Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Windows XP, Virus Cuts Internet Conenction... help?

Started by J.NewUser , May 20 2011 12:16 PM

  • Please log in to reply

#1
J.NewUser
Posted 20 May 2011 - 12:16 PM

J.NewUser

    New Member

  • Member
  • Pip
  • 1 posts
Hello,

I clicked on a malicious google link and ran into a virus which acts as a "security center". I rebooted my laptop into safe mode and turned off all unnecessary services at start-up. I ran a virus scan (BitDefender 2011) and Registry Mechanic to find all the errors and viruses it could in safe mode. I am still running into this error where my wireless internet connection completely stops then changes the connection name to "Access Point". When I try and repair it says there is a DNS error with the registry. I ran a scan again and found nothing. Any help would be greatly appreciated.

Here is the OTL:


OTL logfile created on: 20/05/2011 3:24:06 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\user\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 78.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 192.51 Gb Free Space | 82.67% Space Free | Partition Type: NTFS
Drive D: | 4.03 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: HP-NOTEBOOK | User Name: Julius | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/20 15:23:34 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\My Documents\Downloads\OTL.exe
PRC - [2011/05/17 23:52:38 | 001,118,232 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\BitDefender\BitDefender 2010\seccenter.exe
PRC - [2011/05/16 18:47:10 | 001,198,048 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe
PRC - [2011/05/16 18:46:24 | 000,310,856 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
PRC - [2011/05/16 18:45:48 | 001,615,688 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe
PRC - [2011/05/07 08:57:16 | 001,010,232 | ---- | M] (Google Inc.) -- C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2010/08/10 12:39:33 | 000,085,096 | ---- | M] (Autodesk) -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
PRC - [2009/10/08 11:48:04 | 000,030,240 | ---- | M] (Laserfiche) -- C:\Program Files\Laserfiche\Client 8\Snapshot 8\SnapshotService80.exe
PRC - [2008/07/08 16:41:02 | 002,828,184 | ---- | M] (PC Tools) -- C:\Program Files\Registry Mechanic\RegMech.exe
PRC - [2008/04/13 21:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2011/05/20 15:23:34 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\My Documents\Downloads\OTL.exe
MOD - [2011/02/04 10:12:32 | 000,234,408 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\Sophos Anti-Virus\sophos_detoured.dll
MOD - [2010/08/23 13:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (MSDTCPlugPlay)
SRV - [2011/05/17 23:49:24 | 000,315,392 | ---- | M] (S.C. BitDefender S.R.L) [On_Demand | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\scan.dll -- (scan)
SRV - [2011/05/16 18:46:24 | 000,310,856 | ---- | M] (BitDefender S.R.L.) [Auto | Running] -- C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe -- (LIVESRV)
SRV - [2011/05/16 18:45:48 | 001,615,688 | ---- | M] (BitDefender S.R.L.) [Auto | Running] -- C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe -- (VSSERV)
SRV - [2011/05/16 18:45:35 | 000,183,880 | ---- | M] (BitDefender S.R.L. http://www.bitdefender.com) [On_Demand | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe -- (Arrakis3)
SRV - [2010/12/22 12:55:52 | 000,230,640 | ---- | M] (Sophos Plc) [Disabled | Stopped] -- C:\Program Files\Sophos\AutoUpdate\ALsvc.exe -- (Sophos AutoUpdate Service)
SRV - [2010/12/22 12:55:40 | 001,541,360 | ---- | M] (Sophos Plc) [Disabled | Stopped] -- C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe -- (swi_service)
SRV - [2010/12/22 12:55:32 | 000,097,520 | ---- | M] (Sophos Plc) [Unknown | Stopped] -- C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe -- (SAVService)
SRV - [2010/12/22 12:55:28 | 000,163,056 | ---- | M] (Sophos Plc) [Unknown | Stopped] -- C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe -- (SAVAdminService)
SRV - [2010/12/22 12:55:09 | 000,806,912 | ---- | M] (Sophos Plc) [Disabled | Stopped] -- C:\Program Files\Sophos\Remote Management System\RouterNT.exe -- (Sophos Message Router)
SRV - [2010/12/22 12:55:06 | 000,282,624 | ---- | M] (Sophos Plc) [Disabled | Stopped] -- C:\Program Files\Sophos\Remote Management System\ManagementAgentNT.exe -- (Sophos Agent)
SRV - [2010/08/10 12:39:33 | 000,085,096 | ---- | M] (Autodesk) [Auto | Running] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2009/10/08 11:48:04 | 000,030,240 | ---- | M] (Laserfiche) [Auto | Running] -- C:\Program Files\Laserfiche\Client 8\Snapshot 8\SnapshotService80.exe -- (Laserfiche Snapshot Service 8)
SRV - [2008/11/09 17:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Disabled | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/08/26 20:02:24 | 000,014,336 | ---- | M] (Agere Systems) [Disabled | Stopped] -- C:\Program Files\LSI SoftModem\agrsmsvc.exe -- (AgereModemAudio)


========== Driver Services (SafeList) ==========

DRV - [2011/05/17 23:53:34 | 000,119,504 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys -- (bdftdif)
DRV - [2011/05/17 23:50:04 | 000,111,312 | ---- | M] (BitDefender LLC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bdfndisf.sys -- (Bdfndisf)
DRV - [2011/05/16 18:47:45 | 000,085,128 | ---- | M] (BitDefender) [Kernel | Auto | Running] -- C:\Program Files\BitDefender\BitDefender 2010\bdvedisk.sys -- (BDVEDISK)
DRV - [2011/05/16 18:47:04 | 000,153,448 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bdfm.sys -- (bdfm)
DRV - [2011/05/16 18:46:35 | 000,058,368 | ---- | M] (BitDefender) [Kernel | On_Demand | Running] -- C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys -- (BDSelfPr)
DRV - [2011/05/16 18:46:13 | 000,291,352 | ---- | M] (BitDefender) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\bdfsfltr.sys -- (bdfsfltr)
DRV - [2011/05/16 18:45:44 | 000,014,720 | ---- | M] (BitDefender S.R.L.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys -- (Profos)
DRV - [2010/12/22 12:55:37 | 000,024,064 | ---- | M] (Sophos Plc) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\savonaccessfilter.sys -- (SAVOnAccessFilter)
DRV - [2010/12/22 12:55:32 | 000,153,344 | ---- | M] (Sophos Plc) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\savonaccesscontrol.sys -- (SAVOnAccessControl)
DRV - [2010/10/08 10:48:30 | 000,023,928 | ---- | M] (Sophos Plc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sdcfilter.sys -- (sdcfilter)
DRV - [2010/06/28 12:26:16 | 000,014,976 | ---- | M] (Sophos Plc) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\SophosBootDriver.sys -- (SophosBootDriver)
DRV - [2009/06/18 16:38:34 | 004,203,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32) Intel®
DRV - [2009/05/07 04:22:06 | 000,039,808 | ---- | M] (BitDefender S.R.L.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\trufos.sys -- (Trufos)
DRV - [2009/02/04 04:27:22 | 003,488,768 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2008/11/21 22:53:40 | 001,204,128 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008/05/08 09:01:44 | 003,552,256 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008/04/28 16:22:10 | 000,009,344 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2008/04/10 18:27:34 | 001,804,160 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2008/03/28 11:14:02 | 000,024,064 | ---- | M] (Sonic Focus, Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfaudio.sys -- (SFAUDIO)
DRV - [2008/01/18 11:28:00 | 000,285,824 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2007/06/21 05:40:02 | 000,056,448 | ---- | M] (SCM Microsystems Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SCR3XX2K.sys -- (SCR3XX2K)
DRV - [2007/06/18 18:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "http://ca.search.yah...ch?fr=ffsp1&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "http://www.google.ca/"
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.3.0.7280
FF - prefs.js..extensions.enabledItems: [email protected]:2.4.4000
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {6CAF43E3-AE6F-40C8-81EB-7D527EFF64F3}:1.9.1
FF - prefs.js..extensions.enabledItems: [email protected]:2.0
FF - prefs.js..keyword.URL: "http://ca.search.yah...ch?fr=ffds1&p="


FF - HKLM\software\mozilla\Firefox\Extensions\\{6CAF43E3-AE6F-40C8-81EB-7D527EFF64F3}: C:\Documents and Settings\user\Local Settings\Application Data\{6CAF43E3-AE6F-40C8-81EB-7D527EFF64F3} [2011/05/11 14:08:59 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\BitDefender\BitDefender 2010\bdaphffext\ [2011/05/18 15:45:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/18 15:45:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/11 13:54:55 | 000,000,000 | ---D | M]

[2010/02/05 15:57:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\user\Application Data\Mozilla\Extensions
[2011/01/18 13:30:15 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\fjyldekc.default\extensions
[2010/02/05 16:04:03 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\fjyldekc.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/05/16 23:05:06 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\fjyldekc.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/06/22 00:37:29 | 000,000,000 | ---D | M] (ALOT Toolbar) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\fjyldekc.default\extensions\[email protected]
[2010/06/22 00:41:40 | 000,002,233 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\fjyldekc.default\searchplugins\alot-search.xml
[2011/01/18 13:30:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/05/04 02:05:57 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2009/09/08 16:01:18 | 000,163,608 | ---- | M] (Tracker Software Products Ltd.) -- C:\Program Files\Mozilla Firefox\plugins\npPDFXCviewNPPlugin.dll

Hosts file not found
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Sophos Web Content Scanner) - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - C:\Program Files\Sophos\Sophos Anti-Virus\SophosBHO.dll (Sophos Plc)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (PDF-XChange Viewer IE-Plugin) - {C5D07EB6-BBCE-4DAE-ACBB-D13A8D28CB1F} - C:\Program Files\Tracker Software\PDF Viewer\PDFXCviewIEPlugin.dll (Tracker Software Products Ltd.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (BitDefender Toolbar) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2010\ietoolbar.dll (BitDefender S.R.L.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [BDAgent] C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe (BitDefender S.R.L.)
O4 - HKLM..\Run: [BitDefender Antiphishing Helper] C:\Program Files\BitDefender\BitDefender 2010\IEShow.exe (BitDefender S.R.L.)
O4 - HKLM..\Run: [Sophos AutoUpdate Monitor] C:\Program Files\Sophos\AutoUpdate\ALMon.exe (Sophos Plc)
O4 - HKCU..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe (PC Tools)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.222.0.94 24.222.0.95 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ONSA.CA
O18 - Protocol\Handler\asp {8D32BA61-D15B-11d4-894B-000000000000} - C:\WINDOWS\system32\hsppp.dll (EzTools Software)
O18 - Protocol\Handler\ezstor {8D32BA61-D15B-11d4-894B-000000000000} - C:\WINDOWS\system32\hsppp.dll (EzTools Software)
O18 - Protocol\Handler\hsp {8D32BA61-D15B-11d4-894B-000000000000} - C:\WINDOWS\system32\hsppp.dll (EzTools Software)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\x-asp {8D32BA61-D15B-11d4-894B-000000000000} - C:\WINDOWS\system32\hsppp.dll (EzTools Software)
O18 - Protocol\Handler\x-cnote {8D32BA61-D15B-11d4-894B-000000000000} - C:\WINDOWS\system32\hsppp.dll (EzTools Software)
O18 - Protocol\Handler\x-hsp {8D32BA61-D15B-11d4-894B-000000000000} - C:\WINDOWS\system32\hsppp.dll (EzTools Software)
O18 - Protocol\Handler\x-mem1 {C3719F83-7EF8-4BA0-89B0-3360C7AFB7CC} - C:\WINDOWS\system32\WowCtl2.dll (EzTools Software)
O18 - Protocol\Handler\x-zip {8D32BA61-D15B-11d4-894B-000000000000} - C:\WINDOWS\system32\hsppp.dll (EzTools Software)
O18 - Protocol\Handler\zip {8D32BA61-D15B-11d4-894B-000000000000} - C:\WINDOWS\system32\hsppp.dll (EzTools Software)
O20 - AppInit_DLLs: (C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL) - C:\Program Files\Sophos\Sophos Anti-Virus\sophos_detoured.dll (Sophos Plc)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Desktop Background.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Desktop Background.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/10/13 10:48:02 | 000,000,000 | ---D | M] - C:\AutoCAD -- [ NTFS ]
O32 - AutoRun File - [2010/01/22 19:13:29 | 000,000,000 | ---D | M] - C:\AutoCAD-13 -- [ NTFS ]
O32 - AutoRun File - [2010/01/22 09:51:50 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/20 13:22:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/05/20 13:22:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Registry Mechanic
[2011/05/20 13:22:47 | 000,000,000 | ---D | C] -- C:\Program Files\Registry Mechanic
[2011/05/20 03:18:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Reimage Repair
[2011/05/20 03:18:14 | 000,000,000 | ---D | C] -- C:\rei
[2011/05/20 03:18:03 | 000,000,000 | ---D | C] -- C:\Program Files\Reimage
[2011/05/18 18:31:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\vlc
[2011/05/18 18:31:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\VideoLAN
[2011/05/17 20:53:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Start Menu\Programs\Google Chrome
[2011/05/16 18:28:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\BitDefender 2010
[2011/05/16 18:28:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\BitDefender
[2011/05/16 18:27:51 | 000,000,000 | ---D | C] -- C:\Program Files\BitDefender
[2011/05/16 18:27:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\BitDefender
[2011/05/16 18:27:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\BitDefender
[2011/05/16 16:39:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2011/05/16 16:39:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2011/05/11 14:17:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/05/11 14:17:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/05/11 14:08:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Local Settings\Application Data\{6CAF43E3-AE6F-40C8-81EB-7D527EFF64F3}
[2011/05/04 11:28:49 | 000,131,824 | ---- | C] (Sophos Plc) -- C:\WINDOWS\System32\sdccoinstaller.dll
[2011/05/04 11:28:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sophos Web Intelligence
[2011/05/04 11:28:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Cisco Systems
[2011/05/04 11:27:55 | 000,028,912 | ---- | C] (Sophos Plc) -- C:\WINDOWS\System32\SophosBootTasks.exe
[2011/05/04 02:06:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\skypePM
[2011/05/04 02:06:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Skype Extras
[2011/05/04 02:06:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\Skype
[2011/05/04 02:05:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[2011/05/04 02:05:40 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2011/05/04 02:05:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2011/05/04 01:27:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Skype
[2011/04/26 14:47:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Apple Computer
[2011/04/26 10:19:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Local Settings\Application Data\PCHealth
[2010/01/22 10:07:35 | 000,176,128 | ---- | C] ( ) -- C:\WINDOWS\System32\csnp2uvc.dll
[2010/01/22 10:07:32 | 000,180,224 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnp2uvc.dll
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\user\My Documents\*.tmp files -> C:\Documents and Settings\user\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/20 15:26:14 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/05/20 14:49:19 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/20 14:48:11 | 000,000,052 | ---- | M] () -- C:\WINDOWS\System32\ashttpstats.csv
[2011/05/20 13:22:52 | 000,000,738 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Registry Mechanic.lnk
[2011/05/20 13:17:08 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\phar_unmip.dat
[2011/05/20 13:17:08 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\phar_histprot.dat
[2011/05/20 13:17:08 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\pc_webproxy.dat
[2011/05/20 13:17:08 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\pc_video.dat
[2011/05/20 13:17:08 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\pc_tabloids.dat
[2011/05/20 13:17:08 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\pc_socialnetworks.dat
[2011/05/20 13:17:08 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\pc_searchengines.dat
[2011/05/20 13:17:08 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\pc_regionaltlds.dat
[2011/05/20 13:17:08 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\pc_pornography.dat
[2011/05/20 13:17:08 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\pc_onlineshop.dat
[2011/05/20 13:17:08 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\pc_onlinepay.dat
[2011/05/20 13:17:08 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\pc_onlinedating.dat
[2011/05/20 13:17:08 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\pc_news.dat
[2011/05/20 13:17:08 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\pc_im.dat
[2011/05/20 13:17:08 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\pc_illegal.dat
[2011/05/20 13:17:08 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\pc_hate.dat
[2011/05/20 13:17:08 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\pc_games.dat
[2011/05/20 13:17:08 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\pc_gambling.dat
[2011/05/20 13:17:08 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\pc_drugs.dat
[2011/05/20 03:20:16 | 000,000,286 | ---- | M] () -- C:\WINDOWS\reimage.ini
[2011/05/20 03:20:06 | 000,000,228 | ---- | M] () -- C:\WINDOWS\tasks\Reimage Reminder.job
[2011/05/20 03:18:15 | 000,001,749 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\PC Scan & Repair by Reimage.lnk
[2011/05/20 02:53:07 | 000,000,376 | ---- | M] () -- C:\Documents and Settings\user\Application Dataprivacy.xml
[2011/05/19 17:17:01 | 000,000,032 | --S- | M] () -- C:\WINDOWS\System32\3978988556.dat
[2011/05/19 15:09:05 | 000,006,144 | ---- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/19 14:00:20 | 000,000,850 | ---- | M] () -- C:\Documents and Settings\user\Application DataProductTweaks.xml
[2011/05/19 14:00:20 | 000,000,385 | ---- | M] () -- C:\Documents and Settings\user\Application Datauser_gensett.xml
[2011/05/19 02:34:23 | 000,002,277 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome (2).lnk
[2011/05/18 18:31:28 | 000,000,719 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2011/05/18 15:44:30 | 000,000,385 | ---- | M] () -- C:\WINDOWS\System32\user_gensett.xml
[2011/05/18 00:05:26 | 000,000,132 | ---- | M] () -- C:\WINDOWS\System32\rezumatenoi.dat
[2011/05/17 23:50:04 | 000,111,312 | ---- | M] (BitDefender LLC) -- C:\WINDOWS\System32\drivers\bdfndisf.sys
[2011/05/17 21:23:42 | 000,000,016 | ---- | M] () -- C:\WINDOWS\System32\asdict.dat
[2011/05/17 21:23:42 | 000,000,004 | ---- | M] () -- C:\WINDOWS\System32\aspdict-en.dat
[2011/05/17 20:57:11 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1801674531-1563985344-725345543-1003UA.job
[2011/05/17 20:57:00 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1801674531-1563985344-725345543-1003Core.job
[2011/05/17 20:53:11 | 000,002,277 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Google Chrome.lnk
[2011/05/17 20:53:11 | 000,002,255 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/05/16 18:47:04 | 000,153,448 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\WINDOWS\System32\drivers\bdfm.sys
[2011/05/16 18:46:13 | 000,291,352 | ---- | M] (BitDefender) -- C:\WINDOWS\System32\drivers\bdfsfltr.sys
[2011/05/16 18:45:26 | 000,106,464 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\WINDOWS\System32\drivers\bdhv.sys
[2011/05/16 18:41:59 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\wsbl.dat
[2011/05/16 18:41:59 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\ph_white.dat
[2011/05/16 18:41:59 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\ph_summ.dat
[2011/05/16 18:41:59 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\ph_spoof.sig
[2011/05/16 18:41:59 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\ph_sign.slf
[2011/05/16 18:41:59 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\ph_fuzzy.sig
[2011/05/16 18:41:59 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\ph_black.dat
[2011/05/16 18:41:59 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\pcwords2.dat
[2011/05/16 18:41:59 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\pcwords.dat
[2011/05/16 18:41:59 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\pc_sign.slf
[2011/05/16 18:41:59 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\ab_sbl.sig
[2011/05/16 18:41:59 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\ab_bl.sig
[2011/05/16 18:28:26 | 000,001,869 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\BitDefender Internet Security 2010.lnk
[2011/05/16 17:54:09 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Klolo.dat
[2011/05/16 15:41:26 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Dwugusu.bin
[2011/05/16 15:10:08 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/05 14:34:05 | 000,004,286 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol
[2011/05/04 13:23:48 | 000,085,464 | ---- | M] () -- C:\Documents and Settings\user\Desktop\.pdf
[2011/05/04 11:27:26 | 000,000,530 | ---- | M] () -- C:\WINDOWS\tasks\Friday Night Global Scan.job
[2011/05/04 03:04:28 | 000,435,594 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/05/04 03:04:28 | 000,068,490 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/05/04 02:06:39 | 000,000,056 | -H-- | M] () -- C:\WINDOWS\System32\ezsidmv.dat
[2011/05/04 02:05:41 | 000,001,878 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011/05/02 11:26:16 | 000,000,218 | ---- | M] () -- C:\WINDOWS\hpbafd.ini
[2011/05/02 11:25:56 | 000,017,746 | ---- | M] () -- C:\Documents and Settings\user\Desktop\OA FINAL - CBU.pdf
[2011/05/02 11:04:30 | 001,441,792 | ---- | M] () -- C:\Documents and Settings\user\Desktop\InfoTime 2010 Staff 1_6.accdb
[2011/04/30 20:08:55 | 000,077,048 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/04/29 13:14:07 | 000,116,865 | ---- | M] () -- C:\Documents and Settings\user\Desktop\FRAME™plus Online - Window or Vision Panel.pdf
[2011/04/29 12:04:04 | 000,745,445 | ---- | M] () -- C:\Documents and Settings\user\Desktop\www.ppg.com corporate ideascapes SiteCollectionDocuments 10104 Solarban 60 (7071).pdf
[2011/04/26 13:57:30 | 000,012,406 | ---- | M] () -- C:\Documents and Settings\user\Desktop\07104-Title Page.pdf
[2011/04/26 13:37:20 | 000,015,563 | ---- | M] () -- C:\Documents and Settings\user\Desktop\07104 - Submission Checklist.pdf
[2011/04/26 13:35:08 | 000,229,310 | ---- | M] () -- C:\Documents and Settings\user\Desktop\07104-Modeling notes.pdf
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\user\My Documents\*.tmp files -> C:\Documents and Settings\user\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/20 13:22:52 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Registry Mechanic.lnk
[2011/05/20 13:17:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\phar_unmip.dat
[2011/05/20 13:17:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\phar_histprot.dat
[2011/05/20 13:17:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_webproxy.dat
[2011/05/20 13:17:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_video.dat
[2011/05/20 13:17:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_tabloids.dat
[2011/05/20 13:17:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_socialnetworks.dat
[2011/05/20 13:17:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_searchengines.dat
[2011/05/20 13:17:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_regionaltlds.dat
[2011/05/20 13:17:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_pornography.dat
[2011/05/20 13:17:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_onlineshop.dat
[2011/05/20 13:17:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_onlinepay.dat
[2011/05/20 13:17:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_onlinedating.dat
[2011/05/20 13:17:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_news.dat
[2011/05/20 13:17:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_im.dat
[2011/05/20 13:17:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_illegal.dat
[2011/05/20 13:17:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_hate.dat
[2011/05/20 13:17:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_games.dat
[2011/05/20 13:17:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_gambling.dat
[2011/05/20 13:17:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_drugs.dat
[2011/05/20 03:20:06 | 000,000,228 | ---- | C] () -- C:\WINDOWS\tasks\Reimage Reminder.job
[2011/05/20 03:20:04 | 000,000,286 | ---- | C] () -- C:\WINDOWS\reimage.ini
[2011/05/20 03:18:15 | 000,001,749 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\PC Scan & Repair by Reimage.lnk
[2011/05/19 17:17:01 | 000,000,032 | --S- | C] () -- C:\WINDOWS\System32\3978988556.dat
[2011/05/19 14:00:20 | 000,000,850 | ---- | C] () -- C:\Documents and Settings\user\Application DataProductTweaks.xml
[2011/05/19 14:00:20 | 000,000,385 | ---- | C] () -- C:\Documents and Settings\user\Application Datauser_gensett.xml
[2011/05/19 14:00:18 | 000,000,376 | ---- | C] () -- C:\Documents and Settings\user\Application Dataprivacy.xml
[2011/05/19 13:21:03 | 000,000,052 | ---- | C] () -- C:\WINDOWS\System32\ashttpstats.csv
[2011/05/19 02:34:23 | 000,002,277 | ---- | C] () -- C:\Documents and Settings\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome (2).lnk
[2011/05/18 18:31:28 | 000,000,719 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2011/05/18 15:44:30 | 000,000,385 | ---- | C] () -- C:\WINDOWS\System32\user_gensett.xml
[2011/05/17 21:23:42 | 000,000,016 | ---- | C] () -- C:\WINDOWS\System32\asdict.dat
[2011/05/17 21:23:42 | 000,000,004 | ---- | C] () -- C:\WINDOWS\System32\aspdict-en.dat
[2011/05/17 21:03:18 | 000,000,132 | ---- | C] () -- C:\WINDOWS\System32\rezumatenoi.dat
[2011/05/17 20:53:11 | 000,002,277 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Google Chrome.lnk
[2011/05/17 20:53:11 | 000,002,255 | ---- | C] () -- C:\Documents and Settings\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/05/17 20:52:20 | 000,000,978 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1801674531-1563985344-725345543-1003UA.job
[2011/05/17 20:52:19 | 000,000,926 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1801674531-1563985344-725345543-1003Core.job
[2011/05/16 18:41:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\wsbl.dat
[2011/05/16 18:41:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\ph_white.dat
[2011/05/16 18:41:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\ph_summ.dat
[2011/05/16 18:41:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\ph_spoof.sig
[2011/05/16 18:41:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\ph_sign.slf
[2011/05/16 18:41:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\ph_fuzzy.sig
[2011/05/16 18:41:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\ph_black.dat
[2011/05/16 18:41:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pcwords2.dat
[2011/05/16 18:41:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pcwords.dat
[2011/05/16 18:41:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_sign.slf
[2011/05/16 18:41:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\ab_sbl.sig
[2011/05/16 18:41:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\ab_bl.sig
[2011/05/16 18:28:26 | 000,001,869 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\BitDefender Internet Security 2010.lnk
[2011/05/11 14:09:01 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Klolo.dat
[2011/05/11 14:09:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Dwugusu.bin
[2011/05/04 13:23:47 | 000,085,464 | ---- | C] () -- C:\Documents and Settings\user\Desktop\.pdf
[2011/05/04 02:06:39 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2011/05/04 02:05:41 | 000,001,878 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011/05/02 11:25:55 | 000,017,746 | ---- | C] () -- C:\Documents and Settings\user\Desktop\OA FINAL - CBU.pdf
[2011/04/30 20:08:55 | 000,077,048 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/04/29 13:14:06 | 000,116,865 | ---- | C] () -- C:\Documents and Settings\user\Desktop\FRAME™plus Online - Window or Vision Panel.pdf
[2011/04/29 12:04:02 | 000,745,445 | ---- | C] () -- C:\Documents and Settings\user\Desktop\www.ppg.com corporate ideascapes SiteCollectionDocuments 10104 Solarban 60 (7071).pdf
[2011/04/26 13:38:43 | 000,012,406 | ---- | C] () -- C:\Documents and Settings\user\Desktop\07104-Title Page.pdf
[2011/04/26 13:37:20 | 000,015,563 | ---- | C] () -- C:\Documents and Settings\user\Desktop\07104 - Submission Checklist.pdf
[2011/04/26 13:35:07 | 000,229,310 | ---- | C] () -- C:\Documents and Settings\user\Desktop\07104-Modeling notes.pdf
[2011/03/15 21:07:06 | 000,006,144 | ---- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/20 23:26:35 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2010/10/18 10:49:45 | 000,985,088 | ---- | C] () -- C:\WINDOWS\System32\owl55f.dll
[2010/10/18 10:49:45 | 000,906,784 | ---- | C] () -- C:\WINDOWS\System32\owl52f.dll
[2010/10/12 15:45:25 | 000,000,082 | ---- | C] () -- C:\WINDOWS\ABC_mru.ini
[2010/08/27 09:33:08 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/08/11 17:20:00 | 000,629,352 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/05/14 14:34:09 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\Dfdlg100.dll
[2010/05/14 14:34:02 | 000,001,116 | ---- | C] () -- C:\WINDOWS\w5.ini
[2010/05/14 14:34:02 | 000,000,245 | ---- | C] () -- C:\WINDOWS\lbnlbtd.ini
[2010/02/05 15:57:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/01/25 15:49:31 | 000,002,275 | ---- | C] () -- C:\WINDOWS\System32\FSDM.INI
[2010/01/25 15:49:27 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\ECATENB2.DLL
[2010/01/25 15:49:27 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\ECATEN33.DLL
[2010/01/25 15:49:27 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\ECATEN32.DLL
[2010/01/22 19:59:15 | 000,000,028 | ---- | C] () -- C:\WINDOWS\pdf995.ini
[2010/01/22 15:31:31 | 000,000,025 | ---- | C] () -- C:\WINDOWS\LF.ini
[2010/01/22 12:06:27 | 000,000,218 | ---- | C] () -- C:\WINDOWS\hpbafd.ini
[2010/01/22 11:55:36 | 000,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2010/01/22 11:55:29 | 000,000,109 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2010/01/22 10:57:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2010/01/22 10:18:57 | 003,107,788 | R--- | C] () -- C:\WINDOWS\System32\atiumdva.dat
[2010/01/22 10:07:35 | 001,804,160 | ---- | C] () -- C:\WINDOWS\System32\drivers\snp2uvc.sys
[2010/01/22 10:07:35 | 000,028,160 | ---- | C] () -- C:\WINDOWS\System32\drivers\sncduvc.sys
[2010/01/22 10:07:35 | 000,015,497 | ---- | C] () -- C:\WINDOWS\snp2uvc.ini
[2010/01/22 10:06:55 | 000,000,571 | ---- | C] () -- C:\WINDOWS\HBCIKRNL.INI
[2010/01/22 09:55:56 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/01/22 09:48:55 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/01/22 05:39:59 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/01/22 05:38:45 | 000,348,992 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/04/24 01:02:14 | 000,491,520 | ---- | C] () -- C:\WINDOWS\System32\LFSS80ResNT.dll
[2009/02/04 01:13:22 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2009/02/04 01:13:22 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2009/01/15 13:45:34 | 000,181,248 | ---- | C] () -- C:\WINDOWS\System32\txmlutil.dll
[2008/05/08 06:14:24 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\atitmmxx.dll
[2008/03/05 18:40:54 | 000,180,720 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2007/01/31 14:50:32 | 000,913,408 | ---- | C] () -- C:\WINDOWS\System32\xreglib.dll
[2006/02/28 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/02/28 08:00:00 | 000,435,594 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/02/28 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/02/28 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/02/28 08:00:00 | 000,068,490 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/02/28 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/02/28 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/02/28 08:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/02/28 08:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006/02/28 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2002/05/28 14:55:42 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2002/05/28 14:54:40 | 000,004,605 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

========== LOP Check ==========

[2010/01/22 19:00:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
[2011/05/16 18:32:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BitDefender
[2011/04/29 12:04:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pdf995
[2011/05/20 14:22:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2011/05/04 11:27:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sophos
[2011/05/04 11:28:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sophos Web Intelligence
[2011/05/20 14:52:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/06/21 10:15:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2010/11/15 20:19:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/06/21 18:47:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\alot
[2010/08/10 12:41:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Autodesk
[2011/05/16 18:28:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\BitDefender
[2011/05/16 18:47:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\BitTorrent
[2010/01/22 10:09:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Hewlett Packard
[2010/02/24 15:34:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Lf
[2010/09/24 17:53:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\LolClient
[2010/01/22 19:59:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\pdf995
[2010/09/24 15:08:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\SystemRequirementsLab
[2010/01/22 10:08:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\TMP
[2011/05/04 11:27:26 | 000,000,530 | ---- | M] () -- C:\WINDOWS\Tasks\Friday Night Global Scan.job
[2011/05/20 03:20:06 | 000,000,228 | ---- | M] () -- C:\WINDOWS\Tasks\Reimage Reminder.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 148 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1

< End of report >

Edited by J.NewUser, 20 May 2011 - 12:28 PM.

  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP