMP | Source = Application Error | ID = 1000
Description = Faulting application igfxext.exe, version 6.14.10.4926, faulting module
unknown, version 0.0.0.0, fault address 0xfb10173e.

Error - 13/01/2010 21:23:31 | Computer Name = KIRSTYSCOMP | Source = Application Hang | ID = 1002
Description = Hanging application SpybotSD.exe, version 1.6.2.46, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 13/01/2010 21:23:33 | Computer Name = KIRSTYSCOMP | Source = Application Hang | ID = 1002
Description = Hanging application SpybotSD.exe, version 1.6.2.46, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 13/01/2010 22:20:14 | Computer Name = KIRSTYSCOMP | Source = Application Hang | ID = 1002
Description = Hanging application SUPERAntiSpyware.exe, version 4.15.0.1000, hang
module hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 13/01/2010 22:31:10 | Computer Name = KIRSTYSCOMP | Source = Application Hang | ID = 1002
Description = Hanging application SUPERAntiSpyware.exe, version 4.15.0.1000, hang
module hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 13/01/2010 22:31:59 | Computer Name = KIRSTYSCOMP | Source = Application Hang | ID = 1002
Description = Hanging application SUPERAntiSpyware.exe, version 4.15.0.1000, hang
module hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 14/01/2010 15:46:09 | Computer Name = KIRSTYSCOMP | Source = Service Control Manager | ID = 7001
Description = The DHCP Client service depends on the NetBios over Tcpip service
which failed to start because of the following error: %%31

Error - 14/01/2010 15:46:09 | Computer Name = KIRSTYSCOMP | Source = Service Control Manager | ID = 7001
Description = The DNS Client service depends on the TCP/IP Protocol Driver service
which failed to start because of the following error: %%31

Error - 14/01/2010 15:46:09 | Computer Name = KIRSTYSCOMP | Source = Service Control Manager | ID = 7001
Description = The TCP/IP NetBIOS Helper service depends on the AFD service which
failed to start because of the following error: %%31

Error - 14/01/2010 15:46:09 | Computer Name = KIRSTYSCOMP | Source = Service Control Manager | ID = 7001
Description = The Apple Mobile Device service depends on the TCP/IP Protocol Driver
service which failed to start because of the following error: %%31

Error - 14/01/2010 15:46:09 | Computer Name = KIRSTYSCOMP | Source = Service Control Manager | ID = 7001
Description = The Bonjour Service service depends on the TCP/IP Protocol Driver
service which failed to start because of the following error: %%31

Error - 14/01/2010 15:46:09 | Computer Name = KIRSTYSCOMP | Source = Service Control Manager | ID = 7001
Description = The IPSEC Services service depends on the IPSEC driver service which
failed to start because of the following error: %%31

Error - 14/01/2010 15:46:09 | Computer Name = KIRSTYSCOMP | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AFD Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SASDIFSV SASKUTIL Tcpip

Error - 14/01/2010 15:52:09 | Computer Name = KIRSTYSCOMP | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 14/01/2010 15:52:09 | Computer Name = KIRSTYSCOMP | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 14/01/2010 16:00:32 | Computer Name = KIRSTYSCOMP | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}


< End of report >
  • 0

#8
carebear100
Posted 14 November 2010 - 08:45 AM

carebear100

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
i hope this is right , i don't use forums very often.
  • 0

#9
Salagubang
Posted 14 November 2010 - 09:05 AM

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,891 posts
Hi carebear100,

Thanks for posting the logs I requested. I am currently reviewing your logs and determining the best course of action. I will post my fix later upon expert approval. Please be patient :D
  • 0

#10
Salagubang
Posted 14 November 2010 - 10:12 AM

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,891 posts
Hi carebear100,


StepOne

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - {75ED56AF-4DC9-4243-A30C-4EF4DD0CA28F} - No CLSID value found.
O2 - BHO: (no name) - {cd0639ea-e14d-f247-9780-8dbf6ca0f6b0} - No CLSID value found.
O4 - HKCU..\Run: [{1B59DC2C-1F7B-65F8-FE23-3CE801944D78}] C:\Documents and Settings\Kirsty\Application Data\Wipeo\isry.exe ()
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O20 - HKLM Winlogon: UserInit - (c:\program files\microsoft\desktoplayer.exe) - c:\Program Files\Microsoft\DesktopLayer.exe ()
[2010/11/03 19:18:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kirsty\Application Data\Wuapa
[2010/11/03 19:18:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kirsty\Application Data\Qyvau
[2010/10/28 14:01:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kirsty\Application Data\Ikytv
[2010/10/28 14:01:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kirsty\Application Data\Erzybu
[2010/10/28 14:01:14 | 000,000,000 | ---D | C] -- C:\Program Files\windows
[2010/10/28 14:01:08 | 000,000,000 | ---D | C] -- C:\Program Files\riv87
[2010/09/07 01:50:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kirsty\Application Data\Qawico
[2010/10/10 00:48:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kirsty\Application Data\Xegi
[2010/08/24 03:24:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kirsty\Application Data\Onufog
[2010/06/17 04:33:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kirsty\Application Data\Cona
[2010/04/19 09:06:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kirsty\Application Data\Oxigxe
[2010/03/21 20:27:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kirsty\Application Data\Wiycu
[2010/03/20 02:28:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kirsty\Application Data\Kaiqr
[2010/01/14 01:44:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kirsty\Application Data\Ynke
[2010/01/14 01:44:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kirsty\Application Data\Wipeo
[2010/01/13 23:34:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kirsty\Application Data\Tizia
[2010/01/13 23:34:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kirsty\Application Data\Inti
[2010/01/13 23:33:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kirsty\Application Data\Yqucu
[2010/01/13 23:33:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kirsty\Application Data\Awafw
[2010/01/07 01:27:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kirsty\Application Data\Zyagt
[2010/01/01 09:39:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kirsty\Application Data\Yfesa
[2010/01/14 01:18:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kirsty\Application Data\Awafw
[2010/11/05 21:40:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kirsty\Application Data\Cona
[2010/11/04 17:35:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kirsty\Application Data\Erzybu
[2010/11/05 21:40:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kirsty\Application Data\Ikytv
[2010/01/14 01:18:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kirsty\Application Data\Inti
[2010/11/01 08:15:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kirsty\Application Data\Kaiqr
[2010/01/14 01:18:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kirsty\Application Data\Kuyp
[2010/10/25 16:27:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kirsty\Application Data\Onufog
[2010/11/03 17:23:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kirsty\Application Data\Oxigxe
[2010/10/29 19:55:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kirsty\Application Data\Qawico
[2010/11/05 21:40:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kirsty\Application Data\Qyvau
[2010/01/14 01:15:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kirsty\Application Data\Tizia
[2010/01/14 01:44:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kirsty\Application Data\Wipeo
[2010/11/01 08:16:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kirsty\Application Data\Wiycu
[2010/11/03 19:43:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kirsty\Application Data\Wuapa
[2010/10/29 20:58:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kirsty\Application Data\Xegi
[2010/10/29 22:42:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kirsty\Application Data\Yfesa
[2010/01/15 12:46:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kirsty\Application Data\Ynke
[2010/01/14 01:23:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kirsty\Application Data\Yqucu
[2010/01/13 23:35:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kirsty\Application Data\Zyagt

:Services

:Reg

:Files

:Commands
[purity]
[resethosts]
[emptytemp]
[EMPTYFLASH]
[CREATERESTOREPOINT]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.


Step Two

Please download ComboFix from one of these locations:

Bleepingcomputer
ForoSpyware
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
  • 0

Advertisements

#11
carebear100
Posted 14 November 2010 - 11:08 AM

carebear100

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
OTL logfile created on: 15/01/2010 17:03:30 - Run 2
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Kirsty\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1,014.00 Mb Total Physical Memory | 466.00 Mb Available Physical Memory | 46.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 142.05 Gb Total Space | 104.02 Gb Free Space | 73.23% Space Free | Partition Type: NTFS
Drive D: | 243.71 Mb Total Space | 210.67 Mb Free Space | 86.44% Space Free | Partition Type: FAT

Computer Name: KIRSTYSCOMP | User Name: Kirsty | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/08/13 11:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/01/15 14:31:48 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kirsty\Desktop\OTL.exe
PRC - [2010/01/15 12:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/02/11 15:46:28 | 000,565,248 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer VCM\AcerVCM.exe
PRC - [2009/02/05 08:14:56 | 000,237,568 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer VCM\RS_Service.exe
PRC - [2008/12/30 07:09:54 | 000,875,016 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\LManager.exe
PRC - [2008/05/28 10:33:34 | 001,506,544 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2008/04/15 17:54:42 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/04/15 17:54:40 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008/04/14 12:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/02/28 01:00:10 | 000,170,520 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxext.exe
PRC - [2008/01/31 02:09:28 | 000,604,920 | ---- | M] (iExpert Software) -- C:\Program Files\Registry Clean Expert\RCHelper.exe


========== Modules (SafeList) ==========

MOD - [2010/08/23 16:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2010/01/15 14:31:48 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kirsty\Desktop\OTL.exe


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/08/13 11:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/01/15 12:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/02/05 08:14:56 | 000,237,568 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer VCM\RS_Service.exe -- (RS_Service)
SRV - [2008/04/15 17:54:42 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\Rts5161ccid.sys -- (USBCCID)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\Rts516xIR.sys -- (Rts516xIR)
DRV - File not found [Kernel | On_Demand | Stopped] -- c:\acernb\int15.sys -- (int15.sys)
DRV - [2009/03/02 05:03:46 | 000,038,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l1c51x86.sys -- (L1c)
DRV - [2009/02/25 19:17:52 | 001,344,224 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\athw.sys -- (AR5416)
DRV - [2009/02/24 08:49:44 | 005,032,448 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009/02/05 10:33:04 | 000,205,232 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2009/02/03 06:42:30 | 000,162,816 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2008/08/05 12:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2008/05/28 10:33:38 | 000,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Running] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2008/05/28 10:33:36 | 000,055,024 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2008/05/28 10:33:36 | 000,008,944 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2008/04/15 17:53:44 | 000,312,344 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor)
DRV - [2008/04/14 12:00:00 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2008/04/14 12:00:00 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/04/14 12:00:00 | 000,052,352 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\volsnap.sys -- (VolSnap)
DRV - [2008/04/14 12:00:00 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2008/04/14 12:00:00 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2008/04/14 12:00:00 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2008/04/14 12:00:00 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2008/04/14 12:00:00 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2008/04/14 12:00:00 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2008/04/14 12:00:00 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2008/04/14 12:00:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2008/04/14 12:00:00 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2008/04/14 12:00:00 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2008/04/14 12:00:00 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2008/04/14 12:00:00 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2008/04/14 12:00:00 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2008/04/14 12:00:00 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2008/04/14 00:06:40 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/14 00:06:40 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/02/14 23:12:06 | 005,854,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2007/10/01 13:59:46 | 001,769,984 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2006/11/02 13:27:36 | 000,020,112 | ---- | M] (Dritek System Inc.) [Kernel | System | Running] -- C:\Program Files\Launch Manager\DPortIO.sys -- (DritekPortIO)
DRV - [2006/01/04 07:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2004/12/08 06:10:00 | 000,016,896 | ---- | M] (Dritek System Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\DKbFltr.SYS -- (DKbFltr)
DRV - [2001/08/17 12:11:30 | 000,096,640 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer...09&m=aspire_one
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E4 4B 6B AD 4C D0 CA 01 [binary data]
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========



FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/14 01:51:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/14 01:51:19 | 000,000,000 | ---D | M]

[2010/01/14 01:51:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kirsty\Application Data\Mozilla\Extensions
[2010/01/14 01:51:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kirsty\Application Data\Mozilla\Firefox\Profiles\z2ztpp00.default\extensions
[2010/01/15 13:15:23 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/10/27 05:24:34 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/10/27 05:24:34 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/10/27 05:24:34 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/08/12 08:21:14 | 000,002,486 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\iMeshWebSearch.xml
[2010/10/27 05:24:34 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2010/01/15 16:43:43 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AzMixerSel] C:\Program Files\Realtek\Audio\Drivers\AzMixerSel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [MFARestart] C:\Documents and Settings\All Users\Application Data\MFAData\pack\avgrunasx.exe ()
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [nonep] C:\Program Files\riv87\oops.exe File not found
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PLFSetL] C:\WINDOWS\PLFSetL.exe (sonix)
O4 - HKLM..\Run: [snp2uvc] C:\WINDOWS\System32\csnp2uvc.DLL ( )
O4 - HKCU..\Run: [{1B59DC2C-1F7B-65F8-FE23-3CE801944D78}] C:\Documents and Settings\Kirsty\Application Data\Wipeo\isry.exe File not found
O4 - HKCU..\Run: [RegClean Expert Scheduler] C:\Program Files\Registry Clean Expert\RCHelper.exe (iExpert Software)
O4 - HKCU..\Run: [RegistryBooster] C:\Program Files\Uniblue\RegistryBooster\launcher.exe File not found
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acer VCM.lnk = C:\Program Files\Acer\Acer VCM\AcerVCM.exe (Acer Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll (Google Inc.)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} http://www.bebo.com/...ader.5.8.05.cab (Bebo Uploader Control)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zon...kr.cab56986.cab (Checkers Class)
O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} http://messenger.zon...S.cab109791.cab ()
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} http://messenger.zon...wn.cab56986.cab (Solitaire Showdown Class)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zon...1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail....ol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Acer\Acer VCM\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Kirsty\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Kirsty\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/03/11 18:34:33 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/11/07 22:27:57 | 000,000,000 | ---D | C] -- C:\Adobe
[2010/11/07 22:24:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\1B1D4
[2010/11/07 22:18:58 | 000,000,000 | ---D | C] -- C:\Program Files\iMesh Applications
[2010/11/07 22:18:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\iMesh
[2010/11/07 22:17:36 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{74E513D3-4879-4E42-A0B8-F85EE8C789EA}
[2010/11/07 21:57:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2010/11/02 23:11:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2010/10/28 21:38:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/10/28 21:38:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/10/26 10:28:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2010/10/21 20:13:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Identities
[2010/10/18 11:53:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/10/18 11:52:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/10/16 20:21:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/10/16 20:21:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/10/14 17:21:08 | 000,000,000 | ---D | C] -- C:\a1b9162fcf2f5925588d
[2010/09/29 16:47:23 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/09/20 20:37:32 | 000,000,000 | ---D | C] -- C:\Program Files\LimeWire
[2010/09/19 11:40:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kirsty\Application Data\Apple Computer
[2010/09/19 11:40:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kirsty\Local Settings\Application Data\Apple Computer
[2010/09/18 18:25:24 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/09/18 18:07:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2010/09/18 17:13:55 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/09/18 17:13:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/09/18 17:12:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2010/09/18 17:12:30 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2010/09/18 17:12:01 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/09/18 17:11:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2010/09/18 17:11:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple
[2010/09/10 14:05:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kirsty\Local Settings\Application Data\AVG Security Toolbar
[2010/09/02 13:04:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games
[2010/08/27 16:12:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kirsty\Application Data\vlc
[2010/08/27 16:10:39 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2010/08/27 11:12:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kirsty\Desktop\Films
[2010/07/31 06:22:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\.jagex_cache_32
[2010/06/11 13:53:13 | 000,000,000 | ---D | C] -- C:\d4e2d7ec836274b1f46b02f3aa
[2010/05/05 22:40:34 | 000,000,000 | -H-D | C] -- C:\$AVG
[2010/04/29 18:47:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kirsty\Application Data\SulusGames
[2010/04/29 18:46:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/04/08 09:27:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/04/08 09:22:51 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2010/02/25 00:29:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kirsty\Local Settings\Application Data\Temp
[2010/02/21 10:42:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2010/02/21 10:42:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/02/21 10:41:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kirsty\Application Data\Sun
[2010/02/17 22:45:12 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
[2010/02/17 22:44:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2010/02/15 22:26:51 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Connect 2
[2010/02/15 22:24:29 | 000,000,000 | ---D | C] -- C:\51d0d94291cc930c39bf
[2010/02/15 22:24:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF
[2010/02/15 22:24:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
[2010/02/12 16:43:54 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Kirsty\My Documents\My Videos
[2010/02/12 16:36:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kirsty\Application Data\Facebook
[2010/02/12 16:32:52 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Kirsty\IECompatCache
[2010/02/12 10:42:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\McAfee
[2010/02/11 10:33:12 | 000,000,000 | ---D | C] -- C:\Program Files\Defraggler
[2010/02/11 10:28:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kirsty\My Documents\payslips
[2010/02/10 10:41:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2010/02/10 10:40:58 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan
[2010/02/10 10:40:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kirsty\Local Settings\Application Data\Adobe
[2010/02/10 10:40:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS
[2010/02/04 13:32:40 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Kirsty\PrivacIE
[2010/02/03 21:37:10 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Kirsty\IETldCache
[2010/02/03 21:33:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2010/02/03 21:32:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2010/02/03 21:32:46 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010/02/03 21:01:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/02/03 19:55:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kirsty\Local Settings\Application Data\Mozilla
[2010/02/03 19:55:16 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/02/03 19:42:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kirsty\My Documents\Downloads
[2010/02/01 16:51:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2010/02/01 16:24:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2010/01/25 18:50:31 | 000,000,000 | R-SD | C] -- C:\Documents and Settings\Kirsty\My Documents\My Stationery
[2010/01/15 16:43:34 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/01/15 14:31:42 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Kirsty\Desktop\OTL.exe
[2010/01/14 19:07:58 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/01/14 18:43:59 | 000,000,000 | ---D | C] -- C:\Program Files\Registry Clean Expert
[2010/01/14 18:27:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kirsty\Application Data\Uniblue
[2010/01/14 18:27:12 | 000,000,000 | ---D | C] -- C:\Program Files\Uniblue
[2010/01/14 12:07:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kirsty\My Documents\OneNote Notebooks
[2010/01/14 02:02:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/01/14 02:02:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kirsty\Application Data\SUPERAntiSpyware.com
[2010/01/14 02:02:47 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/01/14 02:02:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2010/01/14 01:51:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kirsty\Application Data\Mozilla
[2010/01/14 01:24:07 | 004,329,496 | ---- | C] (AVG Technologies) -- C:\Documents and Settings\Kirsty\Desktop\avg_free_stb_all_2011_1153_upgrade.exe
[2010/01/14 00:32:53 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/01/14 00:32:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2010/01/14 00:30:53 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\Kirsty\Desktop\spybotsd162.exe
[2010/01/14 00:12:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kirsty\Local Settings\Application Data\PackageAware
[2010/01/14 00:02:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kirsty\Desktop\backups
[2010/01/14 00:00:02 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Kirsty\Desktop\HijackThis.exe
[2009/12/29 20:45:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kirsty\Local Settings\Application Data\Identities
[2009/12/23 22:41:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee Security Scan
[2009/12/22 01:10:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kirsty\My Documents\My Received Files
[2009/12/20 15:50:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2009/12/20 15:50:17 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2009/12/20 15:50:04 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2009/12/20 15:49:22 | 000,000,000 | ---D | C] -- C:\c6b62c82ab27f6c0113403686579d6
[2009/12/19 11:15:16 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2009/12/18 09:05:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie7updates
[2009/12/18 08:47:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
[2009/12/18 04:37:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kirsty\Tracing
[2009/12/18 04:20:44 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2009/12/18 03:53:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2009/12/18 03:53:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kirsty\Application Data\Google
[2009/12/18 03:45:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google
[2009/12/18 03:44:43 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Kirsty\Application Data\Microsoft
[2009/12/18 03:44:43 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Kirsty\SendTo
[2009/12/18 03:44:43 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Kirsty\Recent
[2009/12/18 03:44:43 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Kirsty\Application Data
[2009/12/18 03:44:43 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Kirsty\Start Menu
[2009/12/18 03:44:43 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Kirsty\My Documents\My Pictures
[2009/12/18 03:44:43 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Kirsty\My Documents\My Music
[2009/12/18 03:44:43 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Kirsty\My Documents
[2009/12/18 03:44:43 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Kirsty\Favorites
[2009/12/18 03:44:43 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Kirsty\Cookies
[2009/12/18 03:44:43 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Kirsty\Templates
[2009/12/18 03:44:43 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Kirsty\PrintHood
[2009/12/18 03:44:43 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Kirsty\NetHood
[2009/12/18 03:44:43 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Kirsty\Local Settings
[2009/12/18 03:44:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kirsty\Application Data\Super-Cow
[2009/12/18 03:44:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kirsty\Local Settings\Application Data\Oberon Games
[2009/12/18 03:44:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kirsty\My Documents\My Google Gadgets
[2009/12/18 03:44:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kirsty\Local Settings\Application Data\Microsoft Help
[2009/12/18 03:44:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kirsty\Local Settings\Application Data\Microsoft
[2009/12/18 03:44:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kirsty\Application Data\Macromedia
[2009/12/18 03:44:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kirsty\Application Data\InstallShield
[2009/12/18 03:44:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kirsty\Application Data\Identities
[2009/12/18 03:44:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kirsty\Local Settings\Application Data\Grubby Games
[2009/12/18 03:44:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kirsty\Local Settings\Application Data\Google
[2009/12/18 03:44:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kirsty\Desktop
[2009/12/18 03:44:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kirsty\Application Data\Adobe
[2009/12/18 03:44:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kirsty\Application Data\Acer GameZone Console
[2009/12/18 03:44:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kirsty\Application Data\Acer
[2009/12/17 20:22:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\SACore
[2009/12/17 20:18:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Acer
[2009/05/30 03:26:56 | 000,196,608 | ---- | C] ( ) -- C:\WINDOWS\System32\csnp2uvc.dll
[2009/05/30 03:26:54 | 000,172,032 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnp2uvc.dll
[2009/03/11 10:19:58 | 000,049,152 | ---- | C] ( ) -- C:\WINDOWS\Interop.IWshRuntimeLibrary.dll

========== Files - Modified Within 30 Days ==========

[2010/11/13 00:28:24 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\Kirsty\Desktop\spybotsd162.exe
[2010/11/12 23:57:46 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Kirsty\Desktop\HijackThis.exe
[2010/11/07 22:31:17 | 000,000,893 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\2481634561.dat
[2010/11/07 22:19:40 | 000,000,138 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Emoticons for your messenger!.url
[2010/11/07 22:10:15 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/11/07 19:43:40 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Kirsty\Local Settings\Application Data\prvlcl.dat
[2010/11/07 17:06:44 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{6E8ED68A-DFB9-468F-AE1B-0DDC1B66C577}.job
[2010/11/06 17:46:37 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/11/03 17:17:15 | 000,003,581 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\recipes.rtf
[2010/11/01 08:15:00 | 000,030,208 | -HS- | M] () -- C:\WINDOWS\System32\csncui.dll
[2010/10/31 01:28:52 | 000,434,266 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/10/31 01:28:52 | 000,068,386 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/10/27 23:23:22 | 004,329,496 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\Kirsty\Desktop\avg_free_stb_all_2011_1153_upgrade.exe
[2010/10/26 10:28:54 | 000,001,733 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/10/15 15:46:25 | 000,001,275 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\the christaning.rtf
[2010/10/15 11:15:41 | 000,253,472 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/10/14 21:49:46 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/10/14 21:04:40 | 000,029,184 | ---- | M] () -- C:\Documents and Settings\Kirsty\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/14 21:01:33 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/10/14 17:19:32 | 000,000,300 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\smile.rtf
[2010/10/11 11:26:16 | 000,000,816 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.msn
[2010/10/11 11:26:16 | 000,000,787 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.umbrella
[2010/09/29 17:07:15 | 000,054,788 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/09/18 18:25:38 | 000,001,608 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/09/18 17:59:15 | 000,002,341 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\eSobi v2.lnk
[2010/09/18 17:12:38 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/09/17 23:34:09 | 000,000,200 | ---- | M] () -- C:\Documents and Settings\Kirsty\Desktop\08-redman-smoke_buddah-r3d.mp3
[2010/04/07 21:18:52 | 000,105,482 | ---- | M] () -- C:\WINDOWS\System32\fILX-_-p-9vYJ.exe
[2010/04/06 11:58:42 | 000,013,255 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\application letter for treds.docx
[2010/04/06 11:58:37 | 000,039,424 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\kirsty CV.docUMENTS.doc
[2010/03/10 12:26:14 | 000,035,460 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\love life.docx
[2010/02/17 22:45:07 | 000,000,804 | ---- | M] () -- C:\Documents and Settings\Kirsty\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2010/02/17 22:45:07 | 000,000,786 | ---- | M] () -- C:\Documents and Settings\Kirsty\Desktop\Windows Media Player.lnk
[2010/02/16 05:07:44 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/02/16 05:07:44 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/02/15 22:25:34 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2010/02/15 22:24:27 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2010/02/12 10:41:32 | 000,001,619 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Scan Plus.lnk
[2010/02/12 10:41:32 | 000,001,611 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2010/02/11 16:25:22 | 000,010,002 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\LEO TYLER PAUL.docx
[2010/02/11 10:33:14 | 000,001,584 | ---- | M] () -- C:\Documents and Settings\Kirsty\Desktop\Defraggler.lnk
[2010/02/05 18:27:45 | 001,291,776 | ---- | M] () -- C:\WINDOWS\System32\dllcache\quartz.dll
[2010/02/05 17:20:31 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2010/02/03 21:39:02 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\Kirsty\Desktop\Shortcut to ATF-Cleaner.lnk
[2010/02/03 21:37:17 | 000,000,819 | ---- | M] () -- C:\Documents and Settings\Kirsty\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/02/03 19:55:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2010/02/01 15:12:25 | 000,406,740 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\31012010625.jpg
[2010/02/01 15:11:59 | 000,382,523 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\29012010624.jpg
[2010/02/01 15:11:40 | 000,258,723 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\29012010621.jpg
[2010/02/01 15:11:20 | 000,285,650 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\29012010620-002.jpg
[2010/02/01 15:11:01 | 000,280,797 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\29012010620-001.jpg
[2010/02/01 15:10:37 | 000,394,086 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\29012010620.jpg
[2010/02/01 15:10:18 | 000,469,173 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\29012010619.jpg
[2010/02/01 15:10:03 | 000,369,378 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\29012010616.jpg
[2010/02/01 15:09:32 | 000,453,811 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\29012010615.jpg
[2010/02/01 15:09:10 | 000,502,938 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\29012010614.jpg
[2010/01/18 19:24:04 | 000,501,054 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\06122009148.jpg
[2010/01/18 19:22:48 | 000,456,379 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\06122009149.jpg
[2010/01/18 19:22:17 | 000,378,757 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\06122009158.jpg
[2010/01/18 19:21:32 | 000,244,626 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\06122009159.jpg
[2010/01/18 19:21:08 | 000,398,559 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\06122009160.jpg
[2010/01/18 19:20:43 | 000,518,107 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\06122009161.jpg
[2010/01/18 19:19:55 | 000,515,213 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\06122009162.jpg
[2010/01/18 19:18:56 | 000,375,283 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\06122009164.jpg
[2010/01/18 19:18:34 | 000,401,013 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\06122009165.jpg
[2010/01/18 19:18:02 | 000,540,519 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\06122009166.jpg
[2010/01/18 19:17:36 | 000,516,584 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\06122009167.jpg
[2010/01/18 19:16:12 | 000,175,502 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\06122009167-001.jpg
[2010/01/18 19:15:50 | 000,225,604 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\06122009167-002.jpg
[2010/01/18 19:15:19 | 000,388,769 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\06122009171.jpg
[2010/01/18 19:12:59 | 000,275,152 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\06122009180.jpg
[2010/01/18 19:12:12 | 000,314,469 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\06122009182.jpg
[2010/01/18 19:11:48 | 000,382,420 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\06122009184.jpg
[2010/01/18 19:11:09 | 000,292,846 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\06122009186.jpg
[2010/01/18 19:10:41 | 000,250,768 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\06122009187.jpg
[2010/01/18 19:10:11 | 000,488,819 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\14122009251.jpg
[2010/01/18 19:04:44 | 000,477,513 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\14122009255.jpg
[2010/01/18 19:03:46 | 000,392,022 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\14122009256.jpg
[2010/01/18 19:03:12 | 000,427,207 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\14122009257.jpg
[2010/01/18 19:02:01 | 000,653,550 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\14122009258.jpg
[2010/01/18 19:01:34 | 000,510,764 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\14122009260.jpg
[2010/01/18 19:01:04 | 000,573,685 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\14122009261.jpg
[2010/01/18 19:00:16 | 000,355,661 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\14122009262.jpg
[2010/01/18 18:55:09 | 000,432,860 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\14122009263.jpg
[2010/01/18 18:52:11 | 000,459,249 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\14122009266.jpg
[2010/01/18 18:50:25 | 000,413,719 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\14122009268.jpg
[2010/01/18 18:50:05 | 000,495,545 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\14122009269.jpg
[2010/01/18 18:49:23 | 000,459,612 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\14122009270.jpg
[2010/01/18 18:48:06 | 000,697,457 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\14122009271.jpg
[2010/01/18 18:46:34 | 000,669,623 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\14122009272.jpg
[2010/01/18 18:46:06 | 000,540,121 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\14122009273.jpg
[2010/01/18 18:44:41 | 000,387,370 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\14122009274.jpg
[2010/01/18 18:44:10 | 000,486,407 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\14122009275.jpg
[2010/01/18 18:43:39 | 000,292,979 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\14122009264.jpg
[2010/01/18 18:42:35 | 000,505,294 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\24122009279.jpg
[2010/01/18 18:41:09 | 000,488,739 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\24122009280.jpg
[2010/01/18 18:40:45 | 000,495,514 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\24122009281.jpg
[2010/01/18 18:40:02 | 000,395,758 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\31122009309.jpg
[2010/01/18 18:39:24 | 000,449,456 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\31122009312.jpg
[2010/01/18 18:38:43 | 000,409,912 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\31122009317.jpg
[2010/01/18 18:38:14 | 000,596,562 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\31122009318.jpg
[2010/01/18 18:37:47 | 000,515,996 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\31122009319.jpg
[2010/01/18 18:37:20 | 000,364,466 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\31122009322.jpg
[2010/01/18 18:36:50 | 000,497,102 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\31122009324.jpg
[2010/01/18 18:36:23 | 000,469,861 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\31122009325.jpg
[2010/01/18 18:35:53 | 000,427,295 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\31122009327.jpg
[2010/01/18 18:35:27 | 000,378,158 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\31122009328.jpg
[2010/01/18 18:35:04 | 000,377,369 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\31122009329.jpg
[2010/01/18 18:33:56 | 000,424,938 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\31122009330.jpg
[2010/01/18 18:33:32 | 000,404,249 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\31122009331.jpg
[2010/01/18 18:33:11 | 000,479,593 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\31122009332.jpg
[2010/01/18 18:32:40 | 000,386,281 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\31122009333.jpg
[2010/01/18 18:32:19 | 000,422,428 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\31122009334.jpg
[2010/01/18 18:30:44 | 000,518,457 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\31122009336.jpg
[2010/01/18 18:29:38 | 000,458,266 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\31122009338.jpg
[2010/01/18 18:29:00 | 000,458,125 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\31122009339.jpg
[2010/01/18 18:25:24 | 000,426,550 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\31122009343.jpg
[2010/01/18 18:24:13 | 000,492,437 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\31122009347.jpg
[2010/01/18 18:23:24 | 000,378,764 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\31122009350.jpg
[2010/01/18 18:22:38 | 000,399,473 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\31122009353.jpg
[2010/01/18 18:22:10 | 000,404,277 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\31122009354.jpg
[2010/01/18 18:13:27 | 000,259,804 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\31122009312-001.jpg
[2010/01/18 18:02:23 | 000,580,786 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\06012010406.jpg
[2010/01/18 18:01:25 | 000,377,609 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\06012010432.jpg
[2010/01/18 18:00:47 | 000,351,375 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\06012010434.jpg
[2010/01/18 18:00:01 | 000,342,411 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\06012010441.jpg
[2010/01/18 17:59:26 | 000,605,756 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\06012010443.jpg
[2010/01/18 17:58:54 | 000,567,595 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\06012010444.jpg
[2010/01/18 17:58:15 | 000,636,737 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\06012010446.jpg
[2010/01/18 17:57:48 | 000,415,676 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\06012010447.jpg
[2010/01/18 17:55:38 | 000,651,161 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\06012010448.jpg
[2010/01/18 17:54:32 | 000,452,919 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\06012010450.jpg
[2010/01/18 17:54:04 | 000,009,652 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\06012010451.jpg
[2010/01/18 17:53:19 | 000,011,412 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\06012010452.jpg
[2010/01/18 17:52:55 | 000,011,125 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\06012010453.jpg
[2010/01/18 17:52:12 | 000,356,665 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\06012010454.jpg
[2010/01/18 17:50:18 | 000,427,432 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\06012010455.jpg
[2010/01/18 17:49:57 | 000,362,767 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\06012010456.jpg
[2010/01/18 17:47:56 | 000,373,908 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\06012010457.jpg
[2010/01/18 03:15:07 | 000,422,377 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\07012010484.jpg
[2010/01/18 03:14:34 | 000,407,374 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\07012010488.jpg
[2010/01/18 03:14:09 | 000,575,050 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\07012010489.jpg
[2010/01/18 03:13:34 | 000,459,870 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\07012010492.jpg
[2010/01/18 03:13:07 | 000,413,324 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\07012010493.jpg
[2010/01/18 03:12:43 | 000,424,219 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\07012010494.jpg
[2010/01/18 03:12:21 | 000,453,280 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\07012010495.jpg
[2010/01/18 03:11:57 | 000,587,413 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\07012010496.jpg
[2010/01/18 03:11:16 | 000,541,789 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\07012010497.jpg
[2010/01/18 03:10:24 | 000,497,452 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\07012010505.jpg
[2010/01/18 03:10:00 | 000,421,124 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\07012010506.jpg
[2010/01/18 03:09:30 | 000,501,099 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\07012010507.jpg
[2010/01/18 03:08:43 | 000,572,141 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\07012010512.jpg
[2010/01/18 03:07:49 | 000,559,423 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\07012010513.jpg
[2010/01/18 03:07:20 | 000,414,189 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\07012010514.jpg
[2010/01/18 03:06:48 | 000,525,000 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\07012010516.jpg
[2010/01/18 03:06:22 | 000,514,093 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\07012010518.jpg
[2010/01/18 03:05:14 | 000,482,380 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\07012010523.jpg
[2010/01/18 03:04:11 | 000,510,581 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\08012010533.jpg
[2010/01/18 02:22:24 | 000,360,384 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\17012010571.jpg
[2010/01/18 02:21:58 | 000,290,260 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\17012010576.jpg
[2010/01/18 02:21:30 | 000,294,398 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\17012010577.jpg
[2010/01/18 02:21:02 | 000,194,195 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\17012010575-001.jpg
[2010/01/15 16:58:44 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/01/15 16:58:43 | 000,000,298 | -H-- | M] () -- C:\WINDOWS\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job
[2010/01/15 16:58:43 | 000,000,298 | -H-- | M] () -- C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2010/01/15 16:58:43 | 000,000,256 | -H-- | M] () -- C:\WINDOWS\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
[2010/01/15 16:58:18 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/01/15 16:58:16 | 1063,198,720 | -HS- | M] () -- C:\hiberfil.sys
[2010/01/15 16:57:16 | 000,000,012 | ---- | M] () -- C:\WINDOWS\bthservsdp.dat
[2010/01/15 16:43:43 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2010/01/15 14:31:48 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kirsty\Desktop\OTL.exe
[2010/01/14 19:21:17 | 000,000,042 | ---- | M] () -- C:\WINDOWS\System32\AK083E209605E394C.lie
[2010/01/14 18:47:03 | 008,661,490 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\reg backup.cab
[2010/01/14 18:44:00 | 000,000,699 | ---- | M] () -- C:\Documents and Settings\Kirsty\Desktop\Registry Clean Expert.lnk
[2010/01/14 12:07:03 | 000,000,951 | ---- | M] () -- C:\Documents and Settings\Kirsty\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
[2010/01/14 02:02:50 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/01/14 01:51:23 | 000,001,624 | ---- | M] () -- C:\Documents and Settings\Kirsty\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/01/14 01:51:23 | 000,001,606 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/01/14 01:18:06 | 000,001,408 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2010/01/14 00:33:00 | 000,000,937 | ---- | M] () -- C:\Documents and Settings\Kirsty\Desktop\Spybot - Search & Destroy.lnk
[2010/01/13 23:26:45 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/12/27 21:59:13 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Kirsty\Desktop\New Bitmap Image.bmp
[2009/12/24 13:59:44 | 000,000,000 | -H-- | M] () -- C:\Documents and Settings\Kirsty\My Documents\Default.rdp
[2009/12/19 15:11:51 | 000,001,861 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\MSN Installer.lnk
[2009/12/19 14:28:54 | 000,000,375 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics
[2009/12/18 09:12:09 | 000,000,886 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Works.lnk
[2009/12/18 03:46:54 | 000,000,530 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Acer Store.lnk
[2009/12/18 03:44:35 | 000,037,732 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2009/12/18 03:44:21 | 000,005,208 | ---- | M] () -- C:\WINDOWS\System32\pid.PNF
[2009/12/18 03:09:42 | 000,008,192 | ---- | M] () -- C:\WINDOWS\REGLOCS.OLD

========== Files Created - No Company Name ==========

[2010/11/07 22:31:17 | 000,000,893 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\2481634561.dat
[2010/11/07 22:19:40 | 000,000,138 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Emoticons for your messenger!.url
[2010/11/03 17:17:15 | 000,003,581 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\recipes.rtf
[2010/11/03 03:49:16 | 000,000,298 | -H-- | C] () -- C:\WINDOWS\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job
[2010/11/03 03:49:11 | 000,000,298 | -H-- | C] () -- C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2010/11/03 03:49:02 | 000,000,256 | -H-- | C] () -- C:\WINDOWS\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
[2010/10/29 22:22:49 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/10/26 10:28:54 | 000,001,733 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/10/24 20:58:55 | 000,030,208 | -HS- | C] () -- C:\WINDOWS\System32\csncui.dll
[2010/10/15 15:46:24 | 000,001,275 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\the christaning.rtf
[2010/10/14 17:19:32 | 000,000,300 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\smile.rtf
[2010/09/29 16:48:38 | 000,002,137 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/09/20 20:05:10 | 000,054,788 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/09/18 18:25:38 | 000,001,608 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/09/18 17:12:37 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/09/17 23:34:08 | 000,000,200 | ---- | C] () -- C:\Documents and Settings\Kirsty\Desktop\08-redman-smoke_buddah-r3d.mp3
[2010/07/31 07:14:38 | 000,001,408 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010/05/31 13:40:27 | 002,212,619 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\IMAG0017.JPG
[2010/04/07 21:18:52 | 000,105,482 | ---- | C] () -- C:\WINDOWS\System32\fILX-_-p-9vYJ.exe
[2010/03/10 12:26:13 | 000,035,460 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\love life.docx
[2010/02/18 11:24:39 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Kirsty\Local Settings\Application Data\prvlcl.dat
[2010/02/15 22:24:27 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2010/02/12 16:32:40 | 000,000,424 | -H-- | C] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{6E8ED68A-DFB9-468F-AE1B-0DDC1B66C577}.job
[2010/02/11 16:25:21 | 000,010,002 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\LEO TYLER PAUL.docx
[2010/02/11 10:33:14 | 000,001,584 | ---- | C] () -- C:\Documents and Settings\Kirsty\Desktop\Defraggler.lnk
[2010/02/10 10:41:01 | 000,001,611 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2010/02/10 10:41:00 | 000,001,619 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Scan Plus.lnk
[2010/02/03 21:39:02 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\Kirsty\Desktop\Shortcut to ATF-Cleaner.lnk
[2010/02/03 19:55:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/02/01 16:24:32 | 000,000,884 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/02/01 16:24:31 | 000,000,880 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/02/01 15:12:25 | 000,406,740 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\31012010625.jpg
[2010/02/01 15:11:59 | 000,382,523 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\29012010624.jpg
[2010/02/01 15:11:40 | 000,258,723 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\29012010621.jpg
[2010/02/01 15:11:20 | 000,285,650 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\29012010620-002.jpg
[2010/02/01 15:11:01 | 000,280,797 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\29012010620-001.jpg
[2010/02/01 15:10:37 | 000,394,086 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\29012010620.jpg
[2010/02/01 15:10:18 | 000,469,173 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\29012010619.jpg
[2010/02/01 15:10:03 | 000,369,378 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\29012010616.jpg
[2010/02/01 15:09:32 | 000,453,811 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\29012010615.jpg
[2010/02/01 15:09:10 | 000,502,938 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\29012010614.jpg
[2010/01/18 19:24:04 | 000,501,054 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\06122009148.jpg
[2010/01/18 19:22:48 | 000,456,379 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\06122009149.jpg
[2010/01/18 19:22:17 | 000,378,757 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\06122009158.jpg
[2010/01/18 19:21:32 | 000,244,626 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\06122009159.jpg
[2010/01/18 19:21:08 | 000,398,559 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\06122009160.jpg
[2010/01/18 19:20:43 | 000,518,107 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\06122009161.jpg
[2010/01/18 19:19:55 | 000,515,213 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\06122009162.jpg
[2010/01/18 19:18:56 | 000,375,283 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\06122009164.jpg
[2010/01/18 19:18:34 | 000,401,013 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\06122009165.jpg
[2010/01/18 19:18:02 | 000,540,519 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\06122009166.jpg
[2010/01/18 19:17:36 | 000,516,584 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\06122009167.jpg
[2010/01/18 19:16:12 | 000,175,502 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\06122009167-001.jpg
[2010/01/18 19:15:50 | 000,225,604 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\06122009167-002.jpg
[2010/01/18 19:15:19 | 000,388,769 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\06122009171.jpg
[2010/01/18 19:12:59 | 000,275,152 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\06122009180.jpg
[2010/01/18 19:12:12 | 000,314,469 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\06122009182.jpg
[2010/01/18 19:11:48 | 000,382,420 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\06122009184.jpg
[2010/01/18 19:11:09 | 000,292,846 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\06122009186.jpg
[2010/01/18 19:10:41 | 000,250,768 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\06122009187.jpg
[2010/01/18 19:10:11 | 000,488,819 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\14122009251.jpg
[2010/01/18 19:04:44 | 000,477,513 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\14122009255.jpg
[2010/01/18 19:03:46 | 000,392,022 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\14122009256.jpg
[2010/01/18 19:03:12 | 000,427,207 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\14122009257.jpg
[2010/01/18 19:02:01 | 000,653,550 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\14122009258.jpg
[2010/01/18 19:01:34 | 000,510,764 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\14122009260.jpg
[2010/01/18 19:01:04 | 000,573,685 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\14122009261.jpg
[2010/01/18 19:00:16 | 000,355,661 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\14122009262.jpg
[2010/01/18 18:55:09 | 000,432,860 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\14122009263.jpg
[2010/01/18 18:52:11 | 000,459,249 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\14122009266.jpg
[2010/01/18 18:50:25 | 000,413,719 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\14122009268.jpg
[2010/01/18 18:50:05 | 000,495,545 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\14122009269.jpg
[2010/01/18 18:49:23 | 000,459,612 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\14122009270.jpg
[2010/01/18 18:48:06 | 000,697,457 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\14122009271.jpg
[2010/01/18 18:46:34 | 000,669,623 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\14122009272.jpg
[2010/01/18 18:46:06 | 000,540,121 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\14122009273.jpg
[2010/01/18 18:44:41 | 000,387,370 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\14122009274.jpg
[2010/01/18 18:44:10 | 000,486,407 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\14122009275.jpg
[2010/01/18 18:43:39 | 000,292,979 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\14122009264.jpg
[2010/01/18 18:42:35 | 000,505,294 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\24122009279.jpg
[2010/01/18 18:41:09 | 000,488,739 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\24122009280.jpg
[2010/01/18 18:40:45 | 000,495,514 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\24122009281.jpg
[2010/01/18 18:40:02 | 000,395,758 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\31122009309.jpg
[2010/01/18 18:39:24 | 000,449,456 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\31122009312.jpg
[2010/01/18 18:38:43 | 000,409,912 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\31122009317.jpg
[2010/01/18 18:38:14 | 000,596,562 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\31122009318.jpg
[2010/01/18 18:37:47 | 000,515,996 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\31122009319.jpg
[2010/01/18 18:37:20 | 000,364,466 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\31122009322.jpg
[2010/01/18 18:36:50 | 000,497,102 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\31122009324.jpg
[2010/01/18 18:36:23 | 000,469,861 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\31122009325.jpg
[2010/01/18 18:35:53 | 000,427,295 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\31122009327.jpg
[2010/01/18 18:35:27 | 000,378,158 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\31122009328.jpg
[2010/01/18 18:35:04 | 000,377,369 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\31122009329.jpg
[2010/01/18 18:33:56 | 000,424,938 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\31122009330.jpg
[2010/01/18 18:33:32 | 000,404,249 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\31122009331.jpg
[2010/01/18 18:33:11 | 000,479,593 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\31122009332.jpg
[2010/01/18 18:32:40 | 000,386,281 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\31122009333.jpg
[2010/01/18 18:32:19 | 000,422,428 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\31122009334.jpg
[2010/01/18 18:30:44 | 000,518,457 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\31122009336.jpg
[2010/01/18 18:29:38 | 000,458,266 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\31122009338.jpg
[2010/01/18 18:29:00 | 000,458,125 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\31122009339.jpg
[2010/01/18 18:25:24 | 000,426,550 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\31122009343.jpg
[2010/01/18 18:24:13 | 000,492,437 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\31122009347.jpg
[2010/01/18 18:23:24 | 000,378,764 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\31122009350.jpg
[2010/01/18 18:22:38 | 000,399,473 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\31122009353.jpg
[2010/01/18 18:22:10 | 000,404,277 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\31122009354.jpg
[2010/01/18 18:13:27 | 000,259,804 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\31122009312-001.jpg
[2010/01/18 18:02:23 | 000,580,786 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\06012010406.jpg
[2010/01/18 18:01:25 | 000,377,609 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\06012010432.jpg
[2010/01/18 18:00:47 | 000,351,375 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\06012010434.jpg
[2010/01/18 18:00:01 | 000,342,411 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\06012010441.jpg
[2010/01/18 17:59:26 | 000,605,756 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\06012010443.jpg
[2010/01/18 17:58:54 | 000,567,595 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\06012010444.jpg
[2010/01/18 17:58:15 | 000,636,737 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\06012010446.jpg
[2010/01/18 17:57:48 | 000,415,676 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\06012010447.jpg
[2010/01/18 17:55:38 | 000,651,161 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\06012010448.jpg
[2010/01/18 17:54:32 | 000,452,919 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\06012010450.jpg
[2010/01/18 17:54:03 | 000,009,652 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\06012010451.jpg
[2010/01/18 17:53:19 | 000,011,412 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\06012010452.jpg
[2010/01/18 17:52:55 | 000,011,125 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\06012010453.jpg
[2010/01/18 17:52:11 | 000,356,665 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\06012010454.jpg
[2010/01/18 17:50:18 | 000,427,432 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\06012010455.jpg
[2010/01/18 17:49:57 | 000,362,767 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\06012010456.jpg
[2010/01/18 17:47:56 | 000,373,908 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\06012010457.jpg
[2010/01/18 06:02:07 | 000,000,012 | ---- | C] () -- C:\WINDOWS\bthservsdp.dat
[2010/01/18 03:15:07 | 000,422,377 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\07012010484.jpg
[2010/01/18 03:14:34 | 000,407,374 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\07012010488.jpg
[2010/01/18 03:14:09 | 000,575,050 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\07012010489.jpg
[2010/01/18 03:13:34 | 000,459,870 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\07012010492.jpg
[2010/01/18 03:13:07 | 000,413,324 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\07012010493.jpg
[2010/01/18 03:12:43 | 000,424,219 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\07012010494.jpg
[2010/01/18 03:12:21 | 000,453,280 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\07012010495.jpg
[2010/01/18 03:11:57 | 000,587,413 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\07012010496.jpg
[2010/01/18 03:11:16 | 000,541,789 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\07012010497.jpg
[2010/01/18 03:10:24 | 000,497,452 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\07012010505.jpg
[2010/01/18 03:10:00 | 000,421,124 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\07012010506.jpg
[2010/01/18 03:09:30 | 000,501,099 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\07012010507.jpg
[2010/01/18 03:08:43 | 000,572,141 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\07012010512.jpg
[2010/01/18 03:07:49 | 000,559,423 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\07012010513.jpg
[2010/01/18 03:07:20 | 000,414,189 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\07012010514.jpg
[2010/01/18 03:06:48 | 000,525,000 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\07012010516.jpg
[2010/01/18 03:06:22 | 000,514,093 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\07012010518.jpg
[2010/01/18 03:05:14 | 000,482,380 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\07012010523.jpg
[2010/01/18 03:04:11 | 000,510,581 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\08012010533.jpg
[2010/01/18 02:22:24 | 000,360,384 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\17012010571.jpg
[2010/01/18 02:21:58 | 000,290,260 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\17012010576.jpg
[2010/01/18 02:21:30 | 000,294,398 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\17012010577.jpg
[2010/01/18 02:21:02 | 000,194,195 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\17012010575-001.jpg
[2010/01/14 23:43:08 | 000,039,424 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\kirsty CV.docUMENTS.doc
[2010/01/14 20:01:23 | 1063,198,720 | -HS- | C] () -- C:\hiberfil.sys
[2010/01/14 19:21:17 | 000,000,042 | ---- | C] () -- C:\WINDOWS\System32\AK083E209605E394C.lie
[2010/01/14 18:47:03 | 008,661,490 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\reg backup.cab
[2010/01/14 18:44:00 | 000,000,699 | ---- | C] () -- C:\Documents and Settings\Kirsty\Desktop\Registry Clean Expert.lnk
[2010/01/14 12:07:03 | 000,000,951 | ---- | C] () -- C:\Documents and Settings\Kirsty\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
[2010/01/14 02:02:49 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/01/14 02:02:19 | 006,467,096 | ---- | C] () -- C:\Documents and Settings\Kirsty\Desktop\SUPERAntiSpyware.exe
[2010/01/14 01:51:23 | 000,001,624 | ---- | C] () -- C:\Documents and Settings\Kirsty\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/01/14 01:51:23 | 000,001,606 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/01/14 00:33:00 | 000,000,937 | ---- | C] () -- C:\Documents and Settings\Kirsty\Desktop\Spybot - Search & Destroy.lnk
[2010/01/13 22:32:59 | 000,013,255 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\application letter for treds.docx
[2009/12/27 21:59:13 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Kirsty\Desktop\New Bitmap Image.bmp
[2009/12/24 13:59:44 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\Kirsty\My Documents\Default.rdp
[2009/12/24 10:06:26 | 000,000,804 | ---- | C] () -- C:\Documents and Settings\Kirsty\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2009/12/20 16:55:07 | 000,029,184 | ---- | C] () -- C:\Documents and Settings\Kirsty\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/19 15:11:51 | 000,001,861 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\MSN Installer.lnk
[2009/12/18 03:46:54 | 000,000,530 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Acer Store.lnk
[2009/12/18 03:44:53 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\Kirsty\Desktop\Windows Media Player.lnk
[2009/12/18 03:44:43 | 000,000,819 | ---- | C] () -- C:\Documents and Settings\Kirsty\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2009/12/18 03:44:43 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Kirsty\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2009/12/18 03:09:42 | 000,008,192 | ---- | C] () -- C:\WINDOWS\REGLOCS.OLD
[2009/05/30 03:26:56 | 001,769,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\snp2uvc.sys
[2009/05/30 03:26:56 | 000,028,160 | ---- | C] () -- C:\WINDOWS\System32\drivers\sncduvc.sys
[2009/05/30 03:26:56 | 000,000,245 | ---- | C] () -- C:\WINDOWS\PidList.ini
[2009/03/11 20:13:45 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009/03/11 19:22:17 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2009/03/11 18:37:01 | 000,006,782 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2009/03/11 18:32:09 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2009/03/11 18:30:15 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/03/11 10:19:52 | 000,052,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\volsnap.sys

========== LOP Check ==========

[2010/11/07 22:24:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\1B1D4
[2009/03/11 19:33:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acer GameZone Console
[2010/11/07 22:07:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/09/18 18:00:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eSobi
[2010/11/07 22:19:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iMesh
[2010/11/07 22:06:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2010/09/02 13:04:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games
[2010/09/19 19:11:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/09/19 11:57:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2010/09/18 17:14:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/11/07 22:19:58 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{74E513D3-4879-4E42-A0B8-F85EE8C789EA}
[2009/03/11 19:59:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kirsty\Application Data\Acer
[2009/03/11 19:33:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kirsty\Application Data\Acer GameZone Console
[2010/04/12 17:13:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kirsty\Application Data\Facebook
[2010/04/29 18:47:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kirsty\Application Data\SulusGames
[2009/03/11 19:54:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kirsty\Application Data\Super-Cow
[2010/01/14 18:27:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kirsty\Application Data\Uniblue
[2010/11/07 17:06:44 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{6E8ED68A-DFB9-468F-AE1B-0DDC1B66C577}.job
[2010/01/15 16:58:43 | 000,000,298 | -H-- | M] () -- C:\WINDOWS\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2010/01/15 16:58:43 | 000,000,256 | -H-- | M] () -- C:\WINDOWS\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
[2010/01/15 16:58:43 | 000,000,298 | -H-- | M] () -- C:\WINDOWS\Tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4CF61E54
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AB689DEA
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:94213A87
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7091055F
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ADE16379

< End of report >
  • 0

#12
carebear100
Posted 14 November 2010 - 11:58 AM

carebear100

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Hi salagubang,

combofix seems to have frozen at 81% of the recovery console download,

It hasnt progressed for a good twenty minutes, is this normal or should i close it and try again?
  • 0

#13
carebear100
Posted 14 November 2010 - 01:29 PM

carebear100

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
combo fix couldn't download the recovery console and aborted that operation then continued scanning. The log is posted below.



ComboFix 10-11-13.01 - Kirsty 14/11/2010 18:50:29.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.732 [GMT 0:00]
Running from: c:\documents and settings\Kirsty\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\annie\Application Data\.#
c:\documents and settings\annie\Application Data\alot
c:\documents and settings\Kirsty\Application Data\Wipeo\isry.exe
c:\program files\Internet Explorer\complete.dat
c:\program files\Internet Explorer\dmlconf.dat
c:\windows\mplextu.dll
c:\windows\system32\csncui.dll

.
\\.\PhysicalDrive0 - Bootkit TDL4 was found and disinfected
.
((((((((((((((((((((((((( Files Created from 2010-10-14 to 2010-11-14 )))))))))))))))))))))))))))))))
.

2010-11-07 22:30 . 2010-11-07 22:30 52352 ----a-w- c:\windows\system32\drivers\sstDF.sys
2010-11-07 22:30 . 2010-11-07 22:30 118784 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\sstDE.tmp
2010-11-07 22:27 . 2010-11-07 22:27 -------- d-----w- C:\Adobe
2010-11-07 22:27 . 2010-11-07 22:28 -------- d-----w- c:\documents and settings\Monkey Boy\Application Data\Exykog
2010-11-07 22:27 . 2010-01-14 01:18 -------- d-----w- c:\documents and settings\Monkey Boy\Application Data\Koet
2010-11-07 22:24 . 2010-11-07 22:24 -------- d-----w- c:\documents and settings\All Users\Application Data\1B1D4
2010-11-07 22:19 . 2010-11-07 22:32 -------- d-----w- c:\documents and settings\Monkey Boy\Application Data\imeshmediabartb
2010-11-07 22:19 . 2010-11-07 22:29 -------- d-----w- c:\documents and settings\Monkey Boy\Local Settings\Application Data\iMesh
2010-11-07 22:18 . 2010-11-07 22:19 -------- d-----w- c:\documents and settings\All Users\Application Data\iMesh
2010-11-07 22:18 . 2010-01-14 00:22 -------- d-----w- c:\program files\iMesh Applications
2010-11-07 22:17 . 2010-11-07 22:19 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{74E513D3-4879-4E42-A0B8-F85EE8C789EA}
2010-11-07 22:17 . 2010-11-07 22:17 -------- d-----w- c:\documents and settings\Monkey Boy\Local Settings\Application Data\PackageAware
2010-11-07 21:57 . 2010-11-07 22:06 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2010-11-04 00:43 . 2010-11-04 00:43 -------- d-sh--w- c:\documents and settings\Monkey Boy\IECompatCache
2010-10-28 21:38 . 2010-10-28 21:45 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-10-26 10:28 . 2010-10-26 10:28 -------- d-----w- c:\program files\Common Files\Adobe
2010-10-16 20:21 . 2010-10-16 20:21 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-18 11:23 . 2009-03-11 10:19 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2009-03-11 10:19 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2009-03-11 10:19 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2009-03-11 10:19 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-10 05:58 . 2009-03-11 10:19 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:58 . 2009-03-11 10:19 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:58 . 2009-03-11 10:19 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-09-08 10:17 . 2010-09-08 10:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 10:17 . 2010-09-08 10:17 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-09-01 11:51 . 2009-03-11 10:19 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42 . 2009-03-11 10:19 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:02 . 2009-03-11 10:19 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57 . 2009-03-11 10:19 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-26 13:39 . 2009-03-11 10:19 357248 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-26 12:52 . 2009-12-18 08:51 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-23 16:12 . 2009-03-11 10:19 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-08-17 13:17 . 2009-03-11 10:19 58880 ----a-w- c:\windows\system32\spoolsv.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-12-18 68856]
"RegClean Expert Scheduler"="c:\program files\Registry Clean Expert\RCHelper.exe" [2008-01-31 604920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-15 178712]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-28 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-28 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-28 137752]
"RTHDCPL"="RTHDCPL.EXE" [2009-02-24 17529856]
"AzMixerSel"="c:\program files\Realtek\Audio\Drivers\AzMixerSel.exe" [2006-01-25 53248]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-02-05 1430824]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-12-30 875016]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PLFSetL"="c:\windows\PLFSetL.exe" [2008-07-03 94208]
"snp2uvc"="c:\windows\system32\csnp2uvc.dll" [2009-02-16 196608]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"MFARestart"="c:\documents and settings\All Users\Application Data\MFAData\pack\avgrunasx.exe" [2010-09-24 237408]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Administrator\Start Menu\Programs\Startup\
abkamu.exe [2010-11-3 157184]
gudo.exe [2010-11-7 156160]
utno.exe [2010-11-7 144896]
uxvaeq.exe [2010-10-28 116064]

c:\documents and settings\annie\Start Menu\Programs\Startup\
ifbe.exe [2010-11-7 144896]
qaexi.exe [2010-10-28 116064]
uqhe.exe [2010-11-3 157184]
ypisti.exe [2010-11-7 156160]

c:\documents and settings\Monkey Boy\Start Menu\Programs\Startup\
urni.exe [2010-11-3 157184]

c:\documents and settings\Kirsty\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acer VCM.lnk - c:\program files\Acer\Acer VCM\AcerVCM.exe [2009-3-11 565248]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]

c:\documents and settings\Default User\Start Menu\Programs\Startup\
abkamu.exe [2010-11-3 157184]
gudo.exe [2010-11-7 156160]
utno.exe [2010-11-7 144896]
uxvaeq.exe [2010-10-28 116064]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 13:41 294912 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 16:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Acer\\Acer VCM\\VC.exe"=
"c:\\WINDOWS\\system32\\rtcshare.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Documents and Settings\\Monkey Boy\\My Documents\\Downloads\\umbrella-4.1.4.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\iMesh Applications\\iMesh\\iMesh.exe"=

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [28/05/2008 10:33 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [28/05/2008 10:33 55024]
R2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [11/03/2009 19:59 237568]
R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [04/03/2009 03:03 38912]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [01/02/2010 16:24 135664]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [11/03/2009 19:23 1684736]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [15/01/2010 12:49 227232]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [11/03/2009 19:20 162816]
S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys --> c:\windows\system32\DRIVERS\Rts516xIR.sys [?]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [28/05/2008 10:33 7408]
.
Contents of the 'Scheduled Tasks' folder

2010-09-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 10:50]

2010-11-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 16:24]

2010-11-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 16:24]

2010-11-07 c:\windows\Tasks\User_Feed_Synchronization-{6E8ED68A-DFB9-468F-AE1B-0DDC1B66C577}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 04:31]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Connection Wizard,ShellNext = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=0&o=xph&d=1209&m=aspire_one
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
FF - ProfilePath - c:\documents and settings\Kirsty\Application Data\Mozilla\Firefox\Profiles\z2ztpp00.default\
FF - plugin: c:\documents and settings\Kirsty\Application Data\Facebook\npfbplugin_1_0_1.dll
FF - plugin: c:\documents and settings\Kirsty\Application Data\Facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKCU-Run-RegistryBooster - c:\program files\Uniblue\RegistryBooster\launcher.exe
HKCU-Run-{1B59DC2C-1F7B-65F8-FE23-3CE801944D78} - c:\documents and settings\Kirsty\Application Data\Wipeo\isry.exe
HKU-Default-Run-Jqafesola - c:\windows\mplextu.dll
SafeBoot-mcmscsvc
SafeBoot-MCODS
MSConfigStartUp-Google Desktop Search - c:\program files\Google\Google Desktop Search\GoogleDesktop.exe



**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(736)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
.
Completion time: 2010-11-14 18:59:35
ComboFix-quarantined-files.txt 2010-11-14 18:59

Pre-Run: 111,601,287,168 bytes free
Post-Run: 111,975,546,880 bytes free

- - End Of File - - A983F02C4FE663BFF004671B20967C1D
  • 0

#14
Salagubang
Posted 14 November 2010 - 03:37 PM

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,891 posts
Hi carebear100,

Download the tools needed to a flash drive or other removable media, and transfer them to the infected computer.

***************************************************

Download ComboFix from one of these locations:

Link 1
Link 2
Link 3

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------

With malware infections being as they are today, it's strongly recommended to have the Windows Recovery Console pre-installed on your machine before doing any malware removal.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.


Go to Microsoft's website => http://support.microsoft.com/kb/310994

Scroll down to Step 1, and select the download that's appropriate for your Operating System. Download the file & save it as it's originally named.

Note: If you have SP3, use the SP2 package.


---------------------------------------------------------------------

Transfer all files you just downloaded, to the desktop of the infected computer.

--------------------------------------------------------------------


Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

Posted Image


  • Drag the setup package onto ComboFix.exe and drop it.

  • Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console.


    Posted Image


  • At the next prompt, click 'Yes' to run the full ComboFix scan.

  • When the tool is finished, it will produce a report for you.
Please post the C:\ComboFix.txt in your next reply.
  • 0

#15
carebear100
Posted 15 November 2010 - 01:09 PM

carebear100

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
ComboFix 10-11-14.04 - Kirsty 15/11/2010 18:58:01.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.731 [GMT 0:00]
Running from: c:\documents and settings\Kirsty\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Kirsty\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
\\.\PhysicalDrive0 - Bootkit TDL4 was found and disinfected
.
((((((((((((((((((((((((( Files Created from 2010-10-15 to 2010-11-15 )))))))))))))))))))))))))))))))
.

2010-11-14 19:48 . 2010-11-14 19:48 -------- d-----w- c:\program files\AVG
2010-11-14 19:35 . 2010-11-14 19:35 -------- d-----w- c:\documents and settings\Kirsty\Application Data\AVG10
2010-11-14 19:34 . 2010-11-14 19:34 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
2010-11-14 19:32 . 2010-11-15 18:49 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG10
2010-11-07 22:30 . 2010-11-07 22:30 52352 ----a-w- c:\windows\system32\drivers\sstDF.sys
2010-11-07 22:30 . 2010-11-07 22:30 118784 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\sstDE.tmp
2010-11-07 22:27 . 2010-11-07 22:27 -------- d-----w- C:\Adobe
2010-11-07 22:27 . 2010-11-07 22:28 -------- d-----w- c:\documents and settings\Monkey Boy\Application Data\Exykog
2010-11-07 22:27 . 2010-01-14 01:18 -------- d-----w- c:\documents and settings\Monkey Boy\Application Data\Koet
2010-11-07 22:24 . 2010-11-07 22:24 -------- d-----w- c:\documents and settings\All Users\Application Data\1B1D4
2010-11-07 22:19 . 2010-11-07 22:32 -------- d-----w- c:\documents and settings\Monkey Boy\Application Data\imeshmediabartb
2010-11-07 22:19 . 2010-11-07 22:29 -------- d-----w- c:\documents and settings\Monkey Boy\Local Settings\Application Data\iMesh
2010-11-07 22:18 . 2010-11-07 22:19 -------- d-----w- c:\documents and settings\All Users\Application Data\iMesh
2010-11-07 22:18 . 2010-01-14 00:22 -------- d-----w- c:\program files\iMesh Applications
2010-11-07 22:17 . 2010-11-07 22:19 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{74E513D3-4879-4E42-A0B8-F85EE8C789EA}
2010-11-07 22:17 . 2010-11-07 22:17 -------- d-----w- c:\documents and settings\Monkey Boy\Local Settings\Application Data\PackageAware
2010-11-07 21:57 . 2010-11-07 22:06 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2010-11-04 00:43 . 2010-11-04 00:43 -------- d-sh--w- c:\documents and settings\Monkey Boy\IECompatCache
2010-10-28 21:38 . 2010-10-28 21:45 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-10-26 10:28 . 2010-10-26 10:28 -------- d-----w- c:\program files\Common Files\Adobe
2010-10-16 20:21 . 2010-10-16 20:21 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-18 11:23 . 2009-03-11 10:19 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2009-03-11 10:19 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2009-03-11 10:19 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2009-03-11 10:19 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-10 05:58 . 2009-03-11 10:19 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:58 . 2009-03-11 10:19 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:58 . 2009-03-11 10:19 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-09-08 10:17 . 2010-09-08 10:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 10:17 . 2010-09-08 10:17 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-09-01 11:51 . 2009-03-11 10:19 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42 . 2009-03-11 10:19 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:02 . 2009-03-11 10:19 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57 . 2009-03-11 10:19 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-26 13:39 . 2009-03-11 10:19 357248 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-26 12:52 . 2009-12-18 08:51 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-23 16:12 . 2009-03-11 10:19 617472 ----a-w- c:\windows\system32\comctl32.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-11-14_18.57.01 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-15 18:56 . 2010-11-15 18:56 16384 c:\windows\Temp\Perflib_Perfdata_698.dat
- 2010-11-14 18:49 . 2010-11-14 18:49 16384 c:\windows\Temp\Perflib_Perfdata_698.dat
+ 2010-11-14 19:49 . 2010-11-14 19:49 3019264 c:\windows\Installer\30315.msi
+ 2010-11-14 19:48 . 2010-11-14 19:48 1543680 c:\windows\Installer\30311.msi
+ 2010-11-14 19:34 . 2010-11-14 19:34 3019264 c:\windows\Installer\10444.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-12-18 68856]
"RegClean Expert Scheduler"="c:\program files\Registry Clean Expert\RCHelper.exe" [2008-01-31 604920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-15 178712]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-28 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-28 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-28 137752]
"RTHDCPL"="RTHDCPL.EXE" [2009-02-24 17529856]
"AzMixerSel"="c:\program files\Realtek\Audio\Drivers\AzMixerSel.exe" [2006-01-25 53248]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-02-05 1430824]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-12-30 875016]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PLFSetL"="c:\windows\PLFSetL.exe" [2008-07-03 94208]
"snp2uvc"="c:\windows\system32\csnp2uvc.dll" [2009-02-16 196608]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Administrator\Start Menu\Programs\Startup\
abkamu.exe [2010-11-3 157184]
gudo.exe [2010-11-7 156160]
utno.exe [2010-11-7 144896]
uxvaeq.exe [2010-10-28 116064]

c:\documents and settings\annie\Start Menu\Programs\Startup\
ifbe.exe [2010-11-7 144896]
qaexi.exe [2010-10-28 116064]
uqhe.exe [2010-11-3 157184]
ypisti.exe [2010-11-7 156160]

c:\documents and settings\Monkey Boy\Start Menu\Programs\Startup\
urni.exe [2010-11-3 157184]

c:\documents and settings\Kirsty\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acer VCM.lnk - c:\program files\Acer\Acer VCM\AcerVCM.exe [2009-3-11 565248]

c:\documents and settings\Default User\Start Menu\Programs\Startup\
abkamu.exe [2010-11-3 157184]
gudo.exe [2010-11-7 156160]
utno.exe [2010-11-7 144896]
uxvaeq.exe [2010-10-28 116064]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 13:41 294912 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 16:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Acer\\Acer VCM\\VC.exe"=
"c:\\WINDOWS\\system32\\rtcshare.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Documents and Settings\\Monkey Boy\\My Documents\\Downloads\\umbrella-4.1.4.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\iMesh Applications\\iMesh\\iMesh.exe"=

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [28/05/2008 10:33 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [28/05/2008 10:33 55024]
R2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [11/03/2009 19:59 237568]
R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [04/03/2009 03:03 38912]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [01/02/2010 16:24 135664]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [11/03/2009 19:23 1684736]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [11/03/2009 19:20 162816]
S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys --> c:\windows\system32\DRIVERS\Rts516xIR.sys [?]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [28/05/2008 10:33 7408]
.
Contents of the 'Scheduled Tasks' folder

2010-09-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 10:50]

2010-11-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 16:24]

2010-11-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 16:24]

2010-11-15 c:\windows\Tasks\User_Feed_Synchronization-{6E8ED68A-DFB9-468F-AE1B-0DDC1B66C577}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 04:31]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Connection Wizard,ShellNext = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=0&o=xph&d=1209&m=aspire_one
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
FF - ProfilePath - c:\documents and settings\Kirsty\Application Data\Mozilla\Firefox\Profiles\z2ztpp00.default\
FF - plugin: c:\documents and settings\Kirsty\Application Data\Facebook\npfbplugin_1_0_1.dll
FF - plugin: c:\documents and settings\Kirsty\Application Data\Facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-15 19:04
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(740)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
.
Completion time: 2010-11-15 19:06:46
ComboFix-quarantined-files.txt 2010-11-15 19:06
ComboFix2.txt 2010-11-14 18:59

Pre-Run: 111,440,293,888 bytes free
Post-Run: 111,427,653,632 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 0E08EA6A2D1EFDE2B1C384CE3BE3DB31
  • 0
Back to Computer Won't Boot - Malware Related · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Computer Won't Boot - Malware Related

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP