Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Windows XP is Rundll32 infected


  • Please log in to reply

#1
Krsaigon

Krsaigon

    Member

  • Member
  • PipPip
  • 44 posts
OTL logfile created on: 2/22/2011 9:25:27 AM - Run 2
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Documents and Settings\XP\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 305.00 Mb Available Physical Memory | 30.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 78.13 Gb Total Space | 5.21 Gb Free Space | 6.67% Space Free | Partition Type: NTFS
Drive F: | 31.06 Gb Total Space | 30.80 Gb Free Space | 99.16% Space Free | Partition Type: NTFS

Computer Name: DELL1500 | User Name: XP | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/02/22 01:51:32 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\XP\My Documents\Downloads\OTL.exe
PRC - [2011/02/10 03:14:59 | 000,994,872 | ---- | M] (Google Inc.) -- C:\Documents and Settings\XP\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2010/06/24 08:27:12 | 000,810,144 | ---- | M] (ESET) -- C:\Program Files\Eset\ESET Smart Security\ekrn.exe
PRC - [2010/05/14 10:44:46 | 000,501,480 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2008/04/14 00:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/06/06 18:28:18 | 000,405,504 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2007/01/25 06:00:00 | 000,179,200 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATICAE.EXE
PRC - [2006/11/13 13:39:52 | 001,289,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\wcescomm.exe


========== Modules (SafeList) ==========

MOD - [2011/02/22 01:51:32 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\XP\My Documents\Downloads\OTL.exe
MOD - [2010/08/23 16:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2010/06/24 08:27:54 | 000,033,584 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv)
SRV - [2010/06/24 08:27:12 | 000,810,144 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe -- (ekrn)
SRV - [2010/03/18 16:47:22 | 000,035,160 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe -- (aspnet_state)
SRV - [2010/03/18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 13:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2009/08/05 22:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2007/01/11 04:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Stopped] -- C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE -- (EPSON_PM_RPCV4_01) EPSON V3 Service4(01)


========== Driver Services (SafeList) ==========

DRV - [2010/06/24 08:27:22 | 000,055,256 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdi.sys -- (epfwtdi)
DRV - [2010/06/24 08:26:24 | 000,140,752 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2010/04/28 07:17:46 | 000,134,488 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\epfw.sys -- (epfw)
DRV - [2010/04/28 07:17:46 | 000,114,984 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2010/04/28 07:17:46 | 000,032,584 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\epfwndis.sys -- (Epfwndis)
DRV - [2009/08/05 22:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2008/04/13 19:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 16:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/06/06 18:34:38 | 006,345,472 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2007/06/06 18:28:16 | 001,222,840 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2007/06/03 17:20:58 | 000,202,912 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2007/05/09 20:51:34 | 000,041,888 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2007/05/09 20:47:00 | 001,276,832 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LV302V32.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
DRV - [2007/05/09 17:59:42 | 000,604,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2007/05/09 00:49:02 | 000,045,568 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2007/05/09 00:46:08 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/04/24 00:15:46 | 000,989,696 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2007/04/24 00:15:46 | 000,730,112 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2007/04/24 00:15:44 | 000,209,152 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2005/12/02 14:38:04 | 000,041,728 | ---- | M] (Sonic Focus, Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sfng32.sys -- (sfng32)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Live Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.live.c...ferrer:source?}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...&ctid=CT1572363
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = FE 01 BF 5A 9E 7F CB 01 [binary data]
IE - HKCU\..\URLSearchHook: {e5a1e26f-0d1d-4307-868f-fbd9a374ab54} - C:\Program Files\ooVoo_Video_Chat\tbooV1.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=;ftp=;https=;

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaultthis.engineName: "ooVoo Video Chat Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://search.condui...earchSource=13"
FF - prefs.js..extensions.enabledItems: {22119944-ED35-4ab1-910B-E619EA06A115}:6.10.1
FF - prefs.js..extensions.enabledItems: {ba2430e0-5b72-4cac-bc9e-7d1aaca75d3d}:1.6.0
FF - prefs.js..extensions.enabledItems: {63bd1709-0af6-4457-99ca-f2ce411047de}:0.3.10.21
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {c2b1f3ae-5cd5-49b7-8a0c-2c3bcbbbb294}:1.1
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.7
FF - prefs.js..extensions.enabledItems: {e5a1e26f-0d1d-4307-868f-fbd9a374ab54}:2.6.0.15
FF - prefs.js..extensions.enabledItems: {193d7001-bd9f-48c2-b5c7-69775aa2201d}:2.5.8.6
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.1.1
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {9c51bd27-6ed8-4000-a2bf-36cb95c0c947}:11.0.1
FF - prefs.js..extensions.enabledItems: {f701c26a-479a-4724-b4f1-870db12f063c}:1.4.2
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.5.2
FF - prefs.js..extensions.enabledItems: [email protected]:1.4
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0
FF - prefs.js..extensions.enabledItems: {e0204bd5-9d31-402b-a99d-a6aa8ffebdca}:1.2.5
FF - prefs.js..extensions.enabledItems: {d57c9ff1-6389-48fc-b770-f78bd89b6e8a}:1.34
FF - prefs.js..keyword.URL: "http://search.condui...d=CT2567697&q="
FF - prefs.js..network.proxy.autoconfig_url: "http://www.salford.ac.uk/proxy"


FF - HKLM\software\mozilla\Firefox\extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files\Siber Systems\AI RoboForm\Firefox [2010/11/24 08:01:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/30 18:05:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/30 18:05:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2010/09/15 19:49:40 | 000,000,000 | ---D | M]

[2008/09/14 10:07:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\XP\Application Data\Mozilla\Extensions
[2011/02/01 00:37:05 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\XP\Application Data\Mozilla\Firefox\Profiles\te0ovum3.default\extensions
[2010/07/11 10:04:04 | 000,000,000 | ---D | M] (Plusmedia uk Toolbar) -- C:\Documents and Settings\XP\Application Data\Mozilla\Firefox\Profiles\te0ovum3.default\extensions\{193d7001-bd9f-48c2-b5c7-69775aa2201d}
[2010/07/11 10:27:37 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\XP\Application Data\Mozilla\Firefox\Profiles\te0ovum3.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/12/03 02:07:05 | 000,000,000 | ---D | M] (SeoQuake) -- C:\Documents and Settings\XP\Application Data\Mozilla\Firefox\Profiles\te0ovum3.default\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}
[2010/12/08 07:51:25 | 000,000,000 | ---D | M] (Fill Form) -- C:\Documents and Settings\XP\Application Data\Mozilla\Firefox\Profiles\te0ovum3.default\extensions\{63bd1709-0af6-4457-99ca-f2ce411047de}
[2010/12/10 06:08:44 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\XP\Application Data\Mozilla\Firefox\Profiles\te0ovum3.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010/11/23 00:58:02 | 000,000,000 | ---D | M] (Tamper Data) -- C:\Documents and Settings\XP\Application Data\Mozilla\Firefox\Profiles\te0ovum3.default\extensions\{9c51bd27-6ed8-4000-a2bf-36cb95c0c947}
[2010/11/29 06:25:58 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\XP\Application Data\Mozilla\Firefox\Profiles\te0ovum3.default\extensions\{ba2430e0-5b72-4cac-bc9e-7d1aaca75d3d}
[2010/12/03 02:07:04 | 000,000,000 | ---D | M] ("NoDoFollow") -- C:\Documents and Settings\XP\Application Data\Mozilla\Firefox\Profiles\te0ovum3.default\extensions\{c2b1f3ae-5cd5-49b7-8a0c-2c3bcbbbb294}
[2011/01/29 04:26:31 | 000,000,000 | ---D | M] ("SearchStatus") -- C:\Documents and Settings\XP\Application Data\Mozilla\Firefox\Profiles\te0ovum3.default\extensions\{d57c9ff1-6389-48fc-b770-f78bd89b6e8a}
[2011/01/04 02:02:14 | 000,000,000 | ---D | M] (Torbutton) -- C:\Documents and Settings\XP\Application Data\Mozilla\Firefox\Profiles\te0ovum3.default\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}
[2010/12/24 11:11:57 | 000,000,000 | ---D | M] (Torbutton) -- C:\Documents and Settings\XP\Application Data\Mozilla\Firefox\Profiles\te0ovum3.default\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}(2)
[2010/11/03 18:03:21 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\XP\Application Data\Mozilla\Firefox\Profiles\te0ovum3.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010/11/11 19:45:39 | 000,000,000 | ---D | M] (ooVoo Video Chat Toolbar) -- C:\Documents and Settings\XP\Application Data\Mozilla\Firefox\Profiles\te0ovum3.default\extensions\{e5a1e26f-0d1d-4307-868f-fbd9a374ab54}
[2010/11/29 06:46:54 | 000,000,000 | ---D | M] (Text-to-Image) -- C:\Documents and Settings\XP\Application Data\Mozilla\Firefox\Profiles\te0ovum3.default\extensions\{f701c26a-479a-4724-b4f1-870db12f063c}
[2011/02/19 10:53:47 | 000,000,000 | ---D | M] (The Browser Highlighter) -- C:\Documents and Settings\XP\Application Data\Mozilla\Firefox\Profiles\te0ovum3.default\extensions\[email protected]
[2010/07/11 10:05:48 | 000,000,000 | ---D | M] (Veoh Video Compass) -- C:\Documents and Settings\XP\Application Data\Mozilla\Firefox\Profiles\te0ovum3.default\extensions\[email protected]
[2010/10/15 15:07:41 | 000,000,000 | ---D | M] (Real Hide IP) -- C:\Documents and Settings\XP\Application Data\Mozilla\Firefox\Profiles\te0ovum3.default\extensions\[email protected]
[2010/11/02 20:34:04 | 000,000,000 | ---D | M] (vShare Plugin) -- C:\Documents and Settings\XP\Application Data\Mozilla\Firefox\Profiles\te0ovum3.default\extensions\[email protected]
[2010/11/23 15:51:36 | 000,000,000 | ---D | M] (RoboForm Online Toolbar) -- C:\Documents and Settings\XP\Application Data\Mozilla\Firefox\Profiles\te0ovum3.default\extensions\[email protected]
[2010/08/21 00:43:05 | 000,001,490 | ---- | M] () -- C:\Documents and Settings\XP\Application Data\Mozilla\Firefox\Profiles\te0ovum3.default\searchplugins\AOL Search.xml
[2010/07/11 10:15:14 | 000,002,429 | ---- | M] () -- C:\Documents and Settings\XP\Application Data\Mozilla\Firefox\Profiles\te0ovum3.default\searchplugins\askcom.xml
[2010/05/16 17:39:28 | 000,000,935 | ---- | M] () -- C:\Documents and Settings\XP\Application Data\Mozilla\Firefox\Profiles\te0ovum3.default\searchplugins\conduit.xml
[2010/11/02 20:34:13 | 000,001,592 | ---- | M] () -- C:\Documents and Settings\XP\Application Data\Mozilla\Firefox\Profiles\te0ovum3.default\searchplugins\web-search.xml
[2011/02/01 00:46:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/08/03 18:46:36 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/08/16 22:49:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/07/11 10:15:38 | 000,000,000 | ---D | M] (The Browser Highlighter) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
[2008/11/14 20:46:12 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010/11/24 08:01:23 | 000,000,000 | ---D | M] (AI Roboform Toolbar for Firefox) -- C:\PROGRAM FILES\SIBER SYSTEMS\AI ROBOFORM\FIREFOX
[2008/11/16 22:26:17 | 000,000,000 | ---D | M] (Veoh Web Player Video Finder) -- C:\PROGRAM FILES\VEOH NETWORKS\VEOHWEBPLAYER\FFVIDEOFINDER
[2010/07/17 04:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/08/21 00:43:05 | 000,001,490 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\AOL Search.xml

O1 HOSTS File: ([2011/02/22 03:48:24 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngin0.dll (Conduit Ltd.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (ooVoo Video Chat Toolbar) - {e5a1e26f-0d1d-4307-868f-fbd9a374ab54} - C:\Program Files\ooVoo_Video_Chat\tbooV1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Veoh Web Player Video Finder) - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll (Veoh Networks Inc)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngin0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (ooVoo Video Chat Toolbar) - {e5a1e26f-0d1d-4307-868f-fbd9a374ab54} - C:\Program Files\ooVoo_Video_Chat\tbooV1.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (ooVoo Video Chat Toolbar) - {E5A1E26F-0D1D-4307-868F-FBD9A374AB54} - C:\Program Files\ooVoo_Video_Chat\tbooV1.dll (Conduit Ltd.)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\WINDOWS\System32\nvhotkey.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKCU..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Customize Menu - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: Fill Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: RoboForm Toolbar - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} http://assets.photob...?20090309080349 (PhotoboxPhotowaysUploader5 Control)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail....es/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ent/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\XP\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\XP\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/09/12 06:37:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/02/22 03:12:27 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/02/22 02:50:13 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/02/22 02:50:13 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/02/22 02:50:13 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/02/22 02:50:13 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/02/22 02:49:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/02/22 02:48:18 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/02/20 13:16:05 | 000,000,000 | ---D | C] -- C:\Program Files\Lame For Audacity
[2011/02/05 16:20:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\XP\Desktop\EDU & GOV
[2011/02/01 03:21:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\XP\Desktop\Addons
[2011/02/01 03:21:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\XP\Desktop\BlackList
[2011/02/01 03:17:45 | 000,000,000 | R--D | C] -- C:\Documents and Settings\XP\Desktop\lINK LIBRARY
[2011/02/01 03:09:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\XP\Desktop\New Folder
[2011/02/01 01:47:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ProxyWiz
[2011/02/01 01:47:36 | 000,000,000 | ---D | C] -- C:\Program Files\ProxyWiz
[2011/01/27 19:25:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\XP\Application Data\Audacity
[2011/01/27 19:23:40 | 000,000,000 | ---D | C] -- C:\Program Files\Audacity 1.3 Beta (Unicode)
[2011/01/26 00:12:51 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\XP\Recent
[2011/01/26 00:09:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\XP\Start Menu\Programs\Perfect memory
[2011/01/26 00:09:34 | 000,000,000 | ---D | C] -- C:\Program Files\Memorisation master
[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[10 C:\Documents and Settings\XP\My Documents\*.tmp files -> C:\Documents and Settings\XP\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/02/22 09:16:14 | 000,149,178 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2011/02/22 04:46:00 | 000,000,966 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-602162358-1958367476-725345543-1003UA.job
[2011/02/22 03:48:24 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/02/22 03:12:33 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/02/22 01:45:36 | 000,494,286 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/02/22 01:44:02 | 000,084,680 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/02/22 01:38:49 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/02/22 01:36:57 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2011/02/22 01:36:30 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2011/02/22 01:36:00 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/02/21 20:46:00 | 000,000,914 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-602162358-1958367476-725345543-1003Core.job
[2011/02/21 20:36:34 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2011/02/21 16:28:23 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/02/20 14:14:40 | 036,232,834 | ---- | M] () -- C:\Documents and Settings\XP\My Documents\ffff.wav
[2011/02/20 13:59:24 | 000,130,048 | ---- | M] () -- C:\Documents and Settings\XP\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/02/20 13:19:38 | 036,232,834 | ---- | M] () -- C:\Documents and Settings\XP\My Documents\your song kk.wav
[2011/02/20 13:17:49 | 036,232,996 | ---- | M] () -- C:\Documents and Settings\XP\My Documents\your song.aiff
[2011/02/19 16:22:27 | 000,149,178 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat
[2011/02/18 21:07:23 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011/02/18 11:56:41 | 000,000,674 | ---- | M] () -- C:\Documents and Settings\XP\My Documents\globaltest.godcpa
[2011/02/16 17:48:36 | 000,000,189 | ---- | M] () -- C:\Documents and Settings\XP\Desktop\330530284319.url
[2011/02/09 23:22:24 | 000,142,032 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/02/09 20:07:46 | 001,959,819 | ---- | M] () -- C:\Documents and Settings\XP\My Documents\coming home cover.mp3
[2011/02/09 20:05:37 | 021,645,442 | ---- | M] () -- C:\Documents and Settings\XP\My Documents\coming home cover.aiff
[2011/02/09 19:15:05 | 000,953,754 | ---- | M] () -- C:\Documents and Settings\XP\My Documents\Rihanna Ft.mp3
[2011/02/09 19:11:13 | 010,954,454 | ---- | M] () -- C:\Documents and Settings\XP\My Documents\Rihanna Ft. Drake - What's My Name Piano by Ray Mak with my vocals
[2011/02/09 19:05:25 | 010,954,454 | ---- | M] () -- C:\Documents and Settings\XP\My Documents\Rihanna Ft. Drake - What's My Name Piano by Ray Mak
[2011/02/09 17:06:24 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/02/08 22:19:55 | 000,951,838 | ---- | M] () -- C:\Documents and Settings\XP\My Documents\fhgfgh
[2011/02/08 21:36:03 | 000,802,077 | ---- | M] () -- C:\Documents and Settings\XP\My Documents\kk
[2011/02/08 21:26:29 | 000,802,077 | ---- | M] () -- C:\Documents and Settings\XP\My Documents\Photo0243aa
[2011/02/07 22:11:18 | 001,934,014 | ---- | M] () -- C:\Documents and Settings\XP\My Documents\Photo0243.jpg
[2011/02/07 22:11:16 | 001,976,427 | ---- | M] () -- C:\Documents and Settings\XP\My Documents\Photo0242.jpg
[2011/02/07 22:11:12 | 001,986,319 | ---- | M] () -- C:\Documents and Settings\XP\My Documents\Photo0240.jpg
[2011/02/07 22:11:08 | 001,689,968 | ---- | M] () -- C:\Documents and Settings\XP\My Documents\Photo0239.jpg
[2011/02/07 22:11:06 | 001,655,532 | ---- | M] () -- C:\Documents and Settings\XP\My Documents\Photo0238.jpg
[2011/02/07 22:11:00 | 001,611,248 | ---- | M] () -- C:\Documents and Settings\XP\My Documents\Photo0237.jpg
[2011/02/07 22:10:58 | 001,724,397 | ---- | M] () -- C:\Documents and Settings\XP\My Documents\Photo0236.jpg
[2011/02/07 22:10:54 | 001,927,050 | ---- | M] () -- C:\Documents and Settings\XP\My Documents\Photo0235.jpg
[2011/02/07 22:10:50 | 001,813,424 | ---- | M] () -- C:\Documents and Settings\XP\My Documents\Photo0234.jpg
[2011/02/05 18:23:38 | 002,683,304 | ---- | M] (Softtouch Software Design) -- C:\Documents and Settings\XP\Desktop\scrapebox.exe
[2011/02/05 18:23:26 | 000,482,760 | ---- | M] (Softtouch Software Design) -- C:\Documents and Settings\XP\Desktop\sbupdate.exe
[2011/02/05 18:23:16 | 003,130,216 | ---- | M] () -- C:\Documents and Settings\XP\Desktop\scrapebox.zip
[2011/02/04 21:48:29 | 003,423,176 | ---- | M] () -- C:\Documents and Settings\XP\My Documents\Perfect pink cover.mp3
[2011/02/04 21:45:57 | 037,819,190 | ---- | M] () -- C:\Documents and Settings\XP\My Documents\perfect cover.aiff
[2011/02/04 21:38:28 | 039,855,830 | ---- | M] () -- C:\Documents and Settings\XP\My Documents\[bleep]ing perfcet cover.aiff
[2011/02/01 03:06:57 | 000,002,447 | ---- | M] () -- C:\Documents and Settings\XP\Desktop\xGen SEO.lnk
[2011/02/01 02:28:58 | 000,157,743 | ---- | M] () -- C:\Documents and Settings\XP\Desktop\scrapebox.elf
[2011/02/01 01:47:47 | 000,000,687 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ProxyWiz.lnk
[2011/01/31 16:51:27 | 049,006,124 | ---- | M] () -- C:\Documents and Settings\XP\My Documents\runaway love proper.wav
[2011/01/31 16:46:57 | 032,863,328 | ---- | M] () -- C:\Documents and Settings\XP\My Documents\grenade cover proper acapella.wav
[2011/01/30 11:36:51 | 002,894,787 | ---- | M] () -- C:\Documents and Settings\XP\My Documents\grenade cover proper.mp3
[2011/01/30 11:35:43 | 001,307,272 | ---- | M] () -- C:\Documents and Settings\XP\My Documents\grenade cover proper.wav
[2011/01/27 19:23:54 | 000,000,729 | ---- | M] () -- C:\Documents and Settings\XP\Desktop\Audacity 1.3 Beta (Unicode).lnk
[2011/01/26 00:09:40 | 000,009,905 | ---- | M] () -- C:\WINDOWS\System32\SpoonUninstall-MMaster.dat
[2011/01/26 00:09:39 | 000,131,584 | ---- | M] () -- C:\WINDOWS\System32\SpoonUninstall.exe
[2011/01/26 00:09:31 | 000,058,554 | ---- | M] () -- C:\WINDOWS\System32\SpoonUninstall-MMaster.bmp
[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[10 C:\Documents and Settings\XP\My Documents\*.tmp files -> C:\Documents and Settings\XP\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/02/22 03:12:33 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/02/22 03:12:30 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/02/22 02:50:14 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/02/22 02:50:13 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/02/22 02:50:13 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/02/22 02:50:13 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/02/22 02:50:13 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/02/20 14:13:31 | 036,232,834 | ---- | C] () -- C:\Documents and Settings\XP\My Documents\ffff.wav
[2011/02/20 13:18:37 | 036,232,834 | ---- | C] () -- C:\Documents and Settings\XP\My Documents\your song kk.wav
[2011/02/20 13:17:10 | 036,232,996 | ---- | C] () -- C:\Documents and Settings\XP\My Documents\your song.aiff
[2011/02/18 11:56:41 | 000,000,674 | ---- | C] () -- C:\Documents and Settings\XP\My Documents\globaltest.godcpa
[2011/02/16 17:48:36 | 000,000,189 | ---- | C] () -- C:\Documents and Settings\XP\Desktop\330530284319.url
[2011/02/09 20:06:50 | 001,959,819 | ---- | C] () -- C:\Documents and Settings\XP\My Documents\coming home cover.mp3
[2011/02/09 20:05:04 | 021,645,442 | ---- | C] () -- C:\Documents and Settings\XP\My Documents\coming home cover.aiff
[2011/02/09 19:14:39 | 000,953,754 | ---- | C] () -- C:\Documents and Settings\XP\My Documents\Rihanna Ft.mp3
[2011/02/09 19:11:08 | 010,954,454 | ---- | C] () -- C:\Documents and Settings\XP\My Documents\Rihanna Ft. Drake - What's My Name Piano by Ray Mak with my vocals
[2011/02/09 19:05:20 | 010,954,454 | ---- | C] () -- C:\Documents and Settings\XP\My Documents\Rihanna Ft. Drake - What's My Name Piano by Ray Mak
[2011/02/09 17:01:27 | 000,001,355 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2011/02/08 22:19:54 | 000,951,838 | ---- | C] () -- C:\Documents and Settings\XP\My Documents\fhgfgh
[2011/02/08 21:36:02 | 000,802,077 | ---- | C] () -- C:\Documents and Settings\XP\My Documents\kk
[2011/02/08 21:26:28 | 000,802,077 | ---- | C] () -- C:\Documents and Settings\XP\My Documents\Photo0243aa
[2011/02/08 21:18:32 | 001,934,014 | ---- | C] () -- C:\Documents and Settings\XP\My Documents\Photo0243.jpg
[2011/02/08 21:18:26 | 001,986,319 | ---- | C] () -- C:\Documents and Settings\XP\My Documents\Photo0240.jpg
[2011/02/08 21:18:26 | 001,976,427 | ---- | C] () -- C:\Documents and Settings\XP\My Documents\Photo0242.jpg
[2011/02/08 21:18:26 | 001,689,968 | ---- | C] () -- C:\Documents and Settings\XP\My Documents\Photo0239.jpg
[2011/02/08 21:18:26 | 001,655,532 | ---- | C] () -- C:\Documents and Settings\XP\My Documents\Photo0238.jpg
[2011/02/08 21:18:25 | 001,724,397 | ---- | C] () -- C:\Documents and Settings\XP\My Documents\Photo0236.jpg
[2011/02/08 21:18:25 | 001,611,248 | ---- | C] () -- C:\Documents and Settings\XP\My Documents\Photo0237.jpg
[2011/02/08 21:18:24 | 001,927,050 | ---- | C] () -- C:\Documents and Settings\XP\My Documents\Photo0235.jpg
[2011/02/08 21:18:24 | 001,813,424 | ---- | C] () -- C:\Documents and Settings\XP\My Documents\Photo0234.jpg
[2011/02/04 21:46:47 | 003,423,176 | ---- | C] () -- C:\Documents and Settings\XP\My Documents\Perfect pink cover.mp3
[2011/02/04 21:42:45 | 037,819,190 | ---- | C] () -- C:\Documents and Settings\XP\My Documents\perfect cover.aiff
[2011/02/04 21:37:18 | 039,855,830 | ---- | C] () -- C:\Documents and Settings\XP\My Documents\[bleep]ing perfcet cover.aiff
[2011/02/01 01:47:47 | 000,000,687 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ProxyWiz.lnk
[2011/01/31 16:49:50 | 049,006,124 | ---- | C] () -- C:\Documents and Settings\XP\My Documents\runaway love proper.wav
[2011/01/31 16:35:46 | 032,863,328 | ---- | C] () -- C:\Documents and Settings\XP\My Documents\grenade cover proper acapella.wav
[2011/01/30 11:36:06 | 002,894,787 | ---- | C] () -- C:\Documents and Settings\XP\My Documents\grenade cover proper.mp3
[2011/01/30 11:29:23 | 001,307,272 | ---- | C] () -- C:\Documents and Settings\XP\My Documents\grenade cover proper.wav
[2011/01/27 19:23:54 | 000,000,729 | ---- | C] () -- C:\Documents and Settings\XP\Desktop\Audacity 1.3 Beta (Unicode).lnk
[2011/01/27 19:23:53 | 000,000,735 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Audacity 1.3 Beta (Unicode).lnk
[2011/01/26 00:09:40 | 000,131,584 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall.exe
[2011/01/26 00:09:40 | 000,058,554 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-MMaster.bmp
[2011/01/26 00:09:40 | 000,009,905 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-MMaster.dat
[2010/10/15 02:39:44 | 000,000,391 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Setting.dat
[2010/10/15 02:39:44 | 000,000,022 | ---- | C] () -- C:\Documents and Settings\XP\Application Data\UserFlag.ini
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/04/24 13:29:11 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2009/03/20 03:48:06 | 002,931,168 | ---- | C] () -- C:\Program Files\FLV PlayerFCSetup.exe
[2009/01/30 22:44:42 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\LocalService\Application Data\$_hpcst$.hpc
[2008/12/31 18:32:07 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\XP\Application Data\$_hpcst$.hpc
[2008/11/27 23:04:48 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2008/11/27 22:49:06 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDE DX4400DEFGIPS.ini
[2008/11/27 01:56:33 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/09/14 14:28:40 | 000,130,048 | ---- | C] () -- C:\Documents and Settings\XP\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/09/12 11:28:15 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/09/12 09:26:02 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/09/12 09:24:32 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008/09/12 09:24:32 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/09/12 09:24:30 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008/09/12 09:24:28 | 001,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2007/05/09 19:35:54 | 000,057,126 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini

========== LOP Check ==========

[2010/08/21 00:43:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM
[2009/02/27 21:48:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2008/11/27 23:03:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2010/09/15 19:49:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2009/03/22 11:12:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fugazo
[2009/03/30 23:03:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gogii
[2010/07/11 13:08:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kontiki
[2011/01/21 06:09:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Magic Submitter
[2010/07/11 13:13:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
[2010/08/22 00:13:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Micro Niche Finder
[2010/09/10 15:06:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2009/03/22 10:09:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2009/02/02 22:08:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Playrix Entertainment
[2010/11/24 08:01:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RoboForm
[2009/08/02 20:03:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/09/17 13:30:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trusteer
[2008/11/27 23:09:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UDL
[2010/10/03 13:56:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/10/01 00:48:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/22 22:51:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2010/08/21 00:43:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XP\Application Data\acccore
[2011/02/21 22:04:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XP\Application Data\Audacity
[2011/01/04 01:19:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XP\Application Data\Azureus
[2010/09/23 03:07:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XP\Application Data\Bryxen Software
[2008/12/02 15:12:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XP\Application Data\EPSON
[2010/09/15 19:52:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XP\Application Data\ESET
[2011/02/01 02:28:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XP\Application Data\EurekaLog
[2010/12/08 07:14:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XP\Application Data\FileZilla
[2010/08/21 11:23:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XP\Application Data\LimeWire
[2010/11/08 01:29:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XP\Application Data\LinkBounder
[2009/01/30 22:24:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XP\Application Data\Livestation
[2010/10/22 00:41:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XP\Application Data\MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1
[2010/09/10 15:06:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XP\Application Data\NCH Swift Sound
[2010/11/30 03:31:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XP\Application Data\Notepad++
[2010/11/11 19:46:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XP\Application Data\ooVoo Details
[2010/07/11 10:05:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XP\Application Data\OpenCandy
[2009/03/22 10:09:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XP\Application Data\PlayFirst
[2011/02/09 18:41:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XP\Application Data\PriceGong
[2011/02/18 15:49:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XP\Application Data\Spotify
[2009/09/17 13:30:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XP\Application Data\Trusteer
[2010/10/15 03:13:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XP\Application Data\uTorrent
[2009/01/25 19:02:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XP\Application Data\Windows Live Writer
[2011/02/22 01:36:30 | 000,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\OGALogon.job
[2011/02/22 01:36:57 | 000,000,260 | ---- | M] () -- C:\WINDOWS\Tasks\WGASetup.job

========== Purity Check ==========

OTL logfile created on: 2/22/2011 9:25:27 AM - Run 2
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Documents and Settings\XP\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 305.00 Mb Available Physical Memory | 30.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 78.13 Gb Total Space | 5.21 Gb Free Space | 6.67% Space Free | Partition Type: NTFS
Drive F: | 31.06 Gb Total Space | 30.80 Gb Free Space | 99.16% Space Free | Partition Type: NTFS

Computer Name: DELL1500 | User Name: XP | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/02/22 01:51:32 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\XP\My Documents\Downloads\OTL.exe
PRC - [2011/02/10 03:14:59 | 000,994,872 | ---- | M] (Google Inc.) -- C:\Documents and Settings\XP\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2010/06/24 08:27:12 | 000,810,144 | ---- | M] (ESET) -- C:\Program Files\Eset\ESET Smart Security\ekrn.exe
PRC - [2010/05/14 10:44:46 | 000,501,480 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2008/04/14 00:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/06/06 18:28:18 | 000,405,504 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2007/01/25 06:00:00 | 000,179,200 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATICAE.EXE
PRC - [2006/11/13 13:39:52 | 001,289,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\wcescomm.exe


========== Modules (SafeList) ==========

MOD - [2011/02/22 01:51:32 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\XP\My Documents\Downloads\OTL.exe
MOD - [2010/08/23 16:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2010/06/24 08:27:54 | 000,033,584 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv)
SRV - [2010/06/24 08:27:12 | 000,810,144 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe -- (ekrn)
SRV - [2010/03/18 16:47:22 | 000,035,160 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe -- (aspnet_state)
SRV - [2010/03/18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 13:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2009/08/05 22:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2007/01/11 04:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Stopped] -- C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE -- (EPSON_PM_RPCV4_01) EPSON V3 Service4(01)


========== Driver Services (SafeList) ==========

DRV - [2010/06/24 08:27:22 | 000,055,256 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdi.sys -- (epfwtdi)
DRV - [2010/06/24 08:26:24 | 000,140,752 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2010/04/28 07:17:46 | 000,134,488 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\epfw.sys -- (epfw)
DRV - [2010/04/28 07:17:46 | 000,114,984 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2010/04/28 07:17:46 | 000,032,584 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\epfwndis.sys -- (Epfwndis)
DRV - [2009/08/05 22:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2008/04/13 19:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 16:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/06/06 18:34:38 | 006,345,472 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2007/06/06 18:28:16 | 001,222,840 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2007/06/03 17:20:58 | 000,202,912 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2007/05/09 20:51:34 | 000,041,888 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2007/05/09 20:47:00 | 001,276,832 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LV302V32.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
DRV - [2007/05/09 17:59:42 | 000,604,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2007/05/09 00:49:02 | 000,045,568 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2007/05/09 00:46:08 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/04/24 00:15:46 | 000,989,696 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2007/04/24 00:15:46 | 000,730,112 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2007/04/24 00:15:44 | 000,209,152 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2005/12/02 14:38:04 | 000,041,728 | ---- | M] (Sonic Focus, Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sfng32.sys -- (sfng32)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Live Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.live.c...ferrer:source?}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...&ctid=CT1572363
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = FE 01 BF 5A 9E 7F CB 01 [binary data]
IE - HKCU\..\URLSearchHook: {e5a1e26f-0d1d-4307-868f-fbd9a374ab54} - C:\Program Files\ooVoo_Video_Chat\tbooV1.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=;ftp=;https=;

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaultthis.engineName: "ooVoo Video Chat Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://search.condui...earchSource=13"
FF - prefs.js..extensions.enabledItems: {22119944-ED35-4ab1-910B-E619EA06A115}:6.10.1
FF - prefs.js..extensions.enabledItems: {ba2430e0-5b72-4cac-bc9e-7d1aaca75d3d}:1.6.0
FF - prefs.js..extensions.enabledItems: {63bd1709-0af6-4457-99ca-f2ce411047de}:0.3.10.21
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {c2b1f3ae-5cd5-49b7-8a0c-2c3bcbbbb294}:1.1
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.7
FF - prefs.js..extensions.enabledItems: {e5a1e26f-0d1d-4307-868f-fbd9a374ab54}:2.6.0.15
FF - prefs.js..extensions.enabledItems: {193d7001-bd9f-48c2-b5c7-69775aa2201d}:2.5.8.6
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.1.1
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {9c51bd27-6ed8-4000-a2bf-36cb95c0c947}:11.0.1
FF - prefs.js..extensions.enabledItems: {f701c26a-479a-4724-b4f1-870db12f063c}:1.4.2
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.5.2
FF - prefs.js..extensions.enabledItems: [email protected]:1.4
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0
FF - prefs.js..extensions.enabledItems: {e0204bd5-9d31-402b-a99d-a6aa8ffebdca}:1.2.5
FF - prefs.js..extensions.enabledItems: {d57c9ff1-6389-48fc-b770-f78bd89b6e8a}:1.34
FF - prefs.js..keyword.URL: "http://search.condui...d=CT2567697&q="
FF - prefs.js..network.proxy.autoconfig_url: "http://www.salford.ac.uk/proxy"


FF - HKLM\software\mozilla\Firefox\extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files\Siber Systems\AI RoboForm\Firefox [2010/11/24 08:01:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/30 18:05:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/30 18:05:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2010/09/15 19:49:40 | 000,000,000 | ---D | M]

[2008/09/14 10:07:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\XP\Application Data\Mozilla\Extensions
[2011/02/01 00:37:05 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\XP\Application Data\Mozilla\Firefox\Profiles\te0ovum3.default\extensions
[2010/07/11 10:04:04 | 000,000,000 | ---D | M] (Plusmedia uk Toolbar) -- C:\Documents and Settings\XP\Application Data\Mozilla\Firefox\Profiles\te0ovum3.default\extensions\{193d7001-bd9f-48c2-b5c7-69775aa2201d}
[2010/07/11 10:27:37 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\XP\Application Data\Mozilla\Firefox\Profiles\te0ovum3.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/12/03 02:07:05 | 000,000,000 | ---D | M] (SeoQuake) -- C:\Documents and Settings\XP\Application Data\Mozilla\Firefox\Profiles\te0ovum3.default\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}
[2010/12/08 07:51:25 | 000,000,000 | ---D | M] (Fill Form) -- C:\Documents and Settings\XP\Application Data\Mozilla\Firefox\Profiles\te0ovum3.default\extensions\{63bd1709-0af6-4457-99ca-f2ce411047de}
[2010/12/10 06:08:44 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\XP\Application Data\Mozilla\Firefox\Profiles\te0ovum3.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010/11/23 00:58:02 | 000,000,000 | ---D | M] (Tamper Data) -- C:\Documents and Settings\XP\Application Data\Mozilla\Firefox\Profiles\te0ovum3.default\extensions\{9c51bd27-6ed8-4000-a2bf-36cb95c0c947}
[2010/11/29 06:25:58 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\XP\Application Data\Mozilla\Firefox\Profiles\te0ovum3.default\extensions\{ba2430e0-5b72-4cac-bc9e-7d1aaca75d3d}
[2010/12/03 02:07:04 | 000,000,000 | ---D | M] ("NoDoFollow") -- C:\Documents and Settings\XP\Application Data\Mozilla\Firefox\Profiles\te0ovum3.default\extensions\{c2b1f3ae-5cd5-49b7-8a0c-2c3bcbbbb294}
[2011/01/29 04:26:31 | 000,000,000 | ---D | M] ("SearchStatus") -- C:\Documents and Settings\XP\Application Data\Mozilla\Firefox\Profiles\te0ovum3.default\extensions\{d57c9ff1-6389-48fc-b770-f78bd89b6e8a}
[2011/01/04 02:02:14 | 000,000,000 | ---D | M] (Torbutton) -- C:\Documents and Settings\XP\Application Data\Mozilla\Firefox\Profiles\te0ovum3.default\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}
[2010/12/24 11:11:57 | 000,000,000 | ---D | M] (Torbutton) -- C:\Documents and Settings\XP\Application Data\Mozilla\Firefox\Profiles\te0ovum3.default\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}(2)
[2010/11/03 18:03:21 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\XP\Application Data\Mozilla\Firefox\Profiles\te0ovum3.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010/11/11 19:45:39 | 000,000,000 | ---D | M] (ooVoo Video Chat Toolbar) -- C:\Documents and Settings\XP\Application Data\Mozilla\Firefox\Profiles\te0ovum3.default\extensions\{e5a1e26f-0d1d-4307-868f-fbd9a374ab54}
[2010/11/29 06:46:54 | 000,000,000 | ---D | M] (Text-to-Image) -- C:\Documents and Settings\XP\Application Data\Mozilla\Firefox\Profiles\te0ovum3.default\extensions\{f701c26a-479a-4724-b4f1-870db12f063c}
[2011/02/19 10:53:47 | 000,000,000 | ---D | M] (The Browser Highlighter) -- C:\Documents and Settings\XP\Application Data\Mozilla\Firefox\Profiles\te0ovum3.default\extensions\[email protected]
[2010/07/11 10:05:48 | 000,000,000 | ---D | M] (Veoh Video Compass) -- C:\Documents and Settings\XP\Application Data\Mozilla\Firefox\Profiles\te0ovum3.default\extensions\[email protected]
[2010/10/15 15:07:41 | 000,000,000 | ---D | M] (Real Hide IP) -- C:\Documents and Settings\XP\Application Data\Mozilla\Firefox\Profiles\te0ovum3.default\extensions\[email protected]
[2010/11/02 20:34:04 | 000,000,000 | ---D | M] (vShare Plugin) -- C:\Documents and Settings\XP\Application Data\Mozilla\Firefox\Profiles\te0ovum3.default\extensions\[email protected]
[2010/11/23 15:51:36 | 000,000,000 | ---D | M] (RoboForm Online Toolbar) -- C:\Documents and Settings\XP\Application Data\Mozilla\Firefox\Profiles\te0ovum3.default\extensions\[email protected]
[2010/08/21 00:43:05 | 000,001,490 | ---- | M] () -- C:\Documents and Settings\XP\Application Data\Mozilla\Firefox\Profiles\te0ovum3.default\searchplugins\AOL Search.xml
[2010/07/11 10:15:14 | 000,002,429 | ---- | M] () -- C:\Documents and Settings\XP\Application Data\Mozilla\Firefox\Profiles\te0ovum3.default\searchplugins\askcom.xml
[2010/05/16 17:39:28 | 000,000,935 | ---- | M] () -- C:\Documents and Settings\XP\Application Data\Mozilla\Firefox\Profiles\te0ovum3.default\searchplugins\conduit.xml
[2010/11/02 20:34:13 | 000,001,592 | ---- | M] () -- C:\Documents and Settings\XP\Application Data\Mozilla\Firefox\Profiles\te0ovum3.default\searchplugins\web-search.xml
[2011/02/01 00:46:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/08/03 18:46:36 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/08/16 22:49:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/07/11 10:15:38 | 000,000,000 | ---D | M] (The Browser Highlighter) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
[2008/11/14 20:46:12 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010/11/24 08:01:23 | 000,000,000 | ---D | M] (AI Roboform Toolbar for Firefox) -- C:\PROGRAM FILES\SIBER SYSTEMS\AI ROBOFORM\FIREFOX
[2008/11/16 22:26:17 | 000,000,000 | ---D | M] (Veoh Web Player Video Finder) -- C:\PROGRAM FILES\VEOH NETWORKS\VEOHWEBPLAYER\FFVIDEOFINDER
[2010/07/17 04:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/08/21 00:43:05 | 000,001,490 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\AOL Search.xml

O1 HOSTS File: ([2011/02/22 03:48:24 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngin0.dll (Conduit Ltd.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (ooVoo Video Chat Toolbar) - {e5a1e26f-0d1d-4307-868f-fbd9a374ab54} - C:\Program Files\ooVoo_Video_Chat\tbooV1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Veoh Web Player Video Finder) - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll (Veoh Networks Inc)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngin0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (ooVoo Video Chat Toolbar) - {e5a1e26f-0d1d-4307-868f-fbd9a374ab54} - C:\Program Files\ooVoo_Video_Chat\tbooV1.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (ooVoo Video Chat Toolbar) - {E5A1E26F-0D1D-4307-868F-FBD9A374AB54} - C:\Program Files\ooVoo_Video_Chat\tbooV1.dll (Conduit Ltd.)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\WINDOWS\System32\nvhotkey.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKCU..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Customize Menu - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: Fill Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: RoboForm Toolbar - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} http://assets.photob...?20090309080349 (PhotoboxPhotowaysUploader5 Control)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail....es/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ent/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\XP\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\XP\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/09/12 06:37:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/02/22 03:12:27 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/02/22 02:50:13 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/02/22 02:50:13 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/02/22 02:50:13 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/02/22 02:50:13 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/02/22 02:49:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/02/22 02:48:18 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/02/20 13:16:05 | 000,000,000 | ---D | C] -- C:\Program Files\Lame For Audacity
[2011/02/05 16:20:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\XP\Desktop\EDU & GOV
[2011/02/01 03:21:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\XP\Desktop\Addons
[2011/02/01 03:21:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\XP\Desktop\BlackList
[2011/02/01 03:17:45 | 000,000,000 | R--D | C] -- C:\Documents and Settings\XP\Desktop\lINK LIBRARY
[2011/02/01 03:09:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\XP\Desktop\New Folder
[2011/02/01 01:47:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ProxyWiz
[2011/02/01 01:47:36 | 000,000,000 | ---D | C] -- C:\Program Files\ProxyWiz
[2011/01/27 19:25:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\XP\Application Data\Audacity
[2011/01/27 19:23:40 | 000,000,000 | ---D | C] -- C:\Program Files\Audacity 1.3 Beta (Unicode)
[2011/01/26 00:12:51 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\XP\Recent
[2011/01/26 00:09:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\XP\Start Menu\Programs\Perfect memory
[2011/01/26 00:09:34 | 000,000,000 | ---D | C] -- C:\Program Files\Memorisation master
[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[10 C:\Documents and Settings\XP\My Documents\*.tmp files -> C:\Documents and Settings\XP\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/02/22 09:16:14 | 000,149,178 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2011/02/22 04:46:00 | 000,000,966 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-602162358-1958367476-725345543-1003UA.job
[2011/02/22 03:48:24 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/02/22 03:12:33 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/02/22 01:45:36 | 000,494,286 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/02/22 01:44:02 | 000,084,680 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/02/22 01:38:49 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/02/22 01:36:57 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2011/02/22 01:36:30 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2011/02/22 01:36:00 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/02/21 20:46:00 | 000,000,914 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-602162358-1958367476-725345543-1003Core.job
[2011/02/21 20:36:34 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2011/02/21 16:28:23 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/02/20 14:14:40 | 036,232,834 | ---- | M] () -- C:\Documents and Settings\XP\My Documents\ffff.wav
[2011/02/20 13:59:24 | 000,130,048 | ---- | M] () -- C:\Documents and Settings\XP\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/02/20 13:19:38 | 036,232,834 | ---- | M] () -- C:\Documents and Settings\XP\My Documents\your song kk.wav
[2011/02/20 13:17:49 | 036,232,996 | ---- | M] () -- C:\Documents and Settings\XP\My Documents\your song.aiff
[2011/02/19 16:22:27 | 000,149,178 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat
[2011/02/18 21:07:23 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011/02/18 11:56:41 | 000,000,674 | ---- | M] () -- C:\Documents and Settings\XP\My Documents\globaltest.godcpa
[2011/02/16 17:48:36 | 000,000,189 | ---- | M] () -- C:\Documents and Settings\XP\Desktop\330530284319.url
[2011/02/09 23:22:24 | 000,142,032 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/02/09 20:07:46 | 001,959,819 | ---- | M] () -- C:\Documents and Settings\XP\My Documents\coming home cover.mp3
[2011/02/09 20:05:37 | 021,645,442 | ---- | M] () -- C:\Documents and Settings\XP\My Documents\coming home cover.aiff
[2011/02/09 19:15:05 | 000,953,754 | ---- | M] () -- C:\Documents and Settings\XP\My Documents\Rihanna Ft.mp3
[2011/02/09 19:11:13 | 010,954,454 | ---- | M] () -- C:\Documents and Settings\XP\My Documents\Rihanna Ft. Drake - What's My Name Piano by Ray Mak with my vocals
[2011/02/09 19:05:25 | 010,954,454 | ---- | M] () -- C:\Documents and Settings\XP\My Documents\Rihanna Ft. Drake - What's My Name Piano by Ray Mak
[2011/02/09 17:06:24 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/02/08 22:19:55 | 000,951,838 | ---- | M] () -- C:\Documents and Settings\XP\My Documents\fhgfgh
[2011/02/08 21:36:03 | 000,802,077 | ---- | M] () -- C:\Documents and Settings\XP\My Documents\kk
[2011/02/08 21:26:29 | 000,802,077 | ---- | M] () -- C:\Documents and Settings\XP\My Documents\Photo0243aa
[2011/02/07 22:11:18 | 001,934,014 | ---- | M] () -- C:\Documents and Settings\XP\My Documents\Photo0243.jpg
[2011/02/07 22:11:16 | 001,976,427 | ---- | M] () -- C:\Documents and Settings\XP\My Documents\Photo0242.jpg
[2011/02/07 22:11:12 | 001,986,319 | ---- | M] () -- C:\Documents and Settings\XP\My Documents\Photo0240.jpg
[2011/02/07 22:11:08 | 001,689,968 | ---- | M] () -- C:\Documents and Settings\XP\My Documents\Photo0239.jpg
[2011/02/07 22:11:06 | 001,655,532 | ---- | M] () -- C:\Documents and Settings\XP\My Documents\Photo0238.jpg
[2011/02/07 22:11:00 | 001,611,248 | ---- | M] () -- C:\Documents and Settings\XP\My Documents\Photo0237.jpg
[2011/02/07 22:10:58 | 001,724,397 | ---- | M] () -- C:\Documents and Settings\XP\My Documents\Photo0236.jpg
[2011/02/07 22:10:54 | 001,927,050 | ---- | M] () -- C:\Documents and Settings\XP\My Documents\Photo0235.jpg
[2011/02/07 22:10:50 | 001,813,424 | ---- | M] () -- C:\Documents and Settings\XP\My Documents\Photo0234.jpg
[2011/02/05 18:23:38 | 002,683,304 | ---- | M] (Softtouch Software Design) -- C:\Documents and Settings\XP\Desktop\scrapebox.exe
[2011/02/05 18:23:26 | 000,482,760 | ---- | M] (Softtouch Software Design) -- C:\Documents and Settings\XP\Desktop\sbupdate.exe
[2011/02/05 18:23:16 | 003,130,216 | ---- | M] () -- C:\Documents and Settings\XP\Desktop\scrapebox.zip
[2011/02/04 21:48:29 | 003,423,176 | ---- | M] () -- C:\Documents and Settings\XP\My Documents\Perfect pink cover.mp3
[2011/02/04 21:45:57 | 037,819,190 | ---- | M] () -- C:\Documents and Settings\XP\My Documents\perfect cover.aiff
[2011/02/04 21:38:28 | 039,855,830 | ---- | M] () -- C:\Documents and Settings\XP\My Documents\[bleep]ing perfcet cover.aiff
[2011/02/01 03:06:57 | 000,002,447 | ---- | M] () -- C:\Documents and Settings\XP\Desktop\xGen SEO.lnk
[2011/02/01 02:28:58 | 000,157,743 | ---- | M] () -- C:\Documents and Settings\XP\Desktop\scrapebox.elf
[2011/02/01 01:47:47 | 000,000,687 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ProxyWiz.lnk
[2011/01/31 16:51:27 | 049,006,124 | ---- | M] () -- C:\Documents and Settings\XP\My Documents\runaway love proper.wav
[2011/01/31 16:46:57 | 032,863,328 | ---- | M] () -- C:\Documents and Settings\XP\My Documents\grenade cover proper acapella.wav
[2011/01/30 11:36:51 | 002,894,787 | ---- | M] () -- C:\Documents and Settings\XP\My Documents\grenade cover proper.mp3
[2011/01/30 11:35:43 | 001,307,272 | ---- | M] () -- C:\Documents and Settings\XP\My Documents\grenade cover proper.wav
[2011/01/27 19:23:54 | 000,000,729 | ---- | M] () -- C:\Documents and Settings\XP\Desktop\Audacity 1.3 Beta (Unicode).lnk
[2011/01/26 00:09:40 | 000,009,905 | ---- | M] () -- C:\WINDOWS\System32\SpoonUninstall-MMaster.dat
[2011/01/26 00:09:39 | 000,131,584 | ---- | M] () -- C:\WINDOWS\System32\SpoonUninstall.exe
[2011/01/26 00:09:31 | 000,058,554 | ---- | M] () -- C:\WINDOWS\System32\SpoonUninstall-MMaster.bmp
[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[10 C:\Documents and Settings\XP\My Documents\*.tmp files -> C:\Documents and Settings\XP\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/02/22 03:12:33 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/02/22 03:12:30 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/02/22 02:50:14 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/02/22 02:50:13 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/02/22 02:50:13 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/02/22 02:50:13 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/02/22 02:50:13 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/02/20 14:13:31 | 036,232,834 | ---- | C] () -- C:\Documents and Settings\XP\My Documents\ffff.wav
[2011/02/20 13:18:37 | 036,232,834 | ---- | C] () -- C:\Documents and Settings\XP\My Documents\your song kk.wav
[2011/02/20 13:17:10 | 036,232,996 | ---- | C] () -- C:\Documents and Settings\XP\My Documents\your song.aiff
[2011/02/18 11:56:41 | 000,000,674 | ---- | C] () -- C:\Documents and Settings\XP\My Documents\globaltest.godcpa
[2011/02/16 17:48:36 | 000,000,189 | ---- | C] () -- C:\Documents and Settings\XP\Desktop\330530284319.url
[2011/02/09 20:06:50 | 001,959,819 | ---- | C] () -- C:\Documents and Settings\XP\My Documents\coming home cover.mp3
[2011/02/09 20:05:04 | 021,645,442 | ---- | C] () -- C:\Documents and Settings\XP\My Documents\coming home cover.aiff
[2011/02/09 19:14:39 | 000,953,754 | ---- | C] () -- C:\Documents and Settings\XP\My Documents\Rihanna Ft.mp3
[2011/02/09 19:11:08 | 010,954,454 | ---- | C] () -- C:\Documents and Settings\XP\My Documents\Rihanna Ft. Drake - What's My Name Piano by Ray Mak with my vocals
[2011/02/09 19:05:20 | 010,954,454 | ---- | C] () -- C:\Documents and Settings\XP\My Documents\Rihanna Ft. Drake - What's My Name Piano by Ray Mak
[2011/02/09 17:01:27 | 000,001,355 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2011/02/08 22:19:54 | 000,951,838 | ---- | C] () -- C:\Documents and Settings\XP\My Documents\fhgfgh
[2011/02/08 21:36:02 | 000,802,077 | ---- | C] () -- C:\Documents and Settings\XP\My Documents\kk
[2011/02/08 21:26:28 | 000,802,077 | ---- | C] () -- C:\Documents and Settings\XP\My Documents\Photo0243aa
[2011/02/08 21:18:32 | 001,934,014 | ---- | C] () -- C:\Documents and Settings\XP\My Documents\Photo0243.jpg
[2011/02/08 21:18:26 | 001,986,319 | ---- | C] () -- C:\Documents and Settings\XP\My Documents\Photo0240.jpg
[2011/02/08 21:18:26 | 001,976,427 | ---- | C] () -- C:\Documents and Settings\XP\My Documents\Photo0242.jpg
[2011/02/08 21:18:26 | 001,689,968 | ---- | C] () -- C:\Documents and Settings\XP\My Documents\Photo0239.jpg
[2011/02/08 21:18:26 | 001,655,532 | ---- | C] () -- C:\Documents and Settings\XP\My Documents\Photo0238.jpg
[2011/02/08 21:18:25 | 001,724,397 | ---- | C] () -- C:\Documents and Settings\XP\My Documents\Photo0236.jpg
[2011/02/08 21:18:25 | 001,611,248 | ---- | C] () -- C:\Documents and Settings\XP\My Documents\Photo0237.jpg
[2011/02/08 21:18:24 | 001,927,050 | ---- | C] () -- C:\Documents and Settings\XP\My Documents\Photo0235.jpg
[2011/02/08 21:18:24 | 001,813,424 | ---- | C] () -- C:\Documents and Settings\XP\My Documents\Photo0234.jpg
[2011/02/04 21:46:47 | 003,423,176 | ---- | C] () -- C:\Documents and Settings\XP\My Documents\Perfect pink cover.mp3
[2011/02/04 21:42:45 | 037,819,190 | ---- | C] () -- C:\Documents and Settings\XP\My Documents\perfect cover.aiff
[2011/02/04 21:37:18 | 039,855,830 | ---- | C] () -- C:\Documents and Settings\XP\My Documents\[bleep]ing perfcet cover.aiff
[2011/02/01 01:47:47 | 000,000,687 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ProxyWiz.lnk
[2011/01/31 16:49:50 | 049,006,124 | ---- | C] () -- C:\Documents and Settings\XP\My Documents\runaway love proper.wav
[2011/01/31 16:35:46 | 032,863,328 | ---- | C] () -- C:\Documents and Settings\XP\My Documents\grenade cover proper acapella.wav
[2011/01/30 11:36:06 | 002,894,787 | ---- | C] () -- C:\Documents and Settings\XP\My Documents\grenade cover proper.mp3
[2011/01/30 11:29:23 | 001,307,272 | ---- | C] () -- C:\Documents and Settings\XP\My Documents\grenade cover proper.wav
[2011/01/27 19:23:54 | 000,000,729 | ---- | C] () -- C:\Documents and Settings\XP\Desktop\Audacity 1.3 Beta (Unicode).lnk
[2011/01/27 19:23:53 | 000,000,735 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Audacity 1.3 Beta (Unicode).lnk
[2011/01/26 00:09:40 | 000,131,584 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall.exe
[2011/01/26 00:09:40 | 000,058,554 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-MMaster.bmp
[2011/01/26 00:09:40 | 000,009,905 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-MMaster.dat
[2010/10/15 02:39:44 | 000,000,391 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Setting.dat
[2010/10/15 02:39:44 | 000,000,022 | ---- | C] () -- C:\Documents and Settings\XP\Application Data\UserFlag.ini
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/04/24 13:29:11 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2009/03/20 03:48:06 | 002,931,168 | ---- | C] () -- C:\Program Files\FLV PlayerFCSetup.exe
[2009/01/30 22:44:42 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\LocalService\Application Data\$_hpcst$.hpc
[2008/12/31 18:32:07 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\XP\Application Data\$_hpcst$.hpc
[2008/11/27 23:04:48 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2008/11/27 22:49:06 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDE DX4400DEFGIPS.ini
[2008/11/27 01:56:33 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/09/14 14:28:40 | 000,130,048 | ---- | C] () -- C:\Documents and Settings\XP\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/09/12 11:28:15 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/09/12 09:26:02 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/09/12 09:24:32 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008/09/12 09:24:32 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/09/12 09:24:30 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008/09/12 09:24:28 | 001,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2007/05/09 19:35:54 | 000,057,126 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini

========== LOP Check ==========

[2010/08/21 00:43:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM
[2009/02/27 21:48:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2008/11/27 23:03:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2010/09/15 19:49:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2009/03/22 11:12:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fugazo
[2009/03/30 23:03:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gogii
[2010/07/11 13:08:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kontiki
[2011/01/21 06:09:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Magic Submitter
[2010/07/11 13:13:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
[2010/08/22 00:13:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Micro Niche Finder
[2010/09/10 15:06:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2009/03/22 10:09:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2009/02/02 22:08:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Playrix Entertainment
[2010/11/24 08:01:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RoboForm
[2009/08/02 20:03:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/09/17 13:30:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trusteer
[2008/11/27 23:09:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UDL
[2010/10/03 13:56:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/10/01 00:48:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/22 22:51:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2010/08/21 00:43:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XP\Application Data\acccore
[2011/02/21 22:04:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XP\Application Data\Audacity
[2011/01/04 01:19:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XP\Application Data\Azureus
[2010/09/23 03:07:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XP\Application Data\Bryxen Software
[2008/12/02 15:12:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XP\Application Data\EPSON
[2010/09/15 19:52:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XP\Application Data\ESET
[2011/02/01 02:28:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XP\Application Data\EurekaLog
[2010/12/08 07:14:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XP\Application Data\FileZilla
[2010/08/21 11:23:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XP\Application Data\LimeWire
[2010/11/08 01:29:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XP\Application Data\LinkBounder
[2009/01/30 22:24:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XP\Application Data\Livestation
[2010/10/22 00:41:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XP\Application Data\MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1
[2010/09/10 15:06:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XP\Application Data\NCH Swift Sound
[2010/11/30 03:31:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XP\Application Data\Notepad++
[2010/11/11 19:46:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XP\Application Data\ooVoo Details
[2010/07/11 10:05:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XP\Application Data\OpenCandy
[2009/03/22 10:09:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XP\Application Data\PlayFirst
[2011/02/09 18:41:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XP\Application Data\PriceGong
[2011/02/18 15:49:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XP\Application Data\Spotify
[2009/09/17 13:30:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XP\Application Data\Trusteer
[2010/10/15 03:13:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XP\Application Data\uTorrent
[2009/01/25 19:02:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XP\Application Data\Windows Live Writer
[2011/02/22 01:36:30 | 000,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\OGALogon.job
[2011/02/22 01:36:57 | 000,000,260 | ---- | M] () -- C:\WINDOWS\Tasks\WGASetup.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 177 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E6E9EB6C
@Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:30376ACC
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:25005EFA
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:89CC7FD8

< End of report >








========== Alternate Data Streams ==========

@Alternate Data Stream - 177 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E6E9EB6C
@Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:30376ACC
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:25005EFA
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:89CC7FD8

< End of report >
  • 0

Advertisements


#2
Krsaigon

Krsaigon

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts
ComboFix 11-02-21.01 - XP 02/22/2011 3:14.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.467 [GMT 0:00]
Running from: c:\documents and settings\XP\My Documents\Downloads\ComboFix.exe
AV: ESET Smart Security 4.2 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *Enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\XP\g2mdlhlpx.exe
c:\program files\Antivirus 2009
c:\windows\system32\ddfger.dll
c:\windows\system32\ieupdates.exe.tmp
c:\windows\system32\Thumbs.db

.
((((((((((((((((((((((((( Files Created from 2011-01-22 to 2011-02-22 )))))))))))))))))))))))))))))))
.

2011-02-20 13:16 . 2011-02-20 13:16 -------- d-----w- c:\program files\Lame For Audacity
2011-02-01 01:47 . 2011-02-01 01:47 -------- d-----w- c:\program files\ProxyWiz
2011-01-27 19:25 . 2011-02-21 22:04 -------- d-----w- c:\documents and settings\XP\Application Data\Audacity
2011-01-27 19:23 . 2011-01-27 19:23 -------- d-----w- c:\program files\Audacity 1.3 Beta (Unicode)
2011-01-26 00:09 . 2011-01-26 00:09 131584 ----a-w- c:\windows\system32\SpoonUninstall.exe
2011-01-26 00:09 . 2011-01-26 00:09 -------- d-----w- c:\program files\Memorisation master

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-21 14:44 . 2004-08-04 04:56 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09 . 2004-08-04 04:56 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:10 . 2004-08-04 03:17 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-22 12:34 . 2004-08-04 04:56 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 23:59 . 2004-08-04 04:56 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:59 . 2004-08-04 04:56 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-12-20 23:59 . 2004-08-04 04:56 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-20 17:26 . 2004-08-04 04:56 730112 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 12:55 . 2004-08-04 02:59 385024 ----a-w- c:\windows\system32\html.iec
2010-12-09 15:15 . 2004-08-04 04:56 718336 ----a-w- c:\windows\system32\ntdll.dll
2010-12-09 14:30 . 2004-08-04 04:56 33280 ----a-w- c:\windows\system32\csrsrv.dll
2010-12-09 13:42 . 2004-08-04 03:18 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-12-09 13:07 . 2004-08-03 22:59 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-03-20 03:49 . 2009-03-20 03:48 2931168 -c--a-w- c:\program files\FLV PlayerFCSetup.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{e5a1e26f-0d1d-4307-868f-fbd9a374ab54}"= "c:\program files\ooVoo_Video_Chat\tbooV1.dll" [2011-01-10 3911776]

[HKEY_CLASSES_ROOT\clsid\{e5a1e26f-0d1d-4307-868f-fbd9a374ab54}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-10 13:58 3911776 ----a-w- c:\program files\ConduitEngine\ConduitEngin0.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e5a1e26f-0d1d-4307-868f-fbd9a374ab54}]
2011-01-10 13:58 3911776 ----a-w- c:\program files\ooVoo_Video_Chat\tbooV1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{e5a1e26f-0d1d-4307-868f-fbd9a374ab54}"= "c:\program files\ooVoo_Video_Chat\tbooV1.dll" [2011-01-10 3911776]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngin0.dll" [2011-01-10 3911776]

[HKEY_CLASSES_ROOT\clsid\{e5a1e26f-0d1d-4307-868f-fbd9a374ab54}]

[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{E5A1E26F-0D1D-4307-868F-FBD9A374AB54}"= "c:\program files\ooVoo_Video_Chat\tbooV1.dll" [2011-01-10 3911776]

[HKEY_CLASSES_ROOT\clsid\{e5a1e26f-0d1d-4307-868f-fbd9a374ab54}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\XP\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-07-11 136176]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-06 8429568]
"nwiz"="nwiz.exe" [2007-06-06 1626112]
"NVHotkey"="nvHotkey.dll" [2007-06-06 67584]
"NvMediaCenter"="NvMCTray.dll" [2007-06-06 81920]
"SigmatelSysTrayApp"="stsystra.exe" [2007-06-06 405504]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-06-03 851968]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2010-06-24 2202704]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-08 421888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-09-16 20:04 1164584 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-09-24 01:10 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2009-07-26 16:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ooVoo.exe]
2010-10-31 13:39 19071672 ----a-w- c:\program files\ooVoo\ooVoo.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoboForm]
2010-11-24 08:00 160328 ----a-w- c:\program files\Siber Systems\AI RoboForm\robotaskbaricon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VeohPlugin]
2010-04-28 18:15 2633976 ----a-w- c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=
"c:\\Documents and Settings\\XP\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Documents and Settings\\XP\\Desktop\\Copy of Skype.exe"=
"c:\\Documents and Settings\\XP\\My Documents\\Downloads\\Spotify Installer.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"443:TCP"= 443:TCP:ooVoo TCP port 443
"443:UDP"= 443:UDP:ooVoo UDP port 443
"37674:TCP"= 37674:TCP:ooVoo TCP port 37674
"37674:UDP"= 37674:UDP:ooVoo UDP port 37674
"37675:UDP"= 37675:UDP:ooVoo UDP port 37675

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [4/28/2010 7:17 AM 114984]
R2 ekrn;ESET Service;c:\program files\Eset\ESET Smart Security\ekrn.exe [6/24/2010 8:27 AM 810144]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
.
Contents of the 'Scheduled Tasks' folder

2011-01-19 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 10:50]

2011-02-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-602162358-1958367476-725345543-1003Core.job
- c:\documents and settings\XP\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-07-11 10:34]

2011-02-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-602162358-1958367476-725345543-1003UA.job
- c:\documents and settings\XP\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-07-11 10:34]

2011-02-22 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 14:07]

2011-02-22 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-04-23 21:18]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT1572363
uInternet Settings,ProxyServer = http=;ftp=;https=;
IE: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} - hxxp://assets.photobox.com/assets/aurigma/ImageUploader5.cab?20090309080349
FF - ProfilePath - c:\documents and settings\XP\Application Data\Mozilla\Firefox\Profiles\te0ovum3.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1572363&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT1572363&SearchSource=13
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2567697&q=
FF - Ext: The Browser Highlighter: [email protected] - c:\program files\Mozilla Firefox\extensions\[email protected]
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype extension for Firefox: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: The Browser Highlighter: [email protected] - %profile%\extensions\[email protected]
FF - Ext: Veoh Video Compass: [email protected] - %profile%\extensions\[email protected]
FF - Ext: Real Hide IP: [email protected] - %profile%\extensions\[email protected]
FF - Ext: vShare Plugin: [email protected] - %profile%\extensions\[email protected]
FF - Ext: RoboForm Online Toolbar: [email protected] - %profile%\extensions\[email protected]
FF - Ext: Plusmedia uk Toolbar: {193d7001-bd9f-48c2-b5c7-69775aa2201d} - %profile%\extensions\{193d7001-bd9f-48c2-b5c7-69775aa2201d}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Tamper Data: {9c51bd27-6ed8-4000-a2bf-36cb95c0c947} - %profile%\extensions\{9c51bd27-6ed8-4000-a2bf-36cb95c0c947}
FF - Ext: <?xmlversion=1.0?><RDF xmlns=http://www.w3.org/1999/02/22-rdf-syntax-ns# xmlns:em=http://www.mozilla.org/2004/em-rdf#><Description about=urn:mozilla:install-manifest><em:id>{ba2430e0-5b72-4cac-bc9e-7d1aaca75d3d}: {ba2430e0-5b72-4cac-bc9e-7d1aaca75d3d} - %profile%\extensions\{ba2430e0-5b72-4cac-bc9e-7d1aaca75d3d}
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Ext: ooVoo Video Chat Toolbar: {e5a1e26f-0d1d-4307-868f-fbd9a374ab54} - %profile%\extensions\{e5a1e26f-0d1d-4307-868f-fbd9a374ab54}
FF - Ext: Text-to-Image: {f701c26a-479a-4724-b4f1-870db12f063c} - %profile%\extensions\{f701c26a-479a-4724-b4f1-870db12f063c}
FF - Ext: NoDoFollow: {c2b1f3ae-5cd5-49b7-8a0c-2c3bcbbbb294} - %profile%\extensions\{c2b1f3ae-5cd5-49b7-8a0c-2c3bcbbbb294}
FF - Ext: Fill Form: {63bd1709-0af6-4457-99ca-f2ce411047de} - %profile%\extensions\{63bd1709-0af6-4457-99ca-f2ce411047de}
FF - Ext: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - %profile%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
FF - Ext: Torbutton: {e0204bd5-9d31-402b-a99d-a6aa8ffebdca} - %profile%\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}
FF - Ext: SearchStatus: {d57c9ff1-6389-48fc-b770-f78bd89b6e8a} - %profile%\extensions\{d57c9ff1-6389-48fc-b770-f78bd89b6e8a}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: [email protected] - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: AI Roboform Toolbar for Firefox: {22119944-ED35-4ab1-910B-E619EA06A115} - c:\program files\Siber Systems\AI RoboForm\Firefox
FF - Ext: Veoh Web Player Video Finder: [email protected] - c:\program files\Veoh Networks\VeohWebPlayer\FFVideoFinder
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
- - - - ORPHANS REMOVED - - - -

BHO-{1392b8d2-5c05-419f-a8f6-b9f15a596612} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-22 03:49
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-602162358-1958367476-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{FF7E6262-284F-2879-36FB-A8AEFB6C20B3}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
Completion time: 2011-02-22 04:07:34
ComboFix-quarantined-files.txt 2011-02-22 04:07

Pre-Run: 4,458,029,056 bytes free
Post-Run: 5,569,593,344 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 164D18450D4BE6D5131AD962CB582A6F
  • 0

#3
Krsaigon

Krsaigon

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts
Well bump!!!
  • 0

#4
Krsaigon

Krsaigon

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts
nothing ???????????
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP