Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Cant open antivirus websites


  • This topic is locked This topic is locked

#1
dr_ask

dr_ask

    New Member

  • Member
  • Pip
  • 7 posts
Hi guys, am having some trouble with my computer

i havent had an antivirus software for about a month now. and now i cannot even visit any antivirus software for downloads.
i installed mse from my flash disc but i cant update to start a scan. i have no clue what to do so please help.
  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there lets see if we can get you on the road to recovery - you may need to use a flash drive for these programmes

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.


    Posted Image

  • If an infected file is detected, the default action will be Cure, click on Continue.


    Posted Image

  • If a suspicious file is detected, the default action will be Skip, click on Continue.


    Posted Image

  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.


    Posted Image

  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

THEN

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under the Custom Scan box paste this in

    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    %systemroot%\*. /mp /s
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    CREATERESTOREPOINT

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs

  • 0

#3
dr_ask

dr_ask

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
dear essex boy,

when i run the TDSSKiller,it says no threats are detected, but here is the report:


2011/05/19 10:00:57.0359 3300 TDSS rootkit removing tool 2.5.1.0 May 13 2011 13:20:29
2011/05/19 10:00:57.0359 3300 ================================================================================
2011/05/19 10:00:57.0359 3300 SystemInfo:
2011/05/19 10:00:57.0359 3300
2011/05/19 10:00:57.0359 3300 OS Version: 5.1.2600 ServicePack: 3.0
2011/05/19 10:00:57.0359 3300 Product type: Workstation
2011/05/19 10:00:57.0359 3300 ComputerName: USER-ADEEF2C2AA
2011/05/19 10:00:57.0359 3300 UserName: User
2011/05/19 10:00:57.0359 3300 Windows directory: C:\WINDOWS
2011/05/19 10:00:57.0359 3300 System windows directory: C:\WINDOWS
2011/05/19 10:00:57.0359 3300 Processor architecture: Intel x86
2011/05/19 10:00:57.0359 3300 Number of processors: 2
2011/05/19 10:00:57.0359 3300 Page size: 0x1000
2011/05/19 10:00:57.0359 3300 Boot type: Normal boot
2011/05/19 10:00:57.0359 3300 ================================================================================
2011/05/19 10:00:57.0546 3300 Initialize success
2011/05/19 10:00:59.0296 3320 ================================================================================
2011/05/19 10:00:59.0296 3320 Scan started
2011/05/19 10:00:59.0296 3320 Mode: Manual;
2011/05/19 10:00:59.0296 3320 ================================================================================
2011/05/19 10:01:00.0187 3320 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/05/19 10:01:00.0234 3320 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/05/19 10:01:00.0296 3320 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/05/19 10:01:00.0359 3320 AFD (322d0e36693d6e24a2398bee62a268cd) C:\WINDOWS\System32\drivers\afd.sys
2011/05/19 10:01:00.0468 3320 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/05/19 10:01:00.0500 3320 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/05/19 10:01:00.0546 3320 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/05/19 10:01:00.0593 3320 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/05/19 10:01:00.0656 3320 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/05/19 10:01:00.0890 3320 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/05/19 10:01:00.0921 3320 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/05/19 10:01:00.0968 3320 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/05/19 10:01:01.0031 3320 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/05/19 10:01:01.0093 3320 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/05/19 10:01:01.0187 3320 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/05/19 10:01:01.0281 3320 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/05/19 10:01:01.0296 3320 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/05/19 10:01:01.0312 3320 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/05/19 10:01:01.0359 3320 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/05/19 10:01:01.0406 3320 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/05/19 10:01:01.0453 3320 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/05/19 10:01:01.0468 3320 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2011/05/19 10:01:01.0484 3320 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/05/19 10:01:01.0500 3320 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/05/19 10:01:01.0531 3320 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2011/05/19 10:01:01.0546 3320 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/05/19 10:01:01.0546 3320 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/05/19 10:01:01.0593 3320 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/05/19 10:01:01.0593 3320 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/05/19 10:01:01.0656 3320 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/05/19 10:01:01.0718 3320 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/05/19 10:01:01.0750 3320 HTTP (f6aacf5bce2893e0c1754afeb672e5c9) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/05/19 10:01:01.0828 3320 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\drivers\i8042prt.sys
2011/05/19 10:01:02.0000 3320 ialm (d0190bbb1b577589548aba94e66d6838) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
2011/05/19 10:01:02.0140 3320 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/05/19 10:01:02.0312 3320 IntcAzAudAddService (991f90d02ec0ec6a425e1c0b1d822562) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2011/05/19 10:01:02.0390 3320 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/05/19 10:01:02.0578 3320 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2011/05/19 10:01:02.0703 3320 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/05/19 10:01:02.0796 3320 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/05/19 10:01:02.0828 3320 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/05/19 10:01:02.0890 3320 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/05/19 10:01:02.0937 3320 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/05/19 10:01:02.0984 3320 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/05/19 10:01:03.0046 3320 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/05/19 10:01:03.0093 3320 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/05/19 10:01:03.0156 3320 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/05/19 10:01:03.0187 3320 KSecDD (1705745d900dabf2d89f90ebaddc7517) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/05/19 10:01:03.0234 3320 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/05/19 10:01:03.0265 3320 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/05/19 10:01:03.0265 3320 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/05/19 10:01:03.0296 3320 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/05/19 10:01:03.0312 3320 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/05/19 10:01:03.0328 3320 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/05/19 10:01:03.0359 3320 MRxSmb (68755f0ff16070178b54674fe5b847b0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/05/19 10:01:03.0359 3320 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/05/19 10:01:03.0390 3320 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/05/19 10:01:03.0437 3320 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/05/19 10:01:03.0453 3320 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/05/19 10:01:03.0515 3320 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/05/19 10:01:03.0562 3320 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/05/19 10:01:03.0609 3320 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/05/19 10:01:03.0640 3320 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/05/19 10:01:03.0687 3320 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/05/19 10:01:03.0718 3320 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/05/19 10:01:03.0750 3320 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/05/19 10:01:03.0812 3320 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/05/19 10:01:03.0828 3320 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/05/19 10:01:03.0875 3320 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/05/19 10:01:03.0890 3320 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/05/19 10:01:03.0906 3320 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/05/19 10:01:03.0921 3320 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/05/19 10:01:03.0984 3320 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/05/19 10:01:04.0062 3320 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/05/19 10:01:04.0109 3320 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/05/19 10:01:04.0125 3320 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/05/19 10:01:04.0203 3320 PAC7302 (14191c739f2af6f9efeb58697535498f) C:\WINDOWS\system32\DRIVERS\PAC7302.SYS
2011/05/19 10:01:04.0265 3320 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
2011/05/19 10:01:04.0328 3320 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/05/19 10:01:04.0375 3320 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/05/19 10:01:04.0406 3320 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/05/19 10:01:04.0421 3320 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/05/19 10:01:04.0484 3320 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/05/19 10:01:04.0578 3320 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/05/19 10:01:04.0593 3320 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/05/19 10:01:04.0640 3320 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/05/19 10:01:04.0703 3320 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/05/19 10:01:04.0718 3320 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/05/19 10:01:04.0734 3320 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/05/19 10:01:04.0750 3320 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/05/19 10:01:04.0765 3320 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/05/19 10:01:04.0781 3320 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/05/19 10:01:04.0812 3320 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/05/19 10:01:04.0875 3320 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/05/19 10:01:04.0921 3320 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/05/19 10:01:05.0015 3320 RTLE8023xp (e47c52f0380f0950e2bc9f1bcdc0de9b) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
2011/05/19 10:01:05.0078 3320 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/05/19 10:01:05.0125 3320 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
2011/05/19 10:01:05.0156 3320 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/05/19 10:01:05.0203 3320 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/05/19 10:01:05.0250 3320 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/05/19 10:01:05.0312 3320 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/05/19 10:01:05.0359 3320 Srv (5252605079810904e31c332e241cd59b) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/05/19 10:01:05.0375 3320 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/05/19 10:01:05.0421 3320 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/05/19 10:01:05.0421 3320 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/05/19 10:01:05.0484 3320 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/05/19 10:01:05.0515 3320 Tcpip (93ea8d04ec73a85db02eb8805988f733) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/05/19 10:01:05.0546 3320 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/05/19 10:01:05.0562 3320 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/05/19 10:01:05.0593 3320 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/05/19 10:01:05.0687 3320 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/05/19 10:01:05.0750 3320 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/05/19 10:01:05.0781 3320 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/05/19 10:01:05.0843 3320 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/05/19 10:01:05.0875 3320 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/05/19 10:01:05.0906 3320 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/05/19 10:01:05.0968 3320 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/05/19 10:01:06.0031 3320 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/05/19 10:01:06.0093 3320 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/05/19 10:01:06.0109 3320 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/05/19 10:01:06.0140 3320 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/05/19 10:01:06.0140 3320 Suspicious service (NoAccess): wemnkjdj
2011/05/19 10:01:06.0218 3320 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/05/19 10:01:06.0390 3320 ================================================================================
2011/05/19 10:01:06.0390 3320 Scan finished
2011/05/19 10:01:06.0390 3320 ================================================================================




OTL report:



OTL logfile created on: 5/19/2011 10:10:35 AM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\User\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

989.00 Mb Total Physical Memory | 649.00 Mb Available Physical Memory | 66.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 89.00% Paging File free
Paging file location(s): C:\pagefile.sys 1488 2976 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.08 Gb Total Space | 264.47 Gb Free Space | 88.72% Space Free | Partition Type: NTFS
Drive F: | 1.87 Gb Total Space | 1.48 Gb Free Space | 79.00% Space Free | Partition Type: FAT

Computer Name: USER-ADEEF2C2AA | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/18 21:51:18 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
PRC - [2009/01/14 12:00:00 | 000,525,664 | R--- | M] (WinZip Computing, S.L.) -- C:\Program Files\WinZip\WZQKPICK.EXE
PRC - [2008/11/09 23:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/04/14 02:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/11/03 11:01:16 | 000,319,488 | ---- | M] (PixArt Imaging Incorporation) -- C:\WINDOWS\PixArt\PAC7302\Monitor.exe


========== Modules (SafeList) ==========

MOD - [2011/05/18 21:51:18 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
MOD - [2008/04/14 02:00:00 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2008/11/09 23:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV - [2010/02/25 17:08:56 | 005,864,480 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009/06/05 15:16:32 | 000,142,336 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2007/11/08 10:29:52 | 000,458,752 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PAC7302.SYS -- (PAC7302)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-842925246-1004336348-1417001333-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-842925246-1004336348-1417001333-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...&ctid=CT2504091
IE - HKU\S-1-5-21-842925246-1004336348-1417001333-1003\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-842925246-1004336348-1417001333-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-842925246-1004336348-1417001333-1003\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-842925246-1004336348-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-842925246-1004336348-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaultthis.engineName: "Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Web Search"
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com"
FF - prefs.js..keyword.URL: "http://search.yahoo....ch?fr=ffds1&p="


FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/05 18:24:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011/04/30 15:28:12 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Extensions
[2011/05/18 12:35:23 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\r2zeymfg.default\extensions
[2011/04/01 10:20:24 | 000,000,879 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\r2zeymfg.default\searchplugins\conduit.xml
[2011/05/11 13:00:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/05/11 13:00:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
File not found (No name found) --
[2011/05/11 13:00:40 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/05/05 18:24:54 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2010/01/01 11:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2008/04/14 02:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Yahooo Search Protection) - {25BC7718-0BFA-40EA-B381-4B2D9732D686} - C:\Program Files\Yahoo!\Search Protection\ysp.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-842925246-1004336348-1417001333-1003\..\Toolbar\ShellBrowser: (no name) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - No CLSID value found.
O3 - HKU\S-1-5-21-842925246-1004336348-1417001333-1003\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [PAC7302_Monitor] C:\WINDOWS\PixArt\PAC7302\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKU\S-1-5-21-842925246-1004336348-1417001333-1003..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, S.L.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-842925246-1004336348-1417001333-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-842925246-1004336348-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-842925246-1004336348-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-842925246-1004336348-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O9 - Extra 'Tools' menuitem : Yahoo! Search Protection - {BBF74FB9-ABCD-4678-880A-2511DAABB5E1} - C:\Program Files\Yahoo!\Search Protection\ysp.dll (Yahoo! Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/04/30 14:02:55 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/04/14 02:00:00 | 000,059,288 | ---- | M] () - F:\autorun.0nf -- [ FAT ]
O32 - AutoRun File - [2008/04/14 02:00:00 | 000,059,288 | RHS- | M] () - F:\autorun.inf -- [ FAT ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: wemnkjdj - C:\WINDOWS\system32\bjhotpwx.dll ()

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 30 Days ==========

[2011/05/19 10:00:19 | 001,407,280 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\User\Desktop\TDSSKiller.exe
[2011/05/18 21:51:07 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
[2011/05/18 21:30:59 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/05/18 21:27:42 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/05/18 21:27:42 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/05/18 21:27:42 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/05/18 21:27:42 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/05/18 21:27:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/05/18 21:27:15 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/05/18 17:25:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\TrustPort
[2011/05/18 14:56:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2011/05/18 14:56:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[2011/05/18 14:56:16 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2011/05/18 14:27:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2011/05/18 13:12:18 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy
[2011/05/17 22:17:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2011/05/17 21:52:15 | 000,000,000 | --SD | C] -- C:\Documents and Settings\User\UserData
[2011/05/17 21:38:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2011/05/15 20:36:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Local Settings\Application Data\TVU Networks
[2011/05/15 20:36:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TVU Networks
[2011/05/15 20:36:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\LocalLow
[2011/05/14 12:30:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\My Documents\art
[2011/05/14 08:50:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Desktop\art
[2011/05/12 19:05:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Local Settings\Application Data\WinZip
[2011/05/12 12:39:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Vuze_Remote
[2011/05/11 15:19:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\Nymgo4.0
[2011/05/11 15:18:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Nymgo4.0
[2011/05/11 15:17:29 | 000,000,000 | ---D | C] -- C:\Program Files\Nymgo4.0
[2011/05/11 15:17:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Nymgo4.0
[2011/05/11 13:02:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2011/05/11 13:01:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2011/05/11 13:01:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/05/11 13:00:36 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2011/05/11 12:52:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\Sun
[2011/05/09 17:08:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\My Documents\New Folder
[2011/05/09 15:47:04 | 000,048,128 | ---- | C] (PixArt Imaging Incorporation) -- C:\WINDOWS\System32\Remove.exe
[2011/05/09 15:47:03 | 000,458,752 | ---- | C] (PixArt Imaging Inc.) -- C:\WINDOWS\System32\drivers\PAC7302.SYS
[2011/05/09 15:47:03 | 000,006,656 | ---- | C] (PixArt Imaging Inc.) -- C:\WINDOWS\System32\CoInst_071029.dll
[2011/05/09 15:47:01 | 000,129,024 | ---- | C] (PixArt Imaging Incorporation) -- C:\WINDOWS\System32\SP7302.AX
[2011/05/09 15:47:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PC Camera
[2011/05/09 15:47:01 | 000,000,000 | ---D | C] -- C:\Program Files\ANC
[2011/05/09 15:47:00 | 000,014,336 | ---- | C] (PixArt Imaging Inc.) -- C:\WINDOWS\System32\P7302USD.dll
[2011/05/09 15:46:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\PixArt
[2011/05/09 15:46:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PAC7302
[2011/05/08 16:55:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Local Settings\Application Data\Temp
[2011/05/08 16:55:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Local Settings\Application Data\Conduit
[2011/05/08 16:54:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\Azureus
[2011/05/08 16:53:59 | 000,000,000 | ---D | C] -- C:\Program Files\Vuze
[2011/05/05 12:39:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2011/05/05 06:35:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\skypePM
[2011/05/05 06:35:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Skype Extras
[2011/05/04 10:21:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Start Menu\Programs\BrowserPlus
[2011/05/04 10:21:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Local Settings\Application Data\Yahoo!
[2011/05/04 10:20:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\Yahoo!
[2011/05/04 10:20:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Yahoo! Messenger
[2011/05/04 10:10:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Local Settings\Application Data\Yahoo
[2011/05/04 10:03:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo!
[2011/05/04 10:03:10 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo!
[2011/05/03 17:49:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot_bak
[2011/05/03 11:24:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2011/05/03 10:43:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Picasa 3
[2011/05/03 10:42:45 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2011/05/03 10:01:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\WinRAR
[2011/05/03 09:28:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2011/04/30 16:50:49 | 000,000,000 | -HSD | C] -- C:\WINDOWS\Installer
[2011/04/30 16:50:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ODBC
[2011/04/30 16:50:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SpeechEngines
[2011/04/30 16:50:41 | 000,000,000 | R--D | C] -- C:\Program Files
[2011/04/30 16:50:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Microsoft Shared
[2011/04/30 16:50:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files
[2011/04/30 16:50:06 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup
[2011/04/30 16:50:06 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu
[2011/04/30 16:50:06 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents
[2011/04/30 16:50:06 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Templates
[2011/04/30 16:50:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Favorites
[2011/04/30 16:50:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Desktop
[2011/04/30 16:49:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot2
[2011/04/30 16:49:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot
[2011/04/30 16:49:45 | 000,000,000 | --SD | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2011/04/30 16:49:45 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\All Users\Application Data
[2011/04/30 16:49:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings
[2011/04/30 16:49:08 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2011/04/30 16:38:26 | 000,000,000 | R-SD | C] -- C:\WINDOWS\Fonts
[2011/04/30 16:38:26 | 000,000,000 | RHSD | C] -- C:\WINDOWS\System32\dllcache
[2011/04/30 16:38:26 | 000,000,000 | R--D | C] -- C:\WINDOWS\Web
[2011/04/30 16:38:26 | 000,000,000 | -H-D | C] -- C:\WINDOWS\inf
[2011/04/30 16:38:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\WinSxS
[2011/04/30 16:38:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wins
[2011/04/30 16:38:26 | 000,000,000 | ---D | C] -- C:\WINDOWS
[2011/04/30 16:38:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wbem
[2011/04/30 16:38:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\usmt
[2011/04/30 16:38:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\twain_32
[2011/04/30 16:38:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\Temp
[2011/04/30 16:38:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\system32
[2011/04/30 16:38:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\system
[2011/04/30 16:38:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\spool
[2011/04/30 16:38:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ShellExt
[2011/04/30 16:38:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Setup
[2011/04/30 16:38:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\security
[2011/04/30 16:38:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2011/04/30 16:38:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\Resources
[2011/04/30 16:38:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\repair
[2011/04/30 16:38:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ras
[2011/04/30 16:38:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\Provisioning
[2011/04/30 16:38:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\PeerNet
[2011/04/30 16:38:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\pchealth
[2011/04/30 16:38:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\oobe
[2011/04/30 16:38:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\npp
[2011/04/30 16:38:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\Network Diagnostic
[2011/04/30 16:38:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\mui
[2011/04/30 16:38:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\mui
[2011/04/30 16:38:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\msapps
[2011/04/30 16:38:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\msagent
[2011/04/30 16:38:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\Media
[2011/04/30 16:38:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\L2Schemas
[2011/04/30 16:38:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\java
[2011/04/30 16:38:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\inetsrv
[2011/04/30 16:38:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\IME
[2011/04/30 16:38:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\ime
[2011/04/30 16:38:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\icsxml
[2011/04/30 16:38:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ias
[2011/04/30 16:38:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\Help
[2011/04/30 16:38:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\export
[2011/04/30 16:38:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\etc
[2011/04/30 16:38:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2011/04/30 16:38:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\ehome
[2011/04/30 16:38:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers
[2011/04/30 16:38:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\Driver Cache
[2011/04/30 16:38:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\disdn
[2011/04/30 16:38:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\dhcp
[2011/04/30 16:38:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\Dell
[2011/04/30 16:38:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\Debug
[2011/04/30 16:38:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\Cursors
[2011/04/30 16:38:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\Connection Wizard
[2011/04/30 16:38:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\config
[2011/04/30 16:38:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\Config
[2011/04/30 16:38:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\AppPatch
[2011/04/30 16:38:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\addins
[2011/04/30 16:38:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3com_dmi
[2011/04/30 16:38:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3076
[2011/04/30 16:38:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\2052
[2011/04/30 16:38:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1054
[2011/04/30 16:38:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1042
[2011/04/30 16:38:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1041
[2011/04/30 16:38:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1037
[2011/04/30 16:38:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1033
[2011/04/30 16:38:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1031
[2011/04/30 16:38:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1028
[2011/04/30 16:38:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1025
[2011/04/30 16:22:55 | 000,000,000 | ---D | C] -- C:\C STAFF
[2011/04/30 15:28:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Local Settings\Application Data\Mozilla
[2011/04/30 15:28:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\Mozilla
[2011/04/30 15:25:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\vlc
[2011/04/30 15:23:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Local Settings\Application Data\Adobe
[2011/04/30 15:18:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinZip
[2011/04/30 15:18:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2011/04/30 15:17:58 | 000,000,000 | ---D | C] -- C:\Program Files\WinZip
[2011/04/30 15:17:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\Skype
[2011/04/30 15:17:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Skype
[2011/04/30 15:17:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\My Documents\Downloads
[2011/04/30 15:17:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Start Menu\Programs\Google Chrome
[2011/04/30 15:17:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Local Settings\Application Data\Google
[2011/04/30 15:16:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\VideoLAN
[2011/04/30 15:16:43 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2011/04/30 15:16:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Start Menu\Programs\WinRAR
[2011/04/30 15:16:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinRAR
[2011/04/30 15:16:33 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2011/04/30 15:15:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2011/04/30 15:15:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\Macromedia
[2011/04/30 15:15:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\Adobe
[2011/04/30 15:15:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2011/04/30 15:15:12 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2011/04/30 15:15:12 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2011/04/30 15:13:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Local Settings\Application Data\Opera
[2011/04/30 15:13:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\Opera
[2011/04/30 15:13:55 | 000,000,000 | ---D | C] -- C:\Program Files\Opera
[2011/04/30 15:13:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\Apple Computer
[2011/04/30 15:13:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/04/30 15:12:34 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/04/30 15:12:31 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/04/30 15:12:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/04/30 15:12:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2011/04/30 15:12:03 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2011/04/30 15:12:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2011/04/30 15:11:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Local Settings\Application Data\Apple
[2011/04/30 15:11:53 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2011/04/30 15:11:21 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/04/30 15:11:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2011/04/30 15:11:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple
[2011/04/30 15:11:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Local Settings\Application Data\Apple Computer
[2011/04/30 15:02:36 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2011/04/30 14:57:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office
[2011/04/30 14:57:14 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Works
[2011/04/30 14:57:08 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2011/04/30 14:56:52 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio
[2011/04/30 14:56:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2011/04/30 14:54:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\SHELLNEW
[2011/04/30 14:54:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Local Settings\Application Data\Microsoft Help
[2011/04/30 14:54:10 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2011/04/30 14:54:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help
[2011/04/30 14:53:51 | 000,000,000 | R--D | C] -- C:\MSOCache
[2011/04/30 14:34:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\RTCOM
[2011/04/30 14:34:40 | 002,815,520 | ---- | C] (RealTek Semicoductor Corp.) -- C:\WINDOWS\ALCWZRD.EXE
[2011/04/30 14:34:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2011/04/30 14:33:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Lang
[2011/04/30 14:28:49 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2011/04/30 14:28:49 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2011/04/30 14:28:42 | 000,000,000 | ---D | C] -- C:\swsetup
[2011/04/30 14:25:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ReinstallBackups
[2011/04/30 14:25:43 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\WINDOWS\System32\CSVer.dll
[2011/04/30 14:25:43 | 000,000,000 | ---D | C] -- C:\Program Files\Intel
[2011/04/30 14:25:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2011/04/30 14:25:37 | 000,000,000 | ---D | C] -- C:\Intel
[2011/04/30 14:25:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\My Documents\Drivers
[2011/04/30 14:09:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\Identities
[2011/04/30 14:09:21 | 000,000,000 | -H-D | C] -- C:\Program Files\Uninstall Information
[2011/04/30 14:09:16 | 000,000,000 | R--D | C] -- C:\Documents and Settings\User\My Documents\My Pictures
[2011/04/30 14:09:16 | 000,000,000 | R--D | C] -- C:\Documents and Settings\User\My Documents\My Music
[2011/04/30 14:09:12 | 000,000,000 | --SD | C] -- C:\Documents and Settings\User\Application Data\Microsoft
[2011/04/30 14:09:12 | 000,000,000 | --SD | C] -- C:\Documents and Settings\User\Cookies
[2011/04/30 14:09:12 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\User\SendTo
[2011/04/30 14:09:12 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\User\Recent
[2011/04/30 14:09:12 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\User\Application Data
[2011/04/30 14:09:12 | 000,000,000 | R--D | C] -- C:\Documents and Settings\User\Start Menu\Programs\Startup
[2011/04/30 14:09:12 | 000,000,000 | R--D | C] -- C:\Documents and Settings\User\Start Menu
[2011/04/30 14:09:12 | 000,000,000 | R--D | C] -- C:\Documents and Settings\User\My Documents
[2011/04/30 14:09:12 | 000,000,000 | R--D | C] -- C:\Documents and Settings\User\Favorites
[2011/04/30 14:09:12 | 000,000,000 | R--D | C] -- C:\Documents and Settings\User\Start Menu\Programs\Accessories
[2011/04/30 14:09:12 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\User\Templates
[2011/04/30 14:09:12 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\User\PrintHood
[2011/04/30 14:09:12 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\User\NetHood
[2011/04/30 14:09:12 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\User\Local Settings
[2011/04/30 14:09:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Local Settings\Application Data\Microsoft
[2011/04/30 14:09:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Desktop
[2011/04/30 14:08:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution
[2011/04/30 14:08:29 | 000,000,000 | --SD | C] -- C:\WINDOWS\System32\Microsoft
[2011/04/30 14:08:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2011/04/30 14:08:28 | 000,000,000 | --SD | C] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2011/04/30 14:08:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2011/04/30 14:06:43 | 000,000,000 | --SD | C] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2011/04/30 14:06:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2011/04/30 14:05:04 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2011/04/30 14:05:04 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2011/04/30 14:05:04 | 000,029,184 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw330ext.dll
[2011/04/30 14:03:42 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2011/04/30 14:03:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\xircom
[2011/04/30 14:03:12 | 000,000,000 | ---D | C] -- C:\Program Files\xerox
[2011/04/30 14:03:12 | 000,000,000 | ---D | C] -- C:\Program Files\microsoft frontpage
[2011/04/30 14:03:04 | 000,000,000 | ---D | C] -- C:\DELL
[2011/04/30 14:01:52 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\DRM
[2011/04/30 14:01:41 | 000,000,000 | R--D | C] -- C:\WINDOWS\Offline Web Pages
[2011/04/30 14:01:40 | 000,000,000 | --SD | C] -- C:\WINDOWS\Downloaded Program Files
[2011/04/30 14:01:28 | 000,000,000 | -H-D | C] -- C:\Program Files\WindowsUpdate
[2011/04/30 14:01:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DirectX
[2011/04/30 14:00:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Services
[2011/04/30 14:00:32 | 000,000,000 | --SD | C] -- C:\WINDOWS\Tasks
[2011/04/30 14:00:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MSSoap
[2011/04/30 14:00:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\srchasst
[2011/04/30 14:00:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Macromed
[2011/04/30 14:00:11 | 000,000,000 | ---D | C] -- C:\Program Files\Movie Maker
[2011/04/30 13:59:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Restore
[2011/04/30 13:59:29 | 000,000,000 | ---D | C] -- C:\Program Files\NetMeeting
[2011/04/30 13:59:22 | 000,000,000 | ---D | C] -- C:\Program Files\Outlook Express
[2011/04/30 13:59:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\System
[2011/04/30 13:59:09 | 000,000,000 | ---D | C] -- C:\Program Files\Internet Explorer
[2011/04/30 13:59:08 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Pictures
[2011/04/30 13:58:48 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Games
[2011/04/30 13:58:35 | 000,000,000 | ---D | C] -- C:\Program Files\ComPlus Applications
[2011/04/30 13:58:25 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools
[2011/04/30 13:58:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\Registration
[2011/04/30 13:58:15 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Music
[2011/04/30 13:58:15 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Player
[2011/04/30 13:58:15 | 000,000,000 | ---D | C] -- C:\Program Files\Online Services
[2011/04/30 13:58:07 | 000,000,000 | ---D | C] -- C:\Program Files\Messenger
[2011/04/30 13:58:02 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Gaming Zone
[2011/04/30 13:57:05 | 000,000,000 | ---D | C] -- C:\Program Files\MSN
[2011/04/30 13:57:04 | 000,281,088 | ---- | C] (Cinematronics) -- C:\WINDOWS\System32\dllcache\pinball.exe
[2011/04/30 13:57:02 | 000,000,000 | ---D | C] -- C:\Program Files\Windows NT
[2011/04/30 13:57:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US
[2011/04/30 13:56:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MsDtc
[2011/04/30 13:56:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Com
[2011/04/30 13:56:33 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
[2011/04/30 13:56:07 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Accessories
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/19 09:54:52 | 001,280,208 | ---- | M] () -- C:\Documents and Settings\User\Desktop\tdsskiller.zip
[2011/05/19 09:43:01 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-842925246-1004336348-1417001333-1003UA.job
[2011/05/19 09:42:39 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/18 21:51:18 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
[2011/05/18 21:44:07 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011/05/18 21:31:02 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/05/18 20:57:18 | 004,351,251 | R--- | M] () -- C:\Documents and Settings\User\Desktop\Combo-Fix.exe
[2011/05/18 14:43:00 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-842925246-1004336348-1417001333-1003Core.job
[2011/05/18 13:12:39 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2011/05/18 06:39:08 | 000,018,432 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/17 21:38:57 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/13 13:21:28 | 001,407,280 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\User\Desktop\TDSSKiller.exe
[2011/05/12 12:39:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/05/11 15:17:32 | 000,001,591 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ Nymgo.lnk
[2011/05/10 14:56:14 | 000,002,277 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Google Chrome.lnk
[2011/05/10 14:56:14 | 000,002,255 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/05/08 16:54:21 | 000,001,505 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Vuze.lnk
[2011/05/08 16:54:21 | 000,001,505 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Vuze.lnk
[2011/05/05 06:35:25 | 000,000,056 | -H-- | M] () -- C:\WINDOWS\System32\ezsidmv.dat
[2011/05/05 05:27:20 | 000,265,416 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/05/04 10:20:39 | 000,000,818 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2011/05/04 10:20:39 | 000,000,800 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Yahoo! Messenger.lnk
[2011/05/03 10:43:52 | 000,000,777 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Picasa 3.lnk
[2011/05/03 10:43:52 | 000,000,759 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Picasa 3.lnk
[2011/04/30 15:28:09 | 000,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2011/04/30 15:18:09 | 000,001,732 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\WinZip.lnk
[2011/04/30 15:18:09 | 000,001,660 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
[2011/04/30 15:16:58 | 000,000,719 | ---- | M] () -- C:\Documents and Settings\User\My Documents\VLC media player.lnk
[2011/04/30 15:15:52 | 000,000,734 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Acrobat.com.lnk
[2011/04/30 15:15:23 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/04/30 15:14:31 | 000,001,510 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk
[2011/04/30 15:14:31 | 000,001,492 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Opera.lnk
[2011/04/30 15:13:10 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/04/30 15:12:16 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2011/04/30 15:10:23 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.bak
[2011/04/30 15:04:20 | 000,004,444 | ---- | M] () -- C:\WINDOWS\System32\pid.PNF
[2011/04/30 15:02:38 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/04/30 15:02:38 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/04/30 14:11:41 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/04/30 14:10:01 | 000,311,934 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/04/30 14:10:01 | 000,040,196 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/04/30 14:09:30 | 000,000,779 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/04/30 14:09:30 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2011/04/30 14:06:46 | 000,008,192 | ---- | M] () -- C:\WINDOWS\REGLOCS.OLD
[2011/04/30 14:05:57 | 000,004,382 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/04/30 14:05:53 | 000,000,290 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2011/04/30 14:02:55 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/04/30 14:02:55 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2011/04/30 14:02:55 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2011/04/30 14:02:55 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2011/04/30 14:02:55 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2011/04/30 14:02:52 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2011/04/30 14:02:51 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2011/04/30 14:02:51 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2011/04/30 14:02:38 | 000,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2011/04/30 13:58:46 | 000,021,640 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/04/30 13:55:36 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/19 09:59:34 | 001,280,208 | ---- | C] () -- C:\Documents and Settings\User\Desktop\tdsskiller.zip
[2011/05/18 21:31:02 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/05/18 21:31:01 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/05/18 21:27:42 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/05/18 21:27:42 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/05/18 21:27:42 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/05/18 21:27:42 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/05/18 21:27:42 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/05/18 20:55:12 | 004,351,251 | R--- | C] () -- C:\Documents and Settings\User\Desktop\Combo-Fix.exe
[2011/05/18 14:56:20 | 000,002,265 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011/05/17 21:39:36 | 000,001,945 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2011/05/11 15:17:32 | 000,001,591 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ Nymgo.lnk
[2011/05/10 14:38:05 | 000,000,974 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-842925246-1004336348-1417001333-1003UA.job
[2011/05/10 14:38:03 | 000,000,922 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-842925246-1004336348-1417001333-1003Core.job
[2011/05/09 15:47:04 | 000,000,323 | ---- | C] () -- C:\WINDOWS\System32\Remover.ini
[2011/05/09 15:47:01 | 000,000,566 | ---- | C] () -- C:\WINDOWS\System32\SP7302.INI
[2011/05/08 16:54:21 | 000,001,505 | ---- | C] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Vuze.lnk
[2011/05/08 16:54:21 | 000,001,505 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Vuze.lnk
[2011/05/08 16:54:21 | 000,001,505 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Vuze.lnk
[2011/05/05 06:35:25 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2011/05/04 10:20:39 | 000,000,818 | ---- | C] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2011/05/04 10:20:39 | 000,000,800 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Yahoo! Messenger.lnk
[2011/05/03 10:43:52 | 000,000,777 | ---- | C] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Picasa 3.lnk
[2011/05/03 10:43:52 | 000,000,759 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Picasa 3.lnk
[2011/04/30 16:50:54 | 000,004,444 | ---- | C] () -- C:\WINDOWS\System32\pid.PNF
[2011/04/30 16:50:52 | 000,004,382 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2011/04/30 16:50:48 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/04/30 16:50:44 | 001,685,606 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sam.spd
[2011/04/30 16:50:44 | 000,000,888 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sam.sdf
[2011/04/30 16:50:43 | 000,605,050 | ---- | C] () -- C:\WINDOWS\System32\dllcache\r1033tts.lxa
[2011/04/30 16:50:42 | 000,643,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ltts1033.lxa
[2011/04/30 16:50:16 | 000,001,688 | ---- | C] () -- C:\WINDOWS\System32\AUTOEXEC.NT
[2011/04/30 16:50:05 | 000,797,189 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2011/04/30 16:50:05 | 000,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2011/04/30 16:50:05 | 000,144,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\netfx.cat
[2011/04/30 16:50:05 | 000,112,918 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tabletpc.cat
[2011/04/30 16:50:05 | 000,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
[2011/04/30 16:50:05 | 000,034,747 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mediactr.cat
[2011/04/30 16:50:05 | 000,034,063 | ---- | C] () -- C:\WINDOWS\System32\dllcache\FP4.CAT
[2011/04/30 16:50:05 | 000,026,991 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn7.cat
[2011/04/30 16:50:05 | 000,016,535 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IMS.CAT
[2011/04/30 16:50:05 | 000,014,433 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn9.cat
[2011/04/30 16:50:05 | 000,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT
[2011/04/30 16:50:05 | 000,012,363 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSMSGS.CAT
[2011/04/30 16:50:05 | 000,010,027 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSTSWEB.CAT
[2011/04/30 16:50:05 | 000,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2011/04/30 16:50:05 | 000,007,710 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2011/04/30 16:50:05 | 000,007,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmerrenu.cat
[2011/04/30 16:50:04 | 002,144,487 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5.CAT
[2011/04/30 16:50:04 | 001,296,669 | ---- | C] () -- C:\WINDOWS\System32\dllcache\SP3.CAT
[2011/04/30 16:50:04 | 000,522,220 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5INF.CAT
[2011/04/30 16:49:07 | 000,265,416 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/04/30 16:46:45 | 000,000,327 | RHS- | C] () -- C:\boot.ini
[2011/04/30 16:46:41 | 000,000,290 | ---- | C] () -- C:\WINDOWS\System32\$winnt$.inf
[2011/04/30 15:28:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/04/30 15:24:55 | 000,018,432 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/30 15:18:09 | 000,001,732 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\WinZip.lnk
[2011/04/30 15:18:09 | 000,001,660 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
[2011/04/30 15:17:16 | 000,002,277 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Google Chrome.lnk
[2011/04/30 15:17:16 | 000,002,255 | ---- | C] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/04/30 15:16:58 | 000,000,719 | ---- | C] () -- C:\Documents and Settings\User\My Documents\VLC media player.lnk
[2011/04/30 15:15:52 | 000,000,740 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Acrobat.com.lnk
[2011/04/30 15:15:52 | 000,000,734 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Acrobat.com.lnk
[2011/04/30 15:15:23 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 9.lnk
[2011/04/30 15:15:23 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/04/30 15:14:31 | 000,001,510 | ---- | C] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk
[2011/04/30 15:14:31 | 000,001,498 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Opera.lnk
[2011/04/30 15:14:31 | 000,001,492 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Opera.lnk
[2011/04/30 15:13:10 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/04/30 15:12:16 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2011/04/30 15:11:56 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/04/30 15:11:54 | 000,001,830 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk
[2011/04/30 15:10:26 | 000,013,646 | ---- | C] () -- C:\WINDOWS\System32\wpa.bak
[2011/04/30 15:02:38 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/04/30 15:02:38 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011/04/30 15:02:38 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/04/30 14:33:09 | 000,982,196 | ---- | C] () -- C:\WINDOWS\System32\igkrng500.bin
[2011/04/30 14:33:09 | 000,417,344 | ---- | C] () -- C:\WINDOWS\System32\igcompkrng500.bin
[2011/04/30 14:33:09 | 000,033,872 | ---- | C] () -- C:\WINDOWS\System32\igxpxs32.vp
[2011/04/30 14:33:09 | 000,002,096 | ---- | C] () -- C:\WINDOWS\System32\igxpxk32.vp
[2011/04/30 14:28:50 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2011/04/30 14:11:41 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/04/30 14:09:30 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2011/04/30 14:09:23 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\User\Start Menu\Programs\Outlook Express.lnk
[2011/04/30 14:09:21 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\User\Start Menu\Programs\Internet Explorer.lnk
[2011/04/30 14:09:20 | 000,000,779 | ---- | C] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/04/30 14:09:12 | 000,001,599 | ---- | C] () -- C:\Documents and Settings\User\Start Menu\Programs\Remote Assistance.lnk
[2011/04/30 14:09:12 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\User\Start Menu\Programs\Windows Media Player.lnk
[2011/04/30 14:06:46 | 000,008,192 | ---- | C] () -- C:\WINDOWS\REGLOCS.OLD
[2011/04/30 14:05:53 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/04/30 14:04:56 | 000,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll
[2011/04/30 14:04:31 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2011/04/30 14:04:23 | 000,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2011/04/30 14:04:22 | 000,196,665 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe
[2011/04/30 14:04:20 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2011/04/30 14:04:08 | 013,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
[2011/04/30 14:04:02 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2011/04/30 14:03:58 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\dllcache\fpencode.dll
[2011/04/30 14:03:45 | 000,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2011/04/30 14:02:55 | 000,002,577 | ---- | C] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/04/30 14:02:55 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2011/04/30 14:02:55 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2011/04/30 14:02:55 | 000,000,000 | ---- | C] () -- C:\CONFIG.SYS
[2011/04/30 14:02:55 | 000,000,000 | ---- | C] () -- C:\AUTOEXEC.BAT
[2011/04/30 14:02:51 | 000,023,392 | ---- | C] () -- C:\WINDOWS\System32\nscompat.tlb
[2011/04/30 14:02:51 | 000,016,832 | ---- | C] () -- C:\WINDOWS\System32\amcompat.tlb
[2011/04/30 14:02:50 | 000,316,640 | ---- | C] () -- C:\WINDOWS\WMSysPr9.prx
[2011/04/30 14:01:27 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Movie Maker.lnk
[2011/04/30 14:01:12 | 004,399,505 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nls302en.lex
[2011/04/30 14:00:49 | 000,048,680 | -HS- | C] () -- C:\WINDOWS\winnt256.bmp
[2011/04/30 14:00:49 | 000,048,680 | -HS- | C] () -- C:\WINDOWS\winnt.bmp
[2011/04/30 14:00:40 | 000,000,984 | ---- | C] () -- C:\WINDOWS\System32\dllcache\srframe.mmf
[2011/04/30 13:59:39 | 000,376,832 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msinfo.dll
[2011/04/30 13:58:48 | 000,000,609 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Messenger.lnk
[2011/04/30 13:58:47 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/04/30 13:58:15 | 000,001,986 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\MSN.lnk
[2011/04/30 13:57:40 | 000,065,832 | ---- | C] () -- C:\WINDOWS\Santa Fe Stucco.bmp
[2011/04/30 13:57:40 | 000,009,522 | ---- | C] () -- C:\WINDOWS\Zapotec.bmp
[2011/04/30 13:57:39 | 000,065,954 | ---- | C] () -- C:\WINDOWS\Prairie Wind.bmp
[2011/04/30 13:57:39 | 000,026,680 | ---- | C] () -- C:\WINDOWS\River Sumida.bmp
[2011/04/30 13:57:39 | 000,026,582 | ---- | C] () -- C:\WINDOWS\Greenstone.bmp
[2011/04/30 13:57:39 | 000,017,362 | ---- | C] () -- C:\WINDOWS\Rhododendron.bmp
[2011/04/30 13:57:39 | 000,017,336 | ---- | C] () -- C:\WINDOWS\Gone Fishing.bmp
[2011/04/30 13:57:39 | 000,016,730 | ---- | C] () -- C:\WINDOWS\FeatherTexture.bmp
[2011/04/30 13:57:38 | 000,065,978 | ---- | C] () -- C:\WINDOWS\Soap Bubbles.bmp
[2011/04/30 13:57:38 | 000,017,062 | ---- | C] () -- C:\WINDOWS\Coffee Bean.bmp
[2011/04/30 13:57:38 | 000,001,272 | ---- | C] () -- C:\WINDOWS\Blue Lace 16.bmp
[2011/04/30 13:57:33 | 000,003,286 | ---- | C] () -- C:\WINDOWS\System32\tslabels.h
[2011/04/30 13:57:33 | 000,001,161 | ---- | C] () -- C:\WINDOWS\System32\usrlogon.cmd
[2011/04/30 13:57:31 | 000,000,768 | ---- | C] () -- C:\WINDOWS\System32\msdtcprf.h
[2011/04/30 13:57:23 | 000,063,488 | ---- | C] () -- C:\WINDOWS\System32\wmimgmt.msc
[2008/04/14 02:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/04/14 02:00:00 | 000,311,934 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008/04/14 02:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/04/14 02:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/04/14 02:00:00 | 000,162,941 | RHS- | C] () -- C:\WINDOWS\System32\bjhotpwx.dll
[2008/04/14 02:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/04/14 02:00:00 | 000,040,196 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008/04/14 02:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/04/14 02:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/04/14 02:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/04/14 02:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2005/04/15 06:52:33 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/04/15 06:52:33 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

========== LOP Check ==========

[2011/05/04 20:58:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2011/04/30 15:13:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/05/18 21:26:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Azureus
[2011/05/11 15:19:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Nymgo4.0
[2011/04/30 15:13:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Opera
[2011/05/18 21:35:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\TrustPort

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2008/04/14 02:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008/04/14 02:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/14 02:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\system32\dllcache\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/04/14 02:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ERDNT\cache\svchost.exe
[2008/04/14 02:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\dllcache\svchost.exe
[2008/04/14 02:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/04/14 02:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008/04/14 02:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008/04/14 02:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2008/04/14 02:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008/04/14 02:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008/04/14 02:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/05/05 18:24:56 | 000,711,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/05/05 18:24:56 | 000,711,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/05/05 18:24:56 | 000,711,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/05/05 18:24:54 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/05/05 18:24:54 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/05/05 18:24:54 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --show-icons [2011/05/06 22:50:10 | 001,010,232 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --hide-icons [2011/05/06 22:50:10 | 001,010,232 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/05/06 22:50:10 | 001,010,232 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2011/05/06 22:50:10 | 001,010,232 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: %systemroot%\system32\shmgrate.exe OCInstallReinstallIE [2008/04/14 02:00:00 | 000,045,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: %systemroot%\system32\shmgrate.exe OCInstallHideIE [2008/04/14 02:00:00 | 000,045,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: %systemroot%\system32\shmgrate.exe OCInstallShowIE [2008/04/14 02:00:00 | 000,045,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2008/04/14 02:00:00 | 000,093,184 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Opera\Opera.exe" /ShowIconsCommand [2011/04/30 15:14:27 | 000,941,936 | ---- | M] (Opera Software)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Opera\Opera.exe" /HideIconsCommand [2011/04/30 15:14:27 | 000,941,936 | ---- | M] (Opera Software)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Opera\Opera.exe" /ReInstallBrowser [2011/04/30 15:14:27 | 000,941,936 | ---- | M] (Opera Software)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera.exe\shell\open\command\\: "C:\Program Files\Opera\Opera.exe" [2011/04/30 15:14:27 | 000,941,936 | ---- | M] (Opera Software)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/05/05 18:24:56 | 000,711,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/05/05 18:24:56 | 000,711,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/05/05 18:24:56 | 000,711,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/05/05 18:24:54 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/05/05 18:24:54 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/05/05 18:24:54 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --show-icons [2011/05/06 22:50:10 | 001,010,232 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --hide-icons [2011/05/06 22:50:10 | 001,010,232 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/05/06 22:50:10 | 001,010,232 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2011/05/06 22:50:10 | 001,010,232 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: %systemroot%\system32\shmgrate.exe OCInstallReinstallIE [2008/04/14 02:00:00 | 000,045,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: %systemroot%\system32\shmgrate.exe OCInstallHideIE [2008/04/14 02:00:00 | 000,045,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: %systemroot%\system32\shmgrate.exe OCInstallShowIE [2008/04/14 02:00:00 | 000,045,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2008/04/14 02:00:00 | 000,093,184 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Opera\Opera.exe" /ShowIconsCommand [2011/04/30 15:14:27 | 000,941,936 | ---- | M] (Opera Software)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Opera\Opera.exe" /HideIconsCommand [2011/04/30 15:14:27 | 000,941,936 | ---- | M] (Opera Software)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Opera\Opera.exe" /ReInstallBrowser [2011/04/30 15:14:27 | 000,941,936 | ---- | M] (Opera Software)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera.exe\shell\open\command\\: "C:\Program Files\Opera\Opera.exe" [2011/04/30 15:14:27 | 000,941,936 | ---- | M] (Opera Software)

< End of report >




Extras report:




OTL Extras logfile created on: 5/19/2011 10:10:35 AM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\User\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

989.00 Mb Total Physical Memory | 649.00 Mb Available Physical Memory | 66.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 89.00% Paging File free
Paging file location(s): C:\pagefile.sys 1488 2976 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.08 Gb Total Space | 264.47 Gb Free Space | 88.72% Space Free | Partition Type: NTFS
Drive F: | 1.87 Gb Total Space | 1.48 Gb Free Space | 79.00% Space Free | Partition Type: FAT

Computer Name: USER-ADEEF2C2AA | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-842925246-1004336348-1417001333-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"4433:TCP" = 4433:TCP:*:Enabled:vpnehrya

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Vuze\Azureus.exe" = C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus / Vuze -- (Vuze Inc.)
"C:\Program Files\Nymgo4.0\Nymgo.exe" = C:\Program Files\Nymgo4.0\Nymgo.exe:*:Enabled:Nymgo -- ()


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{26A24AE4-039D-4CA4-87B4-2F83216025FF}" = Java™ 6 Update 25
"{2A5E0816-E0AC-4B38-8976-133EAF35AEE5}" = Nymgo4.0
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5BF5F9C5-E95B-4AFA-94BE-F2A9CA73B61D}" = Apple Mobile Device Support
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A59AB961-BE82-41E0-B0FB-648DFA6DDEA4}" = PC Camera
"{AAD47011-8518-4608-9656-951DA35B587B}" = iTunes
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B7}" = WinZip 12.0
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"8461-7759-5462-8226" = Vuze
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"ENTERPRISE" = Microsoft Office Enterprise 2007
"HDMI" = Intel® Graphics Media Accelerator Driver
"Mozilla Firefox 4.0.1 (x86 en-US)" = Mozilla Firefox 4.0.1 (x86 en-US)
"Opera 11.10.2092" = Opera 11.10
"Picasa 3" = Picasa 3
"VLC media player" = VLC media player 1.0.5
"WinRAR archiver" = WinRAR archiver
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Search Defender" = Yahoo! Search Protection
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-842925246-1004336348-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/18/2011 5:57:02 AM | Computer Name = USER-ADEEF2C2AA | Source = MPSampleSubmission | ID = 5000
Description =

Error - 5/18/2011 6:07:29 AM | Computer Name = USER-ADEEF2C2AA | Source = MPSampleSubmission | ID = 5000
Description =

Error - 5/18/2011 6:10:10 AM | Computer Name = USER-ADEEF2C2AA | Source = MPSampleSubmission | ID = 5000
Description =

Error - 5/18/2011 6:10:53 AM | Computer Name = USER-ADEEF2C2AA | Source = MPSampleSubmission | ID = 5000
Description =

Error - 5/18/2011 7:56:46 AM | Computer Name = USER-ADEEF2C2AA | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The server name or address could not be resolved

Error - 5/18/2011 7:56:46 AM | Computer Name = USER-ADEEF2C2AA | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

Error - 5/18/2011 8:46:15 AM | Computer Name = USER-ADEEF2C2AA | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The server name or address could not be resolved

Error - 5/18/2011 8:46:19 AM | Computer Name = USER-ADEEF2C2AA | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

Error - 5/18/2011 8:47:29 AM | Computer Name = USER-ADEEF2C2AA | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The server name or address could not be resolved

Error - 5/18/2011 8:47:30 AM | Computer Name = USER-ADEEF2C2AA | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

[ System Events ]
Error - 5/18/2011 8:57:30 AM | Computer Name = USER-ADEEF2C2AA | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\Program Files\Nymgo4.0\ssleay32.dll.
Reference
error message: The operation completed successfully. .

Error - 5/18/2011 10:04:47 AM | Computer Name = USER-ADEEF2C2AA | Source = SideBySide | ID = 16842784
Description = Dependent Assembly Microsoft.VC90.CRT could not be found and Last
Error was The referenced assembly is not installed on your system.

Error - 5/18/2011 10:04:47 AM | Computer Name = USER-ADEEF2C2AA | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.VC90.CRT. Reference error
message: The referenced assembly is not installed on your system. .

Error - 5/18/2011 10:04:47 AM | Computer Name = USER-ADEEF2C2AA | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\Program Files\Nymgo4.0\ssleay32.dll.
Reference
error message: The operation completed successfully. .

Error - 5/18/2011 10:18:19 AM | Computer Name = USER-ADEEF2C2AA | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
KULJIT-PC that believes that it is the master browser for the domain on transport
NetBT_Tcpip_{82168F45-2B0E-4A02. The master browser is stopping or an election is
being forced.

Error - 5/18/2011 10:23:52 AM | Computer Name = USER-ADEEF2C2AA | Source = Service Control Manager | ID = 7023
Description = The Support Manager service terminated with the following error: %%1114

Error - 5/18/2011 1:05:57 PM | Computer Name = USER-ADEEF2C2AA | Source = NetBT | ID = 4319
Description = A duplicate name has been detected on the TCP network. The IP address
of the machine that sent the message is in the data. Use nbtstat -n in a command
window to see which name is in the Conflict state.

Error - 5/18/2011 1:05:58 PM | Computer Name = USER-ADEEF2C2AA | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
PC222972954220 that believes that it is the master browser for the domain on transport
NetBT_Tcpip_{82168F45-2B0E. The master browser is stopping or an election is being
forced.

Error - 5/18/2011 2:35:44 PM | Computer Name = USER-ADEEF2C2AA | Source = Dhcp | ID = 1002
Description = The IP address lease 41.212.89.93 for the Network Card with network
address 18A905B3CC71 has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).

Error - 5/18/2011 2:36:02 PM | Computer Name = USER-ADEEF2C2AA | Source = Service Control Manager | ID = 7023
Description = The Support Manager service terminated with the following error: %%1114


< End of report >



I would also like to thank you for helping me with this problem

Additionally, mse on my laptop found the following malware on the flash disc connected to the problematic computer. just in case it helps

Worm:Win32/Conficker.B
Worm:Win32/Vobus.C
Worm:Win32/Conficker.B!inf
Worm:Win32/Autorun.UI!inf
VirTool:Win32/DelfInject.gen!A
VirTool:Win32/Injector.gen!BC
VirTool:INF/Autorun.gen!A
Backdoor:Win32/Hupigon.EN!inf


thanks again!!
  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
You have a rootkit, first I will try combofix to remove it. If that fails then I will use a bigger hammer

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    FF - prefs.js..browser.search.defaultthis.engineName: "Web Search"
    FF - prefs.js..browser.search.selectedEngine: "Web Search"
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O3 - HKU\S-1-5-21-842925246-1004336348-1417001333-1003\..\Toolbar\ShellBrowser: (no name) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - No CLSID value found.
    O3 - HKU\S-1-5-21-842925246-1004336348-1417001333-1003\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
    [2008/04/14 02:00:00 | 000,162,941 | RHS- | C] () -- C:\WINDOWS\System32\bjhotpwx.dll

    :Services
    wemnkjdj

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download ComboFix from one of these locations:


Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
  • 0

#5
dr_ask

dr_ask

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
When i ran otc, the computer reebooted itself and produced the following report



All processes killed
========== OTL ==========
Prefs.js: "Web Search" removed from browser.search.defaultthis.engineName
Prefs.js: "Web Search" removed from browser.search.selectedEngine
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry value HKEY_USERS\S-1-5-21-842925246-1004336348-1417001333-1003\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{BA14329E-9550-4989-B3F2-9732E92D17CC} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BA14329E-9550-4989-B3F2-9732E92D17CC}\ not found.
Registry value HKEY_USERS\S-1-5-21-842925246-1004336348-1417001333-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.
File move failed. C:\WINDOWS\system32\bjhotpwx.dll scheduled to be moved on reboot.
========== SERVICES/DRIVERS ==========
Service wemnkjdj stopped successfully!
Service wemnkjdj deleted successfully!
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\User\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\User\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: User
->Temp folder emptied: 1228787 bytes
->Temporary Internet Files folder emptied: 724268 bytes
->Java cache emptied: 126552 bytes
->FireFox cache emptied: 130146403 bytes
->Google Chrome cache emptied: 178957631 bytes
->Opera cache emptied: 5733771 bytes
->Flash cache emptied: 31374 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2402044 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 115136 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 1088140986 bytes

Total Files Cleaned = 1,342.00 mb


[EMPTYFLASH]

User: All Users

User: Default User

User: LocalService

User: NetworkService

User: User
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point (0)

OTL by OldTimer - Version 3.2.22.3 log created on 05192011_202146

Files\Folders moved on Reboot...
C:\WINDOWS\system32\bjhotpwx.dll moved successfully.

Registry entries deleted on Reboot...


Combofix report below



ComboFix 11-05-17.03 - User 05/19/2011 20:45:28.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.989.734 [GMT 3:00]
Running from: c:\documents and settings\User\Desktop\Combo-Fix.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-04-19 to 2011-05-19 )))))))))))))))))))))))))))))))
.
.
2011-05-19 17:21 . 2011-05-19 17:21 -------- d-----w- C:\_OTL
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-05 15:24 . 2011-04-30 12:02 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( [email protected]_18.41.22 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-05-19 17:44 . 2011-05-19 17:44 16384 c:\windows\Temp\Perflib_Perfdata_62c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe" [2010-06-01 5252408]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-04-18 15146376]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-08-26 141336]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-08-26 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-08-26 142872]
"RTHDCPL"="RTHDCPL.EXE" [2010-02-25 18791456]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-01-25 421160]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-11 34672]
"PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2006-11-03 319488]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-01-07 253672]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2009-1-14 525664]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\Program Files\\Nymgo4.0\\Nymgo.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4433:TCP"= 4433:TCP:vpnehrya
.
S0 cerc6;cerc6; [x]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
wemnkjdj
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-19 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 08:50]
.
2011-05-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-842925246-1004336348-1417001333-1003Core.job
- c:\documents and settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-05-10 11:38]
.
2011-05-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-842925246-1004336348-1417001333-1003UA.job
- c:\documents and settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-05-10 11:38]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2504091
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www.yahoo.com
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\r2zeymfg.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-19 20:49
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2011-05-19 20:50:58
ComboFix-quarantined-files.txt 2011-05-19 17:50
ComboFix2.txt 2011-05-18 18:42
.
Pre-Run: 284,770,029,568 bytes free
Post-Run: 284,767,342,592 bytes free
.
- - End Of File - - 5383A89B82ECB0DFE65D3F7821550E03
  • 0

#6
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
On completion of this run could you try and access some AV sites please

1. Please open Notepad
  • Click Start , then Run
  • Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Driver::
wemnkjdj

Netsvcs::
wemnkjdj



3. Then in the text file go to FILE > SAVE AS and in the dropdown box select SAVE AS TYPE to ALL FILES

4. Save the above as CFScript.txt

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new OTListit log.

  • 0

#7
dr_ask

dr_ask

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
I can now visit AV websites...

when i ran combofix, it told me it had to reeboot because of rootkit activity

here is the combofix report


ComboFix 11-05-17.03 - User 05/19/2011 21:38:32.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.989.732 [GMT 3:00]
Running from: c:\documents and settings\User\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\User\Desktop\CFScript.txt
.
.
((((((((((((((((((((((((( Files Created from 2011-04-19 to 2011-05-19 )))))))))))))))))))))))))))))))
.
.
2011-05-19 17:21 . 2011-05-19 17:21 -------- d-----w- C:\_OTL
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-05 15:24 . 2011-04-30 12:02 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( [email protected]_18.41.22 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-05-19 18:37 . 2011-05-19 18:37 16384 c:\windows\Temp\Perflib_Perfdata_460.dat
+ 2011-05-19 18:28 . 2009-08-06 16:23 215920 c:\windows\system32\muweb.dll
+ 2011-05-19 18:28 . 2009-08-06 16:23 274288 c:\windows\system32\mucltui.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe" [2010-06-01 5252408]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-04-18 15146376]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-08-26 141336]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-08-26 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-08-26 142872]
"RTHDCPL"="RTHDCPL.EXE" [2010-02-25 18791456]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-01-25 421160]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-11 34672]
"PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2006-11-03 319488]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-01-07 253672]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2009-1-14 525664]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\Program Files\\Nymgo4.0\\Nymgo.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4433:TCP"= 4433:TCP:vpnehrya
.
S0 cerc6;cerc6; [x]
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-19 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 08:50]
.
2011-05-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-842925246-1004336348-1417001333-1003Core.job
- c:\documents and settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-05-10 11:38]
.
2011-05-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-842925246-1004336348-1417001333-1003UA.job
- c:\documents and settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-05-10 11:38]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2504091
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www.yahoo.com
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\r2zeymfg.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-19 21:43
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2011-05-19 21:44:25
ComboFix-quarantined-files.txt 2011-05-19 18:44
ComboFix2.txt 2011-05-19 17:50
ComboFix3.txt 2011-05-18 18:42
.
Pre-Run: 284,748,279,808 bytes free
Post-Run: 284,744,114,176 bytes free
.
- - End Of File - - 4D274377E63662923D1224773EAB06F7





OTL report





OTL logfile created on: 5/19/2011 9:47:38 PM - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\User\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

989.00 Mb Total Physical Memory | 681.00 Mb Available Physical Memory | 69.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 92.00% Paging File free
Paging file location(s): C:\pagefile.sys 1488 2976 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.08 Gb Total Space | 265.21 Gb Free Space | 88.97% Space Free | Partition Type: NTFS
Drive F: | 1.87 Gb Total Space | 1.48 Gb Free Space | 79.01% Space Free | Partition Type: FAT

Computer Name: USER-ADEEF2C2AA | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/18 21:51:18 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
PRC - [2008/11/09 23:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/04/14 02:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2011/05/18 21:51:18 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
MOD - [2008/04/14 02:00:00 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2008/11/09 23:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
DRV - [2010/02/25 17:08:56 | 005,864,480 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009/06/05 15:16:32 | 000,142,336 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2007/11/08 10:29:52 | 000,458,752 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PAC7302.SYS -- (PAC7302)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...&ctid=CT2504091
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com"
FF - prefs.js..keyword.URL: "http://search.yahoo....ch?fr=ffds1&p="


FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/05 18:24:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011/04/30 15:28:12 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Extensions
[2011/05/18 12:35:23 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\r2zeymfg.default\extensions
[2011/04/01 10:20:24 | 000,000,879 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\r2zeymfg.default\searchplugins\conduit.xml
[2011/05/11 13:00:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/05/11 13:00:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
File not found (No name found) --
[2011/05/11 13:00:40 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/05/05 18:24:54 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2010/01/01 11:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/05/19 20:21:50 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Yahooo Search Protection) - {25BC7718-0BFA-40EA-B381-4B2D9732D686} - C:\Program Files\Yahoo!\Search Protection\ysp.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [PAC7302_Monitor] C:\WINDOWS\PixArt\PAC7302\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, S.L.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O9 - Extra 'Tools' menuitem : Yahoo! Search Protection - {BBF74FB9-ABCD-4678-880A-2511DAABB5E1} - C:\Program Files\Yahoo!\Search Protection\ysp.dll (Yahoo! Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 41.212.3.2 41.212.3.253
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/04/30 14:02:55 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/19 20:21:46 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/05/19 10:00:19 | 001,407,280 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\User\Desktop\TDSSKiller.exe
[2011/05/18 21:51:07 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
[2011/05/18 21:30:59 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/05/18 21:27:42 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/05/18 21:27:42 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/05/18 21:27:42 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/05/18 21:27:42 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/05/18 21:27:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/05/18 21:27:15 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/05/18 17:25:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\TrustPort
[2011/05/18 14:56:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2011/05/18 14:56:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[2011/05/18 14:56:16 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2011/05/18 14:27:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2011/05/18 13:12:18 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy
[2011/05/17 22:17:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2011/05/17 21:52:15 | 000,000,000 | --SD | C] -- C:\Documents and Settings\User\UserData
[2011/05/17 21:38:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2011/05/15 20:36:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Local Settings\Application Data\TVU Networks
[2011/05/15 20:36:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TVU Networks
[2011/05/15 20:36:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\LocalLow
[2011/05/14 12:30:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\My Documents\art
[2011/05/14 08:50:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Desktop\art
[2011/05/12 19:05:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Local Settings\Application Data\WinZip
[2011/05/12 12:39:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Vuze_Remote
[2011/05/11 15:19:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\Nymgo4.0
[2011/05/11 15:18:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Nymgo4.0
[2011/05/11 15:17:29 | 000,000,000 | ---D | C] -- C:\Program Files\Nymgo4.0
[2011/05/11 15:17:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Nymgo4.0
[2011/05/11 13:02:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2011/05/11 13:01:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2011/05/11 13:01:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/05/11 13:00:36 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2011/05/11 12:52:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\Sun
[2011/05/09 17:08:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\My Documents\New Folder
[2011/05/09 15:47:04 | 000,048,128 | ---- | C] (PixArt Imaging Incorporation) -- C:\WINDOWS\System32\Remove.exe
[2011/05/09 15:47:03 | 000,458,752 | ---- | C] (PixArt Imaging Inc.) -- C:\WINDOWS\System32\drivers\PAC7302.SYS
[2011/05/09 15:47:03 | 000,006,656 | ---- | C] (PixArt Imaging Inc.) -- C:\WINDOWS\System32\CoInst_071029.dll
[2011/05/09 15:47:01 | 000,129,024 | ---- | C] (PixArt Imaging Incorporation) -- C:\WINDOWS\System32\SP7302.AX
[2011/05/09 15:47:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PC Camera
[2011/05/09 15:47:01 | 000,000,000 | ---D | C] -- C:\Program Files\ANC
[2011/05/09 15:47:00 | 000,014,336 | ---- | C] (PixArt Imaging Inc.) -- C:\WINDOWS\System32\P7302USD.dll
[2011/05/09 15:46:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\PixArt
[2011/05/09 15:46:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PAC7302
[2011/05/08 16:55:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Local Settings\Application Data\Temp
[2011/05/08 16:55:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Local Settings\Application Data\Conduit
[2011/05/08 16:54:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\Azureus
[2011/05/08 16:53:59 | 000,000,000 | ---D | C] -- C:\Program Files\Vuze
[2011/05/05 12:39:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2011/05/05 06:35:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\skypePM
[2011/05/05 06:35:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Skype Extras
[2011/05/04 10:21:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Start Menu\Programs\BrowserPlus
[2011/05/04 10:21:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Local Settings\Application Data\Yahoo!
[2011/05/04 10:20:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\Yahoo!
[2011/05/04 10:20:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Yahoo! Messenger
[2011/05/04 10:10:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Local Settings\Application Data\Yahoo
[2011/05/04 10:03:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo!
[2011/05/04 10:03:10 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo!
[2011/05/03 17:49:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot_bak
[2011/05/03 11:24:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2011/05/03 10:43:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Picasa 3
[2011/05/03 10:42:45 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2011/05/03 10:01:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\WinRAR
[2011/05/03 09:28:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2011/04/30 16:50:49 | 000,000,000 | -HSD | C] -- C:\WINDOWS\Installer
[2011/04/30 16:50:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ODBC
[2011/04/30 16:50:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SpeechEngines
[2011/04/30 16:50:41 | 000,000,000 | R--D | C] -- C:\Program Files
[2011/04/30 16:50:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Microsoft Shared
[2011/04/30 16:50:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files
[2011/04/30 16:50:06 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup
[2011/04/30 16:50:06 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu
[2011/04/30 16:50:06 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents
[2011/04/30 16:50:06 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Templates
[2011/04/30 16:50:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Favorites
[2011/04/30 16:50:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Desktop
[2011/04/30 16:49:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot2
[2011/04/30 16:49:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot
[2011/04/30 16:49:45 | 000,000,000 | --SD | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2011/04/30 16:49:45 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\All Users\Application Data
[2011/04/30 16:49:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings
[2011/04/30 16:49:08 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2011/04/30 16:38:26 | 000,000,000 | R-SD | C] -- C:\WINDOWS\Fonts
[2011/04/30 16:38:26 | 000,000,000 | RHSD | C] -- C:\WINDOWS\System32\dllcache
[2011/04/30 16:38:26 | 000,000,000 | R--D | C] -- C:\WINDOWS\Web
[2011/04/30 16:38:26 | 000,000,000 | -H-D | C] -- C:\WINDOWS\inf
[2011/04/30 16:38:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\WinSxS
[2011/04/30 16:38:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wins
[2011/04/30 16:38:26 | 000,000,000 | ---D | C] -- C:\WINDOWS
[2011/04/30 16:38:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wbem
[2011/04/30 16:38:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\usmt
[2011/04/30 16:38:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\twain_32
[2011/04/30 16:38:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\Temp
[2011/04/30 16:38:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\system32
[2011/04/30 16:38:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\system
[2011/04/30 16:38:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\spool
[2011/04/30 16:38:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ShellExt
[2011/04/30 16:38:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Setup
[2011/04/30 16:38:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\security
[2011/04/30 16:38:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2011/04/30 16:38:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\Resources
[2011/04/30 16:38:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\repair
[2011/04/30 16:38:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ras
[2011/04/30 16:38:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\Provisioning
[2011/04/30 16:38:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\PeerNet
[2011/04/30 16:38:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\pchealth
[2011/04/30 16:38:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\oobe
[2011/04/30 16:38:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\npp
[2011/04/30 16:38:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\Network Diagnostic
[2011/04/30 16:38:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\mui
[2011/04/30 16:38:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\mui
[2011/04/30 16:38:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\msapps
[2011/04/30 16:38:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\msagent
[2011/04/30 16:38:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\Media
[2011/04/30 16:38:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\L2Schemas
[2011/04/30 16:38:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\java
[2011/04/30 16:38:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\inetsrv
[2011/04/30 16:38:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\IME
[2011/04/30 16:38:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\ime
[2011/04/30 16:38:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\icsxml
[2011/04/30 16:38:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ias
[2011/04/30 16:38:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\Help
[2011/04/30 16:38:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\export
[2011/04/30 16:38:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\etc
[2011/04/30 16:38:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2011/04/30 16:38:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\ehome
[2011/04/30 16:38:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers
[2011/04/30 16:38:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\Driver Cache
[2011/04/30 16:38:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\disdn
[2011/04/30 16:38:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\dhcp
[2011/04/30 16:38:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\Dell
[2011/04/30 16:38:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\Debug
[2011/04/30 16:38:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\Cursors
[2011/04/30 16:38:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\Connection Wizard
[2011/04/30 16:38:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\config
[2011/04/30 16:38:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\Config
[2011/04/30 16:38:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\AppPatch
[2011/04/30 16:38:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\addins
[2011/04/30 16:38:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3com_dmi
[2011/04/30 16:38:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3076
[2011/04/30 16:38:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\2052
[2011/04/30 16:38:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1054
[2011/04/30 16:38:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1042
[2011/04/30 16:38:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1041
[2011/04/30 16:38:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1037
[2011/04/30 16:38:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1033
[2011/04/30 16:38:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1031
[2011/04/30 16:38:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1028
[2011/04/30 16:38:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1025
[2011/04/30 16:22:55 | 000,000,000 | ---D | C] -- C:\C STAFF
[2011/04/30 15:28:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Local Settings\Application Data\Mozilla
[2011/04/30 15:28:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\Mozilla
[2011/04/30 15:25:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\vlc
[2011/04/30 15:23:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Local Settings\Application Data\Adobe
[2011/04/30 15:18:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinZip
[2011/04/30 15:18:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2011/04/30 15:17:58 | 000,000,000 | ---D | C] -- C:\Program Files\WinZip
[2011/04/30 15:17:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\Skype
[2011/04/30 15:17:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Skype
[2011/04/30 15:17:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\My Documents\Downloads
[2011/04/30 15:17:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Start Menu\Programs\Google Chrome
[2011/04/30 15:17:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Local Settings\Application Data\Google
[2011/04/30 15:16:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\VideoLAN
[2011/04/30 15:16:43 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2011/04/30 15:16:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Start Menu\Programs\WinRAR
[2011/04/30 15:16:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinRAR
[2011/04/30 15:16:33 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2011/04/30 15:15:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2011/04/30 15:15:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\Macromedia
[2011/04/30 15:15:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\Adobe
[2011/04/30 15:15:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2011/04/30 15:15:12 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2011/04/30 15:15:12 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2011/04/30 15:13:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Local Settings\Application Data\Opera
[2011/04/30 15:13:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\Opera
[2011/04/30 15:13:55 | 000,000,000 | ---D | C] -- C:\Program Files\Opera
[2011/04/30 15:13:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\Apple Computer
[2011/04/30 15:13:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/04/30 15:12:34 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/04/30 15:12:31 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/04/30 15:12:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/04/30 15:12:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2011/04/30 15:12:03 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2011/04/30 15:12:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2011/04/30 15:11:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Local Settings\Application Data\Apple
[2011/04/30 15:11:53 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2011/04/30 15:11:21 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/04/30 15:11:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2011/04/30 15:11:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple
[2011/04/30 15:11:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Local Settings\Application Data\Apple Computer
[2011/04/30 15:02:36 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2011/04/30 14:57:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office
[2011/04/30 14:57:14 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Works
[2011/04/30 14:57:08 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2011/04/30 14:56:52 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio
[2011/04/30 14:56:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2011/04/30 14:54:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\SHELLNEW
[2011/04/30 14:54:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Local Settings\Application Data\Microsoft Help
[2011/04/30 14:54:10 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2011/04/30 14:54:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help
[2011/04/30 14:53:51 | 000,000,000 | R--D | C] -- C:\MSOCache
[2011/04/30 14:34:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\RTCOM
[2011/04/30 14:34:40 | 002,815,520 | ---- | C] (RealTek Semicoductor Corp.) -- C:\WINDOWS\ALCWZRD.EXE
[2011/04/30 14:34:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2011/04/30 14:33:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Lang
[2011/04/30 14:28:49 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2011/04/30 14:28:49 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2011/04/30 14:28:42 | 000,000,000 | ---D | C] -- C:\swsetup
[2011/04/30 14:25:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ReinstallBackups
[2011/04/30 14:25:43 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\WINDOWS\System32\CSVer.dll
[2011/04/30 14:25:43 | 000,000,000 | ---D | C] -- C:\Program Files\Intel
[2011/04/30 14:25:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2011/04/30 14:25:37 | 000,000,000 | ---D | C] -- C:\Intel
[2011/04/30 14:25:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\My Documents\Drivers
[2011/04/30 14:09:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\Identities
[2011/04/30 14:09:21 | 000,000,000 | -H-D | C] -- C:\Program Files\Uninstall Information
[2011/04/30 14:09:16 | 000,000,000 | R--D | C] -- C:\Documents and Settings\User\My Documents\My Pictures
[2011/04/30 14:09:16 | 000,000,000 | R--D | C] -- C:\Documents and Settings\User\My Documents\My Music
[2011/04/30 14:09:12 | 000,000,000 | --SD | C] -- C:\Documents and Settings\User\Application Data\Microsoft
[2011/04/30 14:09:12 | 000,000,000 | --SD | C] -- C:\Documents and Settings\User\Cookies
[2011/04/30 14:09:12 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\User\SendTo
[2011/04/30 14:09:12 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\User\Recent
[2011/04/30 14:09:12 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\User\Application Data
[2011/04/30 14:09:12 | 000,000,000 | R--D | C] -- C:\Documents and Settings\User\Start Menu\Programs\Startup
[2011/04/30 14:09:12 | 000,000,000 | R--D | C] -- C:\Documents and Settings\User\Start Menu
[2011/04/30 14:09:12 | 000,000,000 | R--D | C] -- C:\Documents and Settings\User\My Documents
[2011/04/30 14:09:12 | 000,000,000 | R--D | C] -- C:\Documents and Settings\User\Favorites
[2011/04/30 14:09:12 | 000,000,000 | R--D | C] -- C:\Documents and Settings\User\Start Menu\Programs\Accessories
[2011/04/30 14:09:12 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\User\Templates
[2011/04/30 14:09:12 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\User\PrintHood
[2011/04/30 14:09:12 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\User\NetHood
[2011/04/30 14:09:12 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\User\Local Settings
[2011/04/30 14:09:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Local Settings\Application Data\Microsoft
[2011/04/30 14:09:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Desktop
[2011/04/30 14:08:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution
[2011/04/30 14:08:29 | 000,000,000 | --SD | C] -- C:\WINDOWS\System32\Microsoft
[2011/04/30 14:08:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2011/04/30 14:08:28 | 000,000,000 | --SD | C] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2011/04/30 14:08:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2011/04/30 14:06:43 | 000,000,000 | --SD | C] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2011/04/30 14:06:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2011/04/30 14:05:04 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2011/04/30 14:05:04 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2011/04/30 14:05:04 | 000,029,184 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw330ext.dll
[2011/04/30 14:03:42 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2011/04/30 14:03:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\xircom
[2011/04/30 14:03:12 | 000,000,000 | ---D | C] -- C:\Program Files\xerox
[2011/04/30 14:03:12 | 000,000,000 | ---D | C] -- C:\Program Files\microsoft frontpage
[2011/04/30 14:03:04 | 000,000,000 | ---D | C] -- C:\DELL
[2011/04/30 14:01:52 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\DRM
[2011/04/30 14:01:41 | 000,000,000 | R--D | C] -- C:\WINDOWS\Offline Web Pages
[2011/04/30 14:01:40 | 000,000,000 | --SD | C] -- C:\WINDOWS\Downloaded Program Files
[2011/04/30 14:01:28 | 000,000,000 | -H-D | C] -- C:\Program Files\WindowsUpdate
[2011/04/30 14:01:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DirectX
[2011/04/30 14:00:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Services
[2011/04/30 14:00:32 | 000,000,000 | --SD | C] -- C:\WINDOWS\Tasks
[2011/04/30 14:00:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MSSoap
[2011/04/30 14:00:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\srchasst
[2011/04/30 14:00:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Macromed
[2011/04/30 14:00:11 | 000,000,000 | ---D | C] -- C:\Program Files\Movie Maker
[2011/04/30 13:59:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Restore
[2011/04/30 13:59:29 | 000,000,000 | ---D | C] -- C:\Program Files\NetMeeting
[2011/04/30 13:59:22 | 000,000,000 | ---D | C] -- C:\Program Files\Outlook Express
[2011/04/30 13:59:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\System
[2011/04/30 13:59:09 | 000,000,000 | ---D | C] -- C:\Program Files\Internet Explorer
[2011/04/30 13:59:08 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Pictures
[2011/04/30 13:58:48 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Games
[2011/04/30 13:58:35 | 000,000,000 | ---D | C] -- C:\Program Files\ComPlus Applications
[2011/04/30 13:58:25 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools
[2011/04/30 13:58:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\Registration
[2011/04/30 13:58:15 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Music
[2011/04/30 13:58:15 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Player
[2011/04/30 13:58:15 | 000,000,000 | ---D | C] -- C:\Program Files\Online Services
[2011/04/30 13:58:07 | 000,000,000 | ---D | C] -- C:\Program Files\Messenger
[2011/04/30 13:58:02 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Gaming Zone
[2011/04/30 13:57:05 | 000,000,000 | ---D | C] -- C:\Program Files\MSN
[2011/04/30 13:57:04 | 000,281,088 | ---- | C] (Cinematronics) -- C:\WINDOWS\System32\dllcache\pinball.exe
[2011/04/30 13:57:02 | 000,000,000 | ---D | C] -- C:\Program Files\Windows NT
[2011/04/30 13:57:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US
[2011/04/30 13:56:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MsDtc
[2011/04/30 13:56:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Com
[2011/04/30 13:56:33 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
[2011/04/30 13:56:07 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Accessories

========== Files - Modified Within 30 Days ==========

[2011/05/19 21:37:32 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/19 20:21:50 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/05/19 19:48:53 | 000,018,432 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/19 19:43:00 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-842925246-1004336348-1417001333-1003UA.job
[2011/05/19 15:49:38 | 000,002,277 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Google Chrome.lnk
[2011/05/19 15:49:38 | 000,002,255 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/05/19 14:43:00 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-842925246-1004336348-1417001333-1003Core.job
[2011/05/19 12:39:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/05/19 11:46:42 | 000,000,024 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.old
[2011/05/19 09:54:52 | 001,280,208 | ---- | M] () -- C:\Documents and Settings\User\Desktop\tdsskiller.zip
[2011/05/18 21:51:18 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
[2011/05/18 21:44:07 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011/05/18 21:31:02 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/05/18 20:57:18 | 004,351,251 | R--- | M] () -- C:\Documents and Settings\User\Desktop\Combo-Fix.exe
[2011/05/18 13:12:39 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2011/05/17 21:38:57 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/13 13:21:28 | 001,407,280 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\User\Desktop\TDSSKiller.exe
[2011/05/11 15:17:32 | 000,001,591 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ Nymgo.lnk
[2011/05/08 16:54:21 | 000,001,505 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Vuze.lnk
[2011/05/08 16:54:21 | 000,001,505 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Vuze.lnk
[2011/05/05 06:35:25 | 000,000,056 | -H-- | M] () -- C:\WINDOWS\System32\ezsidmv.dat
[2011/05/05 05:27:20 | 000,265,416 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/05/04 10:20:39 | 000,000,818 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2011/05/04 10:20:39 | 000,000,800 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Yahoo! Messenger.lnk
[2011/05/03 10:43:52 | 000,000,777 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Picasa 3.lnk
[2011/05/03 10:43:52 | 000,000,759 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Picasa 3.lnk
[2011/04/30 15:28:09 | 000,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2011/04/30 15:18:09 | 000,001,732 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\WinZip.lnk
[2011/04/30 15:18:09 | 000,001,660 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
[2011/04/30 15:16:58 | 000,000,719 | ---- | M] () -- C:\Documents and Settings\User\My Documents\VLC media player.lnk
[2011/04/30 15:15:52 | 000,000,734 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Acrobat.com.lnk
[2011/04/30 15:15:23 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/04/30 15:14:31 | 000,001,510 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk
[2011/04/30 15:14:31 | 000,001,492 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Opera.lnk
[2011/04/30 15:13:10 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/04/30 15:12:16 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2011/04/30 15:10:23 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.bak
[2011/04/30 15:04:20 | 000,004,444 | ---- | M] () -- C:\WINDOWS\System32\pid.PNF
[2011/04/30 15:02:38 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/04/30 15:02:38 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/04/30 14:11:41 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/04/30 14:10:01 | 000,311,934 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/04/30 14:10:01 | 000,040,196 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/04/30 14:09:30 | 000,000,779 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/04/30 14:09:30 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2011/04/30 14:06:46 | 000,008,192 | ---- | M] () -- C:\WINDOWS\REGLOCS.OLD
[2011/04/30 14:05:57 | 000,004,382 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/04/30 14:05:53 | 000,000,290 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2011/04/30 14:02:55 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/04/30 14:02:55 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2011/04/30 14:02:55 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2011/04/30 14:02:55 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2011/04/30 14:02:55 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2011/04/30 14:02:52 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2011/04/30 14:02:51 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2011/04/30 14:02:51 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2011/04/30 14:02:38 | 000,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2011/04/30 13:58:46 | 000,021,640 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/04/30 13:55:36 | 000,000,211 | ---- | M] () -- C:\Boot.bak

========== Files Created - No Company Name ==========

[2011/05/19 11:52:24 | 000,000,098 | ---- | C] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/05/19 11:51:47 | 000,000,024 | ---- | C] () -- C:\WINDOWS\System32\drivers\etc\hosts.old
[2011/05/19 09:59:34 | 001,280,208 | ---- | C] () -- C:\Documents and Settings\User\Desktop\tdsskiller.zip
[2011/05/18 21:31:02 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/05/18 21:31:01 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/05/18 21:27:42 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/05/18 21:27:42 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/05/18 21:27:42 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/05/18 21:27:42 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/05/18 21:27:42 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/05/18 20:55:12 | 004,351,251 | R--- | C] () -- C:\Documents and Settings\User\Desktop\Combo-Fix.exe
[2011/05/18 14:56:20 | 000,002,265 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011/05/17 21:39:36 | 000,001,945 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2011/05/11 15:17:32 | 000,001,591 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ Nymgo.lnk
[2011/05/10 14:38:05 | 000,000,974 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-842925246-1004336348-1417001333-1003UA.job
[2011/05/10 14:38:03 | 000,000,922 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-842925246-1004336348-1417001333-1003Core.job
[2011/05/09 15:47:04 | 000,000,323 | ---- | C] () -- C:\WINDOWS\System32\Remover.ini
[2011/05/09 15:47:01 | 000,000,566 | ---- | C] () -- C:\WINDOWS\System32\SP7302.INI
[2011/05/08 16:54:21 | 000,001,505 | ---- | C] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Vuze.lnk
[2011/05/08 16:54:21 | 000,001,505 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Vuze.lnk
[2011/05/08 16:54:21 | 000,001,505 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Vuze.lnk
[2011/05/05 06:35:25 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2011/05/04 10:20:39 | 000,000,818 | ---- | C] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2011/05/04 10:20:39 | 000,000,800 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Yahoo! Messenger.lnk
[2011/05/03 10:43:52 | 000,000,777 | ---- | C] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Picasa 3.lnk
[2011/05/03 10:43:52 | 000,000,759 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Picasa 3.lnk
[2011/04/30 16:50:54 | 000,004,444 | ---- | C] () -- C:\WINDOWS\System32\pid.PNF
[2011/04/30 16:50:52 | 000,004,382 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2011/04/30 16:50:48 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/04/30 16:50:44 | 001,685,606 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sam.spd
[2011/04/30 16:50:44 | 000,000,888 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sam.sdf
[2011/04/30 16:50:43 | 000,605,050 | ---- | C] () -- C:\WINDOWS\System32\dllcache\r1033tts.lxa
[2011/04/30 16:50:42 | 000,643,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ltts1033.lxa
[2011/04/30 16:50:16 | 000,001,688 | ---- | C] () -- C:\WINDOWS\System32\AUTOEXEC.NT
[2011/04/30 16:50:05 | 000,797,189 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2011/04/30 16:50:05 | 000,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2011/04/30 16:50:05 | 000,144,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\netfx.cat
[2011/04/30 16:50:05 | 000,112,918 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tabletpc.cat
[2011/04/30 16:50:05 | 000,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
[2011/04/30 16:50:05 | 000,034,747 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mediactr.cat
[2011/04/30 16:50:05 | 000,034,063 | ---- | C] () -- C:\WINDOWS\System32\dllcache\FP4.CAT
[2011/04/30 16:50:05 | 000,026,991 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn7.cat
[2011/04/30 16:50:05 | 000,016,535 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IMS.CAT
[2011/04/30 16:50:05 | 000,014,433 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn9.cat
[2011/04/30 16:50:05 | 000,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT
[2011/04/30 16:50:05 | 000,012,363 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSMSGS.CAT
[2011/04/30 16:50:05 | 000,010,027 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSTSWEB.CAT
[2011/04/30 16:50:05 | 000,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2011/04/30 16:50:05 | 000,007,710 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2011/04/30 16:50:05 | 000,007,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmerrenu.cat
[2011/04/30 16:50:04 | 002,144,487 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5.CAT
[2011/04/30 16:50:04 | 001,296,669 | ---- | C] () -- C:\WINDOWS\System32\dllcache\SP3.CAT
[2011/04/30 16:50:04 | 000,522,220 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5INF.CAT
[2011/04/30 16:49:07 | 000,265,416 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/04/30 16:46:45 | 000,000,327 | RHS- | C] () -- C:\boot.ini
[2011/04/30 16:46:41 | 000,000,290 | ---- | C] () -- C:\WINDOWS\System32\$winnt$.inf
[2011/04/30 15:28:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/04/30 15:24:55 | 000,018,432 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/30 15:18:09 | 000,001,732 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\WinZip.lnk
[2011/04/30 15:18:09 | 000,001,660 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
[2011/04/30 15:17:16 | 000,002,277 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Google Chrome.lnk
[2011/04/30 15:17:16 | 000,002,255 | ---- | C] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/04/30 15:16:58 | 000,000,719 | ---- | C] () -- C:\Documents and Settings\User\My Documents\VLC media player.lnk
[2011/04/30 15:15:52 | 000,000,740 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Acrobat.com.lnk
[2011/04/30 15:15:52 | 000,000,734 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Acrobat.com.lnk
[2011/04/30 15:15:23 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 9.lnk
[2011/04/30 15:15:23 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/04/30 15:14:31 | 000,001,510 | ---- | C] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk
[2011/04/30 15:14:31 | 000,001,498 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Opera.lnk
[2011/04/30 15:14:31 | 000,001,492 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Opera.lnk
[2011/04/30 15:13:10 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/04/30 15:12:16 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2011/04/30 15:11:56 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/04/30 15:11:54 | 000,001,830 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk
[2011/04/30 15:10:26 | 000,013,646 | ---- | C] () -- C:\WINDOWS\System32\wpa.bak
[2011/04/30 15:02:38 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/04/30 15:02:38 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011/04/30 15:02:38 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/04/30 14:33:09 | 000,982,196 | ---- | C] () -- C:\WINDOWS\System32\igkrng500.bin
[2011/04/30 14:33:09 | 000,417,344 | ---- | C] () -- C:\WINDOWS\System32\igcompkrng500.bin
[2011/04/30 14:33:09 | 000,033,872 | ---- | C] () -- C:\WINDOWS\System32\igxpxs32.vp
[2011/04/30 14:33:09 | 000,002,096 | ---- | C] () -- C:\WINDOWS\System32\igxpxk32.vp
[2011/04/30 14:28:50 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2011/04/30 14:11:41 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/04/30 14:09:30 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2011/04/30 14:09:23 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\User\Start Menu\Programs\Outlook Express.lnk
[2011/04/30 14:09:21 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\User\Start Menu\Programs\Internet Explorer.lnk
[2011/04/30 14:09:20 | 000,000,779 | ---- | C] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/04/30 14:09:12 | 000,001,599 | ---- | C] () -- C:\Documents and Settings\User\Start Menu\Programs\Remote Assistance.lnk
[2011/04/30 14:09:12 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\User\Start Menu\Programs\Windows Media Player.lnk
[2011/04/30 14:06:46 | 000,008,192 | ---- | C] () -- C:\WINDOWS\REGLOCS.OLD
[2011/04/30 14:05:53 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/04/30 14:04:56 | 000,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll
[2011/04/30 14:04:31 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2011/04/30 14:04:23 | 000,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2011/04/30 14:04:22 | 000,196,665 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe
[2011/04/30 14:04:20 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2011/04/30 14:04:08 | 013,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
[2011/04/30 14:04:02 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2011/04/30 14:03:58 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\dllcache\fpencode.dll
[2011/04/30 14:03:45 | 000,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2011/04/30 14:02:55 | 000,002,577 | ---- | C] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/04/30 14:02:55 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2011/04/30 14:02:55 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2011/04/30 14:02:55 | 000,000,000 | ---- | C] () -- C:\CONFIG.SYS
[2011/04/30 14:02:55 | 000,000,000 | ---- | C] () -- C:\AUTOEXEC.BAT
[2011/04/30 14:02:51 | 000,023,392 | ---- | C] () -- C:\WINDOWS\System32\nscompat.tlb
[2011/04/30 14:02:51 | 000,016,832 | ---- | C] () -- C:\WINDOWS\System32\amcompat.tlb
[2011/04/30 14:02:50 | 000,316,640 | ---- | C] () -- C:\WINDOWS\WMSysPr9.prx
[2011/04/30 14:01:27 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Movie Maker.lnk
[2011/04/30 14:01:12 | 004,399,505 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nls302en.lex
[2011/04/30 14:00:49 | 000,048,680 | -HS- | C] () -- C:\WINDOWS\winnt256.bmp
[2011/04/30 14:00:49 | 000,048,680 | -HS- | C] () -- C:\WINDOWS\winnt.bmp
[2011/04/30 14:00:40 | 000,000,984 | ---- | C] () -- C:\WINDOWS\System32\dllcache\srframe.mmf
[2011/04/30 13:59:39 | 000,376,832 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msinfo.dll
[2011/04/30 13:58:48 | 000,000,609 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Messenger.lnk
[2011/04/30 13:58:47 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/04/30 13:58:15 | 000,001,986 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\MSN.lnk
[2011/04/30 13:57:40 | 000,065,832 | ---- | C] () -- C:\WINDOWS\Santa Fe Stucco.bmp
[2011/04/30 13:57:40 | 000,009,522 | ---- | C] () -- C:\WINDOWS\Zapotec.bmp
[2011/04/30 13:57:39 | 000,065,954 | ---- | C] () -- C:\WINDOWS\Prairie Wind.bmp
[2011/04/30 13:57:39 | 000,026,680 | ---- | C] () -- C:\WINDOWS\River Sumida.bmp
[2011/04/30 13:57:39 | 000,026,582 | ---- | C] () -- C:\WINDOWS\Greenstone.bmp
[2011/04/30 13:57:39 | 000,017,362 | ---- | C] () -- C:\WINDOWS\Rhododendron.bmp
[2011/04/30 13:57:39 | 000,017,336 | ---- | C] () -- C:\WINDOWS\Gone Fishing.bmp
[2011/04/30 13:57:39 | 000,016,730 | ---- | C] () -- C:\WINDOWS\FeatherTexture.bmp
[2011/04/30 13:57:38 | 000,065,978 | ---- | C] () -- C:\WINDOWS\Soap Bubbles.bmp
[2011/04/30 13:57:38 | 000,017,062 | ---- | C] () -- C:\WINDOWS\Coffee Bean.bmp
[2011/04/30 13:57:38 | 000,001,272 | ---- | C] () -- C:\WINDOWS\Blue Lace 16.bmp
[2011/04/30 13:57:33 | 000,003,286 | ---- | C] () -- C:\WINDOWS\System32\tslabels.h
[2011/04/30 13:57:33 | 000,001,161 | ---- | C] () -- C:\WINDOWS\System32\usrlogon.cmd
[2011/04/30 13:57:31 | 000,000,768 | ---- | C] () -- C:\WINDOWS\System32\msdtcprf.h
[2011/04/30 13:57:23 | 000,063,488 | ---- | C] () -- C:\WINDOWS\System32\wmimgmt.msc
[2008/04/14 02:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/04/14 02:00:00 | 000,311,934 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008/04/14 02:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/04/14 02:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/04/14 02:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/04/14 02:00:00 | 000,040,196 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008/04/14 02:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/04/14 02:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/04/14 02:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/04/14 02:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2005/04/15 06:52:33 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/04/15 06:52:33 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

========== LOP Check ==========

[2011/05/04 20:58:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2011/04/30 15:13:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/05/19 20:15:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Azureus
[2011/05/11 15:19:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Nymgo4.0
[2011/04/30 15:13:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Opera
[2011/05/18 21:35:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\TrustPort

========== Purity Check ==========



< End of report >
  • 0

#8
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Excellent - could you now install or Update your antivirus and then run a scan with malwarebytes to see if anything is lurking

Once done can you let me know what problems remain

Posted Image Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
  • 0

#9
dr_ask

dr_ask

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Firstly, i would very much like to thank you for helping me with this problem. I really appreciate the favor.

I am also very curious on how you did it...

I would like to ask on more favor from you...

please advice on the best antivirus software for both my computers:

One is an hp dv5 on 32 bit vista and the other is an hp compaq on xp sp3


Here is the log for the scan

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6619

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

5/19/2011 10:17:07 PM
mbam-log-2011-05-19 (22-17-07).txt

Scan type: Quick scan
Objects scanned: 136452
Time elapsed: 2 minute(s), 37 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Thanks again!!!
  • 0

#10
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

I am also very curious on how you did it...

There are two answers to this question and the first is the one I like best
1. I am smooth, suave, debonair, sophisticated and an all round bon oeuf :unsure:
2. TDSS told me about a locked service, it is not a normal one. I used OTL to stop it and Combofix to remove the remnants :)

please advice on the best antivirus software for both my computers:

This is a biased opinion as it is the AV I use

Avast is fairly lightweight and almost fire and forget

How is the computer behaving now ?
  • 0

#11
dr_ask

dr_ask

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
i am sure you are!!!!

no hiccups as yet.....hoping it will stay that way.

but i know where to come if i have any trouble...cant thank you enough
  • 0

#12
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Subject to no further problems :unsure:

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :yes:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Commands
    [resethosts]
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [CLEARALLRESTOREPOINTS]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done

Click Start > Run and copy/paste the following bolded text into the Run box and click OK

ComboFix /Uninstall

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.


SPRING CLEAN

Download and run Puran Disc Defragmenter
For the first run I would recommend a boot defrag and disk check

Posted Image


Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

Posted Image Malwarebytes. Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To keep your operating system up to date visit

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?
Keep safe :)
  • 0

#13
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP