Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

How Windows Recovery Messed up my PC

Started by Krsaigon , Mar 24 2011 06:35 PM

  • This topic is locked This topic is locked

#1
Krsaigon
Posted 24 March 2011 - 06:35 PM

Krsaigon

    Member

  • Member
  • PipPip
  • 44 posts
I contracted the deadly Windows Recovery virus, and it was successfully reigning supreme over my desktop. I'm going to provide the OTL and MBAM Malware logs below. I managed to tarck every single source of this crippling tyrannical software using trojan killer but was unable to remove due to payment stipulations. So if you could kindly help me out I'd very much appreciate it.


OTL logfile created on: 3/25/2011 12:22:08 AM - Run 4
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Russel.YOUR-C94F920E24\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 68.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 89.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 180.30 Gb Total Space | 0.78 Gb Free Space | 0.43% Space Free | Partition Type: NTFS
Drive D: | 5.99 Gb Total Space | 0.54 Gb Free Space | 8.94% Space Free | Partition Type: FAT32
Drive J: | 1.90 Gb Total Space | 1.19 Gb Free Space | 62.76% Space Free | Partition Type: FAT

Computer Name: YOUR-C94F920E24 | User Name: Russel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/03/25 00:21:39 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Russel.YOUR-C94F920E24\My Documents\Downloads\OTL.exe
PRC - [2011/03/08 20:08:50 | 000,912,344 | -H-- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/02/16 15:49:08 | 000,088,176 | -H-- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2010/06/24 10:09:14 | 000,065,856 | -H-- | M] (Nalpeiron Ltd.) -- C:\WINDOWS\system32\NLSSRV32.EXE
PRC - [2010/06/24 10:08:58 | 000,196,928 | -H-- | M] (Nitro PDF Software) -- C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe
PRC - [2010/02/18 10:43:20 | 000,490,728 | -H-- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2009/11/17 09:17:38 | 000,486,216 | -H-- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
PRC - [2009/11/17 09:15:36 | 001,021,256 | -H-- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
PRC - [2009/05/14 14:47:54 | 000,731,840 | -H-- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2009/05/14 14:47:08 | 002,029,640 | -H-- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
PRC - [2008/11/09 20:48:14 | 000,602,392 | -H-- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/06/08 07:31:04 | 002,221,352 | -H-- | M] (Nero AG) -- C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
PRC - [2008/04/14 00:12:19 | 001,033,728 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/06/21 04:51:05 | 000,180,269 | -H-- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2006/02/25 01:47:02 | 000,114,784 | -H-- | M] () -- C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
PRC - [2006/02/25 01:47:00 | 000,266,338 | -H-- | M] () -- C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
PRC - [2006/02/25 01:46:20 | 001,073,152 | -H-- | M] (Cyberlink) -- C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe


========== Modules (SafeList) ==========

MOD - [2011/03/25 00:21:39 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Russel.YOUR-C94F920E24\My Documents\Downloads\OTL.exe
MOD - [2011/03/09 16:54:14 | 000,018,176 | -H-- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\sahook.dll
MOD - [2010/08/23 16:12:02 | 001,054,208 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/03/17 01:22:36 | 003,229,784 | -H-- | M] () [Auto | Running] -- c:\Program Files\Common Files\Akamai\netsession_win_d76cf65.dll -- (Akamai)
SRV - [2011/02/16 15:49:08 | 000,088,176 | -H-- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2010/06/24 10:09:14 | 000,065,856 | -H-- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\WINDOWS\system32\NLSSRV32.EXE -- (nlsX86cc)
SRV - [2010/06/24 10:08:58 | 000,196,928 | -H-- | M] (Nitro PDF Software) [Auto | Running] -- C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe -- (NitroDriverReadSpool)
SRV - [2010/01/15 12:49:20 | 000,227,232 | -H-- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/12/14 09:45:32 | 000,435,016 | -H-- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2009/11/17 09:15:36 | 001,021,256 | -H-- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2009/11/17 09:12:10 | 000,030,024 | -H-- | M] (TuneUp Software) [Auto | Running] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp)
SRV - [2009/10/21 12:19:26 | 000,655,624 | -H-- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/05/14 14:54:22 | 000,020,680 | -H-- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV - [2009/05/14 14:47:54 | 000,731,840 | -H-- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2008/11/09 20:48:14 | 000,602,392 | -H-- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2006/02/25 01:47:02 | 000,114,784 | -H-- | M] () [Auto | Running] -- C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe -- (CLSched) CyberLink Task Scheduler (CTS)
SRV - [2006/02/25 01:47:00 | 000,266,338 | -H-- | M] () [Auto | Running] -- C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe -- (CLCapSvc) CyberLink Background Capture Service (CBCS)
SRV - [2006/02/25 01:46:20 | 001,073,152 | -H-- | M] (Cyberlink) [Auto | Running] -- C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe -- (CyberLink Media Library Service)


========== Driver Services (SafeList) ==========

DRV - [2009/10/14 07:24:44 | 000,010,064 | -H-- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2009/05/14 14:49:32 | 000,094,360 | -H-- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir)
DRV - [2009/05/14 14:47:14 | 000,107,256 | -H-- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2009/05/14 14:41:10 | 000,114,472 | -H-- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2007/05/09 20:51:34 | 000,041,888 | -H-- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2007/05/09 20:47:00 | 001,276,832 | -H-- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LV302V32.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
DRV - [2006/03/08 20:27:12 | 004,246,016 | -H-- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/02/08 04:55:34 | 001,480,704 | -H-- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006/01/19 01:41:58 | 000,080,512 | -H-- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2005/12/13 00:27:00 | 000,019,072 | -H-- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)
DRV - [2005/06/30 00:03:18 | 000,175,104 | -H-- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ftsata2.sys -- (ftsata2)
DRV - [2004/08/03 21:31:34 | 000,020,992 | -H-- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2003/11/05 14:45:12 | 000,017,408 | -H-- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\bb-run.sys -- (bb-run)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...LION&pf=desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.hotspotshield.com/g/?c=h
IE - HKCU\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local;*.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Secure Search"
FF - prefs.js..browser.search.defaulturl: "http://slirsredirect...onType=&query="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {c2f863cd-0429-48c7-bb54-db756a951760}:5.21.1.1
FF - prefs.js..extensions.enabledItems: {E9A1DEE0-C623-4439-8932-001E7D17607D}:2.1.0.2
FF - prefs.js..extensions.enabledItems: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}:4.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.9.9
FF - prefs.js..extensions.enabledItems: {f701c26a-479a-4724-b4f1-870db12f063c}:1.4.2
FF - prefs.js..extensions.enabledItems: [email protected]:2
FF - prefs.js..extensions.enabledItems: 4
FF - prefs.js..extensions.enabledItems: 9
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.2.20100119091315
FF - prefs.js..extensions.enabledItems: {ba2430e0-5b72-4cac-bc9e-7d1aaca75d3d}:1.6.0
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3.1
FF - prefs.js..extensions.enabledItems: {e0204bd5-9d31-402b-a99d-a6aa8ffebdca}:1.2.5
FF - prefs.js..keyword.URL: "http://uk.search.yah...h?fr=mcafee&p="


FF - HKLM\software\mozilla\Firefox\extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2011/03/20 21:23:49 | 000,000,000 | -H-D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/24 13:29:06 | 000,000,000 | -H-D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/24 13:29:06 | 000,000,000 | -H-D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2009/09/10 15:04:54 | 000,000,000 | -H-D | M]

[2011/03/15 19:12:45 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\Russel.YOUR-C94F920E24\Application Data\Mozilla\Extensions
[2011/03/15 19:12:45 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\Russel.YOUR-C94F920E24\Application Data\Mozilla\Extensions\[email protected]
[2011/03/24 12:09:36 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\Russel.YOUR-C94F920E24\Application Data\Mozilla\Firefox\Profiles\ad31uh3q.default\extensions
[2010/04/05 12:56:53 | 000,000,000 | -H-D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Russel.YOUR-C94F920E24\Application Data\Mozilla\Firefox\Profiles\ad31uh3q.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/03/15 01:51:19 | 000,000,000 | -H-D | M] (NoScript) -- C:\Documents and Settings\Russel.YOUR-C94F920E24\Application Data\Mozilla\Firefox\Profiles\ad31uh3q.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010/08/05 16:47:55 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\Russel.YOUR-C94F920E24\Application Data\Mozilla\Firefox\Profiles\ad31uh3q.default\extensions\{ba2430e0-5b72-4cac-bc9e-7d1aaca75d3d}
[2011/01/16 01:37:55 | 000,000,000 | -H-D | M] (Easy Youtube Video Downloader) -- C:\Documents and Settings\Russel.YOUR-C94F920E24\Application Data\Mozilla\Firefox\Profiles\ad31uh3q.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}
[2010/11/11 22:08:26 | 000,000,000 | -H-D | M] ("AIM Toolbar") -- C:\Documents and Settings\Russel.YOUR-C94F920E24\Application Data\Mozilla\Firefox\Profiles\ad31uh3q.default\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}
[2010/12/24 06:08:54 | 000,000,000 | -H-D | M] (Torbutton) -- C:\Documents and Settings\Russel.YOUR-C94F920E24\Application Data\Mozilla\Firefox\Profiles\ad31uh3q.default\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}
[2009/09/13 13:08:42 | 000,000,000 | -H-D | M] ("Ask Toolbar for Firefox") -- C:\Documents and Settings\Russel.YOUR-C94F920E24\Application Data\Mozilla\Firefox\Profiles\ad31uh3q.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2010/04/05 12:56:54 | 000,000,000 | -H-D | M] (Text-to-Image) -- C:\Documents and Settings\Russel.YOUR-C94F920E24\Application Data\Mozilla\Firefox\Profiles\ad31uh3q.default\extensions\{f701c26a-479a-4724-b4f1-870db12f063c}
[2009/12/20 22:03:40 | 000,000,000 | -H-D | M] (TVU Web Player) -- C:\Documents and Settings\Russel.YOUR-C94F920E24\Application Data\Mozilla\Firefox\Profiles\ad31uh3q.default\extensions\[email protected]
[2010/11/11 22:08:31 | 000,000,310 | -H-- | M] () -- C:\Documents and Settings\Russel.YOUR-C94F920E24\Application Data\Mozilla\Firefox\Profiles\ad31uh3q.default\searchplugins\aim-search.xml
[2011/03/24 12:09:36 | 000,000,000 | -H-D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/03/07 23:07:17 | 000,000,000 | -H-D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/06/10 21:32:23 | 000,000,000 | -H-D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/06/10 21:32:11 | 000,000,000 | -H-D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/03/20 21:23:49 | 000,000,000 | -H-D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES\MCAFEE\SITEADVISOR
[2008/02/27 16:57:38 | 000,106,496 | -H-- | M] (British Broadcasting Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npBBCPlugin.dll
[2010/06/10 21:32:07 | 000,411,368 | -H-- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2007/10/15 22:47:04 | 000,066,208 | -H-- | M] (Joost Technologies B.V. ) -- C:\Program Files\Mozilla Firefox\plugins\npJoostPlugin.dll
[2006/09/07 18:56:28 | 000,102,400 | -H-- | M] ( ) -- C:\Program Files\Mozilla Firefox\plugins\npvideoegg-loader.dll
[2007/03/09 23:16:44 | 000,189,496 | -H-- | M] (Yahoo! Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll
[2010/12/24 02:27:06 | 000,002,027 | -H-- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\McSiteAdvisor.xml

O1 HOSTS File: ([2011/03/15 19:22:43 | 000,000,136 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: റ
O1 - Hosts: 127.0.0.1 link-assistant.com
O1 - Hosts: 127.0.0.1 www.link-assistant.com
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (Flashget Catch Url Class) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll (www.flashget.com)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)
O2 - BHO: (AIM Toolbar Loader) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (AIM Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (AIM Toolbar) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [Aim6] C:\Program Files\AIM6\aim6.exe (AOL LLC)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hp psc 1000 series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe (Hewlett-Packard)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
F3 - HKCU WinNT: Load - (C:\DOCUME~1\RUSSEL~1.YOU\LOCALS~1\Temp\dwm.exe) - File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &AIM Toolbar Search - C:\Documents and Settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html ()
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm ()
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm ()
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll (Google Inc.)
O9 - Extra Button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1252595208033 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Russel.YOUR-C94F920E24\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Russel.YOUR-C94F920E24\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/12/05 23:32:08 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/27 15:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/03/25 00:16:55 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Russel.YOUR-C94F920E24\Recent
[2011/03/24 12:10:21 | 000,000,000 | -H-D | C] -- C:\Program Files\GridinSoft Trojan Killer
[2011/03/24 11:29:20 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Russel.YOUR-C94F920E24\Start Menu\Programs\Windows Recovery
[2011/03/24 11:21:25 | 000,004,224 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\beep.sys
[2011/03/24 11:20:06 | 000,546,816 | -H-- | C] (FPAV) -- C:\Documents and Settings\All Users\Application Data\sCRrtWXnjAgI.exe
[2011/03/15 19:12:45 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Russel.YOUR-C94F920E24\Local Settings\Application Data\MozSwing
[2011/03/15 19:09:05 | 000,000,000 | -H-D | C] -- C:\Program Files\SEO PowerSuite
[2011/03/14 16:54:30 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Russel.YOUR-C94F920E24\My Documents\bonuses
[2011/03/07 23:06:08 | 000,000,000 | -H-D | C] -- C:\Program Files\Common Files\Skype
[2011/02/26 20:30:30 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Russel.YOUR-C94F920E24\Local Settings\Application Data\Spotify
[2011/02/26 20:30:30 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Russel.YOUR-C94F920E24\Application Data\Spotify
[2011/02/26 20:30:23 | 000,000,000 | -H-D | C] -- C:\Program Files\Spotify
[2011/02/26 18:16:28 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Russel.YOUR-C94F920E24\Desktop\jan11backlinks

========== Files - Modified Within 30 Days ==========

[2011/03/25 00:22:00 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{9F6FD136-0ABE-43A8-970A-D40E2C30CE97}.job
[2011/03/25 00:21:00 | 000,001,014 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1951882237-1008395978-543828888-1009UA.job
[2011/03/25 00:17:04 | 000,000,248 | -H-- | M] () -- C:\WINDOWS\System\hpsysdrv.dat
[2011/03/25 00:16:56 | 000,000,882 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/03/25 00:13:20 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/03/25 00:13:18 | 2079,772,672 | -HS- | M] () -- C:\hiberfil.sys
[2011/03/24 23:45:04 | 000,000,886 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/03/24 13:21:00 | 000,000,962 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1951882237-1008395978-543828888-1009Core.job
[2011/03/24 11:48:50 | 000,000,441 | -H-- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics
[2011/03/24 11:29:21 | 000,000,096 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~19259188
[2011/03/24 11:29:20 | 000,000,824 | -H-- | M] () -- C:\Documents and Settings\Russel.YOUR-C94F920E24\Desktop\Windows Recovery.lnk
[2011/03/24 11:29:20 | 000,000,128 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~19259188r
[2011/03/24 11:29:16 | 000,000,336 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\19259188
[2011/03/24 11:29:14 | 000,467,968 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\19259188.exe
[2011/03/24 11:20:06 | 000,546,816 | -H-- | M] (FPAV) -- C:\Documents and Settings\All Users\Application Data\sCRrtWXnjAgI.exe
[2011/03/22 10:08:26 | 000,000,069 | -H-- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/03/20 13:23:09 | 000,000,522 | -H-- | M] () -- C:\hpfr3420.xml
[2011/03/18 13:58:00 | 000,000,284 | -H-- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/03/17 21:22:55 | 000,002,422 | -H-- | M] () -- C:\Documents and Settings\Russel.YOUR-C94F920E24\Desktop\Google Chrome.lnk
[2011/03/17 21:22:55 | 000,002,400 | -H-- | M] () -- C:\Documents and Settings\Russel.YOUR-C94F920E24\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/03/16 15:21:31 | 000,006,123 | -H-- | M] () -- C:\Documents and Settings\Russel.YOUR-C94F920E24\My Documents\get indexed.php
[2011/03/16 07:17:44 | 000,000,354 | RHS- | M] () -- C:\boot.ini
[2011/03/15 19:36:17 | 000,500,227 | -H-- | M] () -- C:\Documents and Settings\Russel.YOUR-C94F920E24\.spyglass.properties
[2011/03/15 19:36:07 | 002,743,571 | -H-- | M] () -- C:\Documents and Settings\Russel.YOUR-C94F920E24\.websiteauditor.properties
[2011/03/15 19:29:04 | 000,454,023 | -H-- | M] () -- C:\Documents and Settings\Russel.YOUR-C94F920E24\.linkassistant.properties
[2011/03/15 19:22:43 | 000,000,136 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/03/15 19:11:46 | 000,001,942 | -H-- | M] () -- C:\Documents and Settings\Russel.YOUR-C94F920E24\Desktop\LinkAssistant.lnk
[2011/03/15 19:11:35 | 000,001,971 | -H-- | M] () -- C:\Documents and Settings\Russel.YOUR-C94F920E24\Desktop\WebSite Auditor.lnk
[2011/03/15 19:11:25 | 000,001,917 | -H-- | M] () -- C:\Documents and Settings\Russel.YOUR-C94F920E24\Desktop\Rank Tracker.lnk
[2011/03/15 19:11:14 | 000,001,917 | -H-- | M] () -- C:\Documents and Settings\Russel.YOUR-C94F920E24\Desktop\SEO SpyGlass.lnk
[2011/03/14 15:10:13 | 000,050,154 | -H-- | M] () -- C:\Documents and Settings\Russel.YOUR-C94F920E24\My Documents\get-attachment.aspx
[2011/03/14 14:55:33 | 000,009,348 | -H-- | M] () -- C:\Documents and Settings\Russel.YOUR-C94F920E24\My Documents\iflip.jpg
[2011/03/13 18:46:40 | 000,000,664 | -H-- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/03/11 00:27:01 | 000,000,284 | -H-- | M] () -- C:\WINDOWS\tasks\wavepadShakeIcon.job
[2011/03/10 16:06:09 | 000,417,750 | -H-- | M] () -- C:\Documents and Settings\Russel.YOUR-C94F920E24\My Documents\100035.pdf
[2011/03/09 15:06:29 | 000,002,265 | -H-- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011/03/09 11:56:32 | 000,001,355 | -H-- | M] () -- C:\WINDOWS\imsins.BAK
[2011/03/08 00:55:33 | 000,043,517 | -H-- | M] () -- C:\Documents and Settings\Russel.YOUR-C94F920E24\My Documents\Big Bird on stoop.gif
[2011/03/08 00:54:13 | 000,093,064 | -H-- | M] () -- C:\Documents and Settings\Russel.YOUR-C94F920E24\My Documents\big bird t2.jpg
[2011/03/07 01:41:06 | 000,279,882 | -H-- | M] () -- C:\Documents and Settings\Russel.YOUR-C94F920E24\Desktop\commision overload.png
[2011/02/26 23:23:04 | 000,000,308 | -H-- | M] () -- C:\WINDOWS\tasks\HPCeeSchedule.job
[2011/02/26 20:30:29 | 000,000,677 | -H-- | M] () -- C:\Documents and Settings\Russel.YOUR-C94F920E24\Desktop\Spotify.lnk
[2011/02/25 19:15:08 | 000,274,931 | -H-- | M] () -- C:\Documents and Settings\Russel.YOUR-C94F920E24\My Documents\makeover (2).jpg
[2011/02/23 08:36:10 | 000,102,728 | -H-- | M] () -- C:\Documents and Settings\Russel.YOUR-C94F920E24\Desktop\ENGLISH_OBDII_DTC2.rar

========== Files Created - No Company Name ==========

[2011/03/24 11:29:20 | 000,000,824 | -H-- | C] () -- C:\Documents and Settings\Russel.YOUR-C94F920E24\Desktop\Windows Recovery.lnk
[2011/03/24 11:29:20 | 000,000,128 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~19259188r
[2011/03/24 11:29:20 | 000,000,096 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~19259188
[2011/03/24 11:29:16 | 000,000,336 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\19259188
[2011/03/24 11:29:14 | 000,467,968 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\19259188.exe
[2011/03/16 15:19:40 | 000,006,123 | -H-- | C] () -- C:\Documents and Settings\Russel.YOUR-C94F920E24\My Documents\get indexed.php
[2011/03/15 19:36:17 | 000,500,227 | -H-- | C] () -- C:\Documents and Settings\Russel.YOUR-C94F920E24\.spyglass.properties
[2011/03/15 19:35:42 | 002,743,571 | -H-- | C] () -- C:\Documents and Settings\Russel.YOUR-C94F920E24\.websiteauditor.properties
[2011/03/15 19:15:31 | 000,454,023 | -H-- | C] () -- C:\Documents and Settings\Russel.YOUR-C94F920E24\.linkassistant.properties
[2011/03/15 19:10:24 | 000,001,942 | -H-- | C] () -- C:\Documents and Settings\Russel.YOUR-C94F920E24\Desktop\LinkAssistant.lnk
[2011/03/15 19:10:08 | 000,001,971 | -H-- | C] () -- C:\Documents and Settings\Russel.YOUR-C94F920E24\Desktop\WebSite Auditor.lnk
[2011/03/15 19:09:52 | 000,001,917 | -H-- | C] () -- C:\Documents and Settings\Russel.YOUR-C94F920E24\Desktop\Rank Tracker.lnk
[2011/03/15 19:09:27 | 000,001,917 | -H-- | C] () -- C:\Documents and Settings\Russel.YOUR-C94F920E24\Desktop\SEO SpyGlass.lnk
[2011/03/14 15:10:14 | 000,050,154 | -H-- | C] () -- C:\Documents and Settings\Russel.YOUR-C94F920E24\My Documents\get-attachment.aspx
[2011/03/14 14:56:02 | 000,009,348 | -H-- | C] () -- C:\Documents and Settings\Russel.YOUR-C94F920E24\My Documents\iflip.jpg
[2011/03/11 00:26:42 | 000,000,284 | -H-- | C] () -- C:\WINDOWS\tasks\wavepadShakeIcon.job
[2011/03/10 16:06:09 | 000,417,750 | -H-- | C] () -- C:\Documents and Settings\Russel.YOUR-C94F920E24\My Documents\100035.pdf
[2011/03/08 00:54:28 | 000,093,064 | -H-- | C] () -- C:\Documents and Settings\Russel.YOUR-C94F920E24\My Documents\big bird t2.jpg
[2011/03/08 00:53:32 | 000,043,517 | -H-- | C] () -- C:\Documents and Settings\Russel.YOUR-C94F920E24\My Documents\Big Bird on stoop.gif
[2011/03/07 01:41:20 | 000,279,882 | -H-- | C] () -- C:\Documents and Settings\Russel.YOUR-C94F920E24\Desktop\commision overload.png
[2011/02/26 20:30:29 | 000,000,683 | -H-- | C] () -- C:\Documents and Settings\Russel.YOUR-C94F920E24\Start Menu\Programs\Spotify.lnk
[2011/02/26 20:30:29 | 000,000,677 | -H-- | C] () -- C:\Documents and Settings\Russel.YOUR-C94F920E24\Desktop\Spotify.lnk
[2011/02/25 19:24:26 | 000,274,931 | -H-- | C] () -- C:\Documents and Settings\Russel.YOUR-C94F920E24\My Documents\makeover (2).jpg
[2011/02/25 18:59:06 | 001,063,157 | -H-- | C] () -- C:\Documents and Settings\Russel.YOUR-C94F920E24\My Documents\100_0295.jpg
[2011/02/25 18:56:12 | 001,028,288 | -H-- | C] () -- C:\Documents and Settings\Russel.YOUR-C94F920E24\My Documents\100_0280.jpg
[2011/02/23 08:38:42 | 000,102,728 | -H-- | C] () -- C:\Documents and Settings\Russel.YOUR-C94F920E24\Desktop\ENGLISH_OBDII_DTC2.rar
[2010/12/13 05:28:14 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/11/11 14:58:24 | 000,256,512 | -H-- | C] () -- C:\WINDOWS\PEV.exe
[2010/11/11 14:58:24 | 000,098,816 | -H-- | C] () -- C:\WINDOWS\sed.exe
[2010/11/11 14:58:24 | 000,089,088 | -H-- | C] () -- C:\WINDOWS\MBR.exe
[2010/11/11 14:58:24 | 000,080,412 | -H-- | C] () -- C:\WINDOWS\grep.exe
[2010/11/11 14:58:24 | 000,068,096 | -H-- | C] () -- C:\WINDOWS\zip.exe
[2010/11/09 18:39:41 | 000,000,043 | -H-- | C] () -- C:\WINDOWS\gswin32.ini
[2010/07/27 12:58:15 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\Russel.YOUR-C94F920E24\Application Data\wklnhst.dat
[2010/07/16 15:07:28 | 000,000,082 | -H-- | C] () -- C:\WINDOWS\wininit.ini
[2010/06/16 02:09:06 | 000,000,120 | -H-- | C] () -- C:\WINDOWS\Uvobogologiw.dat
[2010/06/16 02:09:06 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\Dyigozew.bin
[2010/06/10 02:10:47 | 000,000,185 | -H-- | C] () -- C:\WINDOWS\System32\MRT.INI
[2010/05/06 10:13:07 | 000,000,664 | -H-- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/01/20 11:25:42 | 000,020,427 | -H-- | C] () -- C:\WINDOWS\hpoins01.dat.temp
[2010/01/20 11:25:42 | 000,016,622 | -H-- | C] () -- C:\WINDOWS\hpomdl01.dat.temp
[2010/01/20 10:56:11 | 000,019,575 | -H-- | C] () -- C:\WINDOWS\hpoins01.dat
[2010/01/20 10:56:11 | 000,016,606 | -H-- | C] () -- C:\WINDOWS\hpomdl01.dat
[2009/09/16 16:27:58 | 000,508,224 | -H-- | C] () -- C:\WINDOWS\System32\ICCProfiles.dll
[2009/09/16 13:34:34 | 000,063,572 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/09/14 14:16:19 | 000,000,145 | -H-- | C] () -- C:\Documents and Settings\Russel.YOUR-C94F920E24\Local Settings\Application Data\fusioncache.dat
[2009/09/12 22:02:33 | 000,054,272 | -H-- | C] () -- C:\Documents and Settings\Russel.YOUR-C94F920E24\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/12/13 18:14:05 | 000,004,757 | -H-- | C] () -- C:\WINDOWS\Irremote.ini
[2008/11/25 21:01:28 | 000,000,001 | -H-- | C] () -- C:\WINDOWS\be49f4daa.dat
[2008/07/06 09:45:39 | 000,000,021 | -H-- | C] () -- C:\WINDOWS\atid.ini
[2008/03/10 12:48:53 | 000,691,545 | -H-- | C] () -- C:\WINDOWS\unins000.exe
[2008/03/10 12:48:53 | 000,002,551 | -H-- | C] () -- C:\WINDOWS\unins000.dat
[2008/02/03 14:50:03 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\pcfriend.INI
[2007/08/16 22:32:25 | 000,118,784 | -H-- | C] () -- C:\WINDOWS\ShowBmp.exe
[2007/08/16 22:32:25 | 000,001,325 | -H-- | C] () -- C:\WINDOWS\Remove.ini
[2007/05/09 19:35:54 | 000,057,126 | -H-- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2007/05/05 21:47:39 | 000,000,151 | -H-- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2007/04/27 16:50:15 | 000,000,391 | -H-- | C] () -- C:\WINDOWS\COVERE~1.INI
[2007/02/28 20:46:02 | 000,000,069 | -H-- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/02/14 07:35:44 | 000,000,227 | -H-- | C] () -- C:\WINDOWS\HP_CounterReport_Update_HPSU.ini
[2006/12/29 21:11:40 | 000,000,722 | -H-- | C] () -- C:\WINDOWS\cdplayer.ini
[2006/12/23 06:20:40 | 000,002,956 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/12/22 17:00:47 | 000,001,302 | -H-- | C] () -- C:\WINDOWS\mozver.dat
[2006/12/22 16:55:15 | 000,000,335 | -H-- | C] () -- C:\WINDOWS\nsreg.dat
[2006/12/12 20:09:58 | 000,000,046 | -H-- | C] () -- C:\WINDOWS\adiras.ini
[2006/06/21 11:08:58 | 000,561,152 | RH-- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[2006/06/21 05:25:18 | 000,000,061 | -H-- | C] () -- C:\WINDOWS\smscfg.ini
[2006/06/21 05:04:31 | 000,028,848 | -H-- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
[2006/06/21 05:00:06 | 000,013,562 | -H-- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2006/06/21 04:59:59 | 000,045,056 | -H-- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2006/06/21 04:54:48 | 000,198,144 | -H-- | C] () -- C:\WINDOWS\System32\_psisdecd.dll
[2006/06/21 04:46:29 | 000,090,686 | -H-- | C] () -- C:\WINDOWS\hpiins01.dat
[2006/06/21 04:37:23 | 000,095,822 | -H-- | C] () -- C:\WINDOWS\hpqins69.dat
[2006/06/21 04:36:23 | 000,001,793 | -H-- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2006/06/21 04:33:54 | 000,121,994 | -H-- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2006/06/21 04:19:27 | 000,000,780 | -H-- | C] () -- C:\WINDOWS\orun32.ini
[2006/06/21 04:16:12 | 000,323,584 | -H-- | C] () -- C:\WINDOWS\System32\pythoncom22.dll
[2006/06/21 04:16:12 | 000,094,208 | -H-- | C] () -- C:\WINDOWS\System32\pywintypes22.dll
[2006/06/21 04:15:49 | 000,016,896 | -H-- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2005/12/05 23:49:08 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/12/05 23:36:34 | 000,384,904 | -H-- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2005/12/05 23:36:34 | 000,054,396 | -H-- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2005/12/05 23:34:46 | 003,594,632 | -H-- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/12/05 23:31:48 | 000,004,161 | -H-- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/12/05 23:30:02 | 000,021,640 | -H-- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/04 11:00:00 | 000,673,088 | -H-- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 11:00:00 | 000,272,128 | -H-- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 11:00:00 | 000,218,003 | -H-- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 11:00:00 | 000,046,258 | -H-- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 11:00:00 | 000,028,626 | -H-- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 11:00:00 | 000,004,569 | -H-- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 11:00:00 | 000,001,804 | -H-- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 11:00:00 | 000,000,741 | -H-- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/06/24 19:10:06 | 000,000,567 | -H-- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2001/08/23 22:12:28 | 013,107,200 | -H-- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 22:11:02 | 000,004,490 | -H-- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/07/06 21:30:00 | 000,003,399 | -H-- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

MBAM scan after a total of 10 hours.



Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 5097

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

3/25/2011 12:09:34 AM
mbam-log-2011-03-25 (00-09-34).txt

Scan type: Quick scan
Objects scanned: 232126
Time elapsed: 10 hour(s), 31 minute(s), 35 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Russel\Application Data\acccore\kernell32.dll (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Russel\Application Data\Move Networks\MoveMediaPlayer_07103010.exe (Backdoor.Bot) -> No action taken.
  • 0

Advertisements

#2
Krsaigon
Posted 25 March 2011 - 07:41 AM

Krsaigon

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts
Wow no response. I wonder whose lolly I have lick to get some action here.
  • 0

#3
Krsaigon
Posted 25 March 2011 - 04:33 PM

Krsaigon

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts
Scan from Kaspersky. I still have this Windows Recovery Icon on my computer and nearly all my files are hidden.


Autoscan: completed 6 hours ago (events: 4, objects: 5819, time: 00:43:50)
3/25/2011 3:11:14 PM Will be deleted on system restart: Trojan-PSW.Win32.Papras.bdy C:\Documents and Settings\All Users\Application Data\19259188.exe
3/25/2011 3:11:14 PM Cannot be deleted: Trojan-PSW.Win32.Papras.bdy C:\Documents and Settings\All Users\Application Data\19259188.exe Object is locked
3/25/2011 3:10:59 PM Detected: Trojan-PSW.Win32.Papras.bdy C:\Documents and Settings\All Users\Application Data\19259188.exe
3/25/2011 2:36:07 PM Task started
  • 0

#4
Krsaigon
Posted 26 March 2011 - 11:38 AM

Krsaigon

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts
Well I downloaded RogueKiller as well and her is the scan log for that too. If Essexboy or another mod would analyse them I would appreciate it very much.








ler V4.3.4 by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-to...-Remontees.html

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Russel [Admin rights]
Mode: Scan -- Date : 03/26/2011 17:18:26

Bad processes: 0

Registry Entries: 5
[APPDT/TMP/DESKTOP] HKCU\[...]\Windows : Load (C:\DOCUME~1\RUSSEL~1.YOU\LOCALS~1\Temp\dwm.exe) -> FOUND
[APPDT/TMP/DESKTOP] HKUS\S-1-5-21-1951882237-1008395978-543828888-1009[...]\Windows : Load (C:\DOCUME~1\RUSSEL~1.YOU\LOCALS~1\Temp\dwm.exe) -> FOUND
[APPDT/TMP/DESKTOP] setup_9.0.0.722_25.03.2011_16-20.lnk : C:\Documents and Settings\Russel.YOUR-C94F920E24\Desktop\Virus Removal Tool\setup_9.0.0.722_25.03.2011_16-20\startup.exe -> FOUND
[APPDT/TMP/DESKTOP] setup_9.0.0.722_25.03.2011_16-20.lnk : C:\Documents and Settings\Russel.YOUR-C94F920E24\Desktop\Virus Removal Tool\setup_9.0.0.722_25.03.2011_16-20\startup.exe -> FOUND
[APPDT/TMP/DESKTOP] setup_9.0.0.722_25.03.2011_16-20.lnk : C:\Documents and Settings\Russel.YOUR-C94F920E24\Desktop\Virus Removal Tool\setup_9.0.0.722_25.03.2011_16-20\startup.exe -> FOUND

HOSTS File:
ÿ₫1



Finished : << RKreport[1].txt >>
RKreport[1].txt











aswMBR version 0.9.4 Copyright© 2011 AVAST Software
Run date: 2011-03-26 17:36:09
-----------------------------
17:36:09.703 OS Version: Windows 5.1.2600 Service Pack 3
17:36:09.703 Number of processors: 2 586 0x409
17:36:09.703 ComputerName: YOUR-C94F920E24 UserName: Russel
17:36:11.750 Initialize success
17:36:14.468 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-10
17:36:14.468 Disk 0 Vendor: ST3200827AS 3.AHH Size: 190782MB BusType: 3
17:36:16.500 Disk 0 MBR read successfully
17:36:16.500 Disk 0 MBR scan
17:36:18.500 Disk 0 scanning sectors +390716865
17:36:18.515 Disk 0 malicious Win32:MBRoot code @ sector 390716868 !
17:36:18.515 Disk 0 PE file @ sector 390716890 !
17:36:18.531 Disk 0 scanning C:\WINDOWS\system32\drivers
17:36:26.859 Service scanning
17:36:28.109 Disk 0 trace - called modules:
17:36:28.125 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
17:36:28.125 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a609ab8]
17:36:28.125 3 CLASSPNP.SYS[ba0f8fd7] -> nt!IofCallDriver -> \Device\00000065[0x8a66dd38]
17:36:28.125 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-10[0x8a66b030]
17:36:28.140 Scan finished successfully
  • 0

#5
Essexboy
Posted 26 March 2011 - 11:52 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Re-Run aswMBR

Click Scan

On completion of the scan

Click the FIXMBR button

Posted Image




Save the log as before and post in your next reply


Then rerun OTL please with the following custom scan

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
%systemroot%\*. /mp /s
CREATERESTOREPOINT
  • 0

#6
Krsaigon
Posted 26 March 2011 - 05:57 PM

Krsaigon

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts
OTL logfile created on: 3/26/2011 6:34:16 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Russel.YOUR-C94F920E24\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 41.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 74.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 180.30 Gb Total Space | 0.24 Gb Free Space | 0.13% Space Free | Partition Type: NTFS
Drive D: | 5.99 Gb Total Space | 0.53 Gb Free Space | 8.92% Space Free | Partition Type: FAT32

Computer Name: YOUR-C94F920E24 | User Name: Russel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/03/26 18:05:15 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Russel.YOUR-C94F920E24\My Documents\Downloads\OTL (1).exe
PRC - [2011/03/17 07:15:04 | 001,004,088 | -H-- | M] (Google Inc.) -- C:\Documents and Settings\Russel.YOUR-C94F920E24\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2011/03/08 20:08:50 | 000,912,344 | -H-- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/02/16 15:49:08 | 000,088,176 | -H-- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2010/06/24 10:09:14 | 000,065,856 | -H-- | M] (Nalpeiron Ltd.) -- C:\WINDOWS\system32\NLSSRV32.EXE
PRC - [2010/06/24 10:08:58 | 000,196,928 | -H-- | M] (Nitro PDF Software) -- C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe
PRC - [2010/02/18 10:43:20 | 000,490,728 | -H-- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2009/11/17 09:17:38 | 000,486,216 | -H-- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
PRC - [2009/11/17 09:15:36 | 001,021,256 | -H-- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
PRC - [2009/07/09 20:07:14 | 000,049,968 | -H-- | M] (AOL LLC) -- C:\Program Files\AIM6\aim6.exe
PRC - [2009/05/14 14:47:54 | 000,731,840 | -H-- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2009/05/14 14:47:08 | 002,029,640 | -H-- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
PRC - [2008/11/09 20:48:14 | 000,602,392 | -H-- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/11/06 17:33:00 | 000,041,264 | -H-- | M] (AOL LLC) -- C:\Program Files\AIM6\aolsoftware.exe
PRC - [2008/06/08 07:31:04 | 002,221,352 | -H-- | M] (Nero AG) -- C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
PRC - [2008/04/14 00:12:19 | 001,033,728 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/06/21 04:51:05 | 000,180,269 | -H-- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2006/02/25 01:47:02 | 000,114,784 | -H-- | M] () -- C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
PRC - [2006/02/25 01:47:00 | 000,266,338 | -H-- | M] () -- C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
PRC - [2006/02/25 01:46:20 | 001,073,152 | -H-- | M] (Cyberlink) -- C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe


========== Modules (SafeList) ==========

MOD - [2011/03/26 18:05:15 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Russel.YOUR-C94F920E24\My Documents\Downloads\OTL (1).exe
MOD - [2011/03/09 16:54:14 | 000,018,176 | -H-- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\sahook.dll
MOD - [2010/08/23 16:12:02 | 001,054,208 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2009/07/12 00:12:06 | 000,632,656 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll
MOD - [2009/07/11 18:41:02 | 000,097,280 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_473666fd\ATL80.dll
MOD - [2008/04/14 00:11:50 | 000,060,416 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cabinet.dll
MOD - [2006/12/02 02:51:44 | 000,032,768 | -H-- | M] (www.flashget.com) -- C:\Program Files\FlashGet\fgmgr.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/03/17 01:22:36 | 003,229,784 | -H-- | M] () [Auto | Running] -- c:\Program Files\Common Files\Akamai\netsession_win_d76cf65.dll -- (Akamai)
SRV - [2011/02/16 15:49:08 | 000,088,176 | -H-- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2010/06/24 10:09:14 | 000,065,856 | -H-- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\WINDOWS\system32\NLSSRV32.EXE -- (nlsX86cc)
SRV - [2010/06/24 10:08:58 | 000,196,928 | -H-- | M] (Nitro PDF Software) [Auto | Running] -- C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe -- (NitroDriverReadSpool)
SRV - [2010/01/15 12:49:20 | 000,227,232 | -H-- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/12/14 09:45:32 | 000,435,016 | -H-- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2009/11/17 09:15:36 | 001,021,256 | -H-- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2009/11/17 09:12:10 | 000,030,024 | -H-- | M] (TuneUp Software) [Auto | Running] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp)
SRV - [2009/10/21 12:19:26 | 000,655,624 | -H-- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/05/14 14:54:22 | 000,020,680 | -H-- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV - [2009/05/14 14:47:54 | 000,731,840 | -H-- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2008/11/09 20:48:14 | 000,602,392 | -H-- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2006/02/25 01:47:02 | 000,114,784 | -H-- | M] () [Auto | Running] -- C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe -- (CLSched) CyberLink Task Scheduler (CTS)
SRV - [2006/02/25 01:47:00 | 000,266,338 | -H-- | M] () [Auto | Running] -- C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe -- (CLCapSvc) CyberLink Background Capture Service (CBCS)
SRV - [2006/02/25 01:46:20 | 001,073,152 | -H-- | M] (Cyberlink) [Auto | Running] -- C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe -- (CyberLink Media Library Service)


========== Driver Services (SafeList) ==========

DRV - [2009/10/22 12:54:18 | 000,037,392 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\15188712.sys -- (15188712)
DRV - [2009/10/14 07:24:44 | 000,010,064 | -H-- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2009/10/09 22:31:10 | 000,315,408 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\1518871.sys -- (setup_9.0.0.722_25.03.2011_16-20drv)
DRV - [2009/09/25 16:59:42 | 000,128,016 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\15188711.sys -- (15188711)
DRV - [2009/05/14 14:49:32 | 000,094,360 | -H-- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir)
DRV - [2009/05/14 14:47:14 | 000,107,256 | -H-- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2009/05/14 14:41:10 | 000,114,472 | -H-- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2007/05/09 20:51:34 | 000,041,888 | -H-- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2007/05/09 20:47:00 | 001,276,832 | -H-- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LV302V32.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
DRV - [2006/03/08 20:27:12 | 004,246,016 | -H-- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/02/08 04:55:34 | 001,480,704 | -H-- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006/01/19 01:41:58 | 000,080,512 | -H-- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2005/12/13 00:27:00 | 000,019,072 | -H-- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)
DRV - [2005/06/30 00:03:18 | 000,175,104 | -H-- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ftsata2.sys -- (ftsata2)
DRV - [2004/08/03 21:31:34 | 000,020,992 | -H-- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2003/11/05 14:45:12 | 000,017,408 | -H-- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\bb-run.sys -- (bb-run)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...LION&pf=desktop
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...LION&pf=desktop
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...LION&pf=desktop
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...LION&pf=desktop
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1951882237-1008395978-543828888-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...LION&pf=desktop
IE - HKU\S-1-5-21-1951882237-1008395978-543828888-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.hotspotshield.com/g/?c=h
IE - HKU\S-1-5-21-1951882237-1008395978-543828888-1009\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
IE - HKU\S-1-5-21-1951882237-1008395978-543828888-1009\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKU\S-1-5-21-1951882237-1008395978-543828888-1009\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-1951882237-1008395978-543828888-1009\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1951882237-1008395978-543828888-1009\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local;*.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Secure Search"
FF - prefs.js..browser.search.defaulturl: "http://slirsredirect...onType=&query="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {c2f863cd-0429-48c7-bb54-db756a951760}:5.21.1.1
FF - prefs.js..extensions.enabledItems: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}:4.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.9.9
FF - prefs.js..extensions.enabledItems: {f701c26a-479a-4724-b4f1-870db12f063c}:1.4.2
FF - prefs.js..extensions.enabledItems: [email protected]:2
FF - prefs.js..extensions.enabledItems: 4
FF - prefs.js..extensions.enabledItems: 9
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.2.20100119091315
FF - prefs.js..extensions.enabledItems: {ba2430e0-5b72-4cac-bc9e-7d1aaca75d3d}:1.6.0
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3.1
FF - prefs.js..extensions.enabledItems: {e0204bd5-9d31-402b-a99d-a6aa8ffebdca}:1.2.5
FF - prefs.js..keyword.URL: "http://uk.search.yah...h?fr=mcafee&p="


FF - HKLM\software\mozilla\Firefox\extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2011/03/20 21:23:49 | 000,000,000 | -H-D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/24 13:29:06 | 000,000,000 | -H-D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/24 13:29:06 | 000,000,000 | -H-D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2009/09/10 15:04:54 | 000,000,000 | -H-D | M]

[2011/03/15 19:12:45 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\Russel.YOUR-C94F920E24\Application Data\Mozilla\Extensions
[2011/03/15 19:12:45 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\Russel.YOUR-C94F920E24\Application Data\Mozilla\Extensions\[email protected]
[2011/03/26 17:52:20 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\Russel.YOUR-C94F920E24\Application Data\Mozilla\Firefox\Profiles\ad31uh3q.default\extensions
[2010/04/05 12:56:53 | 000,000,000 | -H-D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Russel.YOUR-C94F920E24\Application Data\Mozilla\Firefox\Profiles\ad31uh3q.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/03/15 01:51:19 | 000,000,000 | -H-D | M] (NoScript) -- C:\Documents and Settings\Russel.YOUR-C94F920E24\Application Data\Mozilla\Firefox\Profiles\ad31uh3q.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010/08/05 16:47:55 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\Russel.YOUR-C94F920E24\Application Data\Mozilla\Firefox\Profiles\ad31uh3q.default\extensions\{ba2430e0-5b72-4cac-bc9e-7d1aaca75d3d}
[2011/01/16 01:37:55 | 000,000,000 | -H-D | M] (Easy Youtube Video Downloader) -- C:\Documents and Settings\Russel.YOUR-C94F920E24\Application Data\Mozilla\Firefox\Profiles\ad31uh3q.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}
[2010/11/11 22:08:26 | 000,000,000 | -H-D | M] ("AIM Toolbar") -- C:\Documents and Settings\Russel.YOUR-C94F920E24\Application Data\Mozilla\Firefox\Profiles\ad31uh3q.default\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}
[2010/12/24 06:08:54 | 000,000,000 | -H-D | M] (Torbutton) -- C:\Documents and Settings\Russel.YOUR-C94F920E24\Application Data\Mozilla\Firefox\Profiles\ad31uh3q.default\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}
[2010/04/05 12:56:54 | 000,000,000 | -H-D | M] (Text-to-Image) -- C:\Documents and Settings\Russel.YOUR-C94F920E24\Application Data\Mozilla\Firefox\Profiles\ad31uh3q.default\extensions\{f701c26a-479a-4724-b4f1-870db12f063c}
[2009/12/20 22:03:40 | 000,000,000 | -H-D | M] (TVU Web Player) -- C:\Documents and Settings\Russel.YOUR-C94F920E24\Application Data\Mozilla\Firefox\Profiles\ad31uh3q.default\extensions\[email protected]
[2010/11/11 22:08:31 | 000,000,310 | -H-- | M] () -- C:\Documents and Settings\Russel.YOUR-C94F920E24\Application Data\Mozilla\Firefox\Profiles\ad31uh3q.default\searchplugins\aim-search.xml
[2011/03/26 17:25:37 | 000,000,000 | -H-D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/03/07 23:07:17 | 000,000,000 | -H-D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/06/10 21:32:23 | 000,000,000 | -H-D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/06/10 21:32:11 | 000,000,000 | -H-D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/03/20 21:23:49 | 000,000,000 | -H-D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES\MCAFEE\SITEADVISOR
[2008/02/27 16:57:38 | 000,106,496 | -H-- | M] (British Broadcasting Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npBBCPlugin.dll
[2010/06/10 21:32:07 | 000,411,368 | -H-- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2007/10/15 22:47:04 | 000,066,208 | -H-- | M] (Joost Technologies B.V. ) -- C:\Program Files\Mozilla Firefox\plugins\npJoostPlugin.dll
[2006/09/07 18:56:28 | 000,102,400 | -H-- | M] ( ) -- C:\Program Files\Mozilla Firefox\plugins\npvideoegg-loader.dll
[2007/03/09 23:16:44 | 000,189,496 | -H-- | M] (Yahoo! Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll
[2010/12/24 02:27:06 | 000,002,027 | -H-- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\McSiteAdvisor.xml

O1 HOSTS File: ([2011/03/15 19:22:43 | 000,000,136 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: റ
O1 - Hosts: 127.0.0.1 link-assistant.com
O1 - Hosts: 127.0.0.1 www.link-assistant.com
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Flashget Catch Url Class) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll (www.flashget.com)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)
O2 - BHO: (AIM Toolbar Loader) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (AIM Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-1951882237-1008395978-543828888-1009\..\Toolbar\WebBrowser: (AIM Toolbar) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] File not found
O4 - HKLM..\Run: [DivXUpdate] File not found
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [ftutil2] C:\WINDOWS\System32\ftutil2.dll (Promise Technology, Inc.)
O4 - HKLM..\Run: [GrooveMonitor] File not found
O4 - HKLM..\Run: [iTunesHelper] File not found
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [PCMService] File not found
O4 - HKLM..\Run: [QuickTime Task] File not found
O4 - HKLM..\Run: [Recguard] File not found
O4 - HKLM..\Run: [RTHDCPL] File not found
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-21-1951882237-1008395978-543828888-1009..\Run: [Aim6] C:\Program Files\AIM6\aim6.exe (AOL LLC)
O4 - HKU\S-1-5-21-1951882237-1008395978-543828888-1009..\Run: [MSMSGS] File not found
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Pin.lnk = C:\hp\bin\cloaker.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\Administrator.YOUR-C94F920E24\Start Menu\Programs\Startup\Pin.lnk = C:\hp\bin\cloaker.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hp psc 1000 series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe (Hewlett-Packard)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
O4 - Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\Pin.lnk = C:\hp\bin\cloaker.exe (Hewlett-Packard Co.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1951882237-1008395978-543828888-1009\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1951882237-1008395978-543828888-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1951882237-1008395978-543828888-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1951882237-1008395978-543828888-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &AIM Toolbar Search - C:\Documents and Settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html ()
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm ()
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm ()
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll (Google Inc.)
O9 - Extra Button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1252595208033 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-1951882237-1008395978-543828888-1009 Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Russel.YOUR-C94F920E24\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Russel.YOUR-C94F920E24\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/12/05 23:32:08 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/27 15:07:38 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/03/26 17:18:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Russel.YOUR-C94F920E24\My Documents\RK_Quarantine
[2011/03/25 14:32:03 | 000,315,408 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\1518871.sys
[2011/03/25 14:32:03 | 000,128,016 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\15188711.sys
[2011/03/25 14:32:03 | 000,037,392 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\15188712.sys
[2011/03/25 14:32:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Russel.YOUR-C94F920E24\Desktop\Virus Removal Tool
[2011/03/24 11:20:06 | 000,546,816 | -H-- | C] (FPAV) -- C:\Documents and Settings\All Users\Application Data\sCRrtWXnjAgI.exe
[2011/03/14 16:54:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Russel.YOUR-C94F920E24\My Documents\bonuses
[2011/02/26 18:16:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Russel.YOUR-C94F920E24\Desktop\jan11backlinks

========== Files - Modified Within 30 Days ==========

[2011/03/26 18:37:00 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{9F6FD136-0ABE-43A8-970A-D40E2C30CE97}.job
[2011/03/26 18:21:00 | 000,001,014 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1951882237-1008395978-543828888-1009UA.job
[2011/03/26 18:05:17 | 000,000,069 | -H-- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/03/26 18:03:34 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Russel.YOUR-C94F920E24\My Documents\MBR.dat
[2011/03/26 17:45:00 | 000,000,886 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/03/26 17:14:18 | 000,000,248 | -H-- | M] () -- C:\WINDOWS\System\hpsysdrv.dat
[2011/03/26 17:13:25 | 000,000,882 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/03/26 15:57:10 | 003,594,632 | -H-- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/03/26 15:56:19 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/03/26 15:56:16 | 2079,772,672 | -HS- | M] () -- C:\hiberfil.sys
[2011/03/26 13:21:04 | 000,000,962 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1951882237-1008395978-543828888-1009Core.job
[2011/03/26 09:53:12 | 000,000,354 | RHS- | M] () -- C:\boot.ini
[2011/03/25 13:58:00 | 000,000,284 | -H-- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/03/24 11:48:50 | 000,000,441 | -H-- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics
[2011/03/24 11:29:21 | 000,000,096 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~19259188
[2011/03/24 11:29:20 | 000,000,824 | ---- | M] () -- C:\Documents and Settings\Russel.YOUR-C94F920E24\Desktop\Windows Recovery.lnk
[2011/03/24 11:29:20 | 000,000,128 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~19259188r
[2011/03/24 11:29:16 | 000,000,336 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\19259188
[2011/03/24 11:20:06 | 000,546,816 | -H-- | M] (FPAV) -- C:\Documents and Settings\All Users\Application Data\sCRrtWXnjAgI.exe
[2011/03/20 13:23:09 | 000,000,522 | -H-- | M] () -- C:\hpfr3420.xml
[2011/03/17 21:22:55 | 000,002,422 | ---- | M] () -- C:\Documents and Settings\Russel.YOUR-C94F920E24\Desktop\Google Chrome.lnk
[2011/03/17 21:22:55 | 000,002,400 | ---- | M] () -- C:\Documents and Settings\Russel.YOUR-C94F920E24\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/03/17 03:02:00 | 000,001,374 | -H-- | M] () -- C:\WINDOWS\imsins.BAK
[2011/03/16 15:21:31 | 000,006,123 | ---- | M] () -- C:\Documents and Settings\Russel.YOUR-C94F920E24\My Documents\get indexed.php
[2011/03/15 19:36:17 | 000,500,227 | -H-- | M] () -- C:\Documents and Settings\Russel.YOUR-C94F920E24\.spyglass.properties
[2011/03/15 19:36:07 | 002,743,571 | -H-- | M] () -- C:\Documents and Settings\Russel.YOUR-C94F920E24\.websiteauditor.properties
[2011/03/15 19:29:04 | 000,454,023 | -H-- | M] () -- C:\Documents and Settings\Russel.YOUR-C94F920E24\.linkassistant.properties
[2011/03/15 19:22:43 | 000,000,136 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/03/14 15:10:13 | 000,050,154 | ---- | M] () -- C:\Documents and Settings\Russel.YOUR-C94F920E24\My Documents\get-attachment.aspx
[2011/03/14 14:55:33 | 000,009,348 | ---- | M] () -- C:\Documents and Settings\Russel.YOUR-C94F920E24\My Documents\iflip.jpg
[2011/03/13 18:46:40 | 000,000,664 | -H-- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/03/11 00:27:01 | 000,000,284 | -H-- | M] () -- C:\WINDOWS\tasks\wavepadShakeIcon.job
[2011/03/10 16:06:09 | 000,417,750 | ---- | M] () -- C:\Documents and Settings\Russel.YOUR-C94F920E24\My Documents\100035.pdf
[2011/03/09 15:06:29 | 000,002,265 | -H-- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011/03/08 00:55:33 | 000,043,517 | ---- | M] () -- C:\Documents and Settings\Russel.YOUR-C94F920E24\My Documents\Big Bird on stoop.gif
[2011/03/08 00:54:13 | 000,093,064 | ---- | M] () -- C:\Documents and Settings\Russel.YOUR-C94F920E24\My Documents\big bird t2.jpg
[2011/03/07 01:41:06 | 000,279,882 | ---- | M] () -- C:\Documents and Settings\Russel.YOUR-C94F920E24\Desktop\commision overload.png
[2011/02/26 23:23:04 | 000,000,308 | -H-- | M] () -- C:\WINDOWS\tasks\HPCeeSchedule.job
[2011/02/26 20:30:29 | 000,000,677 | ---- | M] () -- C:\Documents and Settings\Russel.YOUR-C94F920E24\Desktop\Spotify.lnk
[2011/02/25 19:15:08 | 000,274,931 | ---- | M] () -- C:\Documents and Settings\Russel.YOUR-C94F920E24\My Documents\makeover (2).jpg

========== Files Created - No Company Name ==========

[2011/03/26 17:36:43 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Russel.YOUR-C94F920E24\My Documents\MBR.dat
[2011/03/24 11:29:20 | 000,000,824 | ---- | C] () -- C:\Documents and Settings\Russel.YOUR-C94F920E24\Desktop\Windows Recovery.lnk
[2011/03/24 11:29:20 | 000,000,128 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~19259188r
[2011/03/24 11:29:20 | 000,000,096 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~19259188
[2011/03/24 11:29:16 | 000,000,336 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\19259188
[2011/03/16 15:19:40 | 000,006,123 | ---- | C] () -- C:\Documents and Settings\Russel.YOUR-C94F920E24\My Documents\get indexed.php
[2011/03/15 19:36:17 | 000,500,227 | -H-- | C] () -- C:\Documents and Settings\Russel.YOUR-C94F920E24\.spyglass.properties
[2011/03/15 19:35:42 | 002,743,571 | -H-- | C] () -- C:\Documents and Settings\Russel.YOUR-C94F920E24\.websiteauditor.properties
[2011/03/15 19:15:31 | 000,454,023 | -H-- | C] () -- C:\Documents and Settings\Russel.YOUR-C94F920E24\.linkassistant.properties
[2011/03/14 15:10:14 | 000,050,154 | ---- | C] () -- C:\Documents and Settings\Russel.YOUR-C94F920E24\My Documents\get-attachment.aspx
[2011/03/14 14:56:02 | 000,009,348 | ---- | C] () -- C:\Documents and Settings\Russel.YOUR-C94F920E24\My Documents\iflip.jpg
[2011/03/11 00:26:42 | 000,000,284 | -H-- | C] () -- C:\WINDOWS\tasks\wavepadShakeIcon.job
[2011/03/10 16:06:09 | 000,417,750 | ---- | C] () -- C:\Documents and Settings\Russel.YOUR-C94F920E24\My Documents\100035.pdf
[2011/03/08 00:54:28 | 000,093,064 | ---- | C] () -- C:\Documents and Settings\Russel.YOUR-C94F920E24\My Documents\big bird t2.jpg
[2011/03/08 00:53:32 | 000,043,517 | ---- | C] () -- C:\Documents and Settings\Russel.YOUR-C94F920E24\My Documents\Big Bird on stoop.gif
[2011/03/07 01:41:20 | 000,279,882 | ---- | C] () -- C:\Documents and Settings\Russel.YOUR-C94F920E24\Desktop\commision overload.png
[2011/02/26 20:30:29 | 000,000,683 | ---- | C] () -- C:\Documents and Settings\Russel.YOUR-C94F920E24\Start Menu\Programs\Spotify.lnk
[2011/02/26 20:30:29 | 000,000,677 | ---- | C] () -- C:\Documents and Settings\Russel.YOUR-C94F920E24\Desktop\Spotify.lnk
[2011/02/25 19:24:26 | 000,274,931 | ---- | C] () -- C:\Documents and Settings\Russel.YOUR-C94F920E24\My Documents\makeover (2).jpg
[2011/02/25 18:59:06 | 001,063,157 | ---- | C] () -- C:\Documents and Settings\Russel.YOUR-C94F920E24\My Documents\100_0295.jpg
[2011/02/25 18:56:12 | 001,028,288 | ---- | C] () -- C:\Documents and Settings\Russel.YOUR-C94F920E24\My Documents\100_0280.jpg
[2010/12/13 05:28:14 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/11/09 18:39:41 | 000,000,043 | -H-- | C] () -- C:\WINDOWS\gswin32.ini
[2010/07/27 12:58:15 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\Russel.YOUR-C94F920E24\Application Data\wklnhst.dat
[2010/07/16 15:07:28 | 000,000,082 | -H-- | C] () -- C:\WINDOWS\wininit.ini
[2010/06/16 02:09:06 | 000,000,120 | -H-- | C] () -- C:\WINDOWS\Uvobogologiw.dat
[2010/06/16 02:09:06 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\Dyigozew.bin
[2010/06/10 02:10:47 | 000,000,185 | -H-- | C] () -- C:\WINDOWS\System32\MRT.INI
[2010/05/06 10:13:07 | 000,000,664 | -H-- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/01/20 11:25:42 | 000,020,427 | -H-- | C] () -- C:\WINDOWS\hpoins01.dat.temp
[2010/01/20 11:25:42 | 000,016,622 | -H-- | C] () -- C:\WINDOWS\hpomdl01.dat.temp
[2010/01/20 10:56:11 | 000,019,575 | -H-- | C] () -- C:\WINDOWS\hpoins01.dat
[2010/01/20 10:56:11 | 000,016,606 | -H-- | C] () -- C:\WINDOWS\hpomdl01.dat
[2009/09/16 16:27:58 | 000,508,224 | -H-- | C] () -- C:\WINDOWS\System32\ICCProfiles.dll
[2009/09/16 13:34:34 | 000,063,572 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/09/14 14:16:19 | 000,000,145 | -H-- | C] () -- C:\Documents and Settings\Russel.YOUR-C94F920E24\Local Settings\Application Data\fusioncache.dat
[2009/09/12 22:02:33 | 000,054,272 | -H-- | C] () -- C:\Documents and Settings\Russel.YOUR-C94F920E24\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/12/13 18:14:05 | 000,004,757 | -H-- | C] () -- C:\WINDOWS\Irremote.ini
[2008/11/25 21:01:28 | 000,000,001 | -H-- | C] () -- C:\WINDOWS\be49f4daa.dat
[2008/07/06 09:45:39 | 000,000,021 | -H-- | C] () -- C:\WINDOWS\atid.ini
[2008/03/10 12:48:53 | 000,691,545 | -H-- | C] () -- C:\WINDOWS\unins000.exe
[2008/03/10 12:48:53 | 000,002,551 | -H-- | C] () -- C:\WINDOWS\unins000.dat
[2008/02/03 14:50:03 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\pcfriend.INI
[2007/08/16 22:32:25 | 000,118,784 | -H-- | C] () -- C:\WINDOWS\ShowBmp.exe
[2007/08/16 22:32:25 | 000,001,325 | -H-- | C] () -- C:\WINDOWS\Remove.ini
[2007/05/09 19:35:54 | 000,057,126 | -H-- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2007/05/05 21:47:39 | 000,000,151 | -H-- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2007/04/27 16:50:15 | 000,000,391 | -H-- | C] () -- C:\WINDOWS\COVERE~1.INI
[2007/02/28 20:46:02 | 000,000,069 | -H-- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/02/14 07:35:44 | 000,000,227 | -H-- | C] () -- C:\WINDOWS\HP_CounterReport_Update_HPSU.ini
[2006/12/29 21:11:40 | 000,000,722 | -H-- | C] () -- C:\WINDOWS\cdplayer.ini
[2006/12/23 06:20:40 | 000,002,956 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/12/22 17:00:47 | 000,001,302 | -H-- | C] () -- C:\WINDOWS\mozver.dat
[2006/12/22 16:55:15 | 000,000,335 | -H-- | C] () -- C:\WINDOWS\nsreg.dat
[2006/12/12 20:09:58 | 000,000,046 | -H-- | C] () -- C:\WINDOWS\adiras.ini
[2006/06/21 11:08:58 | 000,561,152 | RH-- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[2006/06/21 05:25:18 | 000,000,061 | -H-- | C] () -- C:\WINDOWS\smscfg.ini
[2006/06/21 05:04:31 | 000,028,848 | -H-- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
[2006/06/21 05:00:06 | 000,013,562 | -H-- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2006/06/21 04:59:59 | 000,045,056 | -H-- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2006/06/21 04:54:48 | 000,198,144 | -H-- | C] () -- C:\WINDOWS\System32\_psisdecd.dll
[2006/06/21 04:46:29 | 000,090,686 | -H-- | C] () -- C:\WINDOWS\hpiins01.dat
[2006/06/21 04:37:23 | 000,095,822 | -H-- | C] () -- C:\WINDOWS\hpqins69.dat
[2006/06/21 04:36:23 | 000,001,793 | -H-- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2006/06/21 04:33:54 | 000,121,994 | -H-- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2006/06/21 04:19:27 | 000,000,780 | -H-- | C] () -- C:\WINDOWS\orun32.ini
[2006/06/21 04:16:12 | 000,323,584 | -H-- | C] () -- C:\WINDOWS\System32\pythoncom22.dll
[2006/06/21 04:16:12 | 000,094,208 | -H-- | C] () -- C:\WINDOWS\System32\pywintypes22.dll
[2006/06/21 04:15:49 | 000,016,896 | -H-- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2005/12/05 23:49:08 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/12/05 23:36:34 | 000,384,904 | -H-- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2005/12/05 23:36:34 | 000,054,396 | -H-- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2005/12/05 23:34:46 | 003,594,632 | -H-- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/12/05 23:31:48 | 000,004,161 | -H-- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/12/05 23:30:02 | 000,021,640 | -H-- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/04 11:00:00 | 000,673,088 | -H-- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 11:00:00 | 000,272,128 | -H-- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 11:00:00 | 000,218,003 | -H-- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 11:00:00 | 000,046,258 | -H-- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 11:00:00 | 000,028,626 | -H-- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 11:00:00 | 000,004,569 | -H-- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 11:00:00 | 000,001,804 | -H-- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 11:00:00 | 000,000,741 | -H-- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/06/24 19:10:06 | 000,000,567 | -H-- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2001/08/23 22:12:28 | 013,107,200 | -H-- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 22:11:02 | 000,004,490 | -H-- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/07/06 21:30:00 | 000,003,399 | -H-- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== LOP Check ==========

[2011/03/26 18:37:00 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{9F6FD136-0ABE-43A8-970A-D40E2C30CE97}.job
[2011/03/11 00:27:01 | 000,000,284 | -H-- | M] () -- C:\WINDOWS\Tasks\wavepadShakeIcon.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2008/04/14 00:12:19 | 001,033,728 | -H-- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008/04/14 00:12:19 | 001,033,728 | -H-- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/14 00:12:19 | 001,033,728 | -H-- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2007/06/13 11:26:03 | 001,033,216 | -H-- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/04/14 00:12:36 | 000,014,336 | -H-- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ERDNT\cache\svchost.exe
[2008/04/14 00:12:36 | 000,014,336 | -H-- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/14 00:12:36 | 000,014,336 | -H-- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/04/14 00:12:38 | 000,026,112 | -H-- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008/04/14 00:12:38 | 000,026,112 | -H-- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/14 00:12:38 | 000,026,112 | -H-- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2008/04/14 00:12:39 | 000,507,904 | -H-- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008/04/14 00:12:39 | 000,507,904 | -H-- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/14 00:12:39 | 000,507,904 | -H-- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< %systemroot%\*. /mp /s >

< End of report >




OTL Extras logfile created on: 3/26/2011 6:06:37 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Russel.YOUR-C94F920E24\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 47.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 180.30 Gb Total Space | 0.30 Gb Free Space | 0.16% Space Free | Partition Type: NTFS
Drive D: | 5.99 Gb Total Space | 0.53 Gb Free Space | 8.92% Space Free | Partition Type: FAT32

Computer Name: YOUR-C94F920E24 | User Name: Russel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"5353:TCP" = 5353:TCP:*:Enabled:Adobe CSI CS4
"1039:TCP" = 1039:TCP:*:Enabled:Akamai NetSession Interface
"5000:UDP" = 5000:UDP:*:Enabled:Akamai NetSession Interface

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\CyberLink\PowerCinema\PowerCinema.exe" = C:\Program Files\CyberLink\PowerCinema\PowerCinema.exe:*:Enabled:CyberLink PowerCinema -- (CyberLink Corp.)
"C:\Program Files\CyberLink\PowerCinema\PCMService.exe" = C:\Program Files\CyberLink\PowerCinema\PCMService.exe:*:Enabled:CyberLink PowerCinema Resident Program -- (CyberLink Corp.)
"C:\Program Files\FrostWire\FrostWire.exe" = C:\Program Files\FrostWire\FrostWire.exe:*:Enabled:FrostWire
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare -- (Eastman Kodak Company)
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)
"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM -- (AOL LLC)
"C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" = C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4 -- (Adobe Systems Incorporated)
"C:\Program Files\StreamTorrent 1.0\StreamTorrent.exe" = C:\Program Files\StreamTorrent 1.0\StreamTorrent.exe:*:Enabled:StreamTorrent P2P Media Player
"C:\Program Files\FlashGet\flashget.exe" = C:\Program Files\FlashGet\flashget.exe:*:Enabled:FlashGet -- (FlashGet.com)
"C:\Documents and Settings\Russel.YOUR-C94F920E24\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" = C:\Documents and Settings\Russel.YOUR-C94F920E24\Local Settings\Application Data\Google\Chrome\Application\chrome.exe:*:Enabled:Google Chrome -- (Google Inc.)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\Spotify\spotify.exe" = C:\Program Files\Spotify\spotify.exe:*:Enabled:Spotify -- (Spotify Ltd)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{036CB3BC-64EF-107A-AC71-DB7F2BA22350}" = SAT
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{14AFE241-FC6E-4FDB-BCA0-7AD6F4974171}" = Adobe Setup
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{20E1786B-1B87-43F7-B696-5221B332A365}" = FBP - Facebook Blaster Pro
"{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Customer Experience Enhancement
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = PowerCinema
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 20
"{2EEBAC31-3EEF-4118-91CB-1A286A507DB2}" = ESET NOD32 Antivirus
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3CF99DC3-38FD-46E6-A6B4-9C70074E020C}" = DocumentViewer
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{436BD6D1-707C-43D3-BF99-24ED23291033}" = Nero 8 Essentials
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5CFD7508-7774-48FE-8280-7A3C0AE71755}" = Internet Services
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{6B9B0C6F-E5FA-4633-A640-AB98A272ECCA}" = Safari
"{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}" = HP Photo and Imaging 2.0 - All-in-One Drivers
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78225D0F-D12C-09E4-5D6D-A64D763E8982}" = BBC iPlayer Desktop
"{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8BA510D1-045B-4E1A-AF52-2282BBF69D5D}" = LightScribe System Software
"{8C2690CF-5B74-4F93-8139-7B5644CD6A3B}" = MobileMe Control Panel
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{926CC8AE-8414-43DF-8EB4-CF26D9C3C663}" =
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9867A917-5D17-40DE-83BA-BEA5293194B1}" = HP Photo and Imaging 2.0 - All-in-One
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A70500000002}" = Adobe Reader 7.0.5
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BF4E9ED0-EF26-4A4C-A123-6A6A1ABEE411}" = DocProc
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C900EF06-2E76-49C7-8DB0-41F629B21DC5}" = hp psc 1200 series
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{E1FB15E4-E0EC-4C56-8D47-FFF7204C4F0B}" = Nitro PDF Professional
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FA02ACAC-9E14-4878-A257-92A22A647C2C}" = LG USB Modem Drivers
"{FAE36873-1941-4076-A9A5-48812B5EA0B7}" = iTunes
"{FE3997D3-6B56-4AC4-A99C-9DDFC45359BF}" = TuneUp Utilities Language Pack (en-US)
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"Action Sats Learning Science 12-16" = Action Sats Learning Science 12-16
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_acce07fd2c8fe7f9e3f26243e626578" = Adobe Dreamweaver CS4
"AIM Toolbar" = AIM Toolbar
"AIM_6" = AIM 6
"Akamai" = Akamai NetSession Interface
"A-PDF Restrictions Remover_is1" = A-PDF Restrictions Remover 1.6
"ATI Display Driver" = ATI Display Driver
"BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1" = BBC iPlayer Desktop
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Comical_is1" = Comical 0.8
"DivX Setup.divx.com" = DivX Setup
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ERUNT_is1" = ERUNT 1.1j
"HijackThis" = HijackThis 2.0.2
"HP Document Viewer" = HP Document Viewer 6.1
"HP PSC 1200 Series" = HP Photo and Imaging 2.0 - hp psc 1200 series
"ie8" = Windows Internet Explorer 8
"InstallShield_{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Customer Experience Enhancement
"InstallShield_{5CFD7508-7774-48FE-8280-7A3C0AE71755}" = Internet Services
"InstallShield_{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up
"LAME for Audacity_is1" = LAME v3.98.3 for Audacity
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16)
"MSNINST" = MSN
"PC-Doctor 5 for Windows" = PC-Doctor 5 for Windows
"Python 2.2.3" = Python 2.2.3
"pywin32-py2.2" = Python 2.2 pywin32 extensions (build 203)
"RealPlayer 6.0" = RealPlayer
"SAT" = SAT
"Spotify" = Spotify
"TuneUp Utilities" = TuneUp Utilities
"Veetle TV" = Veetle TV 0.9.17
"VLC media player" = VLC media player 1.0.5
"WavePad" = WavePad Sound Editor
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/25/2011 11:03:57 PM | Computer Name = YOUR-C94F920E24 | Source = MsiInstaller | ID = 1023
Description = Product: Microsoft .NET Framework 2.0 Service Pack 2 - Update '.NET
Framework 1' could not be installed. Error code 1603. Additional information is
available in the log file C:\WINDOWS\TEMP\dd_NET_Framework20_Setup277D.txt.

Error - 3/25/2011 11:03:57 PM | Computer Name = YOUR-C94F920E24 | Source = MsiInstaller | ID = 1023
Description = Product: Microsoft .NET Framework 2.0 Service Pack 2 - Update '.NET
Framework 2' could not be installed. Error code 1603. Additional information is
available in the log file C:\WINDOWS\TEMP\dd_NET_Framework20_Setup277D.txt.

Error - 3/25/2011 11:03:57 PM | Computer Name = YOUR-C94F920E24 | Source = MsiInstaller | ID = 1023
Description = Product: Microsoft .NET Framework 2.0 Service Pack 2 - Update '.NET
Framework ASP .NET' could not be installed. Error code 1603. Additional information
is available in the log file C:\WINDOWS\TEMP\dd_NET_Framework20_Setup277D.txt.

Error - 3/25/2011 11:03:57 PM | Computer Name = YOUR-C94F920E24 | Source = MsiInstaller | ID = 1023
Description = Product: Microsoft .NET Framework 2.0 Service Pack 2 - Update '.NET
Framework WinForms' could not be installed. Error code 1603. Additional information
is available in the log file C:\WINDOWS\TEMP\dd_NET_Framework20_Setup277D.txt.

Error - 3/26/2011 8:14:41 AM | Computer Name = YOUR-C94F920E24 | Source = TuneUp.UtilitiesSvc | ID = 300
Description =

Error - 3/26/2011 8:14:41 AM | Computer Name = YOUR-C94F920E24 | Source = TuneUp.UtilitiesSvc | ID = 300
Description =

Error - 3/26/2011 8:14:41 AM | Computer Name = YOUR-C94F920E24 | Source = TuneUp.UtilitiesSvc | ID = 300
Description =

Error - 3/26/2011 11:54:57 AM | Computer Name = YOUR-C94F920E24 | Source = Bonjour Service | ID = 100
Description = 240: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 3/26/2011 11:54:57 AM | Computer Name = YOUR-C94F920E24 | Source = Bonjour Service | ID = 100
Description = 232: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 3/26/2011 11:54:57 AM | Computer Name = YOUR-C94F920E24 | Source = Bonjour Service | ID = 100
Description = 400: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

[ System Events ]
Error - 3/26/2011 5:52:32 AM | Computer Name = YOUR-C94F920E24 | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

Error - 3/26/2011 8:09:24 AM | Computer Name = YOUR-C94F920E24 | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC000007F'
while processing the file 'change.log' on the volume 'HarddiskVolume1'. It has
stopped monitoring the volume.

Error - 3/26/2011 8:16:57 AM | Computer Name = YOUR-C94F920E24 | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

Error - 3/26/2011 11:56:26 AM | Computer Name = YOUR-C94F920E24 | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000001'
while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring
the volume.

Error - 3/26/2011 11:56:37 AM | Computer Name = YOUR-C94F920E24 | Source = SRService | ID = 104
Description = The System Restore initialization process failed.

Error - 3/26/2011 11:56:38 AM | Computer Name = YOUR-C94F920E24 | Source = Service Control Manager | ID = 7023
Description = The System Restore Service service terminated with the following error:
%%5

Error - 3/26/2011 11:56:42 AM | Computer Name = YOUR-C94F920E24 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
iaStor IntelIde ViaIde

Error - 3/26/2011 11:56:46 AM | Computer Name = YOUR-C94F920E24 | Source = ipnathlp | ID = 30013
Description = The DHCP allocator has disabled itself on IP address 192.168.1.2, since
the IP address is outside the 192.168.0.0/255.255.255.0 scope from which addresses
are being allocated to DHCP clients. To enable the DHCP allocator on this IP address,
please
change the scope to include the IP address, or change the IP address to fall within
the scope.

Error - 3/26/2011 2:08:14 PM | Computer Name = YOUR-C94F920E24 | Source = SRService | ID = 104
Description = The System Restore initialization process failed.

Error - 3/26/2011 2:08:14 PM | Computer Name = YOUR-C94F920E24 | Source = Service Control Manager | ID = 7023
Description = The System Restore Service service terminated with the following error:
%%5


< End of report >
  • 0

#7
Krsaigon
Posted 26 March 2011 - 05:59 PM

Krsaigon

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts
aswMBR log is as follows, I only have one antivirus tool which is nod32 at the moment.



aswMBR version 0.9.4 Copyright© 2011 AVAST Software
Run date: 2011-03-26 18:02:39
-----------------------------
18:02:39.734 OS Version: Windows 5.1.2600 Service Pack 3
18:02:39.734 Number of processors: 2 586 0x409
18:02:39.734 ComputerName: YOUR-C94F920E24 UserName: Russel
18:02:41.156 Initialize success
18:02:43.343 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-10
18:02:43.343 Disk 0 Vendor: ST3200827AS 3.AHH Size: 190782MB BusType: 3
18:02:45.375 Disk 0 MBR read successfully
18:02:45.390 Disk 0 MBR scan
18:02:47.390 Disk 0 scanning sectors +390716865
18:02:47.406 Disk 0 malicious Win32:MBRoot code @ sector 390716868 !
18:02:47.406 Disk 0 PE file @ sector 390716890 !
18:02:47.406 Disk 0 scanning C:\WINDOWS\system32\drivers
18:02:53.109 Service scanning
18:02:54.234 Disk 0 trace - called modules:
18:02:54.234
18:02:54.234 Scan finished successfully
18:03:08.437 Disk 0 Windows 501 MBR fixed successfully
  • 0

#8
Essexboy
Posted 27 March 2011 - 05:10 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Looks better now - what are your current problems ?

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    FF - prefs.js..browser.search.defaultenginename: "Secure Search"
    O4 - HKLM..\Run: [AppleSyncNotifier] File not found
    O4 - HKLM..\Run: [DivXUpdate] File not found
    O4 - HKLM..\Run: [GrooveMonitor] File not found
    O4 - HKLM..\Run: [iTunesHelper] File not found
    O4 - HKLM..\Run: [PCMService] File not found
    O4 - HKLM..\Run: [QuickTime Task] File not found
    O4 - HKLM..\Run: [Recguard] File not found
    O4 - HKLM..\Run: [RTHDCPL] File not found
    O4 - HKU\S-1-5-21-1951882237-1008395978-543828888-1009..\Run: [MSMSGS] File not found
    [2011/03/24 11:20:06 | 000,546,816 | -H-- | C] (FPAV) -- C:\Documents and Settings\All Users\Application Data\sCRrtWXnjAgI.exe
    [2011/03/24 11:29:21 | 000,000,096 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~19259188
    [2011/03/24 11:29:20 | 000,000,128 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~19259188r
    [2011/03/24 11:29:16 | 000,000,336 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\19259188
    [2011/03/24 11:20:06 | 000,546,816 | -H-- | M] (FPAV) -- C:\Documents and Settings\All Users\Application Data\sCRrtWXnjAgI.exe
    [2010/06/16 02:09:06 | 000,000,120 | -H-- | C] () -- C:\WINDOWS\Uvobogologiw.dat
    [2010/06/16 02:09:06 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\Dyigozew.bin

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Posted Image Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
  • 0

#9
Krsaigon
Posted 27 March 2011 - 10:36 AM

Krsaigon

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts
OTL Log, well the first log got lost when the computer just rebooted itself after rebooting randomly. So I ran a second fix with OTL. I still have the Virus Removal shortcut on my desktp, dont want to click incase it locks my programs again.


ll processes killed
========== OTL ==========
Prefs.js: "Secure Search" removed from browser.search.defaultenginename
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\AppleSyncNotifier not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\DivXUpdate not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\GrooveMonitor not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\iTunesHelper not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\PCMService not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\QuickTime Task not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Recguard not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\RTHDCPL not found.
Registry value HKEY_USERS\S-1-5-21-1951882237-1008395978-543828888-1009\Software\Microsoft\Windows\CurrentVersion\Run\\MSMSGS not found.
File C:\Documents and Settings\All Users\Application Data\sCRrtWXnjAgI.exe not found.
File C:\Documents and Settings\All Users\Application Data\~19259188 not found.
File C:\Documents and Settings\All Users\Application Data\~19259188r not found.
File C:\Documents and Settings\All Users\Application Data\19259188 not found.
File C:\Documents and Settings\All Users\Application Data\sCRrtWXnjAgI.exe not found.
File C:\WINDOWS\Uvobogologiw.dat not found.
File C:\WINDOWS\Dyigozew.bin not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Russel.YOUR-C94F920E24\My Documents\Downloads\cmd.bat deleted successfully.
C:\Documents and Settings\Russel.YOUR-C94F920E24\My Documents\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Administrator.YOUR-C94F920E24
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: aleck
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: aleck.YOUR-C94F920E24
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: ALECK~1~YOU

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Edith

User: faith
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: faith.YOUR-C94F920E24

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: HP_Owner
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->FireFox cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Russel
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Russel.YOUR-C94F920E24
->Temp folder emptied: 21103 bytes
->Temporary Internet Files folder emptied: 81702 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 14947977 bytes
->Google Chrome cache emptied: 8254366 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 456 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 16384 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 63994 bytes

Total Files Cleaned = 22.00 mb


[EMPTYFLASH]

User: Administrator

User: Administrator.YOUR-C94F920E24
->Flash cache emptied: 0 bytes

User: aleck
->Flash cache emptied: 0 bytes

User: aleck.YOUR-C94F920E24
->Flash cache emptied: 0 bytes

User: ALECK~1~YOU

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: Edith

User: faith

User: faith.YOUR-C94F920E24

User: Guest
->Flash cache emptied: 0 bytes

User: HP_Owner
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

User: Russel
->Flash cache emptied: 0 bytes

User: Russel.YOUR-C94F920E24
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

Error starting restore point: System Restore is disabled.
Error closing restore point: System Restore is disabled.

OTL by OldTimer - Version 3.2.22.3 log created on 03272011_172641

Files\Folders moved on Reboot...
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_668.dat not found!

Registry entries deleted on Reboot...

Files\Folders moved on Reboot...
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_668.dat not found!

Registry entries deleted on Reboot...


MBAM coming after this post.
  • 0

#10
Krsaigon
Posted 27 March 2011 - 04:10 PM

Krsaigon

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts
MBAM

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 5097

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

3/27/2011 11:10:32 PM
mbam-log-2011-03-27 (23-10-32).txt

Scan type: Quick scan
Objects scanned: 271532
Time elapsed: 2 hour(s), 57 minute(s), 41 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\drivers\15188711.sys (Rootkit.Agent.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Application Data\dhxiuw.dat (Malware.Trace) -> Quarantined and deleted successfully.
  • 0

Advertisements

#11
Essexboy
Posted 28 March 2011 - 10:31 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you run me one more scan with OTL please, ensure all users is selected and click run scan

Also right click the shortcut and select delete
  • 0

#12
Krsaigon
Posted 29 March 2011 - 07:12 AM

Krsaigon

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts
OTL logfile created on: 3/29/2011 1:57:55 PM - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Russel.YOUR-C94F920E24\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 61.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 180.30 Gb Total Space | 22.64 Gb Free Space | 12.56% Space Free | Partition Type: NTFS
Drive D: | 5.99 Gb Total Space | 0.53 Gb Free Space | 8.92% Space Free | Partition Type: FAT32

Computer Name: YOUR-C94F920E24 | User Name: Russel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/03/26 19:05:15 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Russel.YOUR-C94F920E24\My Documents\Downloads\OTL (1).exe
PRC - [2011/03/23 18:49:21 | 001,004,088 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Russel.YOUR-C94F920E24\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2011/02/16 16:49:08 | 000,088,176 | -H-- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2010/06/24 11:09:14 | 000,065,856 | -H-- | M] (Nalpeiron Ltd.) -- C:\WINDOWS\system32\NLSSRV32.EXE
PRC - [2010/06/24 11:08:58 | 000,196,928 | -H-- | M] (Nitro PDF Software) -- C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe
PRC - [2010/05/15 22:00:03 | 000,095,232 | -H-- | M] () -- C:\Program Files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe
PRC - [2010/02/18 11:43:20 | 000,490,728 | -H-- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2010/01/15 13:49:20 | 000,255,536 | -H-- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/11/17 10:17:38 | 000,486,216 | -H-- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
PRC - [2009/11/17 10:15:36 | 001,021,256 | -H-- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
PRC - [2009/07/09 21:07:14 | 000,049,968 | -H-- | M] (AOL LLC) -- C:\Program Files\AIM6\aim6.exe
PRC - [2009/05/14 15:47:54 | 000,731,840 | -H-- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2009/05/14 15:47:08 | 002,029,640 | -H-- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
PRC - [2008/11/09 21:48:14 | 000,602,392 | -H-- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/11/06 18:33:00 | 000,041,264 | -H-- | M] (AOL LLC) -- C:\Program Files\AIM6\aolsoftware.exe
PRC - [2008/06/08 08:31:04 | 002,221,352 | -H-- | M] (Nero AG) -- C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
PRC - [2008/04/14 01:12:19 | 001,033,728 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/06/21 05:51:05 | 000,180,269 | -H-- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2006/02/25 02:47:02 | 000,114,784 | -H-- | M] () -- C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
PRC - [2006/02/25 02:47:00 | 000,266,338 | -H-- | M] () -- C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
PRC - [2006/02/25 02:46:20 | 001,073,152 | -H-- | M] (Cyberlink) -- C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
PRC - [2003/04/09 18:21:38 | 000,147,456 | -H-- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
PRC - [2003/04/09 18:11:12 | 000,028,672 | -H-- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
PRC - [2003/04/09 17:59:24 | 000,311,296 | -H-- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposts08.exe
PRC - [2003/04/09 17:49:36 | 000,286,720 | -H-- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe


========== Modules (SafeList) ==========

MOD - [2011/03/26 19:05:15 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Russel.YOUR-C94F920E24\My Documents\Downloads\OTL (1).exe
MOD - [2011/03/09 17:54:14 | 000,018,176 | -H-- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\sahook.dll
MOD - [2010/08/23 17:12:02 | 001,054,208 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2006/12/02 03:51:44 | 000,032,768 | -H-- | M] (www.flashget.com) -- C:\Program Files\FlashGet\fgmgr.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/03/17 02:22:36 | 003,229,784 | -H-- | M] () [Auto | Running] -- c:\Program Files\Common Files\Akamai\netsession_win_d76cf65.dll -- (Akamai)
SRV - [2011/02/16 16:49:08 | 000,088,176 | -H-- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2010/06/24 11:09:14 | 000,065,856 | -H-- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\WINDOWS\system32\NLSSRV32.EXE -- (nlsX86cc)
SRV - [2010/06/24 11:08:58 | 000,196,928 | -H-- | M] (Nitro PDF Software) [Auto | Running] -- C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe -- (NitroDriverReadSpool)
SRV - [2010/01/15 13:49:20 | 000,227,232 | -H-- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/12/14 10:45:32 | 000,435,016 | -H-- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2009/11/17 10:15:36 | 001,021,256 | -H-- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2009/11/17 10:12:10 | 000,030,024 | -H-- | M] (TuneUp Software) [Auto | Running] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp)
SRV - [2009/10/21 13:19:26 | 000,655,624 | -H-- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/05/14 15:54:22 | 000,020,680 | -H-- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV - [2009/05/14 15:47:54 | 000,731,840 | -H-- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2008/11/09 21:48:14 | 000,602,392 | -H-- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2006/02/25 02:47:02 | 000,114,784 | -H-- | M] () [Auto | Running] -- C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe -- (CLSched) CyberLink Task Scheduler (CTS)
SRV - [2006/02/25 02:47:00 | 000,266,338 | -H-- | M] () [Auto | Running] -- C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe -- (CLCapSvc) CyberLink Background Capture Service (CBCS)
SRV - [2006/02/25 02:46:20 | 001,073,152 | -H-- | M] (Cyberlink) [Auto | Running] -- C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe -- (CyberLink Media Library Service)


========== Driver Services (SafeList) ==========

DRV - [2009/10/22 13:54:18 | 000,037,392 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\15188712.sys -- (15188712)
DRV - [2009/10/14 08:24:44 | 000,010,064 | -H-- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2009/10/09 23:31:10 | 000,315,408 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\1518871.sys -- (setup_9.0.0.722_25.03.2011_16-20drv)
DRV - [2009/05/14 15:49:32 | 000,094,360 | -H-- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir)
DRV - [2009/05/14 15:47:14 | 000,107,256 | -H-- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2009/05/14 15:41:10 | 000,114,472 | -H-- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2007/05/09 21:51:34 | 000,041,888 | -H-- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2007/05/09 21:47:00 | 001,276,832 | -H-- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LV302V32.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
DRV - [2006/03/08 21:27:12 | 004,246,016 | -H-- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/02/08 05:55:34 | 001,480,704 | -H-- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006/01/19 02:41:58 | 000,080,512 | -H-- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2005/12/13 01:27:00 | 000,019,072 | -H-- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)
DRV - [2005/06/30 01:03:18 | 000,175,104 | -H-- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ftsata2.sys -- (ftsata2)
DRV - [2004/08/03 22:31:34 | 000,020,992 | -H-- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2003/11/05 15:45:12 | 000,017,408 | -H-- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\bb-run.sys -- (bb-run)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...LION&pf=desktop
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...LION&pf=desktop
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...LION&pf=desktop
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...LION&pf=desktop
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1951882237-1008395978-543828888-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...LION&pf=desktop
IE - HKU\S-1-5-21-1951882237-1008395978-543828888-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.hotspotshield.com/g/?c=h
IE - HKU\S-1-5-21-1951882237-1008395978-543828888-1009\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
IE - HKU\S-1-5-21-1951882237-1008395978-543828888-1009\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKU\S-1-5-21-1951882237-1008395978-543828888-1009\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-1951882237-1008395978-543828888-1009\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1951882237-1008395978-543828888-1009\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local;*.local

IE - HKU\S-1-5-21-1951882237-1008395978-543828888-1010\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...LION&pf=desktop
IE - HKU\S-1-5-21-1951882237-1008395978-543828888-1010\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...LION&pf=desktop
IE - HKU\S-1-5-21-1951882237-1008395978-543828888-1010\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.h...LION&pf=desktop
IE - HKU\S-1-5-21-1951882237-1008395978-543828888-1010\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...LION&pf=desktop
IE - HKU\S-1-5-21-1951882237-1008395978-543828888-1010\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-1951882237-1008395978-543828888-1010\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1951882237-1008395978-543828888-1010\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.defaulturl: "http://slirsredirect...onType=&query="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {c2f863cd-0429-48c7-bb54-db756a951760}:5.21.1.1
FF - prefs.js..extensions.enabledItems: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}:4.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.9.9
FF - prefs.js..extensions.enabledItems: {f701c26a-479a-4724-b4f1-870db12f063c}:1.4.2
FF - prefs.js..extensions.enabledItems: [email protected]:2
FF - prefs.js..extensions.enabledItems: 4
FF - prefs.js..extensions.enabledItems: 9
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.2.20100119091315
FF - prefs.js..extensions.enabledItems: {ba2430e0-5b72-4cac-bc9e-7d1aaca75d3d}:1.6.0
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3.1
FF - prefs.js..extensions.enabledItems: {e0204bd5-9d31-402b-a99d-a6aa8ffebdca}:1.2.5
FF - prefs.js..keyword.URL: "http://uk.search.yah...h?fr=mcafee&p="


FF - HKLM\software\mozilla\Firefox\extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2011/03/20 22:23:49 | 000,000,000 | -H-D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/24 14:29:06 | 000,000,000 | -H-D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/24 14:29:06 | 000,000,000 | -H-D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2009/09/10 16:04:54 | 000,000,000 | -H-D | M]

[2011/03/15 20:12:45 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\Russel.YOUR-C94F920E24\Application Data\Mozilla\Extensions
[2011/03/15 20:12:45 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\Russel.YOUR-C94F920E24\Application Data\Mozilla\Extensions\[email protected]
[2011/03/29 13:03:37 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\Russel.YOUR-C94F920E24\Application Data\Mozilla\Firefox\Profiles\ad31uh3q.default\extensions
[2010/04/05 13:56:53 | 000,000,000 | -H-D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Russel.YOUR-C94F920E24\Application Data\Mozilla\Firefox\Profiles\ad31uh3q.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/03/15 02:51:19 | 000,000,000 | -H-D | M] (NoScript) -- C:\Documents and Settings\Russel.YOUR-C94F920E24\Application Data\Mozilla\Firefox\Profiles\ad31uh3q.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010/08/05 17:47:55 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\Russel.YOUR-C94F920E24\Application Data\Mozilla\Firefox\Profiles\ad31uh3q.default\extensions\{ba2430e0-5b72-4cac-bc9e-7d1aaca75d3d}
[2011/01/16 02:37:55 | 000,000,000 | -H-D | M] (Easy Youtube Video Downloader) -- C:\Documents and Settings\Russel.YOUR-C94F920E24\Application Data\Mozilla\Firefox\Profiles\ad31uh3q.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}
[2010/11/11 23:08:26 | 000,000,000 | -H-D | M] ("AIM Toolbar") -- C:\Documents and Settings\Russel.YOUR-C94F920E24\Application Data\Mozilla\Firefox\Profiles\ad31uh3q.default\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}
[2010/12/24 07:08:54 | 000,000,000 | -H-D | M] (Torbutton) -- C:\Documents and Settings\Russel.YOUR-C94F920E24\Application Data\Mozilla\Firefox\Profiles\ad31uh3q.default\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}
[2010/04/05 13:56:54 | 000,000,000 | -H-D | M] (Text-to-Image) -- C:\Documents and Settings\Russel.YOUR-C94F920E24\Application Data\Mozilla\Firefox\Profiles\ad31uh3q.default\extensions\{f701c26a-479a-4724-b4f1-870db12f063c}
[2009/12/20 23:03:40 | 000,000,000 | -H-D | M] (TVU Web Player) -- C:\Documents and Settings\Russel.YOUR-C94F920E24\Application Data\Mozilla\Firefox\Profiles\ad31uh3q.default\extensions\[email protected]
[2010/11/11 23:08:31 | 000,000,310 | -H-- | M] () -- C:\Documents and Settings\Russel.YOUR-C94F920E24\Application Data\Mozilla\Firefox\Profiles\ad31uh3q.default\searchplugins\aim-search.xml
[2011/03/29 13:03:37 | 000,000,000 | -H-D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/03/08 00:07:17 | 000,000,000 | -H-D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/06/10 22:32:23 | 000,000,000 | -H-D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/06/10 22:32:11 | 000,000,000 | -H-D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/03/20 22:23:49 | 000,000,000 | -H-D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES\MCAFEE\SITEADVISOR
[2008/02/27 17:57:38 | 000,106,496 | -H-- | M] (British Broadcasting Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npBBCPlugin.dll
[2010/06/10 22:32:07 | 000,411,368 | -H-- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2007/10/15 23:47:04 | 000,066,208 | -H-- | M] (Joost Technologies B.V. ) -- C:\Program Files\Mozilla Firefox\plugins\npJoostPlugin.dll
[2006/09/07 19:56:28 | 000,102,400 | -H-- | M] ( ) -- C:\Program Files\Mozilla Firefox\plugins\npvideoegg-loader.dll
[2007/03/10 00:16:44 | 000,189,496 | -H-- | M] (Yahoo! Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll
[2010/12/24 03:27:06 | 000,002,027 | -H-- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\McSiteAdvisor.xml

O1 HOSTS File: ([2011/03/27 17:26:46 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Flashget Catch Url Class) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll (www.flashget.com)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)
O2 - BHO: (AIM Toolbar Loader) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (AIM Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-1951882237-1008395978-543828888-1009\..\Toolbar\WebBrowser: (AIM Toolbar) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O3 - HKU\S-1-5-21-1951882237-1008395978-543828888-1010\..\Toolbar\WebBrowser: (AIM Toolbar) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [ftutil2] C:\WINDOWS\System32\ftutil2.dll (Promise Technology, Inc.)
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-21-1951882237-1008395978-543828888-1009..\Run: [Aim6] C:\Program Files\AIM6\aim6.exe (AOL LLC)
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Pin.lnk = C:\hp\bin\cloaker.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\Administrator.YOUR-C94F920E24\Start Menu\Programs\Startup\Pin.lnk = C:\hp\bin\cloaker.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hp psc 1000 series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe (Hewlett-Packard)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
O4 - Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\Pin.lnk = C:\hp\bin\cloaker.exe (Hewlett-Packard Co.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1951882237-1008395978-543828888-1009\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1951882237-1008395978-543828888-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1951882237-1008395978-543828888-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1951882237-1008395978-543828888-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1951882237-1008395978-543828888-1010\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1951882237-1008395978-543828888-1010\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &AIM Toolbar Search - C:\Documents and Settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html ()
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm ()
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm ()
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll (Google Inc.)
O9 - Extra Button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1252595208033 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-1951882237-1008395978-543828888-1009 Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Russel.YOUR-C94F920E24\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Russel.YOUR-C94F920E24\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/12/06 00:32:08 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/27 15:07:38 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/03/29 03:00:23 | 000,000,000 | ---D | C] -- C:\077cc98a95bb7ad18948d99f544ef3ce
[2011/03/28 03:00:19 | 000,000,000 | ---D | C] -- C:\d322b588c59d86895e135eab
[2011/03/27 17:02:07 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/03/26 18:18:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Russel.YOUR-C94F920E24\My Documents\RK_Quarantine
[2011/03/25 15:32:03 | 000,315,408 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\1518871.sys
[2011/03/25 15:32:03 | 000,037,392 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\15188712.sys
[2011/03/25 15:32:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Russel.YOUR-C94F920E24\Desktop\Virus Removal Tool
[2011/03/25 01:16:55 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Russel.YOUR-C94F920E24\Recent
[2011/03/24 13:10:21 | 000,000,000 | -H-D | C] -- C:\Program Files\GridinSoft Trojan Killer
[2011/03/24 12:29:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Russel.YOUR-C94F920E24\Start Menu\Programs\Windows Recovery
[2011/03/24 12:21:25 | 000,004,224 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\beep.sys
[2011/03/15 20:12:45 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Russel.YOUR-C94F920E24\Local Settings\Application Data\MozSwing
[2011/03/15 20:09:05 | 000,000,000 | -H-D | C] -- C:\Program Files\SEO PowerSuite
[2011/03/14 17:54:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Russel.YOUR-C94F920E24\My Documents\bonuses
[2011/03/08 00:06:08 | 000,000,000 | -H-D | C] -- C:\Program Files\Common Files\Skype

========== Files - Modified Within 30 Days ==========

[2011/03/29 14:02:00 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{9F6FD136-0ABE-43A8-970A-D40E2C30CE97}.job
[2011/03/29 13:49:58 | 000,000,248 | -H-- | M] () -- C:\WINDOWS\System\hpsysdrv.dat
[2011/03/29 13:49:54 | 000,000,882 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/03/29 13:45:00 | 000,000,886 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/03/29 13:21:00 | 000,001,014 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1951882237-1008395978-543828888-1009UA.job
[2011/03/29 13:21:00 | 000,000,962 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1951882237-1008395978-543828888-1009Core.job
[2011/03/28 23:23:03 | 000,000,308 | -H-- | M] () -- C:\WINDOWS\tasks\HPCeeSchedule.job
[2011/03/28 21:53:00 | 000,000,283 | RHS- | M] () -- C:\boot.ini
[2011/03/27 23:13:53 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/03/27 23:13:50 | 2079,772,672 | -HS- | M] () -- C:\hiberfil.sys
[2011/03/27 17:26:46 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/03/27 12:56:14 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/03/27 04:57:41 | 000,000,069 | -H-- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/03/27 04:40:23 | 000,054,272 | -H-- | M] () -- C:\Documents and Settings\Russel.YOUR-C94F920E24\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/26 23:22:12 | 000,002,422 | ---- | M] () -- C:\Documents and Settings\Russel.YOUR-C94F920E24\Desktop\Google Chrome.lnk
[2011/03/26 23:22:12 | 000,002,400 | ---- | M] () -- C:\Documents and Settings\Russel.YOUR-C94F920E24\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/03/26 19:03:34 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Russel.YOUR-C94F920E24\My Documents\MBR.dat
[2011/03/26 16:57:10 | 003,594,632 | -H-- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/03/25 14:58:00 | 000,000,284 | -H-- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/03/24 12:48:50 | 000,000,441 | -H-- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics
[2011/03/20 14:23:09 | 000,000,522 | -H-- | M] () -- C:\hpfr3420.xml
[2011/03/17 04:02:00 | 000,001,374 | -H-- | M] () -- C:\WINDOWS\imsins.BAK
[2011/03/16 16:21:31 | 000,006,123 | ---- | M] () -- C:\Documents and Settings\Russel.YOUR-C94F920E24\My Documents\get indexed.php
[2011/03/15 20:36:17 | 000,500,227 | -H-- | M] () -- C:\Documents and Settings\Russel.YOUR-C94F920E24\.spyglass.properties
[2011/03/15 20:36:07 | 002,743,571 | -H-- | M] () -- C:\Documents and Settings\Russel.YOUR-C94F920E24\.websiteauditor.properties
[2011/03/15 20:29:04 | 000,454,023 | -H-- | M] () -- C:\Documents and Settings\Russel.YOUR-C94F920E24\.linkassistant.properties
[2011/03/14 16:10:13 | 000,050,154 | ---- | M] () -- C:\Documents and Settings\Russel.YOUR-C94F920E24\My Documents\get-attachment.aspx
[2011/03/14 15:55:33 | 000,009,348 | ---- | M] () -- C:\Documents and Settings\Russel.YOUR-C94F920E24\My Documents\iflip.jpg
[2011/03/11 01:27:01 | 000,000,284 | -H-- | M] () -- C:\WINDOWS\tasks\wavepadShakeIcon.job
[2011/03/10 17:06:09 | 000,417,750 | ---- | M] () -- C:\Documents and Settings\Russel.YOUR-C94F920E24\My Documents\100035.pdf
[2011/03/09 16:06:29 | 000,002,265 | -H-- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011/03/08 01:55:33 | 000,043,517 | ---- | M] () -- C:\Documents and Settings\Russel.YOUR-C94F920E24\My Documents\Big Bird on stoop.gif
[2011/03/08 01:54:13 | 000,093,064 | ---- | M] () -- C:\Documents and Settings\Russel.YOUR-C94F920E24\My Documents\big bird t2.jpg
[2011/03/07 02:41:06 | 000,279,882 | ---- | M] () -- C:\Documents and Settings\Russel.YOUR-C94F920E24\Desktop\commision overload.png

========== Files Created - No Company Name ==========

[2011/03/27 03:49:38 | 2079,772,672 | -HS- | C] () -- C:\hiberfil.sys
[2011/03/26 18:36:43 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Russel.YOUR-C94F920E24\My Documents\MBR.dat
[2011/03/16 16:19:40 | 000,006,123 | ---- | C] () -- C:\Documents and Settings\Russel.YOUR-C94F920E24\My Documents\get indexed.php
[2011/03/15 20:36:17 | 000,500,227 | -H-- | C] () -- C:\Documents and Settings\Russel.YOUR-C94F920E24\.spyglass.properties
[2011/03/15 20:35:42 | 002,743,571 | -H-- | C] () -- C:\Documents and Settings\Russel.YOUR-C94F920E24\.websiteauditor.properties
[2011/03/15 20:15:31 | 000,454,023 | -H-- | C] () -- C:\Documents and Settings\Russel.YOUR-C94F920E24\.linkassistant.properties
[2011/03/14 16:10:14 | 000,050,154 | ---- | C] () -- C:\Documents and Settings\Russel.YOUR-C94F920E24\My Documents\get-attachment.aspx
[2011/03/14 15:56:02 | 000,009,348 | ---- | C] () -- C:\Documents and Settings\Russel.YOUR-C94F920E24\My Documents\iflip.jpg
[2011/03/11 01:26:42 | 000,000,284 | -H-- | C] () -- C:\WINDOWS\tasks\wavepadShakeIcon.job
[2011/03/10 17:06:09 | 000,417,750 | ---- | C] () -- C:\Documents and Settings\Russel.YOUR-C94F920E24\My Documents\100035.pdf
[2011/03/08 01:54:28 | 000,093,064 | ---- | C] () -- C:\Documents and Settings\Russel.YOUR-C94F920E24\My Documents\big bird t2.jpg
[2011/03/08 01:53:32 | 000,043,517 | ---- | C] () -- C:\Documents and Settings\Russel.YOUR-C94F920E24\My Documents\Big Bird on stoop.gif
[2011/03/07 02:41:20 | 000,279,882 | ---- | C] () -- C:\Documents and Settings\Russel.YOUR-C94F920E24\Desktop\commision overload.png
[2010/12/13 06:28:14 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/11/09 19:39:41 | 000,000,043 | -H-- | C] () -- C:\WINDOWS\gswin32.ini
[2010/07/27 13:58:15 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\Russel.YOUR-C94F920E24\Application Data\wklnhst.dat
[2010/07/16 16:07:28 | 000,000,082 | -H-- | C] () -- C:\WINDOWS\wininit.ini
[2010/06/10 03:10:47 | 000,000,185 | -H-- | C] () -- C:\WINDOWS\System32\MRT.INI
[2010/05/06 11:13:07 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/01/20 12:25:42 | 000,020,427 | -H-- | C] () -- C:\WINDOWS\hpoins01.dat.temp
[2010/01/20 12:25:42 | 000,016,622 | -H-- | C] () -- C:\WINDOWS\hpomdl01.dat.temp
[2010/01/20 11:56:11 | 000,019,575 | -H-- | C] () -- C:\WINDOWS\hpoins01.dat
[2010/01/20 11:56:11 | 000,016,606 | -H-- | C] () -- C:\WINDOWS\hpomdl01.dat
[2009/09/16 17:27:58 | 000,508,224 | -H-- | C] () -- C:\WINDOWS\System32\ICCProfiles.dll
[2009/09/16 14:34:34 | 000,063,572 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/09/14 15:16:19 | 000,000,145 | -H-- | C] () -- C:\Documents and Settings\Russel.YOUR-C94F920E24\Local Settings\Application Data\fusioncache.dat
[2009/09/12 23:02:33 | 000,054,272 | -H-- | C] () -- C:\Documents and Settings\Russel.YOUR-C94F920E24\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/12/13 19:14:05 | 000,004,757 | -H-- | C] () -- C:\WINDOWS\Irremote.ini
[2008/11/25 22:01:28 | 000,000,001 | -H-- | C] () -- C:\WINDOWS\be49f4daa.dat
[2008/07/06 10:45:39 | 000,000,021 | -H-- | C] () -- C:\WINDOWS\atid.ini
[2008/03/10 13:48:53 | 000,691,545 | -H-- | C] () -- C:\WINDOWS\unins000.exe
[2008/03/10 13:48:53 | 000,002,551 | -H-- | C] () -- C:\WINDOWS\unins000.dat
[2008/02/03 15:50:03 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\pcfriend.INI
[2007/08/16 23:32:25 | 000,118,784 | -H-- | C] () -- C:\WINDOWS\ShowBmp.exe
[2007/08/16 23:32:25 | 000,001,325 | -H-- | C] () -- C:\WINDOWS\Remove.ini
[2007/05/09 20:35:54 | 000,057,126 | -H-- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2007/05/05 22:47:39 | 000,000,151 | -H-- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2007/04/27 17:50:15 | 000,000,391 | -H-- | C] () -- C:\WINDOWS\COVERE~1.INI
[2007/02/28 21:46:02 | 000,000,069 | -H-- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/02/14 08:35:44 | 000,000,227 | -H-- | C] () -- C:\WINDOWS\HP_CounterReport_Update_HPSU.ini
[2006/12/29 22:11:40 | 000,000,722 | -H-- | C] () -- C:\WINDOWS\cdplayer.ini
[2006/12/23 07:20:40 | 000,002,956 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/12/22 18:00:47 | 000,001,302 | -H-- | C] () -- C:\WINDOWS\mozver.dat
[2006/12/22 17:55:15 | 000,000,335 | -H-- | C] () -- C:\WINDOWS\nsreg.dat
[2006/12/12 21:09:58 | 000,000,046 | -H-- | C] () -- C:\WINDOWS\adiras.ini
[2006/06/21 12:08:58 | 000,561,152 | RH-- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[2006/06/21 06:25:18 | 000,000,061 | -H-- | C] () -- C:\WINDOWS\smscfg.ini
[2006/06/21 06:04:31 | 000,028,848 | -H-- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
[2006/06/21 06:00:06 | 000,013,562 | -H-- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2006/06/21 05:59:59 | 000,045,056 | -H-- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2006/06/21 05:54:48 | 000,198,144 | -H-- | C] () -- C:\WINDOWS\System32\_psisdecd.dll
[2006/06/21 05:46:29 | 000,090,686 | -H-- | C] () -- C:\WINDOWS\hpiins01.dat
[2006/06/21 05:37:23 | 000,095,822 | -H-- | C] () -- C:\WINDOWS\hpqins69.dat
[2006/06/21 05:36:23 | 000,001,793 | -H-- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2006/06/21 05:33:54 | 000,121,994 | -H-- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2006/06/21 05:19:27 | 000,000,780 | -H-- | C] () -- C:\WINDOWS\orun32.ini
[2006/06/21 05:16:12 | 000,323,584 | -H-- | C] () -- C:\WINDOWS\System32\pythoncom22.dll
[2006/06/21 05:16:12 | 000,094,208 | -H-- | C] () -- C:\WINDOWS\System32\pywintypes22.dll
[2006/06/21 05:15:49 | 000,016,896 | -H-- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2005/12/06 00:49:08 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/12/06 00:36:34 | 000,384,904 | -H-- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2005/12/06 00:36:34 | 000,054,396 | -H-- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2005/12/06 00:34:46 | 003,594,632 | -H-- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/12/06 00:31:48 | 000,004,161 | -H-- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/12/06 00:30:02 | 000,021,640 | -H-- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/04 12:00:00 | 000,673,088 | -H-- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 12:00:00 | 000,272,128 | -H-- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 12:00:00 | 000,218,003 | -H-- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 12:00:00 | 000,046,258 | -H-- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 12:00:00 | 000,028,626 | -H-- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 12:00:00 | 000,004,569 | -H-- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 12:00:00 | 000,001,804 | -H-- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 12:00:00 | 000,000,741 | -H-- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/06/24 20:10:06 | 000,000,567 | -H-- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2001/08/23 23:12:28 | 013,107,200 | -H-- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 23:11:02 | 000,004,490 | -H-- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/07/06 22:30:00 | 000,003,399 | -H-- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

< End of report >
  • 0

#13
Essexboy
Posted 29 March 2011 - 10:56 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
That doesn't look to bad - what are your current problems ?
  • 0

#14
Krsaigon
Posted 31 March 2011 - 05:37 AM

Krsaigon

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts
Everything is fine, i think my system restore is disabled and few other stuff like my firefox addons but that's irrelevant. Well thank you man, but I scanned my laptop too, didnt want to start a new topic though. Heres the OTL log



OTL logfile created on: 3/31/2011 1:10:09 AM - Run 3
OTL by OldTimer - Version 3.2.22.3 Folder = F:\Game
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 664.00 Mb Available Physical Memory | 65.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 78.13 Gb Total Space | 21.69 Gb Free Space | 27.77% Space Free | Partition Type: NTFS
Drive F: | 31.06 Gb Total Space | 4.84 Gb Free Space | 15.59% Space Free | Partition Type: NTFS

Computer Name: DELL1500 | User Name: XP | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/03/31 00:42:27 | 000,580,608 | ---- | M] (OldTimer Tools) -- F:\Game\OTL.exe
PRC - [2010/09/22 18:12:16 | 000,015,800 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32Info.exe
PRC - [2010/06/24 09:27:12 | 000,810,144 | ---- | M] (ESET) -- C:\Program Files\Eset\ESET Smart Security\ekrn.exe
PRC - [2010/06/24 09:27:06 | 002,202,704 | ---- | M] (ESET) -- C:\Program Files\Eset\ESET Smart Security\egui.exe
PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/06/06 19:28:18 | 000,405,504 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2007/01/11 05:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE


========== Modules (SafeList) ==========

MOD - [2011/03/31 00:42:27 | 000,580,608 | ---- | M] (OldTimer Tools) -- F:\Game\OTL.exe
MOD - [2010/08/23 17:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2010/06/24 09:27:54 | 000,033,584 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv)
SRV - [2010/06/24 09:27:12 | 000,810,144 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe -- (ekrn)
SRV - [2007/01/11 05:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE -- (EPSON_PM_RPCV4_01) EPSON V3 Service4(01)


========== Driver Services (SafeList) ==========

DRV - [2010/06/24 09:27:22 | 000,055,256 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdi.sys -- (epfwtdi)
DRV - [2010/06/24 09:26:24 | 000,140,752 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2010/04/28 08:17:46 | 000,134,488 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\epfw.sys -- (epfw)
DRV - [2010/04/28 08:17:46 | 000,114,984 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2010/04/28 08:17:46 | 000,032,584 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\epfwndis.sys -- (Epfwndis)
DRV - [2009/08/05 23:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2007/06/06 19:28:16 | 001,222,840 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2007/05/09 21:51:34 | 000,041,888 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2007/05/09 21:47:00 | 001,276,832 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LV302V32.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
DRV - [2007/05/09 18:59:42 | 000,604,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2007/05/09 01:49:02 | 000,045,568 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2007/05/09 01:46:08 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/04/24 01:15:46 | 000,989,696 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2007/04/24 01:15:46 | 000,730,112 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2007/04/24 01:15:44 | 000,209,152 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2005/12/02 15:38:04 | 000,041,728 | ---- | M] (Sonic Focus, Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sfng32.sys -- (sfng32)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Live Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.live.c...ferrer:source?}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...&ctid=CT1572363
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = FE 01 BF 5A 9E 7F CB 01 [binary data]
IE - HKCU\..\URLSearchHook: {e5a1e26f-0d1d-4307-868f-fbd9a374ab54} - C:\Program Files\ooVoo_Video_Chat\prxtbooV2.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=;ftp=;https=;

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaultthis.engineName: "ooVoo Video Chat Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://search.condui...earchSource=13"
FF - prefs.js..extensions.enabledItems: {22119944-ED35-4ab1-910B-E619EA06A115}:6.10.1
FF - prefs.js..extensions.enabledItems: {ba2430e0-5b72-4cac-bc9e-7d1aaca75d3d}:1.6.0
FF - prefs.js..extensions.enabledItems: {63bd1709-0af6-4457-99ca-f2ce411047de}:0.3.10.21
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {c2b1f3ae-5cd5-49b7-8a0c-2c3bcbbbb294}:1.1
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.7
FF - prefs.js..extensions.enabledItems: {e5a1e26f-0d1d-4307-868f-fbd9a374ab54}:2.6.0.15
FF - prefs.js..extensions.enabledItems: {193d7001-bd9f-48c2-b5c7-69775aa2201d}:2.5.8.6
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.1.1
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {9c51bd27-6ed8-4000-a2bf-36cb95c0c947}:11.0.1
FF - prefs.js..extensions.enabledItems: {f701c26a-479a-4724-b4f1-870db12f063c}:1.4.2
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.5.2
FF - prefs.js..extensions.enabledItems: [email protected]:1.4
FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0
FF - prefs.js..extensions.enabledItems: {e0204bd5-9d31-402b-a99d-a6aa8ffebdca}:1.2.5
FF - prefs.js..extensions.enabledItems: {d57c9ff1-6389-48fc-b770-f78bd89b6e8a}:1.34
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "http://search.condui...d=CT2567697&q="
FF - prefs.js..network.proxy.autoconfig_url: "http://www.salford.ac.uk/proxy"


FF - HKLM\software\mozilla\Firefox\extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files\Siber Systems\AI RoboForm\Firefox [2010/11/24 09:01:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/30 19:05:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/08 21:07:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2010/09/15 20:49:40 | 000,000,000 | ---D | M]

[2008/09/14 11:07:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\XP\Application Data\Mozilla\Extensions
[2011/03/29 00:43:07 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\XP\Application Data\Mozilla\Firefox\Profiles\te0ovum3.default\extensions
[2010/07/11 11:04:04 | 000,000,000 | ---D | M] (Plusmedia uk Toolbar) -- C:\Documents and Settings\XP\Application Data\Mozilla\Firefox\Profiles\te0ovum3.default\extensions\{193d7001-bd9f-48c2-b5c7-69775aa2201d}
[2010/07/11 11:27:37 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\XP\Application Data\Mozilla\Firefox\Profiles\te0ovum3.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/12/03 03:07:05 | 000,000,000 | ---D | M] (SeoQuake) -- C:\Documents and Settings\XP\Application Data\Mozilla\Firefox\Profiles\te0ovum3.default\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}
[2010/12/08 08:51:25 | 000,000,000 | ---D | M] (Fill Form) -- C:\Documents and Settings\XP\Application Data\Mozilla\Firefox\Profiles\te0ovum3.default\extensions\{63bd1709-0af6-4457-99ca-f2ce411047de}
[2010/12/10 07:08:44 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\XP\Application Data\Mozilla\Firefox\Profiles\te0ovum3.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010/11/23 01:58:02 | 000,000,000 | ---D | M] (Tamper Data) -- C:\Documents and Settings\XP\Application Data\Mozilla\Firefox\Profiles\te0ovum3.default\extensions\{9c51bd27-6ed8-4000-a2bf-36cb95c0c947}
[2010/11/29 07:25:58 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\XP\Application Data\Mozilla\Firefox\Profiles\te0ovum3.default\extensions\{ba2430e0-5b72-4cac-bc9e-7d1aaca75d3d}
[2010/12/03 03:07:04 | 000,000,000 | ---D | M] ("NoDoFollow") -- C:\Documents and Settings\XP\Application Data\Mozilla\Firefox\Profiles\te0ovum3.default\extensions\{c2b1f3ae-5cd5-49b7-8a0c-2c3bcbbbb294}
[2011/01/29 05:26:31 | 000,000,000 | ---D | M] ("SearchStatus") -- C:\Documents and Settings\XP\Application Data\Mozilla\Firefox\Profiles\te0ovum3.default\extensions\{d57c9ff1-6389-48fc-b770-f78bd89b6e8a}
[2011/01/04 03:02:14 | 000,000,000 | ---D | M] (Torbutton) -- C:\Documents and Settings\XP\Application Data\Mozilla\Firefox\Profiles\te0ovum3.default\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}
[2010/12/24 12:11:57 | 000,000,000 | ---D | M] (Torbutton) -- C:\Documents and Settings\XP\Application Data\Mozilla\Firefox\Profiles\te0ovum3.default\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}(2)
[2010/11/03 19:03:21 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\XP\Application Data\Mozilla\Firefox\Profiles\te0ovum3.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010/11/11 20:45:39 | 000,000,000 | ---D | M] (ooVoo Video Chat Toolbar) -- C:\Documents and Settings\XP\Application Data\Mozilla\Firefox\Profiles\te0ovum3.default\extensions\{e5a1e26f-0d1d-4307-868f-fbd9a374ab54}
[2010/11/29 07:46:54 | 000,000,000 | ---D | M] (Text-to-Image) -- C:\Documents and Settings\XP\Application Data\Mozilla\Firefox\Profiles\te0ovum3.default\extensions\{f701c26a-479a-4724-b4f1-870db12f063c}
[2011/03/23 03:36:29 | 000,000,000 | ---D | M] (The Browser Highlighter) -- C:\Documents and Settings\XP\Application Data\Mozilla\Firefox\Profiles\te0ovum3.default\extensions\[email protected]
[2010/07/11 11:05:48 | 000,000,000 | ---D | M] (Veoh Video Compass) -- C:\Documents and Settings\XP\Application Data\Mozilla\Firefox\Profiles\te0ovum3.default\extensions\[email protected]
[2010/10/15 16:07:41 | 000,000,000 | ---D | M] (Real Hide IP) -- C:\Documents and Settings\XP\Application Data\Mozilla\Firefox\Profiles\te0ovum3.default\extensions\[email protected]
[2010/11/02 21:34:04 | 000,000,000 | ---D | M] (vShare Plugin) -- C:\Documents and Settings\XP\Application Data\Mozilla\Firefox\Profiles\te0ovum3.default\extensions\vshare@toolbar
[2010/11/23 16:51:36 | 000,000,000 | ---D | M] (RoboForm Online Toolbar) -- C:\Documents and Settings\XP\Application Data\Mozilla\Firefox\Profiles\te0ovum3.default\extensions\[email protected]
[2010/08/21 01:43:05 | 000,001,490 | ---- | M] () -- C:\Documents and Settings\XP\Application Data\Mozilla\Firefox\Profiles\te0ovum3.default\searchplugins\AOL Search.xml
[2010/07/11 11:15:14 | 000,002,429 | ---- | M] () -- C:\Documents and Settings\XP\Application Data\Mozilla\Firefox\Profiles\te0ovum3.default\searchplugins\askcom.xml
[2010/05/16 18:39:28 | 000,000,935 | ---- | M] () -- C:\Documents and Settings\XP\Application Data\Mozilla\Firefox\Profiles\te0ovum3.default\searchplugins\conduit.xml
[2010/11/02 21:34:13 | 000,001,592 | ---- | M] () -- C:\Documents and Settings\XP\Application Data\Mozilla\Firefox\Profiles\te0ovum3.default\searchplugins\web-search.xml
[2011/03/29 00:43:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/08/03 19:46:36 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/08/16 23:49:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011/03/15 12:45:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2010/07/11 11:15:38 | 000,000,000 | ---D | M] (The Browser Highlighter) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
[2008/11/14 21:46:12 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010/11/24 09:01:23 | 000,000,000 | ---D | M] (AI Roboform Toolbar for Firefox) -- C:\PROGRAM FILES\SIBER SYSTEMS\AI ROBOFORM\FIREFOX
[2008/11/16 23:26:17 | 000,000,000 | ---D | M] (Veoh Web Player Video Finder) -- C:\PROGRAM FILES\VEOH NETWORKS\VEOHWEBPLAYER\FFVIDEOFINDER
[2011/02/02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/08/21 01:43:05 | 000,001,490 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\AOL Search.xml

O1 HOSTS File: ([2011/03/09 05:07:21 | 000,000,121 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 www.dummysoftware.com
O1 - Hosts: 127.0.0.1 dummysoftware.com
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (ooVoo Video Chat Toolbar) - {e5a1e26f-0d1d-4307-868f-fbd9a374ab54} - C:\Program Files\ooVoo_Video_Chat\prxtbooV2.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Veoh Web Player Video Finder) - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll (Veoh Networks Inc)
O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (ooVoo Video Chat Toolbar) - {e5a1e26f-0d1d-4307-868f-fbd9a374ab54} - C:\Program Files\ooVoo_Video_Chat\prxtbooV2.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (ooVoo Video Chat Toolbar) - {E5A1E26F-0D1D-4307-868F-FBD9A374AB54} - C:\Program Files\ooVoo_Video_Chat\prxtbooV2.dll (Conduit Ltd.)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\WINDOWS\System32\nvhotkey.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKCU..\Run: [runAPI92] C:\Documents and Settings\XP\Local Settings\Temp\runAPI69.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Customize Menu - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: Fill Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: RoboForm Toolbar - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} http://assets.photob...?20090309080349 (PhotoboxPhotowaysUploader5 Control)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail....es/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ent/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\XP\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\XP\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/09/12 07:37:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/03/27 20:40:51 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/03/27 17:22:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\XP\Desktop\jar of hearts
[2011/03/27 11:08:03 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\XP\Recent
[2011/03/26 01:48:21 | 000,000,000 | ---D | C] -- C:\Program Files\SERPAttacks
[2011/03/25 12:42:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\XP\Desktop\New Folder (2)
[2011/03/25 08:34:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\XP\Application Data\PCF-VLC
[2011/03/25 07:36:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\XP\Local Settings\Application Data\TVU Networks
[2011/03/25 07:36:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TVU Networks
[2011/03/25 07:36:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\XP\LocalLow
[2011/03/25 07:36:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\XP\Application Data\Participatory Culture Foundation
[2011/03/25 04:20:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\XP\Application Data\ubot
[2011/03/22 18:33:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\XP\My Documents\Set Fire To The Rain (karaoke instrumental) by Adele with on screen lyrics (2)_data
[2011/03/19 06:02:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\XP\My Documents\Reezy - Director (Beat Only)_data
[2011/03/18 03:22:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Forum Warrior
[2011/03/18 03:22:08 | 000,000,000 | ---D | C] -- C:\Program Files\Forum Warrior
[2011/03/18 00:53:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\XP\Local Settings\Application Data\Xenocode
[2011/03/17 05:11:06 | 000,000,000 | ---D | C] -- C:\Program Files\Audacity 1.3 Beta (Unicode)
[2011/03/16 01:44:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\XP\Application Data\com.adobe.example.lovee.C6EC44B5C943A4DDCD781F06D19CDB0574EF4B20.1
[2011/03/15 12:46:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/03/10 08:05:55 | 000,000,000 | -HSD | C] -- C:\found.000
[2011/03/09 05:00:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\RSS Submit
[2011/03/09 05:00:36 | 000,000,000 | ---D | C] -- C:\Program Files\RSS Submit
[2011/03/09 04:59:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\XP\Desktop\K-Soft_RSS_Submit_v3.0+Plugins
[2011/03/09 01:26:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\XP\Start Menu\Programs\Article Marketing Robot
[2011/03/09 01:26:40 | 000,000,000 | ---D | C] -- C:\Program Files\Article Marketing Robot
[2011/03/09 01:26:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\XP\Application Data\Article Marketing Robot
[2011/03/09 01:25:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\XP\My Documents\Crack
[2011/03/09 00:07:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\XP\Desktop\Review Pics
[2011/03/08 20:34:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2011/03/03 02:29:52 | 000,000,000 | --SD | C] -- C:\Documents and Settings\XP\My Documents\My Webs
[2011/03/01 03:08:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AIM
[2011/03/01 03:08:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Software Update Utility
[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[10 C:\Documents and Settings\XP\My Documents\*.tmp files -> C:\Documents and Settings\XP\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/03/31 01:16:29 | 000,065,310 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2011/03/31 01:14:47 | 000,137,216 | ---- | M] () -- C:\Documents and Settings\XP\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/31 00:46:02 | 000,000,966 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-602162358-1958367476-725345543-1003UA.job
[2011/03/30 20:46:00 | 000,000,914 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-602162358-1958367476-725345543-1003Core.job
[2011/03/30 18:12:51 | 000,494,286 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/03/30 18:12:51 | 000,084,680 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/03/30 18:08:51 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/03/30 18:08:34 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2011/03/30 18:08:26 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2011/03/30 18:08:22 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/03/30 13:32:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/03/30 05:51:43 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011/03/29 07:37:19 | 000,050,198 | ---- | M] () -- C:\Documents and Settings\XP\My Documents\errrrrrgh.mp3
[2011/03/29 00:22:55 | 000,065,310 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat
[2011/03/27 17:21:53 | 000,003,895 | ---- | M] () -- C:\Documents and Settings\XP\My Documents\Hearts-Chocolate-Jar.jpg
[2011/03/27 17:19:48 | 004,043,563 | ---- | M] () -- C:\Documents and Settings\XP\My Documents\JAR OF HEARTS COVER.mp3
[2011/03/27 14:05:00 | 005,841,112 | ---- | M] () -- C:\Documents and Settings\XP\My Documents\Leave Me Alone.mp3
[2011/03/26 01:34:49 | 000,772,096 | ---- | M] () -- C:\Documents and Settings\XP\Application Data\chrtmp
[2011/03/22 18:38:12 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\wavepadShakeIcon.job
[2011/03/22 18:36:26 | 003,913,777 | ---- | M] () -- C:\Documents and Settings\XP\My Documents\Set fire cover.mp3
[2011/03/22 18:33:48 | 000,053,037 | ---- | M] () -- C:\Documents and Settings\XP\My Documents\Set Fire To The Rain (karaoke instrumental) by Adele with on screen lyrics (2).aup
[2011/03/22 18:15:23 | 003,913,047 | ---- | M] () -- C:\Documents and Settings\XP\My Documents\set fire 1.mp3
[2011/03/22 18:13:23 | 001,718,704 | ---- | M] () -- C:\Documents and Settings\XP\My Documents\set fire 1.wav
[2011/03/22 17:46:46 | 005,834,951 | ---- | M] () -- C:\Documents and Settings\XP\My Documents\Set Fire To The Rain (karaoke instrumental) by Adele with on screen lyrics (2).mp3
[2011/03/22 17:41:38 | 000,786,631 | ---- | M] () -- C:\Documents and Settings\XP\My Documents\Set Fire To The Rain (karaoke instrumental) by Adele with on screen lyrics.mp3
[2011/03/22 17:34:40 | 002,636,100 | ---- | M] () -- C:\Documents and Settings\XP\My Documents\Lady Gaga - Born This Way instrumental (Acoustic) - (1).mp3
[2011/03/20 21:14:37 | 000,158,830 | ---- | M] () -- C:\Documents and Settings\XP\My Documents\makeover (1).jpg
[2011/03/19 06:02:56 | 000,027,122 | ---- | M] () -- C:\Documents and Settings\XP\My Documents\Reezy - Director (Beat Only).aup
[2011/03/18 05:43:10 | 000,002,479 | ---- | M] () -- C:\Documents and Settings\XP\Desktop\Article Marketing Robot.lnk
[2011/03/18 03:22:11 | 000,001,549 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Forum Warrior.lnk
[2011/03/17 05:11:22 | 000,000,729 | ---- | M] () -- C:\Documents and Settings\XP\Desktop\Audacity 1.3 Beta (Unicode).lnk
[2011/03/15 14:15:48 | 000,024,780 | ---- | M] () -- C:\Documents and Settings\XP\Desktop\dzsas.png
[2011/03/15 04:21:15 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/03/15 04:18:33 | 000,006,119 | ---- | M] () -- C:\Documents and Settings\XP\Desktop\get indexed.php
[2011/03/14 04:29:27 | 002,692,008 | ---- | M] (Softtouch Software Design) -- C:\Documents and Settings\XP\Desktop\scrapebox.exe
[2011/03/14 04:29:14 | 000,482,760 | ---- | M] (Softtouch Software Design) -- C:\Documents and Settings\XP\Desktop\sbupdate.exe
[2011/03/14 04:28:10 | 003,139,425 | ---- | M] () -- C:\Documents and Settings\XP\Desktop\scrapebox.zip
[2011/03/09 05:00:44 | 000,000,726 | ---- | M] () -- C:\Documents and Settings\XP\Desktop\RSS Submit.lnk
[2011/03/09 04:52:03 | 000,000,881 | ---- | M] () -- C:\Documents and Settings\XP\My Documents\links for social bookmarking and rss
[2011/03/05 21:40:50 | 000,000,077 | ---- | M] () -- C:\Documents and Settings\XP\Desktop\All Categories.url
[2011/03/05 18:44:34 | 000,018,462 | ---- | M] () -- C:\Documents and Settings\XP\My Documents\Photo0151n
[2011/03/04 17:39:37 | 022,332,468 | ---- | M] () -- C:\Documents and Settings\XP\My Documents\Nicki minaj Ft Drake Moment for life preview cover.wav
[2011/03/01 03:08:17 | 000,001,106 | -H-- | M] () -- C:\IPH.PH
[2011/03/01 03:08:16 | 000,001,590 | ---- | M] () -- C:\Documents and Settings\XP\Application Data\Microsoft\Internet Explorer\Quick Launch\AIM.lnk
[2011/03/01 03:08:16 | 000,001,572 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AIM.lnk
[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[10 C:\Documents and Settings\XP\My Documents\*.tmp files -> C:\Documents and Settings\XP\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/03/29 03:02:54 | 000,050,198 | ---- | C] () -- C:\Documents and Settings\XP\My Documents\errrrrrgh.mp3
[2011/03/27 17:21:53 | 000,003,895 | ---- | C] () -- C:\Documents and Settings\XP\My Documents\Hearts-Chocolate-Jar.jpg
[2011/03/27 17:16:17 | 004,043,563 | ---- | C] () -- C:\Documents and Settings\XP\My Documents\JAR OF HEARTS COVER.mp3
[2011/03/27 14:04:21 | 005,841,112 | ---- | C] () -- C:\Documents and Settings\XP\My Documents\Leave Me Alone.mp3
[2011/03/26 01:45:06 | 000,772,096 | ---- | C] () -- C:\Documents and Settings\XP\Application Data\chrtmp
[2011/03/25 12:40:50 | 006,553,880 | ---- | C] () -- C:\Documents and Settings\XP\Desktop\tbssf.dat
[2011/03/25 12:40:47 | 000,397,312 | ---- | C] () -- C:\Documents and Settings\XP\Desktop\TheBestSpinner.exe
[2011/03/22 18:38:11 | 000,000,276 | ---- | C] () -- C:\WINDOWS\tasks\wavepadShakeIcon.job
[2011/03/22 18:35:30 | 003,913,777 | ---- | C] () -- C:\Documents and Settings\XP\My Documents\Set fire cover.mp3
[2011/03/22 18:33:48 | 000,053,037 | ---- | C] () -- C:\Documents and Settings\XP\My Documents\Set Fire To The Rain (karaoke instrumental) by Adele with on screen lyrics (2).aup
[2011/03/22 18:14:27 | 003,913,047 | ---- | C] () -- C:\Documents and Settings\XP\My Documents\set fire 1.mp3
[2011/03/22 18:11:46 | 001,718,704 | ---- | C] () -- C:\Documents and Settings\XP\My Documents\set fire 1.wav
[2011/03/22 17:47:21 | 005,834,951 | ---- | C] () -- C:\Documents and Settings\XP\My Documents\Set Fire To The Rain (karaoke instrumental) by Adele with on screen lyrics (2).mp3
[2011/03/22 17:43:00 | 000,786,631 | ---- | C] () -- C:\Documents and Settings\XP\My Documents\Set Fire To The Rain (karaoke instrumental) by Adele with on screen lyrics.mp3
[2011/03/22 17:34:53 | 002,636,100 | ---- | C] () -- C:\Documents and Settings\XP\My Documents\Lady Gaga - Born This Way instrumental (Acoustic) - (1).mp3
[2011/03/20 21:16:12 | 000,158,830 | ---- | C] () -- C:\Documents and Settings\XP\My Documents\makeover (1).jpg
[2011/03/19 06:02:56 | 000,027,122 | ---- | C] () -- C:\Documents and Settings\XP\My Documents\Reezy - Director (Beat Only).aup
[2011/03/18 10:02:59 | 000,085,336 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/03/18 03:22:11 | 000,001,549 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Forum Warrior.lnk
[2011/03/17 05:11:22 | 000,000,735 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Audacity 1.3 Beta (Unicode).lnk
[2011/03/17 05:11:22 | 000,000,729 | ---- | C] () -- C:\Documents and Settings\XP\Desktop\Audacity 1.3 Beta (Unicode).lnk
[2011/03/15 14:16:05 | 000,024,780 | ---- | C] () -- C:\Documents and Settings\XP\Desktop\dzsas.png
[2011/03/15 04:18:33 | 000,006,119 | ---- | C] () -- C:\Documents and Settings\XP\Desktop\get indexed.php
[2011/03/09 05:00:44 | 000,000,726 | ---- | C] () -- C:\Documents and Settings\XP\Desktop\RSS Submit.lnk
[2011/03/09 04:52:03 | 000,000,881 | ---- | C] () -- C:\Documents and Settings\XP\My Documents\links for social bookmarking and rss
[2011/03/09 01:26:55 | 000,002,479 | ---- | C] () -- C:\Documents and Settings\XP\Desktop\Article Marketing Robot.lnk
[2011/03/09 01:25:54 | 015,226,902 | ---- | C] () -- C:\Documents and Settings\XP\My Documents\ArticleMarketingRobot_Setup.msi
[2011/03/05 21:40:50 | 000,000,077 | ---- | C] () -- C:\Documents and Settings\XP\Desktop\All Categories.url
[2011/03/05 18:44:33 | 000,018,462 | ---- | C] () -- C:\Documents and Settings\XP\My Documents\Photo0151n
[2011/03/04 17:39:24 | 022,332,468 | ---- | C] () -- C:\Documents and Settings\XP\My Documents\Nicki minaj Ft Drake Moment for life preview cover.wav
[2011/02/22 03:50:14 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/02/22 03:50:13 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/02/22 03:50:13 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/02/22 03:50:13 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/02/22 03:50:13 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/01/26 01:09:40 | 000,131,584 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall.exe
[2011/01/26 01:09:40 | 000,009,905 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-MMaster.dat
[2010/10/15 03:39:44 | 000,000,391 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Setting.dat
[2010/10/15 03:39:44 | 000,000,022 | ---- | C] () -- C:\Documents and Settings\XP\Application Data\UserFlag.ini
[2010/09/23 07:33:18 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/07/08 01:33:48 | 000,026,500 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/04/24 14:29:11 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2009/03/20 04:48:06 | 002,931,168 | ---- | C] () -- C:\Program Files\FLV PlayerFCSetup.exe
[2009/01/30 23:44:42 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\LocalService\Application Data\$_hpcst$.hpc
[2008/12/31 19:32:07 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\XP\Application Data\$_hpcst$.hpc
[2008/11/28 00:04:48 | 000,111,932 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2008/11/28 00:04:48 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2008/11/28 00:04:48 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2008/11/28 00:04:48 | 000,026,154 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2008/11/28 00:04:48 | 000,024,903 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2008/11/28 00:04:48 | 000,021,390 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2008/11/28 00:04:48 | 000,020,148 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2008/11/28 00:04:48 | 000,011,811 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2008/11/28 00:04:48 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2008/11/28 00:04:48 | 000,001,146 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_DU.dat
[2008/11/28 00:04:48 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2008/11/28 00:04:48 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2008/11/28 00:04:48 | 000,001,136 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2008/11/28 00:04:48 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2008/11/28 00:04:48 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2008/11/28 00:04:48 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_IT.dat
[2008/11/28 00:04:48 | 000,001,107 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_GE.dat
[2008/11/28 00:04:48 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2008/11/28 00:04:48 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2008/11/27 23:49:06 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDE DX4400DEFGIPS.ini
[2008/11/27 02:56:33 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/11/26 02:10:13 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2008/11/18 05:27:59 | 000,000,057 | ---- | C] () -- C:\WINDOWS\System32\imon1.dat
[2008/09/14 15:28:40 | 000,137,216 | ---- | C] () -- C:\Documents and Settings\XP\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/09/14 11:07:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/09/12 12:28:15 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/09/12 11:12:25 | 000,065,310 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat
[2008/09/12 10:26:02 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/09/12 10:24:33 | 001,626,112 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2008/09/12 10:24:33 | 000,142,032 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/09/12 10:24:32 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008/09/12 10:24:32 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/09/12 10:24:30 | 001,018,804 | ---- | C] () -- C:\WINDOWS\System32\nvucode.bin
[2008/09/12 10:24:30 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008/09/12 10:24:28 | 001,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008/09/12 10:24:27 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2008/09/12 10:24:23 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2008/09/12 10:24:22 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2008/09/12 07:41:08 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/09/12 07:34:28 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2007/05/09 20:35:54 | 000,057,126 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2004/08/07 01:17:40 | 000,494,286 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/07 01:17:40 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/07 01:17:39 | 000,084,680 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/07 01:17:39 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/07 01:17:35 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/07 01:17:34 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/07 01:17:30 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/07 01:17:08 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/07 01:17:07 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/07 01:16:26 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 06:07:22 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/02 19:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat

========== LOP Check ==========

[2010/08/21 01:43:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM
[2009/02/27 22:48:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2008/11/28 00:03:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2010/09/15 20:49:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2009/03/22 12:12:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fugazo
[2009/03/31 00:03:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gogii
[2010/07/11 14:08:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kontiki
[2011/01/21 07:09:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Magic Submitter
[2010/07/11 14:13:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
[2010/08/22 01:13:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Micro Niche Finder
[2010/09/10 16:06:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2009/03/22 11:09:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2009/02/02 23:08:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Playrix Entertainment
[2011/03/08 20:47:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2010/11/24 09:01:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RoboForm
[2009/08/02 21:03:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/09/17 14:30:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trusteer
[2008/11/28 00:09:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UDL
[2010/10/03 14:56:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/10/01 01:48:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/22 23:51:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2010/08/21 01:43:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XP\Application Data\acccore
[2011/03/18 05:45:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XP\Application Data\Article Marketing Robot
[2011/03/29 03:03:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XP\Application Data\Audacity
[2011/01/04 02:19:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XP\Application Data\Azureus
[2010/09/23 04:07:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XP\Application Data\Bryxen Software
[2011/03/16 01:44:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XP\Application Data\com.adobe.example.lovee.C6EC44B5C943A4DDCD781F06D19CDB0574EF4B20.1
[2008/12/02 16:12:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XP\Application Data\EPSON
[2010/09/15 20:52:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XP\Application Data\ESET
[2011/02/01 03:28:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XP\Application Data\EurekaLog
[2011/03/15 04:48:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XP\Application Data\FileZilla
[2010/08/21 12:23:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XP\Application Data\LimeWire
[2010/11/08 02:29:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XP\Application Data\LinkBounder
[2009/01/30 23:24:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XP\Application Data\Livestation
[2010/10/22 01:41:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XP\Application Data\MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1
[2010/09/10 16:06:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XP\Application Data\NCH Swift Sound
[2010/11/30 04:31:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XP\Application Data\Notepad++
[2010/11/11 20:46:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XP\Application Data\ooVoo Details
[2010/07/11 11:05:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XP\Application Data\OpenCandy
[2011/03/25 07:36:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XP\Application Data\Participatory Culture Foundation
[2011/03/25 08:34:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XP\Application Data\PCF-VLC
[2009/03/22 11:09:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XP\Application Data\PlayFirst
[2011/03/29 15:11:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XP\Application Data\PriceGong
[2011/03/29 01:39:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XP\Application Data\Spotify
[2009/09/17 14:30:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XP\Application Data\Trusteer
[2011/03/25 04:20:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XP\Application Data\ubot
[2010/10/15 04:13:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XP\Application Data\uTorrent
[2009/01/25 20:02:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XP\Application Data\Windows Live Writer
[2011/03/30 18:08:26 | 000,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\OGALogon.job
[2011/03/22 18:38:12 | 000,000,276 | ---- | M] () -- C:\WINDOWS\Tasks\wavepadShakeIcon.job
[2011/03/30 18:08:34 | 000,000,260 | ---- | M] () -- C:\WINDOWS\Tasks\WGASetup.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 177 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E6E9EB6C
@Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:30376ACC
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:25005EFA
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:89CC7FD8

< End of report >
  • 0

#15
Essexboy
Posted 31 March 2011 - 10:39 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
There is a bit of malware on the laptop - is it giving any problems ?

Reference System restore are you able to turn it on ? If not what error do you get ?

For firefox I would recommend a reinstall to get it back up and running properly

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O4 - HKCU..\Run: [runAPI92] C:\Documents and Settings\XP\Local Settings\Temp\runAPI69.exe ()

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP