Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Multiple malwares, maybe a rootkit, previous defender.exe & Awola,

Started by lionclan , Jun 04 2011 10:33 PM

This topic is locked

#1
lionclan

Posted 04 June 2011 - 10:33 PM

New Member

Member
8 posts

I have had many malware issues lately and printing wasn't working. First, maybe a week ago I had some fake antivirus "defender.exe" that I took care of with a script for AVZ Antiviral Toolkit from the Kaspersky boards. Seemed to help. No more defender.exe running. But I still couldn't print and Hijackthis had a few off looking entries.

More recently, I tried AVZ again. Immediately it says something including this:

Function NtEnumerateKey (47) - machine code modification Method of JmpTo. jmp F833960AXyj42.sys
Function NtOpenKey (77) - machine code modification Method of JmpTo. jmp F8339376AXyj42.sys
\FileSystem\ntfs[IRP_MJ_DIRECTORY_CONTROL] = F8334EE7 -> Xyj42.sys

I investigated that a bit then there was an Awola fake malware scan popping up repeatedly, annoyingly, so I decided to nevermind AVZ for the moment and instead read a guide on bleepingcomputer that suggested Smitfraudfix in safe mode to clean up Awola. Rebooted in safe mode. Used SmitFraudFix as described in the guide. Rebooted, still Awola. Rebooted again in safe mode. Terminated Awola's process then went and deleted awola's files manually.

Before restarting I decided to try a regular file search in safemode for that Xyj42.sys from AVZ. It was found in c:\windows\system32 ...I then renamed it xyj42.sy. Restarted in normal mode. No Awola stuff!

Scanned again with AVZ. Enabled malware removal mode and in the search parameters turned the rootkit blocking options on and enabled avzguard. Here's what I saved from its window afterwards:

C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\YHITCL4Z\myraz32[1].exe >>> suspicion for AdvWare.Win32.SuperJuan.tfd ( 0B7200EB 0249C70B 00282CED 00248B31 97280)
File quarantined succesfully (C:\System Volume Information\_restore{EE28ED23-5B67-4E4A-960A-1AA37372AA6D}\RP0\A0000001.dll)
C:\System Volume Information\_restore{EE28ED23-5B67-4E4A-960A-1AA37372AA6D}\RP0\A0000001.dll >>
File quarantined succesfully (C:\System Volume Information\_restore{EE28ED23-5B67-4E4A-960A-1AA37372AA6D}\RP1\A0000450.exe)
File quarantined succesfully (C:\System Volume Information\_restore{EE28ED23-5B67-4E4A-960A-1AA37372AA6D}\RP1\A0000451.exe)
C:\System Volume Information\_restore{EE28ED23-5B67-4E4A-960A-1AA37372AA6D}\RP1\A0000451.exe >>>>> Constructor.VBS.SSIWG.10 deleted successfully
File quarantined succesfully (C:\System Volume Information\_restore{EE28ED23-5B67-4E4A-960A-1AA37372AA6D}\RP1\A0000452.exe)
C:\System Volume Information\_restore{EE28ED23-5B67-4E4A-960A-1AA37372AA6D}\RP1\A0000452.exe
C:\System Volume Information\_restore{EE28ED23-5B67-4E4A-960A-1AA37372AA6D}\RP1\A0000453.COM >>>>> HackTool.DOS.Eudpass deleted successfully
File quarantined succesfully (C:\System Volume Information\_restore{EE28ED23-5B67-4E4A-960A-1AA37372AA6D}\RP1\A0000454.exe)
C:\System Volume Information\_restore{EE28ED23-5B67-4E4A-960A-1AA37372AA6D}\RP1\A0000454.exe >>>>> HackTool.Win32.TrHunter.15 deleted successfully
C:\wintcid.exe >>> suspicion for Trojan-Downloader.Win32.Hilldoor.b ( 0AE3D85F 04DFABCF 0024CDB5 00217095 14336)
C:\winysgd.exe >>> suspicion for Trojan-Downloader.Win32.Hilldoor.b ( 0AE0AA26 04D95439 0024CDB5 00217095 14336)
Removing traces of deleted files...
4. Checking Winsock Layered Service Provider (SPI/LSP)
LSP settings checked. No errors detected
5. Searching for keyboard/mouse/windows events hooks (Keyloggers, Trojan DLLs)
6. Searching for opened TCP/UDP ports used by malicious software
Checking - disabled by user
7. Heuristic system check
Checking - complete
8. Searching for vulnerabilities
>> Services: potentially dangerous service allowed: RemoteRegistry (Remote Registry)
>> Services: potentially dangerous service allowed: TermService (Terminal Services)
>> Services: potentially dangerous service allowed: SSDPSRV (SSDP Discovery Service)
>> Services: potentially dangerous service allowed: TlntSvr (Telnet)
>> Services: potentially dangerous service allowed: Schedule (Task Scheduler)
>> Services: potentially dangerous service allowed: mnmsrvc (NetMeeting Remote Desktop Sharing)
>> Services: potentially dangerous service allowed: RDSessMgr (Remote Desktop Help Session Manager)
> Services: please bear in mind that the set of services depends on the use of the PC (home PC, office PC connected to corporate network, etc)!
>> Security: disk drives' autorun is enabled
>> Security: administrative shares (C$, D$ ...) are enabled
>> Security: anonymous user access is enabled
>> Security: sending Remote Assistant queries is enabled
Checking - complete
Files scanned: 40580, extracted from archives: 20845, malicious software found 9, suspicions - 10
---

Restarted again after. Ran a Spybot S&D scan. It found many things, including Win32.Small.azi, Virtumonde, Smitfraud-C. Awola Anti Spyware. Had it try to fix that stuff. Restarted.

Tinkered with Spybot's System Internals section at some point I seem to recall. Discovered printing worked again! I printed important business things immediately. Later scanned with Hijackthis. There were like 100 bizarre O4 - HKCU\..\Run entries with random names, questionmarks in the filenames, and odd paths. I'm baffled! Help me please!

Here is the OTL scan log:

OTL logfile created on: 6/4/2011 7:49:31 PM - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Program Files\mIRC\download
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.48 Mb Total Physical Memory | 264.51 Mb Available Physical Memory | 51.82% Memory free
1.22 Gb Paging File | 1.03 Gb Available in Paging File | 84.29% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 23.86 Gb Free Space | 32.01% Space Free | Partition Type: NTFS
Drive E: | 123.00 Mb Total Space | 68.60 Mb Free Space | 55.77% Space Free | Partition Type: FAT32

Computer Name: PERFUNDO | User Name: kathy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/04 19:07:58 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Program Files\mIRC\download\OTLgtg.exe
PRC - [2011/06/04 12:39:01 | 000,068,608 | RHS- | M] () -- C:\WINDOWS\Τаsks\regedit.exe
PRC - [2011/04/14 11:25:41 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2006/11/23 10:45:34 | 002,076,672 | ---- | M] (mIRC Co. Ltd.) -- C:\Program Files\mIRC\mirc.exe
PRC - [2006/07/16 05:01:43 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2001/08/17 22:36:54 | 000,086,016 | ---- | M] (PCtel, Inc.) -- C:\WINDOWS\system32\pctspk.exe

========== Modules (SafeList) ==========

MOD - [2011/06/04 19:07:58 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Program Files\mIRC\download\OTLgtg.exe
MOD - [2006/07/16 05:02:56 | 001,053,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2649_x-ww_aac16c8b\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2010/07/26 16:01:00 | 000,066,112 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus®
SRV - [2001/08/17 22:36:54 | 000,086,016 | ---- | M] (PCtel, Inc.) [Auto | Running] -- C:\WINDOWS\system32\pctspk.exe -- (Pctspk)

========== Driver Services (SafeList) ==========

DRV - [2007/05/10 15:02:19 | 000,639,224 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2006/07/16 05:09:03 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2002/10/15 01:00:00 | 000,101,431 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\IdeChnDr.sys -- (IdeChnDr) Intel®
DRV - [2002/10/15 01:00:00 | 000,013,891 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\IdeBusDr.sys -- (IdeBusDr)
DRV - [2002/07/23 10:01:38 | 000,161,020 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\i81xnt5.sys -- (i81x)
DRV - [2002/07/23 10:01:34 | 000,011,935 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV11NT.sys -- (iAimFP8)
DRV - [2002/07/23 10:01:32 | 000,011,871 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV09NT.sys -- (iAimFP7)
DRV - [2002/07/23 10:01:32 | 000,011,807 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV07nt.sys -- (iAimFP5)
DRV - [2002/07/23 10:01:32 | 000,011,295 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV08NT.sys -- (iAimFP6)
DRV - [2002/07/23 10:01:30 | 000,012,127 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV02NT.sys -- (iAimFP1)
DRV - [2002/07/23 10:01:30 | 000,011,775 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV05NT.sys -- (iAimFP2)
DRV - [2002/07/23 10:01:28 | 000,019,455 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wVchNTxx.sys -- (iAimFP4)
DRV - [2002/07/23 10:01:28 | 000,012,415 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV01nt.sys -- (iAimFP0)
DRV - [2002/07/23 10:01:28 | 000,012,063 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wSiINTxx.sys -- (iAimFP3)
DRV - [2002/07/23 10:01:26 | 000,025,471 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV10nt.sys -- (iAimTV5)
DRV - [2002/07/23 10:01:26 | 000,022,271 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV06nt.sys -- (iAimTV6)
DRV - [2002/07/23 10:01:24 | 000,033,599 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV04nt.sys -- (iAimTV3)
DRV - [2002/07/23 10:01:22 | 000,029,311 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV01nt.sys -- (iAimTV0)
DRV - [2002/07/23 10:01:22 | 000,019,551 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV02NT.sys -- (iAimTV1)
DRV - [2002/07/23 10:01:20 | 000,023,615 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wCh7xxNT.sys -- (iAimTV4)
DRV - [2001/08/17 13:28:16 | 000,397,502 | ---- | M] (PCtel, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\vpctcom.sys -- (Vpctcom)
DRV - [2001/08/17 13:28:16 | 000,064,605 | ---- | M] (PCtel, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\vvoice.sys -- (Vvoice)
DRV - [2001/08/17 13:28:14 | 000,604,253 | ---- | M] (PCTEL, INC.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\vmodem.sys -- (Vmodem)
DRV - [2001/08/17 13:28:12 | 000,128,286 | ---- | M] (PCTEL, INC.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptserli.sys -- (Ptserli)
DRV - [2001/08/17 12:12:24 | 000,070,730 | ---- | M] (Linksys Group, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lne100tx.sys -- (lne100tx)
DRV - [2001/08/17 09:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default = ED 18 0C 03 60 D0 7F 49 BE AE C9 BE 6E 33 9E F7 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "http://www.google.co...m/webhp?rls=ig"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {AB196CF2-BF33-4E98-AD19-67A3CD5A4AA0}:1.9.1

FF - HKLM\software\mozilla\Firefox\extensions\\{AB196CF2-BF33-4E98-AD19-67A3CD5A4AA0}: C:\Documents and Settings\kathy\Local Settings\Application Data\{AB196CF2-BF33-4E98-AD19-67A3CD5A4AA0} [2011/06/03 18:48:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files\Mozilla Firefox 4.0 Beta 8\components [2011/04/03 16:16:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox 4.0 Beta 8\plugins
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/22 18:31:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/22 18:30:59 | 000,000,000 | ---D | M]

[2011/03/12 17:24:25 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\kathy\Application Data\Mozilla\Extensions
[2011/05/11 10:46:48 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\kathy\Application Data\Mozilla\Firefox\Profiles\hng3qhcl.default\extensions
[2011/05/22 18:31:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) --
[2011/06/03 18:48:55 | 000,000,000 | ---D | M] (XULRunner) -- C:\DOCUMENTS AND SETTINGS\KATHY\LOCAL SETTINGS\APPLICATION DATA\{AB196CF2-BF33-4E98-AD19-67A3CD5A4AA0}
[2009/05/08 20:35:36 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/04/14 11:26:02 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2010/01/01 03:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/06/03 20:53:22 | 000,000,000 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O2 - BHO: (no name) - {18D69F3C-27AA-2D5C-8E38-58C02C5385E8} - File not found
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (BndShell3 BHO Class) - {875A1348-7674-42aa-ADAC-B4F36A004A2D} - File not found
O2 - BHO: (no name) - {BBB05D9E-0297-404D-A6BF-D8F2876B84A6} - Reg Error: Value error. File not found
O2 - BHO: (no name) - {EAF1AF45-6130-4CC5-8051-6A58BB253F93} - File not found
O4 - HKLM..\Run: [F9FBFAF6FBFCFCF] File not found
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKCU..\Run: [] File not found
O4 - HKCU..\Run: [Apntuzze] File not found
O4 - HKCU..\Run: [Asue] C:\WINDOWS\Τаsks\regedit.exe ()
O4 - HKCU..\Run: [Bwctcex] File not found
O4 - HKCU..\Run: [Cheq] File not found
O4 - HKCU..\Run: [Csxavqi] File not found
O4 - HKCU..\Run: [Czssnsq] C:\WINDOWS\system32\аѕsembly\іexplore.exe ()
O4 - HKCU..\Run: [Damyknqj] File not found
O4 - HKCU..\Run: [Dide] File not found
O4 - HKCU..\Run: [Dnwgbsmq] File not found
O4 - HKCU..\Run: [Efoh] File not found
O4 - HKCU..\Run: [Egfha] File not found
O4 - HKCU..\Run: [Fkvo] File not found
O4 - HKCU..\Run: [Glevip] C:\WINDOWS\wroetmol.dll ()
O4 - HKCU..\Run: [Hcuabct] File not found
O4 - HKCU..\Run: [Hgxzps] File not found
O4 - HKCU..\Run: [Hubfsuh] File not found
O4 - HKCU..\Run: [Hzs] File not found
O4 - HKCU..\Run: [Idt] File not found
O4 - HKCU..\Run: [Iytmywy] File not found
O4 - HKCU..\Run: [Jhs] File not found
O4 - HKCU..\Run: [Jksmmmk] File not found
O4 - HKCU..\Run: [Jtyzvdd] File not found
O4 - HKCU..\Run: [Kdtkwriw] File not found
O4 - HKCU..\Run: [Ktkufd] File not found
O4 - HKCU..\Run: [Kvhiq] File not found
O4 - HKCU..\Run: [Lwwdespp] File not found
O4 - HKCU..\Run: [Nalk] File not found
O4 - HKCU..\Run: [Nhkmmt] File not found
O4 - HKCU..\Run: [Nht] File not found
O4 - HKCU..\Run: [Ntgsjcj] File not found
O4 - HKCU..\Run: [Odtw] C:\Program Files\Common Files\ѕystem32\scanregw.exe ()
O4 - HKCU..\Run: [oroi] File not found
O4 - HKCU..\Run: [Pvkikko] File not found
O4 - HKCU..\Run: [QdrModule10] File not found
O4 - HKCU..\Run: [QdrPack11] File not found
O4 - HKCU..\Run: [Qmrccvw] File not found
O4 - HKCU..\Run: [Qptlgcdl] File not found
O4 - HKCU..\Run: [Qqqqf] File not found
O4 - HKCU..\Run: [Sfqywb] File not found
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [Torqsabx] File not found
O4 - HKCU..\Run: [Ukfhmk] File not found
O4 - HKCU..\Run: [Umafi] File not found
O4 - HKCU..\Run: [Wjil] File not found
O4 - HKCU..\Run: [Wlw] File not found
O4 - HKCU..\Run: [Wuwn] File not found
O4 - HKCU..\Run: [xInsIDE] File not found
O4 - HKCU..\Run: [Ykocki] File not found
O4 - HKCU..\Run: [Yngyje] File not found
O4 - HKCU..\Run: [Yshmjo] File not found
O4 - HKCU..\Run: [Zmpod] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {3334504D-9980-0010-8000-00AA00389B71} http://download.micr...C4D/mp43dmo.CAB (Reg Error: Key error.)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.micr...922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {50BD5CDA-4BA8-4048-8FAA-763F222E41D8} ms-its:mhtml:file://c:\\nores.mht!http://adxrnet.net/c...::/xpreload.ocx (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\vnd.ms.radio {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\WINDOWS\system32\msdxm.ocx ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\fccabba: DllName - fccabba.dll - File not found
O24 - Desktop WallPaper: C:\Documents and Settings\kathy\Local Settings\Application Data\Microsoft\Wallpaper2.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\kathy\Local Settings\Application Data\Microsoft\Wallpaper2.bmp
O28 - HKLM ShellExecuteHooks: {BBB05D9E-0297-404D-A6BF-D8F2876B84A6} - Reg Error: Value error. File not found
O30 - LSA: Authentication Packages - (C:\WINDOWS\System32\pmkhh.dll) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/12/28 11:50:47 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/04 17:53:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kathy\Desktop\backups
[2011/06/04 12:38:26 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\kathy\IETldCache
[2011/06/04 12:01:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2011/06/04 11:59:45 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2011/06/04 11:59:45 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2011/06/04 11:59:43 | 001,985,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2011/06/04 11:59:38 | 011,076,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2011/06/04 11:59:38 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2011/06/04 11:58:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2011/06/04 11:55:31 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2011/06/04 11:55:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US
[2011/06/04 11:54:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MpEngineStore
[2011/06/03 21:37:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot_bak
[2011/06/03 20:47:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kathy\Desktop\SmitfraudFix
[2011/06/03 20:44:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\KB905474
[2011/06/03 20:44:03 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/06/03 20:43:50 | 000,000,000 | ---D | C] -- C:\e366ee99452b59ded35c06bd
[2011/06/03 20:43:27 | 000,000,000 | ---D | C] -- C:\996e4d00c27fa4c99c8a
[2011/06/03 20:43:15 | 000,000,000 | ---D | C] -- C:\ff4c7b36ff72458a78cb5f056b126059
[2011/06/03 20:39:47 | 000,000,000 | ---D | C] -- C:\9d58ec02821eb6fecc8321d7c035
[2011/06/03 20:37:12 | 000,000,000 | ---D | C] -- C:\183a80f4440e33293f
[2011/06/03 20:32:51 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 6.0
[2011/06/03 20:17:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2011/06/03 20:13:34 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2011/06/03 19:32:39 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msyuv.dll
[2011/06/03 19:30:32 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsbyuv.dll
[2011/06/03 19:30:30 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iyuv_32.dll
[2011/06/03 19:25:59 | 000,272,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthport.sys
[2011/06/03 19:23:49 | 000,457,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2011/06/03 19:18:05 | 002,143,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2011/06/03 19:17:57 | 002,186,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2011/06/03 19:17:47 | 002,021,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2011/06/03 19:17:39 | 002,063,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlpa.exe
[2011/06/03 18:55:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2011/06/03 18:52:42 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winzm.ime
[2011/06/03 18:52:41 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winsp.ime
[2011/06/03 18:52:40 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winpy.ime
[2011/06/03 18:52:39 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winime.ime
[2011/06/03 18:52:38 | 000,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winar30.ime
[2011/06/03 18:52:38 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wingb.ime
[2011/06/03 18:52:36 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.sys
[2011/06/03 18:52:35 | 000,041,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.dll
[2011/06/03 18:52:33 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wamreg51.dll
[2011/06/03 18:52:32 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wamps51.dll
[2011/06/03 18:52:31 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wam51.dll
[2011/06/03 18:52:29 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3svapi.dll
[2011/06/03 18:52:28 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3ext.dll
[2011/06/03 18:52:28 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3ctrs51.dll
[2011/06/03 18:52:27 | 000,048,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w32.dll
[2011/06/03 18:52:26 | 000,086,073 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\voicesub.dll
[2011/06/03 18:52:26 | 000,026,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spupdsvc.exe
[2011/06/03 18:52:26 | 000,016,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2011/06/03 18:52:25 | 000,426,041 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\voicepad.dll
[2011/06/03 18:52:25 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$
[2011/06/03 18:52:19 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uniime.dll
[2011/06/03 18:52:18 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\unicdime.ime
[2011/06/03 18:52:17 | 000,103,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uihelper.dll
[2011/06/03 18:52:16 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsprof.exe
[2011/06/03 18:52:13 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tools.dll
[2011/06/03 18:52:12 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tmigrate.dll
[2011/06/03 18:52:11 | 000,455,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintsetp.exe
[2011/06/03 18:52:11 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlphr.exe
[2011/06/03 18:52:10 | 000,571,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlgnt.ime
[2011/06/03 18:52:09 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\thawbrkr.dll
[2011/06/03 18:52:08 | 000,019,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdspx.sys
[2011/06/03 18:52:07 | 000,021,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdipx.sys
[2011/06/03 18:52:07 | 000,013,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdasync.sys
[2011/06/03 18:52:03 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\svcext51.dll
[2011/06/03 18:52:01 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\status.dll
[2011/06/03 18:52:00 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sspifilt.dll
[2011/06/03 18:51:58 | 000,101,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srusbusd.dll
[2011/06/03 18:51:54 | 000,143,422 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\softkey.dll
[2011/06/03 18:51:52 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmptrap.exe
[2011/06/03 18:51:52 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_snprfdll.dll
[2011/06/03 18:51:51 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpthrd.dll
[2011/06/03 18:51:51 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpstup.dll
[2011/06/03 18:51:50 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpmib.dll
[2011/06/03 18:51:48 | 000,259,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpcl.dll
[2011/06/03 18:51:46 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_smtpctrs.dll
[2011/06/03 18:51:45 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smimsgif.dll
[2011/06/03 18:51:45 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsy.dll
[2011/06/03 18:51:44 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsm.dll
[2011/06/03 18:51:43 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smb6w.dll
[2011/06/03 18:51:42 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm9aw.dll
[2011/06/03 18:51:42 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sma3w.dll
[2011/06/03 18:51:42 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm93w.dll
[2011/06/03 18:51:41 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm92w.dll
[2011/06/03 18:51:41 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm90w.dll
[2011/06/03 18:51:40 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8cw.dll
[2011/06/03 18:51:40 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8dw.dll
[2011/06/03 18:51:40 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8aw.dll
[2011/06/03 18:51:39 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm87w.dll
[2011/06/03 18:51:39 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm89w.dll
[2011/06/03 18:51:38 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm81w.dll
[2011/06/03 18:51:38 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm59w.dll
[2011/06/03 18:51:37 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\simptcp.dll
[2011/06/03 18:51:30 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_seos.dll
[2011/06/03 18:51:28 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_scripto.dll
[2011/06/03 18:51:26 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2011/06/03 18:51:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kathy\Application Data\Awol
[2011/06/03 18:51:25 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2011/06/03 18:51:25 | 000,026,624 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw330ext.dll
[2011/06/03 18:51:24 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rw001ext.dll
[2011/06/03 18:51:22 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcref.dll
[2011/06/03 18:51:21 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\romanime.ime
[2011/06/03 18:51:19 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_regtrace.exe
[2011/06/03 18:51:18 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\register.exe
[2011/06/03 18:51:15 | 000,020,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ramdisk.sys
[2011/06/03 18:51:14 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quick.ime
[2011/06/03 18:51:14 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quser.exe
[2011/06/03 18:51:13 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\query.exe
[2011/06/03 18:51:11 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pwsdata.dll
[2011/06/03 18:51:07 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxviceo.dll
[2011/06/03 18:51:07 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxmcro.dll
[2011/06/03 18:51:07 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxgl.dll
[2011/06/03 18:51:06 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmigrate.dll
[2011/06/03 18:51:05 | 000,070,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlphr.exe
[2011/06/03 18:51:04 | 000,482,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlgnt.ime
[2011/06/03 18:51:03 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlcsd.dll
[2011/06/03 18:51:02 | 000,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\phon.ime
[2011/06/03 18:51:01 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\permchk.dll
[2011/06/03 18:50:59 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pagecnt.dll
[2011/06/03 18:50:59 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs804.dll
[2011/06/03 18:50:58 | 000,036,927 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs411.dll
[2011/06/03 18:50:58 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs412.dll
[2011/06/03 18:50:57 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs404.dll
[2011/06/03 18:50:51 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_ntfsdrv.dll
[2011/06/03 18:50:50 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nsepm.dll
[2011/06/03 18:50:47 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nextlink.dll
[2011/06/03 18:50:42 | 000,229,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\multibox.dll
[2011/06/03 18:50:30 | 001,875,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msir3jp.lex
[2011/06/03 18:50:29 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msir3jp.dll
[2011/06/03 18:50:11 | 000,092,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.sys
[2011/06/03 18:50:11 | 000,092,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.dll
[2011/06/03 18:50:10 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\metada51.dll
[2011/06/03 18:50:10 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mdsync.dll
[2011/06/03 18:50:07 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_mailmsg.dll
[2011/06/03 18:50:06 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lprmon.dll
[2011/06/03 18:50:05 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lpdsvc.dll
[2011/06/03 18:50:05 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lonsint.dll
[2011/06/03 18:50:04 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\logscrpt.dll
[2011/06/03 18:50:03 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lmmib2.dll
[2011/06/03 18:49:57 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\korwbrkr.dll
[2011/06/03 18:49:55 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdvntc.dll
[2011/06/03 18:49:55 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdusa.dll
[2011/06/03 18:49:54 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth3.dll
[2011/06/03 18:49:54 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdurdu.dll
[2011/06/03 18:49:53 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth2.dll
[2011/06/03 18:49:53 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth1.dll
[2011/06/03 18:49:53 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth0.dll
[2011/06/03 18:49:52 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsyr2.dll
[2011/06/03 18:49:52 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsyr1.dll
[2011/06/03 18:49:51 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnecnt.dll
[2011/06/03 18:49:50 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnecat.dll
[2011/06/03 18:49:50 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnec95.dll
[2011/06/03 18:49:49 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlk41a.dll
[2011/06/03 18:49:49 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlk41j.dll
[2011/06/03 18:49:48 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinpun.dll
[2011/06/03 18:49:48 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdintel.dll
[2011/06/03 18:49:48 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdintam.dll
[2011/06/03 18:49:47 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinmar.dll
[2011/06/03 18:49:47 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinkan.dll
[2011/06/03 18:49:47 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinhin.dll
[2011/06/03 18:49:46 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinguj.dll
[2011/06/03 18:49:46 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdindev.dll
[2011/06/03 18:49:45 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdibm02.dll
[2011/06/03 18:49:45 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdheb.dll
[2011/06/03 18:49:44 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdfa.dll
[2011/06/03 18:49:44 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdgeo.dll
[2011/06/03 18:49:43 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbddiv2.dll
[2011/06/03 18:49:43 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbddiv1.dll
[2011/06/03 18:49:42 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdax2.dll
[2011/06/03 18:49:42 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdarmw.dll
[2011/06/03 18:49:41 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda3.dll
[2011/06/03 18:49:41 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda2.dll
[2011/06/03 18:49:41 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdarme.dll
[2011/06/03 18:49:40 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd106n.dll
[2011/06/03 18:49:40 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda1.dll
[2011/06/03 18:49:39 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jupiw.dll
[2011/06/03 18:49:39 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101a.dll
[2011/06/03 18:49:39 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101.dll
[2011/06/03 18:49:38 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iwrps.dll
[2011/06/03 18:49:37 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iscomlog.dll
[2011/06/03 18:49:36 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isapips.dll
[2011/06/03 18:49:35 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iprip.dll
[2011/06/03 18:49:33 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\infoctrs.dll
[2011/06/03 18:49:32 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetin51.exe
[2011/06/03 18:49:30 | 000,315,452 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imskf.dll
[2011/06/03 18:49:29 | 000,471,102 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imskdic.dll
[2011/06/03 18:49:28 | 000,102,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imlang.dll
[2011/06/03 18:49:28 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imkrinst.exe
[2011/06/03 18:49:27 | 000,274,489 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjputyc.dll
[2011/06/03 18:49:27 | 000,262,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjputy.exe
[2011/06/03 18:49:26 | 000,233,527 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjprw.exe
[2011/06/03 18:49:26 | 000,045,109 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpuex.exe
[2011/06/03 18:49:25 | 000,208,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpmig.exe
[2011/06/03 18:49:24 | 000,155,705 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdsvr.exe
[2011/06/03 18:49:23 | 000,307,257 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdct.exe
[2011/06/03 18:49:23 | 000,081,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdct.dll
[2011/06/03 18:49:22 | 000,716,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpcus.dll
[2011/06/03 18:49:22 | 000,057,398 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdadm.exe
[2011/06/03 18:49:20 | 000,368,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpcic.dll
[2011/06/03 18:49:19 | 000,811,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjp81k.dll
[2011/06/03 18:49:19 | 000,340,023 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjp81.ime
[2011/06/03 18:49:18 | 000,311,359 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imepadsv.exe
[2011/06/03 18:49:18 | 000,102,463 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imepadsm.dll
[2011/06/03 18:49:17 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrmbx.dll
[2011/06/03 18:49:17 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrmig.exe
[2011/06/03 18:49:16 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrcic.dll
[2011/06/03 18:49:16 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekr61.ime
[2011/06/03 18:49:14 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iissync.exe
[2011/06/03 18:49:13 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisfecnv.dll
[2011/06/03 18:49:12 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iische51.dll
[2011/06/03 18:49:12 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iiscrmap.dll
[2011/06/03 18:49:11 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisadmin.dll
[2011/06/03 18:48:56 | 010,129,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxkor.dll
[2011/06/03 18:48:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kathy\Local Settings\Application Data\{AB196CF2-BF33-4E98-AD19-67A3CD5A4AA0}
[2011/06/03 18:48:28 | 010,096,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxcht.dll
[2011/06/03 18:48:27 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\httpmb51.dll
[2011/06/03 18:48:24 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hostmib.dll
[2011/06/03 18:48:22 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hanjadic.dll
[2011/06/03 18:48:20 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\gzip.dll
[2011/06/03 18:48:17 | 000,400,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsxp32.dll
[2011/06/03 18:48:17 | 000,192,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxswzrd.dll
[2011/06/03 18:48:16 | 000,397,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxstiff.dll
[2011/06/03 18:48:16 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxst30.dll
[2011/06/03 18:48:16 | 000,154,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsui.dll
[2011/06/03 18:48:15 | 000,562,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsst.dll
[2011/06/03 18:48:15 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxssvc.exe
[2011/06/03 18:48:14 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsroute.dll
[2011/06/03 18:48:14 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxssend.exe
[2011/06/03 18:48:14 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsres.dll
[2011/06/03 18:48:13 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsmon.dll
[2011/06/03 18:48:13 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsperf.dll
[2011/06/03 18:48:12 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsevent.dll
[2011/06/03 18:48:12 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsdrv.dll
[2011/06/03 18:48:12 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsext32.dll
[2011/06/03 18:48:11 | 000,285,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscomex.dll
[2011/06/03 18:48:11 | 000,229,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscover.exe
[2011/06/03 18:48:10 | 000,143,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsclnt.exe
[2011/06/03 18:48:10 | 000,132,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsclntr.dll
[2011/06/03 18:48:10 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscom.dll
[2011/06/03 18:48:09 | 000,452,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsapi.dll
[2011/06/03 18:48:09 | 000,111,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscfgwz.dll
[2011/06/03 18:48:08 | 000,125,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpsv251.dll
[2011/06/03 18:48:08 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpmib.dll
[2011/06/03 18:48:07 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpctrs2.dll
[2011/06/03 18:48:07 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftlx041e.dll
[2011/06/03 18:48:05 | 000,020,541 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpadmdll.dll
[2011/06/03 18:48:04 | 000,024,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpadmcgi.exe
[2011/06/03 18:48:02 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\flattemp.exe
[2011/06/03 18:48:01 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_fcachdll.dll
[2011/06/03 18:48:00 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\f3ahvoas.dll
[2011/06/03 18:47:58 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\evntwin.exe
[2011/06/03 18:47:58 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\evntcmd.exe
[2011/06/03 18:47:57 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\evntagnt.dll
[2011/06/03 18:47:57 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\et4000.sys
[2011/06/03 18:47:56 | 000,057,856 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esuimgd.dll
[2011/06/03 18:47:56 | 000,045,056 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esunid.dll
[2011/06/03 18:47:55 | 000,031,744 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esucmd.dll
[2011/06/03 18:47:43 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dayi.ime
[2011/06/03 18:47:42 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\davcdata.exe
[2011/06/03 18:47:39 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cprofile.exe
[2011/06/03 18:47:38 | 000,057,399 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cplexe.exe
[2011/06/03 18:47:37 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\counters.dll
[2011/06/03 18:47:36 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\convlog.exe
[2011/06/03 18:47:36 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\controt.dll
[2011/06/03 18:47:33 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\compfilt.dll
[2011/06/03 18:47:30 | 000,480,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintsetp.exe
[2011/06/03 18:47:29 | 000,198,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintime.dll
[2011/06/03 18:47:29 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintlgnt.ime
[2011/06/03 18:47:27 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtmbx.dll
[2011/06/03 18:47:27 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtskdic.dll
[2011/06/03 18:47:26 | 000,838,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtbrkr.dll
[2011/06/03 18:47:23 | 001,677,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chsbrkr.dll
[2011/06/03 18:47:21 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgport.exe
[2011/06/03 18:47:21 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgusr.exe
[2011/06/03 18:47:21 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chglogon.exe
[2011/06/03 18:47:20 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chajei.ime
[2011/06/03 18:47:20 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\change.exe
[2011/06/03 18:47:15 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2011/06/03 18:47:15 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_iscii.dll
[2011/06/03 18:47:14 | 000,218,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_g18030.dll
[2011/06/03 18:47:14 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_is2022.dll
[2011/06/03 18:46:46 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\browscap.dll
[2011/06/03 18:46:42 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\authfilt.dll
[2011/06/03 18:46:40 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\asptxn.dll
[2011/06/03 18:46:40 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aspperf.dll
[2011/06/03 18:46:38 | 000,331,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aqueue.dll
[2011/06/03 18:46:36 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_aqadmin.dll
[2011/06/03 18:46:35 | 000,108,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\appconf.dll
[2011/06/03 18:46:34 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0804.dll
[2011/06/03 18:46:34 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0412.dll
[2011/06/03 18:46:33 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0411.dll
[2011/06/03 18:46:33 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt040d.dll
[2011/06/03 18:46:32 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0404.dll
[2011/06/03 18:46:32 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0401.dll
[2011/06/03 18:46:30 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_adsiisex.dll
[2011/06/03 18:46:29 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adrot.dll
[2011/06/03 18:46:28 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admexs.dll
[2011/06/03 18:46:28 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admxprox.dll
[2011/06/03 18:46:17 | 000,032,827 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tcptest.exe
[2011/06/03 18:46:17 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tcptsat.dll
[2011/06/03 18:46:15 | 002,134,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smtpsnap.dll
[2011/06/03 18:46:13 | 000,020,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shtml.dll
[2011/06/03 18:46:13 | 000,016,437 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shtml.exe
[2011/06/03 18:46:02 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetmgr.exe
[2011/06/03 18:46:01 | 000,829,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetmgr.dll
[2011/06/03 18:46:00 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisrstas.exe
[2011/06/03 18:45:59 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisreset.exe
[2011/06/03 18:45:59 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisrstap.dll
[2011/06/03 18:45:58 | 000,020,538 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpremadm.exe
[2011/06/03 18:45:58 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpsapi2.dll
[2011/06/03 18:45:56 | 000,598,071 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpmmc.dll
[2011/06/03 18:45:56 | 000,208,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpmmcsat.dll
[2011/06/03 18:45:55 | 000,188,494 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpcount.exe
[2011/06/03 18:45:55 | 000,020,541 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpexedll.dll
[2011/06/03 18:45:54 | 000,109,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp98swin.exe
[2011/06/03 18:45:53 | 000,876,653 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4awel.dll
[2011/06/03 18:45:53 | 000,014,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp98sadm.exe
[2011/06/03 18:45:52 | 000,049,212 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4awebs.dll
[2011/06/03 18:45:52 | 000,032,826 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4avss.dll
[2011/06/03 18:45:51 | 000,102,509 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4atxt.dll
[2011/06/03 18:45:51 | 000,041,020 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4avnb.dll
[2011/06/03 18:45:50 | 000,147,513 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4apws.dll
[2011/06/03 18:45:50 | 000,049,210 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4areg.dll
[2011/06/03 18:45:49 | 000,184,435 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4amsft.dll
[2011/06/03 18:45:49 | 000,082,035 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4anscp.dll
[2011/06/03 18:45:47 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cnfgprts.ocx
[2011/06/03 18:45:46 | 000,275,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\certwiz.ocx
[2011/06/03 18:45:46 | 000,188,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cfgwiz.exe
[2011/06/03 18:45:45 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\certmap.ocx
[2011/06/03 18:45:44 | 000,020,540 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\author.dll
[2011/06/03 18:45:44 | 000,016,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\author.exe
[2011/06/03 18:45:42 | 000,016,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admin.exe
[2011/06/03 18:45:39 | 000,020,540 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admin.dll
[2011/06/03 18:39:54 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isignup.exe
[2011/06/03 18:39:40 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmpns.dll
[2011/06/03 18:39:36 | 000,327,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wucltui.dll
[2011/06/03 18:39:36 | 000,173,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuweb.dll
[2011/06/03 18:39:36 | 000,127,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wucltui.dll
[2011/06/03 18:39:35 | 000,194,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuaueng1.dll
[2011/06/03 18:39:35 | 000,194,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuaueng1.dll
[2011/06/03 18:39:34 | 000,174,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuaucpl.cpl
[2011/06/03 18:39:34 | 000,172,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuauclt1.exe
[2011/06/03 18:39:34 | 000,172,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuauclt1.exe
[2011/06/03 18:39:34 | 000,035,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wups.dll
[2011/06/03 18:39:34 | 000,035,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wups.dll
[2011/06/03 18:39:33 | 000,575,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll
[2011/06/03 18:39:33 | 000,465,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuapi.dll
[2011/06/03 18:39:33 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bitsprx2.dll
[2011/06/03 18:39:33 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx2.dll
[2011/06/03 18:39:33 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bitsprx3.dll
[2011/06/03 18:39:33 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx3.dll
[2011/06/03 18:39:29 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmm2res2.dll
[2011/06/03 18:39:29 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmm2eres.dll
[2011/06/03 18:39:28 | 004,256,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmm2res.dll
[2011/06/03 18:39:28 | 000,502,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmm2fxa.dll
[2011/06/03 18:39:28 | 000,325,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmm2fxb.dll
[2011/06/03 18:39:27 | 000,402,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmm2filt.dll
[2011/06/03 18:39:27 | 000,167,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmm2ae.dll
[2011/06/03 18:39:27 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmm2ext.dll
[2011/06/03 18:39:08 | 000,124,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fltmgr.sys
[2011/06/03 18:39:08 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fltMc.exe
[2011/06/03 18:39:08 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fltmc.exe
[2011/06/03 18:39:08 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fltlib.dll
[2011/06/03 18:38:43 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msado27.tlb
[2011/06/03 18:38:37 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedw.exe
[2011/06/03 18:35:58 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisui.dll
[2011/06/03 18:35:58 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisclex4.dll
[2011/06/03 18:35:58 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wamregps.dll
[2011/06/03 18:35:58 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wamregps.dll
[2011/06/03 18:35:57 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\inetsloc.dll
[2011/06/03 18:35:57 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetsloc.dll
[2011/06/03 18:35:57 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\iismui.dll
[2011/06/03 18:35:57 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iismui.dll
[2011/06/03 18:35:34 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\migregdb.exe
[2011/06/03 18:35:32 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\staxmem.dll
[2011/06/03 18:35:32 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\staxmem.dll
[2011/06/03 18:35:31 | 000,221,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\seo.dll
[2011/06/03 18:35:31 | 000,189,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smtpadm.dll
[2011/06/03 18:35:31 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\smtpapi.dll
[2011/06/03 18:35:31 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smtpapi.dll
[2011/06/03 18:35:31 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rwnh.dll
[2011/06/03 18:35:31 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rwnh.dll
[2011/06/03 18:35:30 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\logui.ocx
[2011/06/03 18:35:30 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isatq.dll
[2011/06/03 18:35:30 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisext51.dll
[2011/06/03 18:35:30 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\iisext.dll
[2011/06/03 18:35:29 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\iismap.dll
[2011/06/03 18:35:29 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iismap.dll
[2011/06/03 18:35:29 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admwprox.dll
[2011/06/03 18:35:29 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\admwprox.dll
[2011/06/03 18:35:29 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\exstrace.dll
[2011/06/03 18:35:29 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\exstrace.dll
[2011/06/03 18:35:29 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\infoadmn.dll
[2011/06/03 18:35:29 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\infoadmn.dll
[2011/06/03 18:35:28 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\iisRtl.dll
[2011/06/03 18:35:28 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisrtl.dll
[2011/06/03 18:31:57 | 000,070,730 | ---- | C] (Linksys Group, Inc.) -- C:\WINDOWS\System32\drivers\lne100tx.sys
[2011/06/03 18:26:04 | 000,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\spxcoins.dll
[2011/06/03 18:26:04 | 000,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\dllcache\spxcoins.dll
[2011/06/03 18:26:04 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\irclass.dll
[2011/06/03 18:26:04 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irclass.dll
[2011/06/03 18:24:51 | 000,021,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\PANSON24.DRV
[2011/06/03 18:00:21 | 000,577,536 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxres.dll
[2011/06/03 17:58:08 | 000,274,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll
[2011/06/03 17:58:08 | 000,016,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll.mui
[2011/06/03 17:58:01 | 000,021,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wucltui.dll.mui
[2011/06/03 17:58:01 | 000,015,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll.mui
[2011/06/03 17:58:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2011/06/03 14:23:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\setup.pss
[2011/06/03 09:27:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution
[2011/06/03 09:27:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\Provisioning
[2011/06/03 09:27:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
[2011/06/03 09:27:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\PeerNet
[2011/06/03 09:27:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\Network Diagnostic
[2011/06/03 09:27:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2011/06/03 09:27:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\ehome
[2011/06/03 02:43:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\msmq
[2011/06/03 02:43:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Logfiles
[2011/06/03 02:05:30 | 000,363,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3svc.dll
[2011/06/03 02:04:38 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ssinc51.dll
[2011/06/03 02:04:25 | 000,358,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpincl.dll
[2011/06/03 02:04:25 | 000,188,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpsmir.dll
[2011/06/03 02:04:24 | 000,456,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smtpsvc.dll
[2011/06/03 02:04:21 | 000,236,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smi2smir.exe
[2011/06/03 02:01:53 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\md5filt.dll
[2011/06/03 02:01:03 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\infocomm.dll
[2011/06/03 02:00:53 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iislog51.dll
[2011/06/03 02:00:24 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\httpod51.dll
[2011/06/03 02:00:23 | 000,268,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\httpext.dll
[2011/06/03 01:57:24 | 000,369,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\asp51.dll
[2011/06/03 01:56:16 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\coadmin.dll
[2011/06/03 01:56:13 | 000,290,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adsiis51.dll
[2011/06/03 01:56:13 | 000,290,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\adsiis.dll
[2011/06/02 20:39:14 | 000,000,000 | ---D | C] -- C:\New Folder
[2011/05/28 01:03:47 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/05/28 01:01:11 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/05/28 01:01:11 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/05/28 01:01:11 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/05/28 01:01:11 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/05/28 01:01:03 | 000,000,000 | --SD | C] -- C:\ComboFix
[2011/05/28 00:59:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/05/28 00:59:02 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/05/27 21:24:48 | 000,021,024 | ---- | C] (Microsoft Corporation) -- C:\PANSON24.DRV
[2011/05/27 21:23:02 | 000,021,024 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\kathy\Desktop\PANSON24.DRV
[2011/05/27 20:50:06 | 000,218,112 | ---- | C] (Soeperman Enterprises Ltd.) -- C:\Documents and Settings\kathy\Desktop\HijackThis.exe
[2011/05/25 13:29:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kathy\Application Data\ImgBurn
[2011/05/25 06:50:13 | 000,000,000 | ---D | C] -- C:\Program Files\ImgBurn
[2011/05/25 06:50:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ImgBurn
[2011/05/25 00:00:12 | 000,000,000 | ---D | C] -- C:\NEW PANA
[2011/05/24 23:59:33 | 000,000,000 | ---D | C] -- C:\new panasonic drivers
[2011/05/24 20:09:47 | 000,881,664 | ---- | C] (BitDefender) -- C:\Documents and Settings\All Users\Application Data\defender.e
[2011/05/24 19:31:24 | 000,880,640 | ---- | C] (BitDefender) -- C:\Documents and Settings\All Users\Application Data\defender.ex
[2011/05/11 01:22:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kathy\Desktop\New Folder
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2045/02/03 01:00:00 | 000,188,960 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\WINGDE.DLL
[2045/02/03 01:00:00 | 000,092,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\WING.DLL
[2045/02/03 01:00:00 | 000,092,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System\WING.DLL
[2045/02/03 01:00:00 | 000,027,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\WAVMIX16.DLL
[2045/02/03 01:00:00 | 000,027,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System\WAVMIX16.DLL
[2045/02/03 01:00:00 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\WING32.DLL
[2045/02/03 01:00:00 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System\WING32.DLL
[2045/02/03 01:00:00 | 000,006,736 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\WINGDIB.DRV
[2045/02/03 01:00:00 | 000,005,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\WINGPAL.WND
[2045/02/03 01:00:00 | 000,002,554 | ---- | M] () -- C:\WINDOWS\WAVEMIX.INI
[2045/02/03 01:00:00 | 000,001,966 | ---- | M] () -- C:\WINDOWS\System32\DVA.386
[2011/06/04 12:59:35 | 000,000,214 | ---- | M] () -- C:\Documents and Settings\kathy\Desktop\Internet Security Suite.url
[2011/06/04 12:42:52 | 000,000,258 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2011/06/04 12:38:09 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/04 11:59:33 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/06/04 03:37:44 | 000,107,808 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/06/04 02:40:10 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Wgecewatebicogic.dat
[2011/06/04 02:40:10 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Yrapalanahif.bin
[2011/06/04 02:22:07 | 000,006,218 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2011/06/03 20:53:29 | 000,001,378 | ---- | M] () -- C:\WINDOWS\System32\tmp.reg
[2011/06/03 20:38:17 | 001,872,472 | ---- | M] () -- C:\Documents and Settings\kathy\Desktop\SmitfraudFix.exe
[2011/06/03 18:53:50 | 000,018,039 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2011/06/03 18:44:36 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2011/06/03 18:44:31 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2011/06/03 18:44:31 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2011/06/03 18:44:20 | 000,000,194 | -HS- | M] () -- C:\boot.ini
[2011/06/03 18:44:12 | 000,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2011/06/03 18:26:21 | 000,311,934 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/06/03 18:26:21 | 000,040,196 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/06/03 17:58:26 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/06/02 05:48:13 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malware Protection.lnk
[2011/05/27 23:48:02 | 000,000,020 | ---- | M] () -- C:\Documents and Settings\kathy\defogger_reenable
[2011/05/27 22:22:20 | 612,499,456 | ---- | M] () -- C:\WXPVOL_EN.ISO
[2011/05/25 06:50:13 | 000,001,582 | ---- | M] () -- C:\Documents and Settings\kathy\Application Data\Microsoft\Internet Explorer\Quick Launch\ImgBurn.lnk
[2011/05/25 06:50:13 | 000,001,564 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ImgBurn.lnk
[2011/05/24 21:27:11 | 000,013,312 | ---- | M] () -- C:\WINDOWS\System32\drivers\vdi3ndu1.sys
[2011/05/24 20:09:47 | 000,881,664 | ---- | M] (BitDefender) -- C:\Documents and Settings\All Users\Application Data\defender.e
[2011/05/24 19:59:06 | 000,000,240 | ---- | M] () -- C:\WINDOWS\tasks\Spybot - Search & Destroy - Scheduled Task.job
[2011/05/24 19:31:25 | 000,880,640 | ---- | M] (BitDefender) -- C:\Documents and Settings\All Users\Application Data\defender.ex
[2011/05/23 13:06:59 | 000,002,350 | ---- | M] () -- C:\Documents and Settings\kathy\My Documents\Fell On Black Days.rtf
[2011/05/22 18:31:04 | 000,000,778 | ---- | M] () -- C:\Documents and Settings\kathy\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/05/22 18:31:03 | 000,000,760 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/05/20 08:58:39 | 000,000,754 | ---- | M] () -- C:\WINDOWS\WORDPAD.INI
[2011/05/19 22:45:49 | 000,002,694 | ---- | M] () -- C:\Documents and Settings\kathy\My Documents\Don't Let It Bring You Down.rtf
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/04 12:59:35 | 000,000,214 | ---- | C] () -- C:\Documents and Settings\kathy\Desktop\Internet Security Suite.url
[2011/06/03 20:53:28 | 000,001,378 | ---- | C] () -- C:\WINDOWS\System32\tmp.reg
[2011/06/03 20:44:24 | 000,000,258 | ---- | C] () -- C:\WINDOWS\tasks\WGASetup.job
[2011/06/03 20:37:54 | 001,872,472 | ---- | C] () -- C:\Documents and Settings\kathy\Desktop\SmitfraudFix.exe
[2011/06/03 18:51:03 | 000,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll
[2011/06/03 18:49:57 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2011/06/03 18:49:29 | 000,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2011/06/03 18:49:24 | 000,196,665 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe
[2011/06/03 18:49:15 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2011/06/03 18:48:41 | 013,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
[2011/06/03 18:48:21 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2011/06/03 18:48:05 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\dllcache\fpencode.dll
[2011/06/03 18:47:28 | 000,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2011/06/03 18:41:52 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Movie Maker.lnk
[2011/06/03 18:24:10 | 000,141,702 | ---- | C] () -- C:\WINDOWS\System32\dllcache\netfx.cat
[2011/06/03 18:24:10 | 000,110,116 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tabletpc.cat
[2011/06/03 18:24:10 | 000,031,965 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mediactr.cat
[2011/06/03 18:24:10 | 000,024,209 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn7.cat
[2011/06/03 18:24:10 | 000,011,651 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn9.cat
[2011/06/03 18:24:10 | 000,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2011/06/03 18:24:10 | 000,007,382 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2011/06/03 18:24:10 | 000,007,245 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSTSWEB.CAT
[2011/06/03 18:24:09 | 000,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2011/06/03 18:24:09 | 000,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
[2011/06/03 18:24:09 | 000,031,281 | ---- | C] () -- C:\WINDOWS\System32\dllcache\FP4.CAT
[2011/06/03 18:24:09 | 000,013,753 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IMS.CAT
[2011/06/03 18:24:09 | 000,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT
[2011/06/03 18:24:09 | 000,009,581 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSMSGS.CAT
[2011/06/03 18:24:09 | 000,007,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmerrenu.cat
[2011/06/03 18:24:08 | 000,797,189 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2011/06/03 18:24:06 | 001,042,903 | ---- | C] () -- C:\WINDOWS\System32\dllcache\SP2.CAT
[2011/06/03 18:24:04 | 002,012,670 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5.CAT
[2011/06/03 18:24:04 | 000,502,724 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5INF.CAT
[2011/05/28 01:03:48 | 000,245,920 | RHS- | C] () -- C:\cmldr
[2011/05/28 01:01:11 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/05/28 01:01:11 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/05/28 01:01:11 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/05/28 01:01:11 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/05/28 01:01:11 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/05/27 23:47:53 | 000,000,020 | ---- | C] () -- C:\Documents and Settings\kathy\defogger_reenable
[2011/05/27 23:32:10 | 612,499,456 | ---- | C] () -- C:\WXPVOL_EN.ISO
[2011/05/25 06:50:13 | 000,001,582 | ---- | C] () -- C:\Documents and Settings\kathy\Application Data\Microsoft\Internet Explorer\Quick Launch\ImgBurn.lnk
[2011/05/25 06:50:13 | 000,001,564 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ImgBurn.lnk
[2011/05/24 21:27:11 | 000,013,312 | ---- | C] () -- C:\WINDOWS\System32\drivers\vdi3ndu1.sys
[2011/05/24 19:59:06 | 000,000,240 | ---- | C] () -- C:\WINDOWS\tasks\Spybot - Search & Destroy - Scheduled Task.job
[2011/05/24 19:31:26 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malware Protection.lnk
[2011/05/23 13:06:23 | 000,002,350 | ---- | C] () -- C:\Documents and Settings\kathy\My Documents\Fell On Black Days.rtf
[2011/05/22 18:31:03 | 000,000,766 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011/05/19 21:52:21 | 000,002,694 | ---- | C] () -- C:\Documents and Settings\kathy\My Documents\Don't Let It Bring You Down.rtf
[2011/03/25 04:26:02 | 000,024,623 | -HS- | C] () -- C:\WINDOWS\System32\hhkmp.ini2
[2011/03/25 03:04:34 | 000,016,094 | -HS- | C] () -- C:\Documents and Settings\kathy\Local Settings\Application Data\6o1fpxf5dlxq47de5jb1600yp8m4cy5xnp3yiv
[2011/03/25 03:04:34 | 000,016,094 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\6o1fpxf5dlxq47de5jb1600yp8m4cy5xnp3yi
[2011/03/14 12:27:13 | 000,024,623 | -HS- | C] () -- C:\WINDOWS\System32\hhkmp.ini
[2011/01/06 05:48:22 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Wgecewatebicogic.dat
[2011/01/06 05:48:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Yrapalanahif.bin
[2010/09/23 18:11:32 | 000,006,218 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/10/05 19:45:04 | 000,013,824 | ---- | C] () -- C:\Documents and Settings\kathy\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/06 04:34:51 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2009/03/27 21:47:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NSREX.INI
[2008/10/19 13:59:44 | 000,016,332 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2008/10/02 14:05:26 | 001,040,303 | -HS- | C] () -- C:\WINDOWS\System32\lsmmwxti.ini
[2008/09/23 19:16:05 | 000,898,638 | -HS- | C] () -- C:\WINDOWS\System32\krheffkn.ini
[2008/09/20 23:23:00 | 001,001,677 | -HS- | C] () -- C:\WINDOWS\System32\fsvyjvkl.ini
[2008/09/14 23:47:16 | 001,071,071 | -HS- | C] () -- C:\WINDOWS\System32\mkhmhyfu.ini
[2008/09/14 08:49:02 | 001,078,208 | -HS- | C] () -- C:\WINDOWS\System32\kaialjnj.ini
[2008/09/13 00:22:24 | 001,078,208 | -HS- | C] () -- C:\WINDOWS\System32\xvvroeie.ini
[2008/09/12 00:24:31 | 001,180,778 | -HS- | C] () -- C:\WINDOWS\System32\gpwktclo.ini
[2008/09/12 00:18:21 | 000,000,022 | ---- | C] () -- C:\WINDOWS\pskt.ini
[2008/09/11 23:14:53 | 000,001,536 | ---- | C] () -- C:\WINDOWS\System32\TrueSoft.dat
[2008/09/11 23:14:46 | 000,000,456 | ---- | C] () -- C:\WINDOWS\System32\pthsp.dat
[2008/02/07 19:57:32 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\kathy\Application Data\0047ab9674cb9a941c4a359502ec95b0ef22087b9f0ba1e2bc.dat
[2008/02/07 18:00:49 | 001,219,783 | -HS- | C] () -- C:\WINDOWS\System32\wkijcjlh.ini
[2008/01/21 09:25:38 | 001,086,203 | -HS- | C] () -- C:\WINDOWS\System32\mdqgphut.ini
[2008/01/20 07:02:02 | 000,000,953 | ---- | C] () -- C:\WINDOWS\cookies.ini
[2008/01/19 19:18:14 | 001,073,319 | -HS- | C] () -- C:\WINDOWS\System32\arslrudn.ini
[2008/01/19 15:34:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\netscape.INI
[2008/01/19 15:14:32 | 000,635,243 | ---- | C] () -- C:\WINDOWS\ld32408.exe
[2008/01/18 19:15:21 | 001,073,352 | -HS- | C] () -- C:\WINDOWS\System32\yuavlxbo.ini
[2008/01/17 18:34:23 | 000,001,158 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2008/01/17 18:32:41 | 000,030,998 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/01/17 17:20:42 | 001,075,882 | -HS- | C] () -- C:\WINDOWS\System32\todykilb.ini
[2008/01/15 09:53:30 | 001,075,822 | -HS- | C] () -- C:\WINDOWS\System32\fstjrjib.ini
[2008/01/15 09:51:24 | 001,056,916 | -HS- | C] () -- C:\WINDOWS\System32\iuggqneb.ini
[2008/01/04 23:23:01 | 001,018,922 | -HS- | C] () -- C:\WINDOWS\System32\eftifpvt.ini
[2007/12/25 19:39:00 | 001,044,100 | -HS- | C] () -- C:\WINDOWS\System32\svlgcbsq.ini
[2007/12/22 01:37:02 | 000,991,542 | -HS- | C] () -- C:\WINDOWS\System32\kshpldbf.ini
[2007/12/16 03:16:31 | 000,000,002 | ---- | C] () -- C:\WINDOWS\System32\wapiitr.exe
[2007/05/14 17:07:03 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2007/05/10 14:12:19 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2007/05/10 14:09:34 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2007/05/10 14:09:34 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2007/05/10 14:09:34 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2007/05/10 14:08:42 | 000,000,037 | ---- | C] () -- C:\WINDOWS\sierra.ini
[2007/04/22 19:15:29 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007/04/22 19:01:47 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2007/03/18 22:38:31 | 000,002,554 | ---- | C] () -- C:\WINDOWS\WAVEMIX.INI
[2007/03/18 22:38:30 | 000,000,169 | ---- | C] () -- C:\WINDOWS\SimTower.ini
[2007/03/16 01:50:31 | 000,000,444 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2007/01/03 16:16:16 | 000,258,048 | ---- | C] () -- C:\WINDOWS\System32\shpshftr.dll
[2007/01/03 16:16:03 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\igfxdgps.dll
[2007/01/03 16:16:02 | 000,012,351 | ---- | C] () -- C:\WINDOWS\System32\i81xcoin.dll
[2006/12/28 11:56:21 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006/12/28 11:45:02 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/12/28 06:23:48 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/12/28 06:21:50 | 000,107,808 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006/07/16 05:03:01 | 000,012,800 | ---- | C] () -- C:\WINDOWS\System32\WgaTray.exe
[2006/07/16 05:03:01 | 000,003,584 | ---- | C] () -- C:\WINDOWS\System32\WgaLogon.dll
[2005/03/25 18:42:50 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/08/03 18:07:22 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2004/08/02 07:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2002/08/28 22:41:18 | 000,090,112 | ---- | C] () -- C:\WINDOWS\wroetmol.dll
[2001/08/23 07:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/08/23 07:00:00 | 000,311,934 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/08/23 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/23 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/23 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/23 07:00:00 | 000,040,196 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/08/23 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/23 07:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/08/23 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== Files - Unicode (All) ==========
[2011/06/03 18:46:39 | 000,000,000 | ---D | M](C:\WINDOWS\??sks) -- C:\WINDOWS\Τаsks
[2010/10/22 08:10:38 | 000,000,000 | ---D | M](C:\WINDOWS\System32\??sembly) -- C:\WINDOWS\System32\аѕsembly
[2010/10/22 08:10:38 | 000,000,000 | ---D | M](C:\Program Files\??stem32) -- C:\Program Files\ѕуstem32
[2010/10/22 08:10:38 | 000,000,000 | ---D | M](C:\Program Files\??stem32) -- C:\Program Files\ѕуstem32
[2010/10/17 06:30:12 | 000,000,000 | ---D | M](C:\Program Files\Common Files\F?nts) -- C:\Program Files\Common Files\Fоnts
[2010/10/17 06:30:12 | 000,000,000 | ---D | M](C:\Program Files\Common Files\F?nts) -- C:\Program Files\Common Files\Fоnts
[2010/10/15 04:40:39 | 000,000,000 | ---D | M](C:\WINDOWS\System32\M?crosoft) -- C:\WINDOWS\System32\Mіcrosoft
[2010/10/15 04:40:39 | 000,000,000 | ---D | C](C:\WINDOWS\System32\M?crosoft) -- C:\WINDOWS\System32\Mіcrosoft
[2010/09/22 16:03:25 | 000,000,000 | ---D | M](C:\Documents and Settings\kathy\Application Data\??mbols) -- C:\Documents and Settings\kathy\Application Data\ѕуmbols
[2010/09/22 16:03:25 | 000,000,000 | ---D | M](C:\Documents and Settings\kathy\Application Data\??mbols) -- C:\Documents and Settings\kathy\Application Data\ѕуmbols
[2010/09/21 16:08:37 | 000,000,000 | ---D | M](C:\Documents and Settings\kathy\Application Data\??crosoft) -- C:\Documents and Settings\kathy\Application Data\Міcrosoft
[2010/09/21 16:08:37 | 000,000,000 | ---D | M](C:\Documents and Settings\kathy\Application Data\??crosoft) -- C:\Documents and Settings\kathy\Application Data\Міcrosoft
[2010/09/20 17:02:19 | 000,000,000 | ---D | M](C:\WINDOWS\?asks) -- C:\WINDOWS\Τasks
[2010/09/20 17:02:19 | 000,000,000 | ---D | C](C:\WINDOWS\?asks) -- C:\WINDOWS\Τasks
[2010/09/16 11:48:31 | 000,000,000 | ---D | M](C:\Documents and Settings\kathy\My Documents\?ecurity) -- C:\Documents and Settings\kathy\My Documents\ѕecurity
[2010/09/16 11:48:31 | 000,000,000 | ---D | C](C:\Documents and Settings\kathy\My Documents\?ecurity) -- C:\Documents and Settings\kathy\My Documents\ѕecurity
[2010/09/08 08:41:18 | 000,000,000 | ---D | M](C:\Program Files\Common Files\a?sembly) -- C:\Program Files\Common Files\aѕsembly
[2010/09/08 08:41:18 | 000,000,000 | ---D | M](C:\Program Files\Common Files\a?sembly) -- C:\Program Files\Common Files\aѕsembly
[2010/09/07 07:31:37 | 000,000,000 | ---D | M](C:\Program Files\Common Files\?ppPatch) -- C:\Program Files\Common Files\ΑppPatch
[2010/09/07 07:31:37 | 000,000,000 | ---D | M](C:\Program Files\Common Files\?ppPatch) -- C:\Program Files\Common Files\ΑppPatch
[2010/09/06 07:17:32 | 000,000,000 | ---D | M](C:\Documents and Settings\kathy\Application Data\??mantec) -- C:\Documents and Settings\kathy\Application Data\Ѕуmantec
[2010/09/06 07:17:32 | 000,000,000 | ---D | M](C:\Documents and Settings\kathy\Application Data\??mantec) -- C:\Documents and Settings\kathy\Application Data\Ѕуmantec
[2010/09/05 07:04:57 | 000,000,000 | ---D | M](C:\Program Files\Common Files\??pPatch) -- C:\Program Files\Common Files\ΑрpPatch
[2010/09/05 07:04:57 | 000,000,000 | ---D | M](C:\Program Files\Common Files\??pPatch) -- C:\Program Files\Common Files\ΑрpPatch
[2010/09/03 07:25:13 | 000,000,000 | ---D | M](C:\Program Files\?racle) -- C:\Program Files\Οracle
[2010/09/03 07:25:13 | 000,000,000 | ---D | M](C:\Program Files\?racle) -- C:\Program Files\Οracle
[2010/09/01 06:57:38 | 000,000,000 | ---D | M](C:\Documents and Settings\kathy\Application Data\?racle) -- C:\Documents and Settings\kathy\Application Data\Οracle
[2010/09/01 06:57:38 | 000,000,000 | ---D | M](C:\Documents and Settings\kathy\Application Data\?racle) -- C:\Documents and Settings\kathy\Application Data\Οracle
[2010/08/30 05:46:13 | 000,000,000 | ---D | M](C:\WINDOWS\System32\??pPatch) -- C:\WINDOWS\System32\АрpPatch
[2010/08/30 05:46:13 | 000,000,000 | ---D | C](C:\WINDOWS\System32\??pPatch) -- C:\WINDOWS\System32\АрpPatch
[2010/08/29 05:58:15 | 000,000,000 | ---D | M](C:\Documents and Settings\kathy\My Documents\?icrosoft) -- C:\Documents and Settings\kathy\My Documents\Μicrosoft
[2010/08/29 05:58:15 | 000,000,000 | ---D | C](C:\Documents and Settings\kathy\My Documents\?icrosoft) -- C:\Documents and Settings\kathy\My Documents\Μicrosoft
[2010/08/28 06:46:27 | 000,000,000 | ---D | M](C:\WINDOWS\System32\??crosoft.NET) -- C:\WINDOWS\System32\Μіcrosoft.NET
[2010/08/28 06:46:27 | 000,000,000 | ---D | C](C:\WINDOWS\System32\??crosoft.NET) -- C:\WINDOWS\System32\Μіcrosoft.NET
[2010/07/03 05:05:52 | 000,000,000 | ---D | M](C:\Documents and Settings\kathy\My Documents\?ymbols) -- C:\Documents and Settings\kathy\My Documents\ѕymbols
[2010/06/29 18:01:49 | 000,000,000 | ---D | M](C:\Program Files\M?crosoft.NET) -- C:\Program Files\Mіcrosoft.NET
[2010/06/29 18:01:49 | 000,000,000 | ---D | M](C:\Program Files\M?crosoft.NET) -- C:\Program Files\Mіcrosoft.NET
[2010/06/23 15:48:55 | 000,000,000 | ---D | M](C:\WINDOWS\System32\??sks) -- C:\WINDOWS\System32\Τаsks
[2010/06/23 15:48:55 | 000,000,000 | ---D | C](C:\WINDOWS\System32\??sks) -- C:\WINDOWS\System32\Τаsks
[2010/06/23 15:48:08 | 000,000,000 | ---D | M](C:\Documents and Settings\kathy\Application Data\?dobe) -- C:\Documents and Settings\kathy\Application Data\Αdobe
[2010/06/23 15:48:08 | 000,000,000 | ---D | M](C:\Documents and Settings\kathy\Application Data\?dobe) -- C:\Documents and Settings\kathy\Application Data\Αdobe
[2010/06/13 07:47:47 | 000,000,000 | ---D | M](C:\WINDOWS\??sembly) -- C:\WINDOWS\аѕsembly
[2010/06/13 07:47:47 | 000,000,000 | ---D | C](C:\WINDOWS\??sembly) -- C:\WINDOWS\аѕsembly
[2010/06/05 02:24:47 | 000,000,000 | ---D | M](C:\Documents and Settings\kathy\My Documents\??curity) -- C:\Documents and Settings\kathy\My Documents\ѕеcurity
[2010/06/05 02:24:47 | 000,000,000 | ---D | C](C:\Documents and Settings\kathy\My Documents\??curity) -- C:\Documents and Settings\kathy\My Documents\ѕеcurity
[2010/05/18 23:35:13 | 000,000,000 | ---D | M](C:\Documents and Settings\kathy\Application Data\?ecurity) -- C:\Documents and Settings\kathy\Application Data\ѕecurity
[2010/05/18 23:35:13 | 000,000,000 | ---D | M](C:\Documents and Settings\kathy\Application Data\?ecurity) -- C:\Documents and Settings\kathy\Application Data\ѕecurity
[2010/05/18 23:33:55 | 000,000,000 | ---D | M](C:\Documents and Settings\kathy\Application Data\?icrosoft.NET) -- C:\Documents and Settings\kathy\Application Data\Мicrosoft.NET
[2010/05/18 23:33:55 | 000,000,000 | ---D | M](C:\Documents and Settings\kathy\Application Data\?icrosoft.NET) -- C:\Documents and Settings\kathy\Application Data\Мicrosoft.NET
[2010/05/18 02:32:56 | 000,000,000 | ---D | M](C:\Documents and Settings\kathy\Application Data\M?crosoft) -- C:\Documents and Settings\kathy\Application Data\Mіcrosoft
[2010/05/18 02:32:56 | 000,000,000 | ---D | M](C:\Documents and Settings\kathy\Application Data\M?crosoft) -- C:\Documents and Settings\kathy\Application Data\Mіcrosoft
[2010/05/16 00:57:07 | 000,000,000 | ---D | M](C:\WINDOWS\?racle) -- C:\WINDOWS\Οracle
[2010/05/16 00:57:07 | 000,000,000 | ---D | C](C:\WINDOWS\?racle) -- C:\WINDOWS\Οracle
[2010/05/14 00:42:07 | 000,000,000 | ---D | M](C:\Program Files\Common Files\?ecurity) -- C:\Program Files\Common Files\ѕecurity
[2010/05/14 00:42:07 | 000,000,000 | ---D | M](C:\Program Files\Common Files\?ecurity) -- C:\Program Files\Common Files\ѕecurity
[2010/05/10 23:42:03 | 000,000,000 | ---D | M](C:\Program Files\Common Files\s?stem) -- C:\Program Files\Common Files\sуstem
[2010/05/10 23:42:03 | 000,000,000 | ---D | M](C:\Program Files\Common Files\s?stem) -- C:\Program Files\Common Files\sуstem
[2010/05/10 00:43:08 | 000,000,000 | ---D | M](C:\Program Files\??mbols) -- C:\Program Files\ѕуmbols
[2010/05/10 00:43:08 | 000,000,000 | ---D | M](C:\Program Files\??mbols) -- C:\Program Files\ѕуmbols
[2010/05/09 00:26:32 | 000,000,000 | ---D | M](C:\Documents and Settings\kathy\Application Data\?ystem) -- C:\Documents and Settings\kathy\Application Data\ѕystem
[2010/05/09 00:26:32 | 000,000,000 | ---D | M](C:\Documents and Settings\kathy\Application Data\?ystem) -- C:\Documents and Settings\kathy\Application Data\ѕystem
[2010/05/08 00:08:45 | 000,000,000 | ---D | M](C:\WINDOWS\?ystem) -- C:\WINDOWS\ѕystem
[2010/05/08 00:08:45 | 000,000,000 | ---D | C](C:\WINDOWS\?ystem) -- C:\WINDOWS\ѕystem
[2010/05/06 01:15:35 | 000,000,000 | ---D | M](C:\Program Files\Common Files\??sembly) -- C:\Program Files\Common Files\аѕsembly
[2010/05/06 01:15:35 | 000,000,000 | ---D | M](C:\Program Files\Common Files\??sembly) -- C:\Program Files\Common Files\аѕsembly
[2010/05/05 01:56:44 | 000,000,000 | ---D | M](C:\Documents and Settings\kathy\Application Data\F?nts) -- C:\Documents and Settings\kathy\Application Data\Fοnts
[2010/05/05 01:56:44 | 000,000,000 | ---D | M](C:\Documents and Settings\kathy\Application Data\F?nts) -- C:\Documents and Settings\kathy\Application Data\Fοnts
[2010/05/04 00:58:52 | 000,000,000 | ---D | M](C:\Program Files\?icrosoft.NET) -- C:\Program Files\Μicrosoft.NET
[2010/05/04 00:58:52 | 000,000,000 | ---D | M](C:\Program Files\?icrosoft.NET) -- C:\Program Files\Μicrosoft.NET
[2010/05/02 20:18:14 | 000,000,000 | ---D | M](C:\WINDOWS\??crosoft) -- C:\WINDOWS\Μіcrosoft
[2010/05/02 20:18:14 | 000,000,000 | ---D | C](C:\WINDOWS\??crosoft) -- C:\WINDOWS\Μіcrosoft
[2010/04/30 20:09:01 | 000,000,000 | ---D | M](C:\WINDOWS\System32\??stem) -- C:\WINDOWS\System32\ѕуstem
[2010/04/30 20:09:01 | 000,000,000 | ---D | C](C:\WINDOWS\System32\??stem) -- C:\WINDOWS\System32\ѕуstem
[2010/04/17 18:55:05 | 000,000,000 | ---D | M](C:\Program Files\??pPatch) -- C:\Program Files\ΑрpPatch
[2010/04/17 18:55:05 | 000,000,000 | ---D | M](C:\Program Files\??pPatch) -- C:\Program Files\ΑрpPatch
[2010/02/26 09:10:14 | 000,000,000 | ---D | M](C:\Documents and Settings\kathy\Application Data\?asks) -- C:\Documents and Settings\kathy\Application Data\Τasks
[2010/02/26 09:10:14 | 000,000,000 | ---D | M](C:\Documents and Settings\kathy\Application Data\?asks) -- C:\Documents and Settings\kathy\Application Data\Τasks
[2010/02/24 08:35:19 | 000,000,000 | ---D | M](C:\WINDOWS\System32\?ppPatch) -- C:\WINDOWS\System32\АppPatch
[2010/02/24 08:35:19 | 000,000,000 | ---D | C](C:\WINDOWS\System32\?ppPatch) -- C:\WINDOWS\System32\АppPatch
[2010/02/23 08:39:26 | 000,000,000 | ---D | M](C:\Program Files\T?sks) -- C:\Program Files\Tаsks
[2010/02/23 08:39:26 | 000,000,000 | ---D | M](C:\Program Files\T?sks) -- C:\Program Files\Tаsks
[2010/02/21 06:50:41 | 000,000,000 | ---D | M](C:\Program Files\Common Files\s?curity) -- C:\Program Files\Common Files\sеcurity
[2010/02/21 06:50:41 | 000,000,000 | ---D | M](C:\Program Files\Common Files\s?curity) -- C:\Program Files\Common Files\sеcurity
[2010/02/20 06:32:01 | 000,000,000 | ---D | M](C:\WINDOWS\F?nts) -- C:\WINDOWS\Fοnts
[2010/02/20 06:32:01 | 000,000,000 | ---D | C](C:\WINDOWS\F?nts) -- C:\WINDOWS\Fοnts
[2010/02/19 05:32:13 | 000,000,000 | ---D | M](C:\WINDOWS\?dobe) -- C:\WINDOWS\Αdobe
[2010/02/19 05:32:13 | 000,000,000 | ---D | C](C:\WINDOWS\?dobe) -- C:\WINDOWS\Αdobe
[2010/02/17 05:43:00 | 000,000,000 | ---D | M](C:\Documents and Settings\kathy\Application Data\s?stem32) -- C:\Documents and Settings\kathy\Application Data\sуstem32
[2010/02/17 05:43:00 | 000,000,000 | ---D | M](C:\Documents and Settings\kathy\Application Data\s?stem32) -- C:\Documents and Settings\kathy\Application Data\sуstem32
[2010/02/16 06:26:06 | 000,000,000 | ---D | M](C:\WINDOWS\A?pPatch) -- C:\WINDOWS\AрpPatch
[2010/02/16 06:26:06 | 000,000,000 | ---D | C](C:\WINDOWS\A?pPatch) -- C:\WINDOWS\AрpPatch
[2010/01/17 11:15:45 | 000,000,000 | ---D | M](C:\WINDOWS\s?mbols) -- C:\WINDOWS\sуmbols
[2010/01/17 11:15:45 | 000,000,000 | ---D | C](C:\WINDOWS\s?mbols) -- C:\WINDOWS\sуmbols
[2010/01/16 11:53:38 | 000,000,000 | ---D | M](C:\WINDOWS\System32\s?curity) -- C:\WINDOWS\System32\sеcurity
[2010/01/16 11:53:38 | 000,000,000 | ---D | C](C:\WINDOWS\System32\s?curity) -- C:\WINDOWS\System32\sеcurity
[2010/01/15 10:58:51 | 000,000,000 | ---D | M](C:\Program Files\?dobe) -- C:\Program Files\Αdobe
[2010/01/15 10:58:51 | 000,000,000 | ---D | M](C:\Program Files\?dobe) -- C:\Program Files\Αdobe
[2010/01/14 10:43:30 | 000,000,000 | ---D | M](C:\WINDOWS\System32\?dobe) -- C:\WINDOWS\System32\Αdobe
[2010/01/14 10:43:30 | 000,000,000 | ---D | C](C:\WINDOWS\System32\?dobe) -- C:\WINDOWS\System32\Αdobe
[2010/01/13 09:49:57 | 000,000,000 | ---D | M](C:\Program Files\Common Files\W?nSxS) -- C:\Program Files\Common Files\WіnSxS
[2010/01/13 09:49:57 | 000,000,000 | ---D | M](C:\Program Files\Common Files\W?nSxS) -- C:\Program Files\Common Files\WіnSxS
[2010/01/10 10:38:00 | 000,000,000 | ---D | M](C:\Documents and Settings\kathy\Application Data\?racle) -- C:\Documents and Settings\kathy\Application Data\Оracle
[2010/01/10 10:38:00 | 000,000,000 | ---D | M](C:\Documents and Settings\kathy\Application Data\?racle) -- C:\Documents and Settings\kathy\Application Data\Оracle
[2010/01/09 10:58:35 | 000,000,000 | ---D | M](C:\Program Files\Common Files\??stem32) -- C:\Program Files\Common Files\ѕуstem32
[2010/01/09 10:58:35 | 000,000,000 | ---D | M](C:\Program Files\Common Files\??stem32) -- C:\Program Files\Common Files\ѕуstem32
[2010/01/08 11:27:09 | 000,000,000 | ---D | M](C:\Program Files\??pPatch) -- C:\Program Files\АрpPatch
[2010/01/08 11:27:09 | 000,000,000 | ---D | M](C:\Program Files\??pPatch) -- C:\Program Files\АрpPatch
[2010/01/05 12:20:04 | 000,000,000 | ---D | M](C:\WINDOWS\System32\?asks) -- C:\WINDOWS\System32\Тasks
[2010/01/05 12:20:04 | 000,000,000 | ---D | C](C:\WINDOWS\System32\?asks) -- C:\WINDOWS\System32\Тasks
[2010/01/02 10:50:16 | 000,000,000 | ---D | M](C:\Documents and Settings\kathy\Application Data\??stem32) -- C:\Documents and Settings\kathy\Application Data\ѕуstem32
[2010/01/02 10:50:16 | 000,000,000 | ---D | M](C:\Documents and Settings\kathy\Application Data\??stem32) -- C:\Documents and Settings\kathy\Application Data\ѕуstem32
[2009/12/31 10:33:48 | 000,000,000 | ---D | M](C:\Documents and Settings\kathy\My Documents\??pPatch) -- C:\Documents and Settings\kathy\My Documents\ΑрpPatch
[2009/12/31 10:33:48 | 000,000,000 | ---D | C](C:\Documents and Settings\kathy\My Documents\??pPatch) -- C:\Documents and Settings\kathy\My Documents\ΑрpPatch
[2009/12/30 09:46:11 | 000,000,000 | ---D | M](C:\Documents and Settings\kathy\My Documents\F?nts) -- C:\Documents and Settings\kathy\My Documents\Fоnts
[2009/12/30 09:46:11 | 000,000,000 | ---D | C](C:\Documents and Settings\kathy\My Documents\F?nts) -- C:\Documents and Settings\kathy\My Documents\Fоnts
[2009/12/28 10:27:46 | 000,000,000 | ---D | M](C:\Documents and Settings\kathy\Application Data\?icrosoft) -- C:\Documents and Settings\kathy\Application Data\Μicrosoft
[2009/12/28 10:27:46 | 000,000,000 | ---D | M](C:\Documents and Settings\kathy\Application Data\?icrosoft) -- C:\Documents and Settings\kathy\Application Data\Μicrosoft
[2009/12/24 08:02:41 | 000,000,000 | ---D | M](C:\Documents and Settings\kathy\Application Data\s?mbols) -- C:\Documents and Settings\kathy\Application Data\sуmbols
[2009/12/24 08:02:41 | 000,000,000 | ---D | M](C:\Documents and Settings\kathy\Application Data\s?mbols) -- C:\Documents and Settings\kathy\Application Data\sуmbols
[2009/12/23 07:13:11 | 000,000,000 | ---D | M](C:\Documents and Settings\kathy\Application Data\?dobe) -- C:\Documents and Settings\kathy\Application Data\Аdobe
[2009/12/23 07:13:11 | 000,000,000 | ---D | M](C:\Documents and Settings\kathy\Application Data\?dobe) -- C:\Documents and Settings\kathy\Application Data\Аdobe
[2009/12/22 06:29:09 | 000,000,000 | ---D | M](C:\WINDOWS\??mbols) -- C:\WINDOWS\ѕуmbols
[2009/12/22 06:29:09 | 000,000,000 | ---D | C](C:\WINDOWS\??mbols) -- C:\WINDOWS\ѕуmbols
[2009/12/18 06:22:22 | 000,000,000 | ---D | M](C:\Program Files\??crosoft.NET) -- C:\Program Files\Міcrosoft.NET
[2009/12/18 06:22:22 | 000,000,000 | ---D | M](C:\Program Files\??crosoft.NET) -- C:\Program Files\Міcrosoft.NET
[2009/12/17 05:57:41 | 000,000,000 | ---D | M](C:\Documents and Settings\kathy\Application Data\?ymantec) -- C:\Documents and Settings\kathy\Application Data\Ѕymantec
[2009/12/17 05:57:41 | 000,000,000 | ---D | M](C:\Documents and Settings\kathy\Application Data\?ymantec) -- C:\Documents and Settings\kathy\Application Data\Ѕymantec
[2009/11/28 05:06:16 | 000,000,000 | ---D | M](C:\Program Files\M?crosoft) -- C:\Program Files\Mіcrosoft
[2009/11/28 05:06:16 | 000,000,000 | ---D | M](C:\Program Files\M?crosoft) -- C:\Program Files\Mіcrosoft
[2009/11/27 04:27:26 | 000,000,000 | ---D | M](C:\Program Files\?asks) -- C:\Program Files\Тasks
[2009/11/27 04:27:26 | 000,000,000 | ---D | M](C:\Program Files\?asks) -- C:\Program Files\Тasks
[2009/11/20 19:42:56 | 000,000,000 | ---D | M](C:\Documents and Settings\kathy\My Documents\S?mantec) -- C:\Documents and Settings\kathy\My Documents\Sуmantec
[2009/11/20 19:42:56 | 000,000,000 | ---D | C](C:\Documents and Settings\kathy\My Documents\S?mantec) -- C:\Documents and Settings\kathy\My Documents\Sуmantec
[2009/11/12 20:23:33 | 000,000,000 | ---D | M](C:\Program Files\Common Files\?racle) -- C:\Program Files\Common Files\Οracle
[2009/11/12 20:23:33 | 000,000,000 | ---D | M](C:\Program Files\Common Files\?racle) -- C:\Program Files\Common Files\Οracle
[2009/10/24 13:36:50 | 000,000,000 | ---D | M](C:\Program Files\Common Files\F?nts) -- C:\Program Files\Common Files\Fοnts
[2009/10/24 13:36:50 | 000,000,000 | ---D | M](C:\Program Files\Common Files\F?nts) -- C:\Program Files\Common Files\Fοnts
[2009/09/28 06:45:09 | 000,000,000 | ---D | M](C:\Program Files\??stem) -- C:\Program Files\ѕуstem
[2009/09/28 06:45:09 | 000,000,000 | ---D | M](C:\Program Files\??stem) -- C:\Program Files\ѕуstem
[2009/09/26 01:38:29 | 000,000,000 | ---D | M](C:\Documents and Settings\kathy\Application Data\s?curity) -- C:\Documents and Settings\kathy\Application Data\sеcurity
[2009/09/26 01:38:29 | 000,000,000 | ---D | M](C:\Documents and Settings\kathy\Application Data\s?curity) -- C:\Documents and Settings\kathy\Application Data\sеcurity
[2009/09/24 02:29:40 | 000,000,000 | ---D | C](C:\WINDOWS\??sks) -- C:\WINDOWS\Τаsks
[2009/09/20 12:55:25 | 000,000,000 | ---D | M](C:\WINDOWS\M?crosoft) -- C:\WINDOWS\Mіcrosoft
[2009/09/20 12:55:25 | 000,000,000 | ---D | C](C:\WINDOWS\M?crosoft) -- C:\WINDOWS\Mіcrosoft
[2009/09/20 12:33:08 | 000,000,000 | ---D | M](C:\Program Files\??mantec) -- C:\Program Files\Ѕуmantec
[2009/09/20 12:33:08 | 000,000,000 | ---D | M](C:\Program Files\??mantec) -- C:\Program Files\Ѕуmantec
[2009/09/06 00:32:19 | 000,000,000 | ---D | M](C:\Program Files\s?curity) -- C:\Program Files\sеcurity
[2009/09/06 00:32:19 | 000,000,000 | ---D | M](C:\Program Files\s?curity) -- C:\Program Files\sеcurity
[2009/09/04 13:22:47 | 000,000,000 | ---D | M](C:\Documents and Settings\kathy\Application Data\?ymbols) -- C:\Documents and Settings\kathy\Application Data\ѕymbols
[2009/09/04 13:22:47 | 000,000,000 | ---D | M](C:\Documents and Settings\kathy\Application Data\?ymbols) -- C:\Documents and Settings\kathy\Application Data\ѕymbols
[2009/08/24 16:41:52 | 000,000,000 | ---D | M](C:\WINDOWS\??crosoft) -- C:\WINDOWS\Міcrosoft
[2009/08/24 16:41:52 | 000,000,000 | ---D | C](C:\WINDOWS\??crosoft) -- C:\WINDOWS\Міcrosoft
[2009/08/15 07:16:01 | 000,000,000 | ---D | M](C:\WINDOWS\System32\?ystem) -- C:\WINDOWS\System32\ѕystem
[2009/08/15 07:16:01 | 000,000,000 | ---D | C](C:\WINDOWS\System32\?ystem) -- C:\WINDOWS\System32\ѕystem
[2009/08/08 15:45:39 | 000,000,000 | ---D | M](C:\WINDOWS\System32\?dobe) -- C:\WINDOWS\System32\Аdobe
[2009/08/08 15:45:39 | 000,000,000 | ---D | C](C:\WINDOWS\System32\?dobe) -- C:\WINDOWS\System32\Аdobe
[2009/08/07 16:12:36 | 000,000,000 | ---D | C](C:\WINDOWS\System32\??sembly) -- C:\WINDOWS\System32\аѕsembly
[2009/08/06 08:19:28 | 000,000,000 | ---D | M](C:\Documents and Settings\kathy\My Documents\?ystem) -- C:\Documents and Settings\kathy\My Documents\ѕystem
[2009/08/06 08:19:28 | 000,000,000 | ---D | C](C:\Documents and Settings\kathy\My Documents\?ystem) -- C:\Documents and Settings\kathy\My Documents\ѕystem
[2009/07/25 11:14:51 | 000,000,000 | ---D | M](C:\Documents and Settings\kathy\My Documents\T?sks) -- C:\Documents and Settings\kathy\My Documents\Tаsks
[2009/07/25 11:14:51 | 000,000,000 | ---D | C](C:\Documents and Settings\kathy\My Documents\T?sks) -- C:\Documents and Settings\kathy\My Documents\Tаsks
[2009/07/20 22:31:08 | 000,000,000 | ---D | M](C:\Program Files\F?nts) -- C:\Program Files\Fоnts
[2009/07/20 22:31:08 | 000,000,000 | ---D | M](C:\Program Files\F?nts) -- C:\Program Files\Fоnts
[2009/07/14 00:15:26 | 000,000,000 | ---D | M](C:\WINDOWS\System32\??crosoft.NET) -- C:\WINDOWS\System32\Міcrosoft.NET
[2009/07/14 00:15:26 | 000,000,000 | ---D | C](C:\WINDOWS\System32\??crosoft.NET) -- C:\WINDOWS\System32\Міcrosoft.NET
[2009/07/09 22:24:04 | 000,000,000 | ---D | M](C:\WINDOWS\System32\s?mbols) -- C:\WINDOWS\System32\sуmbols
[2009/07/09 22:24:04 | 000,000,000 | ---D | C](C:\WINDOWS\System32\s?mbols) -- C:\WINDOWS\System32\sуmbols
[2009/07/07 12:40:35 | 000,000,000 | ---D | M](C:\Program Files\Common Files\?ymantec) -- C:\Program Files\Common Files\Ѕymantec
[2009/07/07 12:40:35 | 000,000,000 | ---D | M](C:\Program Files\Common Files\?ymantec) -- C:\Program Files\Common Files\Ѕymantec
[2009/06/30 17:37:15 | 000,000,000 | ---D | M](C:\Documents and Settings\kathy\Application Data\??sembly) -- C:\Documents and Settings\kathy\Application Data\аѕsembly
[2009/06/30 17:37:15 | 000,000,000 | ---D | M](C:\Documents and Settings\kathy\Application Data\??sembly) -- C:\Documents and Settings\kathy\Application Data\аѕsembly
[2009/06/29 03:11:58 | 000,000,000 | ---D | M](C:\Program Files\??crosoft.NET) -- C:\Program Files\Μіcrosoft.NET
[2009/06/29 03:11:58 | 000,000,000 | ---D | M](C:\Program Files\??crosoft.NET) -- C:\Program Files\Μіcrosoft.NET
[2009/06/15 21:36:18 | 000,000,000 | ---D | M](C:\Program Files\Common Files\??pPatch) -- C:\Program Files\Common Files\АрpPatch
[2009/06/15 21:36:18 | 000,000,000 | ---D | M](C:\Program Files\Common Files\??pPatch) -- C:\Program Files\Common Files\АрpPatch
[2009/06/05 18:39:00 | 000,000,000 | ---D | M](C:\Program Files\?icrosoft) -- C:\Program Files\Мicrosoft
[2009/06/05 18:39:00 | 000,000,000 | ---D | M](C:\Program Files\?icrosoft) -- C:\Program Files\Мicrosoft
[2009/05/31 14:40:25 | 000,000,000 | ---D | M](C:\Program Files\?ppPatch) -- C:\Program Files\ΑppPatch
[2009/05/31 14:40:25 | 000,000,000 | ---D | M](C:\Program Files\?ppPatch) -- C:\Program Files\ΑppPatch
[2009/05/16 01:03:29 | 000,000,000 | ---D | M](C:\Program Files\Common Files\??crosoft.NET) -- C:\Program Files\Common Files\Міcrosoft.NET
[2009/05/16 01:03:29 | 000,000,000 | ---D | M](C:\Program Files\Common Files\??crosoft.NET) -- C:\Program Files\Common Files\Міcrosoft.NET
[2009/05/04 11:44:27 | 000,000,000 | ---D | M](C:\Program Files\Common Files\?ystem) -- C:\Program Files\Common Files\ѕystem
[2009/05/04 11:44:27 | 000,000,000 | ---D | M](C:\Program Files\Common Files\?ystem) -- C:\Program Files\Common Files\ѕystem
[2009/04/25 10:50:40 | 000,000,000 | ---D | M](C:\Documents and Settings\kathy\Application Data\??crosoft.NET) -- C:\Documents and Settings\kathy\Application Data\Міcrosoft.NET
[2009/04/25 10:50:40 | 000,000,000 | ---D | M](C:\Documents and Settings\kathy\Application Data\??crosoft.NET) -- C:\Documents and Settings\kathy\Application Data\Міcrosoft.NET
[2009/04/19 17:54:28 | 000,000,000 | ---D | M](C:\Program Files\Common Files\??stem) -- C:\Program Files\Common Files\ѕуstem
[2009/04/19 17:54:28 | 000,000,000 | ---D | M](C:\Program Files\Common Files\??stem) -- C:\Program Files\Common Files\ѕуstem
[2009/03/28 21:02:03 | 000,000,000 | ---D | M](C:\WINDOWS\System32\??mantec) -- C:\WINDOWS\System32\Ѕуmantec
[2009/03/28 21:02:03 | 000,000,000 | ---D | C](C:\WINDOWS\System32\??mantec) -- C:\WINDOWS\System32\Ѕуmantec
[2009/03/25 11:44:32 | 000,000,000 | ---D | M](C:\WINDOWS\System32\?racle) -- C:\WINDOWS\System32\Оracle
[2009/03/24 18:28:47 | 000,000,000 | ---D | M](C:\Program Files\Common Files\??mantec) -- C:\Program Files\Common Files\Ѕуmantec
[2009/03/24 18:28:47 | 000,000,000 | ---D | M](C:\Program Files\Common Files\??mantec) -- C:\Program Files\Common Files\Ѕуmantec
[2009/03/23 18:22:06 | 000,000,000 | ---D | C](C:\WINDOWS\System32\?racle) -- C:\WINDOWS\System32\Оracle
[2009/03/23 18:21:17 | 000,000,000 | ---D | M](C:\Program Files\Common Files\M?crosoft.NET) -- C:\Program Files\Common Files\Mіcrosoft.NET
[2009/03/23 18:21:17 | 000,000,000 | ---D | M](C:\Program Files\Common Files\M?crosoft.NET) -- C:\Program Files\Common Files\Mіcrosoft.NET
[2009/03/22 15:10:26 | 000,000,000 | ---D | M](C:\Program Files\??crosoft) -- C:\Program Files\Μіcrosoft
[2009/03/22 15:10:26 | 000,000,000 | ---D | M](C:\Program Files\??crosoft) -- C:\Program Files\Μіcrosoft
[2009/03/15 18:12:06 | 000,000,000 | ---D | M](C:\Documents and Settings\kathy\My Documents\?dobe) -- C:\Documents and Settings\kathy\My Documents\Αdobe
[2009/03/14 01:28:58 | 000,000,000 | ---D | M](C:\WINDOWS\System32\F?nts) -- C:\WINDOWS\System32\Fοnts
[2009/03/14 01:28:58 | 000,000,000 | ---D | C](C:\WINDOWS\System32\F?nts) -- C:\WINDOWS\System32\Fοnts
[2009/03/07 17:03:11 | 000,000,000 | ---D | M](C:\Program Files\?dobe) -- C:\Program Files\Аdobe
[2009/03/07 17:03:11 | 000,000,000 | ---D | M](C:\Program Files\?dobe) -- C:\Program Files\Аdobe
[2009/02/28 20:10:14 | 000,000,000 | ---D | M](C:\Program Files\Common Files\?ppPatch) -- C:\Program Files\Common Files\АppPatch
[2009/02/28 20:10:14 | 000,000,000 | ---D | M](C:\Program Files\Common Files\?ppPatch) -- C:\Program Files\Common Files\АppPatch
[2009/02/28 18:37:21 | 000,000,000 | ---D | C](C:\Documents and Settings\kathy\My Documents\?dobe) -- C:\Documents and Settings\kathy\My Documents\Αdobe
[2009/02/14 18:49:42 | 000,000,000 | ---D | M](C:\Program Files\Common Files\s?mbols) -- C:\Program Files\Common Files\sуmbols
[2009/02/14 18:49:42 | 000,000,000 | ---D | M](C:\Program Files\Common Files\s?mbols) -- C:\Program Files\Common Files\sуmbols
[2009/02/09 21:13:41 | 000,000,000 | ---D | M](C:\Program Files\Common Files\?dobe) -- C:\Program Files\Common Files\Αdobe
[2009/02/09 21:13:41 | 000,000,000 | ---D | M](C:\Program Files\Common Files\?dobe) -- C:\Program Files\Common Files\Αdobe
[2009/02/08 21:27:01 | 000,000,000 | ---D | M](C:\Program Files\Common Files\?ymbols) -- C:\Program Files\Common Files\ѕymbols
[2009/02/08 21:27:01 | 000,000,000 | ---D | M](C:\Program Files\Common Files\?ymbols) -- C:\Program Files\Common Files\ѕymbols
[2009/02/02 21:35:51 | 000,000,000 | ---D | M](C:\WINDOWS\s?curity) -- C:\WINDOWS\sеcurity
[2009/01/25 20:33:16 | 000,000,000 | ---D | C](C:\WINDOWS\s?curity) -- C:\WINDOWS\sеcurity
[2009/01/22 01:15:18 | 000,000,000 | ---D | M](C:\Program Files\Common Files\?racle) -- C:\Program Files\Common Files\Оracle
[2009/01/22 01:15:18 | 000,000,000 | ---D | M](C:\Program Files\Common Files\?racle) -- C:\Program Files\Common Files\Оracle
[2009/01/21 21:35:48 | 000,000,000 | ---D | M](C:\Program Files\F?nts) -- C:\Program Files\Fοnts
[2009/01/21 21:35:48 | 000,000,000 | ---D | M](C:\Program Files\F?nts) -- C:\Program Files\Fοnts
[2009/01/19 07:36:16 | 000,000,000 | ---D | M](C:\WINDOWS\?ppPatch) -- C:\WINDOWS\ΑppPatch
[2009/01/18 18:35:22 | 000,000,000 | ---D | M](C:\Program Files\A?pPatch) -- C:\Program Files\AрpPatch
[2009/01/18 18:35:22 | 000,000,000 | ---D | M](C:\Program Files\A?pPatch) -- C:\Program Files\AрpPatch
[2009/01/17 11:40:47 | 000,000,000 | ---D | C](C:\WINDOWS\?ppPatch) -- C:\WINDOWS\ΑppPatch
[2009/01/17 11:39:59 | 000,000,000 | ---D | M](C:\WINDOWS\System32\W?nSxS) -- C:\WINDOWS\System32\WіnSxS
[2009/01/11 18:30:51 | 000,000,000 | ---D | M](C:\WINDOWS\System32\?ystem32) -- C:\WINDOWS\System32\ѕystem32
[2009/01/10 21:41:35 | 000,000,000 | ---D | C](C:\WINDOWS\System32\W?nSxS) -- C:\WINDOWS\System32\WіnSxS
[2009/01/08 05:36:16 | 000,000,000 | ---D | M](C:\WINDOWS\??curity) -- C:\WINDOWS\ѕеcurity
[2009/01/05 18:19:29 | 000,000,000 | ---D | C](C:\WINDOWS\System32\?ystem32) -- C:\WINDOWS\System32\ѕystem32
[2009/01/05 16:36:00 | 000,000,000 | ---D | M](C:\Program Files\Common Files\??curity) -- C:\Program Files\Common Files\ѕеcurity
[2009/01/05 16:36:00 | 000,000,000 | ---D | M](C:\Program Files\Common Files\??curity) -- C:\Program Files\Common Files\ѕеcurity
[2009/01/04 17:13:27 | 000,000,000 | ---D | C](C:\WINDOWS\??curity) -- C:\WINDOWS\ѕеcurity
[2009/01/03 01:33:29 | 000,000,000 | ---D | M](C:\Documents and Settings\kathy\My Documents\?racle) -- C:\Documents and Settings\kathy\My Documents\Οracle
[2008/12/31 20:59:08 | 000,000,000 | ---D | M](C:\Documents and Settings\kathy\Application Data\F?nts) -- C:\Documents and Settings\kathy\Application Data\Fоnts
[2008/12/31 20:59:08 | 000,000,000 | ---D | M](C:\Documents and Settings\kathy\Application Data\F?nts) -- C:\Documents and Settings\kathy\Application Data\Fоnts
[2008/12/25 13:09:31 | 000,000,000 | ---D | M](C:\Program Files\?ystem) -- C:\Program Files\ѕystem
[2008/12/25 13:09:31 | 000,000,000 | ---D | M](C:\Program Files\?ystem) -- C:\Program Files\ѕystem
[2008/12/22 02:51:36 | 000,000,000 | ---D | M](C:\Program Files\?ystem32) -- C:\Program Files\ѕystem32
[2008/12/22 02:51:36 | 000,000,000 | ---D | M](C:\Program Files\?ystem32) -- C:\Program Files\ѕystem32
[2008/12/22 02:50:38 | 000,000,000 | ---D | M](C:\WINDOWS\?icrosoft.NET) -- C:\WINDOWS\Μicrosoft.NET
[2008/12/17 12:41:16 | 000,000,000 | ---D | M](C:\Program Files\s?stem32) -- C:\Program Files\sуstem32
[2008/12/17 12:41:16 | 000,000,000 | ---D | M](C:\Program Files\s?stem32) -- C:\Program Files\sуstem32
[2008/12/16 12:12:11 | 000,000,000 | ---D | C](C:\WINDOWS\?icrosoft.NET) -- C:\WINDOWS\Μicrosoft.NET
[2008/12/16 12:11:09 | 000,000,000 | ---D | M](C:\Documents and Settings\kathy\Application Data\??crosoft) -- C:\Documents and Settings\kathy\Application Data\Μіcrosoft
[2008/12/16 12:11:09 | 000,000,000 | ---D | M](C:\Documents and Settings\kathy\Application Data\??crosoft) -- C:\Documents and Settings\kathy\Application Data\Μіcrosoft
[2008/12/11 22:23:52 | 000,000,000 | ---D | M](C:\WINDOWS\?ymbols) -- C:\WINDOWS\ѕymbols
[2008/12/11 22:23:52 | 000,000,000 | ---D | C](C:\WINDOWS\?ymbols) -- C:\WINDOWS\ѕymbols
[2008/12/11 21:42:45 | 000,000,000 | ---D | M](C:\Program Files\?ymbols) -- C:\Program Files\ѕymbols
[2008/12/11 21:42:45 | 000,000,000 | ---D | M](C:\Program Files\?ymbols) -- C:\Program Files\ѕymbols
[2008/12/06 00:26:23 | 000,000,000 | ---D | M](C:\WINDOWS\System32\?icrosoft) -- C:\WINDOWS\System32\Мicrosoft
[2008/12/05 11:54:06 | 000,000,000 | ---D | M](C:\WINDOWS\??pPatch) -- C:\WINDOWS\АрpPatch
[2008/12/05 11:54:06 | 000,000,000 | ---D | C](C:\WINDOWS\??pPatch) -- C:\WINDOWS\АрpPatch
[2008/11/30 21:16:37 | 000,000,000 | ---D | M](C:\Program Files\?ymantec) -- C:\Program Files\Ѕymantec
[2008/11/30 21:16:37 | 000,000,000 | ---D | M](C:\Program Files\?ymantec) -- C:\Program Files\Ѕymantec
[2008/11/29 18:57:52 | 000,000,000 | ---D | M](C:\Program Files\S?mantec) -- C:\Program Files\Sуmantec
[2008/11/29 18:57:52 | 000,000,000 | ---D | M](C:\Program Files\S?mantec) -- C:\Program Files\Sуmantec
[2008/11/27 21:17:23 | 000,000,000 | ---D | M](C:\Documents and Settings\kathy\Application Data\A?pPatch) -- C:\Documents and Settings\kathy\Application Data\AрpPatch
[2008/11/27 21:17:23 | 000,000,000 | ---D | M](C:\Documents and Settings\kathy\Application Data\A?pPatch) -- C:\Documents and Settings\kathy\Application Data\AрpPatch
[2008/11/26 21:05:29 | 000,000,000 | ---D | C](C:\WINDOWS\System32\?icrosoft) -- C:\WINDOWS\System32\Мicrosoft
[2008/11/24 21:11:47 | 000,000,000 | ---D | M](C:\Program Files\?ecurity) -- C:\Program Files\ѕecurity
[2008/11/24 21:11:47 | 000,000,000 | ---D | M](C:\Program Files\?ecurity) -- C:\Program Files\ѕecurity
[2008/11/17 21:17:25 | 000,000,000 | ---D | M](C:\WINDOWS\W?nSxS) -- C:\WINDOWS\WіnSxS
[2008/11/17 21:17:25 | 000,000,000 | ---D | C](C:\WINDOWS\W?nSxS) -- C:\WINDOWS\WіnSxS
[2008/11/16 15:17:06 | 000,000,000 | ---D | M](C:\WINDOWS\System32\?asks) -- C:\WINDOWS\System32\Τasks
[2008/11/16 15:17:06 | 000,000,000 | ---D | C](C:\WINDOWS\System32\?asks) -- C:\WINDOWS\System32\Τasks
[2008/11/15 14:56:23 | 000,000,000 | ---D | C](C:\Documents and Settings\kathy\My Documents\?racle) -- C:\Documents and Settings\kathy\My Documents\Οracle
[2008/11/13 17:15:51 | 000,000,000 | ---D | M](C:\WINDOWS\?asks) -- C:\WINDOWS\Тasks
[2008/02/07 18:00:02 | 000,000,000 | ---D | M](C:\WINDOWS\System32\??curity) -- C:\WINDOWS\System32\ѕеcurity
[2008/02/07 18:00:02 | 000,000,000 | ---D | C](C:\WINDOWS\System32\??curity) -- C:\WINDOWS\System32\ѕеcurity
[2008/01/20 00:08:13 | 000,000,000 | ---D | C](C:\WINDOWS\?asks) -- C:\WINDOWS\Тasks
[2008/01/20 00:08:02 | 000,000,000 | ---D | M](C:\Program Files\Common Files\?ystem32) -- C:\Program Files\Common Files\ѕystem32
[2008/01/20 00:08:02 | 000,000,000 | ---D | M](C:\Program Files\Common Files\?ystem32) -- C:\Program Files\Common Files\ѕystem32
[2008/01/17 18:52:11 | 000,000,000 | ---D | M](C:\WINDOWS\System32\??stem32) -- C:\WINDOWS\System32\ѕуstem32
[2008/01/17 17:50:32 | 000,000,000 | ---D | C](C:\WINDOWS\System32\??stem32) -- C:\WINDOWS\System32\ѕуstem32
[2008/01/11 23:07:39 | 000,000,000 | ---D | M](C:\Program Files\?racle) -- C:\Program Files\Оracle
[2008/01/11 23:07:39 | 000,000,000 | ---D | M](C:\Program Files\?racle) -- C:\Program Files\Оracle
[2008/01/05 03:14:46 | 000,000,000 | ---D | M](C:\Program Files\Common Files\?ssembly) -- C:\Program Files\Common Files\аssembly
[2008/01/05 03:14:46 | 000,000,000 | ---D | M](C:\Program Files\Common Files\?ssembly) -- C:\Program Files\Common Files\аssembly
[2007/12/16 03:16:29 | 000,000,000 | ---D | C](C:\Documents and Settings\kathy\My Documents\?ymbols) -- C:\Documents and Settings\kathy\My Documents\ѕymbols
(C:\Program Files\T?sks) -- C:\Program Files\Tаsks
(C:\Program Files\s?stem32) -- C:\Program Files\sуstem32
(C:\Program Files\S?mantec) -- C:\Program Files\Sуmantec
(C:\Program Files\s?curity) -- C:\Program Files\sеcurity
(C:\Program Files\M?crosoft.NET) -- C:\Program Files\Mіcrosoft.NET
(C:\Program Files\M?crosoft) -- C:\Program Files\Mіcrosoft
(C:\Program Files\F?nts) -- C:\Program Files\Fоnts
(C:\Program Files\F?nts) -- C:\Program Files\Fοnts
(C:\Program Files\Common Files\W?nSxS) -- C:\Program Files\Common Files\WіnSxS
(C:\Program Files\Common Files\s?stem) -- C:\Program Files\Common Files\sуstem
(C:\Program Files\Common Files\s?mbols) -- C:\Program Files\Common Files\sуmbols
(C:\Program Files\Common Files\s?curity) -- C:\Program Files\Common Files\sеcurity
(C:\Program Files\Common Files\M?crosoft.NET) -- C:\Program Files\Common Files\Mіcrosoft.NET
(C:\Program Files\Common Files\F?nts) -- C:\Program Files\Common Files\Fоnts
(C:\Program Files\Common Files\F?nts) -- C:\Program Files\Common Files\Fοnts
(C:\Program Files\Common Files\a?sembly) -- C:\Program Files\Common Files\aѕsembly
(C:\Program Files\Common Files\?ystem32) -- C:\Program Files\Common Files\ѕystem32
(C:\Program Files\Common Files\?ystem) -- C:\Program Files\Common Files\ѕystem
(C:\Program Files\Common Files\?ymbols) -- C:\Program Files\Common Files\ѕymbols
(C:\Program Files\Common Files\?ymantec) -- C:\Program Files\Common Files\Ѕymantec
(C:\Program Files\Common Files\?ssembly) -- C:\Program Files\Common Files\аssembly
(C:\Program Files\Common Files\?racle) -- C:\Program Files\Common Files\Оracle
(C:\Program Files\Common Files\?racle) -- C:\Program Files\Common Files\Οracle
(C:\Program Files\Common Files\?ppPatch) -- C:\Program Files\Common Files\АppPatch
(C:\Program Files\Common Files\?ppPatch) -- C:\Program Files\Common Files\ΑppPatch
(C:\Program Files\Common Files\?ecurity) -- C:\Program Files\Common Files\ѕecurity
(C:\Program Files\Common Files\?dobe) -- C:\Program Files\Common Files\Αdobe
(C:\Program Files\Common Files\??stem32) -- C:\Program Files\Common Files\ѕуstem32
(C:\Program Files\Common Files\??stem) -- C:\Program Files\Common Files\ѕуstem
(C:\Program Files\Common Files\??sembly) -- C:\Program Files\Common Files\аѕsembly
(C:\Program Files\Common Files\??pPatch) -- C:\Program Files\Common Files\АрpPatch
(C:\Program Files\Common Files\??pPatch) -- C:\Program Files\Common Files\ΑрpPatch
(C:\Program Files\Common Files\??mantec) -- C:\Program Files\Common Files\Ѕуmantec
(C:\Program Files\Common Files\??curity) -- C:\Program Files\Common Files\ѕеcurity
(C:\Program Files\Common Files\??crosoft.NET) -- C:\Program Files\Common Files\Міcrosoft.NET
(C:\Program Files\A?pPatch) -- C:\Program Files\AрpPatch
(C:\Program Files\?ystem32) -- C:\Program Files\ѕystem32
(C:\Program Files\?ystem) -- C:\Program Files\ѕystem
(C:\Program Files\?ymbols) -- C:\Program Files\ѕymbols
(C:\Program Files\?ymantec) -- C:\Program Files\Ѕymantec
(C:\Program Files\?racle) -- C:\Program Files\Оracle
(C:\Program Files\?racle) -- C:\Program Files\Οracle
(C:\Program Files\?ppPatch) -- C:\Program Files\ΑppPatch
(C:\Program Files\?icrosoft.NET) -- C:\Program Files\Μicrosoft.NET
(C:\Program Files\?icrosoft) -- C:\Program Files\Мicrosoft
(C:\Program Files\?ecurity) -- C:\Program Files\ѕecurity
(C:\Program Files\?dobe) -- C:\Program Files\Аdobe
(C:\Program Files\?dobe) -- C:\Program Files\Αdobe
(C:\Program Files\?asks) -- C:\Program Files\Тasks
(C:\Program Files\??stem32) -- C:\Program Files\ѕуstem32
(C:\Program Files\??stem) -- C:\Program Files\ѕуstem
(C:\Program Files\??pPatch) -- C:\Program Files\АрpPatch
(C:\Program Files\??pPatch) -- C:\Program Files\ΑрpPatch
(C:\Program Files\??mbols) -- C:\Program Files\ѕуmbols
(C:\Program Files\??mantec) -- C:\Program Files\Ѕуmantec
(C:\Program Files\??crosoft.NET) -- C:\Program Files\Міcrosoft.NET
(C:\Program Files\??crosoft.NET) -- C:\Program Files\Μіcrosoft.NET
(C:\Program Files\??crosoft) -- C:\Program Files\Μіcrosoft
(C:\Documents and Settings\kathy\Application Data\s?stem32) -- C:\Documents and Settings\kathy\Application Data\sуstem32
(C:\Documents and Settings\kathy\Application Data\s?mbols) -- C:\Documents and Settings\kathy\Application Data\sуmbols
(C:\Documents and Settings\kathy\Application Data\s?curity) -- C:\Documents and Settings\kathy\Application Data\sеcurity
(C:\Documents and Settings\kathy\Application Data\M?crosoft) -- C:\Documents and Settings\kathy\Application Data\Mіcrosoft
(C:\Documents and Settings\kathy\Application Data\F?nts) -- C:\Documents and Settings\kathy\Application Data\Fоnts
(C:\Documents and Settings\kathy\Application Data\F?nts) -- C:\Documents and Settings\kathy\Application Data\Fοnts
(C:\Documents and Settings\kathy\Application Data\A?pPatch) -- C:\Documents and Settings\kathy\Application Data\AрpPatch
(C:\Documents and Settings\kathy\Application Data\?ystem) -- C:\Documents and Settings\kathy\Application Data\ѕystem
(C:\Documents and Settings\kathy\Application Data\?ymbols) -- C:\Documents and Settings\kathy\Application Data\ѕymbols
(C:\Documents and Settings\kathy\Application Data\?ymantec) -- C:\Documents and Settings\kathy\Application Data\Ѕymantec
(C:\Documents and Settings\kathy\Application Data\?racle) -- C:\Documents and Settings\kathy\Application Data\Оracle
(C:\Documents and Settings\kathy\Application Data\?racle) -- C:\Documents and Settings\kathy\Application Data\Οracle
(C:\Documents and Settings\kathy\Application Data\?icrosoft.NET) -- C:\Documents and Settings\kathy\Application Data\Мicrosoft.NET
(C:\Documents and Settings\kathy\Application Data\?icrosoft) -- C:\Documents and Settings\kathy\Application Data\Μicrosoft
(C:\Documents and Settings\kathy\Application Data\?ecurity) -- C:\Documents and Settings\kathy\Application Data\ѕecurity
(C:\Documents and Settings\kathy\Application Data\?dobe) -- C:\Documents and Settings\kathy\Application Data\Аdobe
(C:\Documents and Settings\kathy\Application Data\?dobe) -- C:\Documents and Settings\kathy\Application Data\Αdobe
(C:\Documents and Settings\kathy\Application Data\?asks) -- C:\Documents and Settings\kathy\Application Data\Τasks
(C:\Documents and Settings\kathy\Application Data\??stem32) -- C:\Documents and Settings\kathy\Application Data\ѕуstem32
(C:\Documents and Settings\kathy\Application Data\??sembly) -- C:\Documents and Settings\kathy\Application Data\аѕsembly
(C:\Documents and Settings\kathy\Application Data\??mbols) -- C:\Documents and Settings\kathy\Application Data\ѕуmbols
(C:\Documents and Settings\kathy\Application Data\??mantec) -- C:\Documents and Settings\kathy\Application Data\Ѕуmantec
(C:\Documents and Settings\kathy\Application Data\??crosoft.NET) -- C:\Documents and Settings\kathy\Application Data\Міcrosoft.NET
(C:\Documents and Settings\kathy\Application Data\??crosoft) -- C:\Documents and Settings\kathy\Application Data\Міcrosoft
(C:\Documents and Settings\kathy\Application Data\??crosoft) -- C:\Documents and Settings\kathy\Application Data\Μіcrosoft

< End of report >

#2
Essexboy

Posted 05 June 2011 - 06:37 AM

GeekU Moderator

Retired Staff
69,964 posts

Hi there you do seem to have a veritable zoo infesting your system

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
O2 - BHO: (no name) - {18D69F3C-27AA-2D5C-8E38-58C02C5385E8} - File not found
O2 - BHO: (BndShell3 BHO Class) - {875A1348-7674-42aa-ADAC-B4F36A004A2D} - File not found
O2 - BHO: (no name) - {BBB05D9E-0297-404D-A6BF-D8F2876B84A6} - Reg Error: Value error. File not found
O2 - BHO: (no name) - {EAF1AF45-6130-4CC5-8051-6A58BB253F93} - File not found
O4 - HKLM..\Run: [F9FBFAF6FBFCFCF] File not found
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKCU..\Run: [] File not found
O4 - HKCU..\Run: [Apntuzze] File not found
O4 - HKCU..\Run: [Asue] C:\WINDOWS\Τаsks\regedit.exe ()
O4 - HKCU..\Run: [Bwctcex] File not found
O4 - HKCU..\Run: [Cheq] File not found
O4 - HKCU..\Run: [Csxavqi] File not found
O4 - HKCU..\Run: [Czssnsq] C:\WINDOWS\system32\аѕsembly\іexplore.exe ()
O4 - HKCU..\Run: [Damyknqj] File not found
O4 - HKCU..\Run: [Dide] File not found
O4 - HKCU..\Run: [Dnwgbsmq] File not found
O4 - HKCU..\Run: [Efoh] File not found
O4 - HKCU..\Run: [Egfha] File not found
O4 - HKCU..\Run: [Fkvo] File not found
O4 - HKCU..\Run: [Glevip] C:\WINDOWS\wroetmol.dll ()
O4 - HKCU..\Run: [Hcuabct] File not found
O4 - HKCU..\Run: [Hgxzps] File not found
O4 - HKCU..\Run: [Hubfsuh] File not found
O4 - HKCU..\Run: [Hzs] File not found
O4 - HKCU..\Run: [Idt] File not found
O4 - HKCU..\Run: [Iytmywy] File not found
O4 - HKCU..\Run: [Jhs] File not found
O4 - HKCU..\Run: [Jksmmmk] File not found
O4 - HKCU..\Run: [Jtyzvdd] File not found
O4 - HKCU..\Run: [Kdtkwriw] File not found
O4 - HKCU..\Run: [Ktkufd] File not found
O4 - HKCU..\Run: [Kvhiq] File not found
O4 - HKCU..\Run: [Lwwdespp] File not found
O4 - HKCU..\Run: [Nalk] File not found
O4 - HKCU..\Run: [Nhkmmt] File not found
O4 - HKCU..\Run: [Nht] File not found
O4 - HKCU..\Run: [Ntgsjcj] File not found
O4 - HKCU..\Run: [Odtw] C:\Program Files\Common Files\ѕystem32\scanregw.exe ()
O4 - HKCU..\Run: [oroi] File not found
O4 - HKCU..\Run: [Pvkikko] File not found
O4 - HKCU..\Run: [QdrModule10] File not found
O4 - HKCU..\Run: [QdrPack11] File not found
O4 - HKCU..\Run: [Qmrccvw] File not found
O4 - HKCU..\Run: [Qptlgcdl] File not found
O4 - HKCU..\Run: [Qqqqf] File not found
O4 - HKCU..\Run: [Sfqywb] File not found
O4 - HKCU..\Run: [Torqsabx] File not found
O4 - HKCU..\Run: [Ukfhmk] File not found
O4 - HKCU..\Run: [Umafi] File not found
O4 - HKCU..\Run: [Wjil] File not found
O4 - HKCU..\Run: [Wlw] File not found
O4 - HKCU..\Run: [Wuwn] File not found
O4 - HKCU..\Run: [xInsIDE] File not found
O4 - HKCU..\Run: [Ykocki] File not found
O4 - HKCU..\Run: [Yngyje] File not found
O4 - HKCU..\Run: [Yshmjo] File not found
O4 - HKCU..\Run: [Zmpod] File not found
O16 - DPF: {3334504D-9980-0010-8000-00AA00389B71} http://download.micr...C4D/mp43dmo.CAB (Reg Error: Key error.)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.micr...922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {50BD5CDA-4BA8-4048-8FAA-763F222E41D8} ms-its:mhtml:file://c:\\nores.mht!http://adxrnet.net/c...::/xpreload.ocx (Reg Error: Key error.)
O20 - Winlogon\Notify\fccabba: DllName - fccabba.dll - File not found
O28 - HKLM ShellExecuteHooks: {BBB05D9E-0297-404D-A6BF-D8F2876B84A6} - Reg Error: Value error. File not found
O30 - LSA: Authentication Packages - (C:\WINDOWS\System32\pmkhh.dll) - File not found
[2011/05/24 20:09:47 | 000,881,664 | ---- | C] (BitDefender) -- C:\Documents and Settings\All Users\Application Data\defender.e
[2011/05/24 19:31:24 | 000,880,640 | ---- | C] (BitDefender) -- C:\Documents and Settings\All Users\Application Data\defender.ex
[2011/06/04 12:59:35 | 000,000,214 | ---- | M] () -- C:\Documents and Settings\kathy\Desktop\Internet Security Suite.url
[2011/06/04 02:40:10 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Wgecewatebicogic.dat
[2011/06/04 02:40:10 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Yrapalanahif.bin
[2011/06/02 05:48:13 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malware Protection.lnk
[2011/05/24 20:09:47 | 000,881,664 | ---- | M] (BitDefender) -- C:\Documents and Settings\All Users\Application Data\defender.e
[2011/05/24 19:31:25 | 000,880,640 | ---- | M] (BitDefender) -- C:\Documents and Settings\All Users\Application Data\defender.ex
[2011/06/04 12:59:35 | 000,000,214 | ---- | C] () -- C:\Documents and Settings\kathy\Desktop\Internet Security Suite.url
[2011/03/25 03:04:34 | 000,016,094 | -HS- | C] () -- C:\Documents and Settings\kathy\Local Settings\Application Data\6o1fpxf5dlxq47de5jb1600yp8m4cy5xnp3yiv
[2011/03/25 03:04:34 | 000,016,094 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\6o1fpxf5dlxq47de5jb1600yp8m4cy5xnp3yi
[2011/01/06 05:48:22 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Wgecewatebicogic.dat
[2011/01/06 05:48:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Yrapalanahif.bin
[2008/10/02 14:05:26 | 001,040,303 | -HS- | C] () -- C:\WINDOWS\System32\lsmmwxti.ini
[2008/09/23 19:16:05 | 000,898,638 | -HS- | C] () -- C:\WINDOWS\System32\krheffkn.ini
[2008/09/20 23:23:00 | 001,001,677 | -HS- | C] () -- C:\WINDOWS\System32\fsvyjvkl.ini
[2008/09/14 23:47:16 | 001,071,071 | -HS- | C] () -- C:\WINDOWS\System32\mkhmhyfu.ini
[2008/09/14 08:49:02 | 001,078,208 | -HS- | C] () -- C:\WINDOWS\System32\kaialjnj.ini
[2008/09/13 00:22:24 | 001,078,208 | -HS- | C] () -- C:\WINDOWS\System32\xvvroeie.ini
[2008/09/12 00:24:31 | 001,180,778 | -HS- | C] () -- C:\WINDOWS\System32\gpwktclo.ini
[2008/02/07 18:00:49 | 001,219,783 | -HS- | C] () -- C:\WINDOWS\System32\wkijcjlh.ini
[2008/01/21 09:25:38 | 001,086,203 | -HS- | C] () -- C:\WINDOWS\System32\mdqgphut.ini
[2008/01/18 19:15:21 | 001,073,352 | -HS- | C] () -- C:\WINDOWS\System32\yuavlxbo.ini
[2008/01/17 17:20:42 | 001,075,882 | -HS- | C] () -- C:\WINDOWS\System32\todykilb.ini
[2008/01/15 09:53:30 | 001,075,822 | -HS- | C] () -- C:\WINDOWS\System32\fstjrjib.ini
[2008/01/15 09:51:24 | 001,056,916 | -HS- | C] () -- C:\WINDOWS\System32\iuggqneb.ini
[2008/01/04 23:23:01 | 001,018,922 | -HS- | C] () -- C:\WINDOWS\System32\eftifpvt.ini
[2007/12/25 19:39:00 | 001,044,100 | -HS- | C] () -- C:\WINDOWS\System32\svlgcbsq.ini
[2007/12/22 01:37:02 | 000,991,542 | -HS- | C] () -- C:\WINDOWS\System32\kshpldbf.ini
[2007/12/16 03:16:31 | 000,000,002 | ---- | C] () -- C:\WINDOWS\System32\wapiitr.exe
[2011/06/03 18:46:39 | 000,000,000 | ---D | M](C:\WINDOWS\??sks) -- C:\WINDOWS\Τаsks
[2010/10/22 08:10:38 | 000,000,000 | ---D | M](C:\WINDOWS\System32\??sembly) -- C:\WINDOWS\System32\аѕsembly
[2010/10/22 08:10:38 | 000,000,000 | ---D | M](C:\Program Files\??stem32) -- C:\Program Files\ѕуstem32
[2010/10/22 08:10:38 | 000,000,000 | ---D | M](C:\Program Files\??stem32) -- C:\Program Files\ѕуstem32
[2010/10/17 06:30:12 | 000,000,000 | ---D | M](C:\Program Files\Common Files\F?nts) -- C:\Program Files\Common Files\Fоnts
[2010/10/17 06:30:12 | 000,000,000 | ---D | M](C:\Program Files\Common Files\F?nts) -- C:\Program Files\Common Files\Fоnts
[2010/10/15 04:40:39 | 000,000,000 | ---D | M](C:\WINDOWS\System32\M?crosoft) -- C:\WINDOWS\System32\Mіcrosoft
[2010/10/15 04:40:39 | 000,000,000 | ---D | C](C:\WINDOWS\System32\M?crosoft) -- C:\WINDOWS\System32\Mіcrosoft
[2010/09/22 16:03:25 | 000,000,000 | ---D | M](C:\Documents and Settings\kathy\Application Data\??mbols) -- C:\Documents and Settings\kathy\Application Data\ѕуmbols
[2010/09/22 16:03:25 | 000,000,000 | ---D | M](C:\Documents and Settings\kathy\Application Data\??mbols) -- C:\Documents and Settings\kathy\Application Data\ѕуmbols
[2010/09/21 16:08:37 | 000,000,000 | ---D | M](C:\Documents and Settings\kathy\Application Data\??crosoft) -- C:\Documents and Settings\kathy\Application Data\Міcrosoft
[2010/09/21 16:08:37 | 000,000,000 | ---D | M](C:\Documents and Settings\kathy\Application Data\??crosoft) -- C:\Documents and Settings\kathy\Application Data\Міcrosoft
[2010/09/20 17:02:19 | 000,000,000 | ---D | M](C:\WINDOWS\?asks) -- C:\WINDOWS\Τasks
[2010/09/20 17:02:19 | 000,000,000 | ---D | C](C:\WINDOWS\?asks) -- C:\WINDOWS\Τasks
[2010/09/16 11:48:31 | 000,000,000 | ---D | M](C:\Documents and Settings\kathy\My Documents\?ecurity) -- C:\Documents and Settings\kathy\My Documents\ѕecurity
[2010/09/16 11:48:31 | 000,000,000 | ---D | C](C:\Documents and Settings\kathy\My Documents\?ecurity) -- C:\Documents and Settings\kathy\My Documents\ѕecurity
[2010/09/08 08:41:18 | 000,000,000 | ---D | M](C:\Program Files\Common Files\a?sembly) -- C:\Program Files\Common Files\aѕsembly
[2010/09/08 08:41:18 | 000,000,000 | ---D | M](C:\Program Files\Common Files\a?sembly) -- C:\Program Files\Common Files\aѕsembly
[2010/09/07 07:31:37 | 000,000,000 | ---D | M](C:\Program Files\Common Files\?ppPatch) -- C:\Program Files\Common Files\ΑppPatch
[2010/09/07 07:31:37 | 000,000,000 | ---D | M](C:\Program Files\Common Files\?ppPatch) -- C:\Program Files\Common Files\ΑppPatch
[2010/09/06 07:17:32 | 000,000,000 | ---D | M](C:\Documents and Settings\kathy\Application Data\??mantec) -- C:\Documents and Settings\kathy\Application Data\Ѕуmantec
[2010/09/06 07:17:32 | 000,000,000 | ---D | M](C:\Documents and Settings\kathy\Application Data\??mantec) -- C:\Documents and Settings\kathy\Application Data\Ѕуmantec
[2010/09/05 07:04:57 | 000,000,000 | ---D | M](C:\Program Files\Common Files\??pPatch) -- C:\Program Files\Common Files\ΑрpPatch
[2010/09/05 07:04:57 | 000,000,000 | ---D | M](C:\Program Files\Common Files\??pPatch) -- C:\Program Files\Common Files\ΑрpPatch
[2010/09/03 07:25:13 | 000,000,000 | ---D | M](C:\Program Files\?racle) -- C:\Program Files\Οracle
[2010/09/03 07:25:13 | 000,000,000 | ---D | M](C:\Program Files\?racle) -- C:\Program Files\Οracle
[2010/09/01 06:57:38 | 000,000,000 | ---D | M](C:\Documents and Settings\kathy\Application Data\?racle) -- C:\Documents and Settings\kathy\Application Data\Οracle
[2010/09/01 06:57:38 | 000,000,000 | ---D | M](C:\Documents and Settings\kathy\Application Data\?racle) -- C:\Documents and Settings\kathy\Application Data\Οracle
[2010/08/30 05:46:13 | 000,000,000 | ---D | M](C:\WINDOWS\System32\??pPatch) -- C:\WINDOWS\System32\АрpPatch
[2010/08/30 05:46:13 | 000,000,000 | ---D | C](C:\WINDOWS\System32\??pPatch) -- C:\WINDOWS\System32\АрpPatch
[2010/08/29 05:58:15 | 000,000,000 | ---D | M](C:\Documents and Settings\kathy\My Documents\?icrosoft) -- C:\Documents and Settings\kathy\My Documents\Μicrosoft
[2010/08/29 05:58:15 | 000,000,000 | ---D | C](C:\Documents and Settings\kathy\My Documents\?icrosoft) -- C:\Documents and Settings\kathy\My Documents\Μicrosoft
[2010/08/28 06:46:27 | 000,000,000 | ---D | M](C:\WINDOWS\System32\??crosoft.NET) -- C:\WINDOWS\System32\Μіcrosoft.NET
[2010/08/28 06:46:27 | 000,000,000 | ---D | C](C:\WINDOWS\System32\??crosoft.NET) -- C:\WINDOWS\System32\Μіcrosoft.NET
[2010/07/03 05:05:52 | 000,000,000 | ---D | M](C:\Documents and Settings\kathy\My Documents\?ymbols) -- C:\Documents and Settings\kathy\My Documents\ѕymbols
[2010/06/29 18:01:49 | 000,000,000 | ---D | M](C:\Program Files\M?crosoft.NET) -- C:\Program Files\Mіcrosoft.NET
[2010/06/29 18:01:49 | 000,000,000 | ---D | M](C:\Program Files\M?crosoft.NET) -- C:\Program Files\Mіcrosoft.NET
[2010/06/23 15:48:55 | 000,000,000 | ---D | M](C:\WINDOWS\System32\??sks) -- C:\WINDOWS\System32\Τаsks
[2010/06/23 15:48:55 | 000,000,000 | ---D | C](C:\WINDOWS\System32\??sks) -- C:\WINDOWS\System32\Τаsks
[2010/06/23 15:48:08 | 000,000,000 | ---D | M](C:\Documents and Settings\kathy\Application Data\?dobe) -- C:\Documents and Settings\kathy\Application Data\Αdobe
[2010/06/23 15:48:08 | 000,000,000 | ---D | M](C:\Documents and Settings\kathy\Application Data\?dobe) -- C:\Documents and Settings\kathy\Application Data\Αdobe
[2010/06/13 07:47:47 | 000,000,000 | ---D | M](C:\WINDOWS\??sembly) -- C:\WINDOWS\аѕsembly
[2010/06/13 07:47:47 | 000,000,000 | ---D | C](C:\WINDOWS\??sembly) -- C:\WINDOWS\аѕsembly
[2010/06/05 02:24:47 | 000,000,000 | ---D | M](C:\Documents and Settings\kathy\My Documents\??curity) -- C:\Documents and Settings\kathy\My Documents\ѕеcurity
[2010/06/05 02:24:47 | 000,000,000 | ---D | C](C:\Documents and Settings\kathy\My Documents\??curity) -- C:\Documents and Settings\kathy\My Documents\ѕеcurity
[2010/05/18 23:35:13 | 000,000,000 | ---D | M](C:\Documents and Settings\kathy\Application Data\?ecurity) -- C:\Documents and Settings\kathy\Application Data\ѕecurity
[2010/05/18 23:35:13 | 000,000,000 | ---D | M](C:\Documents and Settings\kathy\Application Data\?ecurity) -- C:\Documents and Settings\kathy\Application Data\ѕecurity
[2010/05/18 23:33:55 | 000,000,000 | ---D | M](C:\Documents and Settings\kathy\Application Data\?icrosoft.NET) -- C:\Documents and Settings\kathy\Application Data\Мicrosoft.NET
[2010/05/18 23:33:55 | 000,000,000 | ---D | M](C:\Documents and Settings\kathy\Application Data\?icrosoft.NET) -- C:\Documents and Settings\kathy\Application Data\Мicrosoft.NET
[2010/05/18 02:32:56 | 000,000,000 | ---D | M](C:\Documents and Settings\kathy\Application Data\M?crosoft) -- C:\Documents and Settings\kathy\Application Data\Mіcrosoft
[2010/05/18 02:32:56 | 000,000,000 | ---D | M](C:\Documents and Settings\kathy\Application Data\M?crosoft) -- C:\Documents and Settings\kathy\Application Data\Mіcrosoft
[2010/05/16 00:57:07 | 000,000,000 | ---D | M](C:\WINDOWS\?racle) -- C:\WINDOWS\Οracle
[2010/05/16 00:57:07 | 000,000,000 | ---D | C](C:\WINDOWS\?racle) -- C:\WINDOWS\Οracle
[2010/05/14 00:42:07 | 000,000,000 | ---D | M](C:\Program Files\Common Files\?ecurity) -- C:\Program Files\Common Files\ѕecurity
[2010/05/14 00:42:07 | 000,000,000 | ---D | M](C:\Program Files\Common Files\?ecurity) -- C:\Program Files\Common Files\ѕecurity
[2010/05/10 23:42:03 | 000,000,000 | ---D | M](C:\Program Files\Common Files\s?stem) -- C:\Program Files\Common Files\sуstem
[2010/05/10 23:42:03 | 000,000,000 | ---D | M](C:\Program Files\Common Files\s?stem) -- C:\Program Files\Common Files\sуstem
[2010/05/10 00:43:08 | 000,000,000 | ---D | M](C:\Program Files\??mbols) -- C:\Program Files\ѕуmbols
[2010/05/10 00:43:08 | 000,000,000 | ---D | M](C:\Program Files\??mbols) -- C:\Program Files\ѕуmbols
[2010/05/09 00:26:32 | 000,000,000 | ---D | M](C:\Documents and Settings\kathy\Application Data\?ystem) -- C:\Documents and Settings\kathy\Application Data\ѕystem
[2010/05/09 00:26:32 | 000,000,000 | ---D | M](C:\Documents and Settings\kathy\Application Data\?ystem) -- C:\Documents and Settings\kathy\Application Data\ѕystem
[2010/05/08 00:08:45 | 000,000,000 | ---D | M](C:\WINDOWS\?ystem) -- C:\WINDOWS\ѕystem
[2010/05/08 00:08:45 | 000,000,000 | ---D | C](C:\WINDOWS\?ystem) -- C:\WINDOWS\ѕystem
[2010/05/06 01:15:35 | 000,000,000 | ---D | M](C:\Program Files\Common Files\??sembly) -- C:\Program Files\Common Files\аѕsembly
[2010/05/06 01:15:35 | 000,000,000 | ---D | M](C:\Program Files\Common Files\??sembly) -- C:\Program Files\Common Files\аѕsembly
[2010/05/05 01:56:44 | 000,000,000 | ---D | M](C:\Documents and Settings\kathy\Application Data\F?nts) -- C:\Documents and Settings\kathy\Application Data\Fοnts
[2010/05/05 01:56:44 | 000,000,000 | ---D | M](C:\Documents and Settings\kathy\Application Data\F?nts) -- C:\Documents and Settings\kathy\Application Data\Fοnts
[2010/05/04 00:58:52 | 000,000,000 | ---D | M](C:\Program Files\?icrosoft.NET) -- C:\Program Files\Μicrosoft.NET
[2010/05/04 00:58:52 | 000,000,000 | ---D | M](C:\Program Files\?icrosoft.NET) -- C:\Program Files\Μicrosoft.NET
[2010/05/02 20:18:14 | 000,000,000 | ---D | M](C:\WINDOWS\??crosoft) -- C:\WINDOWS\Μіcrosoft
[2010/05/02 20:18:14 | 000,000,000 | ---D | C](C:\WINDOWS\??crosoft) -- C:\WINDOWS\Μіcrosoft
[2010/04/30 20:09:01 | 000,000,000 | ---D | M](C:\WINDOWS\System32\??stem) -- C:\WINDOWS\System32\ѕуstem
[2010/04/30 20:09:01 | 000,000,000 | ---D | C](C:\WINDOWS\System32\??stem) -- C:\WINDOWS\System32\ѕуstem
[2010/04/17 18:55:05 | 000,000,000 | ---D | M](C:\Program Files\??pPatch) -- C:\Program Files\ΑрpPatch
[2010/04/17 18:55:05 | 000,000,000 | ---D | M](C:\Program Files\??pPatch) -- C:\Program Files\ΑрpPatch
[2010/02/26 09:10:14 | 000,000,000 | ---D | M](C:\Documents and Settings\kathy\Application Data\?asks) -- C:\Documents and Settings\kathy\Application Data\Τasks
[2010/02/26 09:10:14 | 000,000,000 | ---D | M](C:\Documents and Settings\kathy\Application Data\?asks) -- C:\Documents and Settings\kathy\Application Data\Τasks
[2010/02/24 08:35:19 | 000,000,000 | ---D | M](C:\WINDOWS\System32\?ppPatch) -- C:\WINDOWS\System32\АppPatch
[2010/02/24 08:35:19 | 000,000,000 | ---D | C](C:\WINDOWS\System32\?ppPatch) -- C:\WINDOWS\System32\АppPatch
[2010/02/23 08:39:26 | 000,000,000 | ---D | M](C:\Program Files\T?sks) -- C:\Program Files\Tаsks
[2010/02/23 08:39:26 | 000,000,000 | ---D | M](C:\Program Files\T?sks) -- C:\Program Files\Tаsks
[2010/02/21 06:50:41 | 000,000,000 | ---D | M](C:\Program Files\Common Files\s?curity) -- C:\Program Files\Common Files\sеcurity
[2010/02/21 06:50:41 | 000,000,000 | ---D | M](C:\Program Files\Common Files\s?curity) -- C:\Program Files\Common Files\sеcurity
[2010/02/20 06:32:01 | 000,000,000 | ---D | M](C:\WINDOWS\F?nts) -- C:\WINDOWS\Fοnts
[2010/02/20 06:32:01 | 000,000,000 | ---D | C](C:\WINDOWS\F?nts) -- C:\WINDOWS\Fοnts
[2010/02/19 05:32:13 | 000,000,000 | ---D | M](C:\WINDOWS\?dobe) -- C:\WINDOWS\Αdobe
[2010/02/19 05:32:13 | 000,000,000 | ---D | C](C:\WINDOWS\?dobe) -- C:\WINDOWS\Αdobe
[2010/02/17 05:43:00 | 000,000,000 | ---D | M](C:\Documents and Settings\kathy\Application Data\s?stem32) -- C:\Documents and Settings\kathy\Application Data\sуstem32
[2010/02/17 05:43:00 | 000,000,000 | ---D | M](C:\Documents and Settings\kathy\Application Data\s?stem32) -- C:\Documents and Settings\kathy\Application Data\sуstem32
[2010/02/16 06:26:06 | 000,000,000 | ---D | M](C:\WINDOWS\A?pPatch) -- C:\WINDOWS\AрpPatch
[2010/02/16 06:26:06 | 000,000,000 | ---D | C](C:\WINDOWS\A?pPatch) -- C:\WINDOWS\AрpPatch
[2010/01/17 11:15:45 | 000,000,000 | ---D | M](C:\WINDOWS\s?mbols) -- C:\WINDOWS\sуmbols
[2010/01/17 11:15:45 | 000,000,000 | ---D | C](C:\WINDOWS\s?mbols) -- C:\WINDOWS\sуmbols
[2010/01/16 11:53:38 | 000,000,000 | ---D | M](C:\WINDOWS\System32\s?curity) -- C:\WINDOWS\System32\sеcurity
[2010/01/16 11:53:38 | 000,000,000 | ---D | C](C:\WINDOWS\System32\s?curity) -- C:\WINDOWS\System32\sеcurity
[2010/01/15 10:58:51 | 000,000,000 | ---D | M](C:\Program Files\?dobe) -- C:\Program Files\Αdobe
[2010/01/15 10:58:51 | 000,000,000 | ---D | M](C:\Program Files\?dobe) -- C:\Program Files\Αdobe
[2010/01/14 10:43:30 | 000,000,000 | ---D | M](C:\WINDOWS\System32\?dobe) -- C:\WINDOWS\System32\Αdobe
[2010/01/14 10:43:30 | 000,000,000 | ---D | C](C:\WINDOWS\System32\?dobe) -- C:\WINDOWS\System32\Αdobe
[2010/01/13 09:49:57 | 000,000,000 | ---D | M](C:\Program Files\Common Files\W?nSxS) -- C:\Program Files\Common Files\WіnSxS
[2010/01/13 09:49:57 | 000,000,000 | ---D | M](C:\Program Files\Common Files\W?nSxS) -- C:\Program Files\Common Files\WіnSxS
[2010/01/10 10:38:00 | 000,000,000 | ---D | M](C:\Documents and Settings\kathy\Application Data\?racle) -- C:\Documents and Settings\kathy\Application Data\Оracle
[2010/01/10 10:38:00 | 000,000,000 | ---D | M](C:\Documents and Settings\kathy\Application Data\?racle) -- C:\Documents and Settings\kathy\Application Data\Оracle
[2010/01/09 10:58:35 | 000,000,000 | ---D | M](C:\Program Files\Common Files\??stem32) -- C:\Program Files\Common Files\ѕуstem32
[2010/01/09 10:58:35 | 000,000,000 | ---D | M](C:\Program Files\Common Files\??stem32) -- C:\Program Files\Common Files\ѕуstem32
[2010/01/08 11:27:09 | 000,000,000 | ---D | M](C:\Program Files\??pPatch) -- C:\Program Files\АрpPatch
[2010/01/08 11:27:09 | 000,000,000 | ---D | M](C:\Program Files\??pPatch) -- C:\Program Files\АрpPatch
[2010/01/05 12:20:04 | 000,000,000 | ---D | M](C:\WINDOWS\System32\?asks) -- C:\WINDOWS\System32\Тasks
[2010/01/05 12:20:04 | 000,000,000 | ---D | C](C:\WINDOWS\System32\?asks) -- C:\WINDOWS\System32\Тasks
[2010/01/02 10:50:16 | 000,000,000 | ---D | M](C:\Documents and Settings\kathy\Application Data\??stem32) -- C:\Documents and Settings\kathy\Application Data\ѕуstem32
[2010/01/02 10:50:16 | 000,000,000 | ---D | M](C:\Documents and Settings\kathy\Application Data\??stem32) -- C:\Documents and Settings\kathy\Application Data\ѕуstem32
[2009/12/31 10:33:48 | 000,000,000 | ---D | M](C:\Documents and Settings\kathy\My Documents\??pPatch) -- C:\Documents and Settings\kathy\My Documents\ΑрpPatch
[2009/12/31 10:33:48 | 000,000,000 | ---D | C](C:\Documents and Settings\kathy\My Documents\??pPatch) -- C:\Documents and Settings\kathy\My Documents\ΑрpPatch
[2009/12/30 09:46:11 | 000,000,000 | ---D | M](C:\Documents and Settings\kathy\My Documents\F?nts) -- C:\Documents and Settings\kathy\My Documents\Fоnts
[2009/12/30 09:46:11 | 000,000,000 | ---D | C](C:\Documents and Settings\kathy\My Documents\F?nts) -- C:\Documents and Settings\kathy\My Documents\Fоnts
[2009/12/28 10:27:46 | 000,000,000 | ---D | M](C:\Documents and Settings\kathy\Application Data\?icrosoft) -- C:\Documents and Settings\kathy\Application Data\Μicrosoft
[2009/12/28 10:27:46 | 000,000,000 | ---D | M](C:\Documents and Settings\kathy\Application Data\?icrosoft) -- C:\Documents and Settings\kathy\Application Data\Μicrosoft
[2009/12/24 08:02:41 | 000,000,000 | ---D | M](C:\Documents and Settings\kathy\Application Data\s?mbols) -- C:\Documents and Settings\kathy\Application Data\sуmbols
[2009/12/24 08:02:41 | 000,000,000 | ---D | M](C:\Documents and Settings\kathy\Application Data\s?mbols) -- C:\Documents and Settings\kathy\Application Data\sуmbols
[2009/12/23 07:13:11 | 000,000,000 | ---D | M](C:\Documents and Settings\kathy\Application Data\?dobe) -- C:\Documents and Settings\kathy\Application Data\Аdobe
[2009/12/23 07:13:11 | 000,000,000 | ---D | M](C:\Documents and Settings\kathy\Application Data\?dobe) -- C:\Documents and Settings\kathy\Application Data\Аdobe
[2009/12/22 06:29:09 | 000,000,000 | ---D | M](C:\WINDOWS\??mbols) -- C:\WINDOWS\ѕуmbols
[2009/12/22 06:29:09 | 000,000,000 | ---D | C](C:\WINDOWS\??mbols) -- C:\WINDOWS\ѕуmbols
[2009/12/18 06:22:22 | 000,000,000 | ---D | M](C:\Program Files\??crosoft.NET) -- C:\Program Files\Міcrosoft.NET
[2009/12/18 06:22:22 | 000,000,000 | ---D | M](C:\Program Files\??crosoft.NET) -- C:\Program Files\Міcrosoft.NET
[2009/12/17 05:57:41 | 000,000,000 | ---D | M](C:\Documents and Settings\kathy\Application Data\?ymantec) -- C:\Documents and Settings\kathy\Application Data\Ѕymantec
[2009/12/17 05:57:41 | 000,000,000 | ---D | M](C:\Documents and Settings\kathy\Application Data\?ymantec) -- C:\Documents and Settings\kathy\Application Data\Ѕymantec
[2009/11/28 05:06:16 | 000,000,000 | ---D | M](C:\Program Files\M?crosoft) -- C:\Program Files\Mіcrosoft
[2009/11/28 05:06:16 | 000,000,000 | ---D | M](C:\Program Files\M?crosoft) -- C:\Program Files\Mіcrosoft
[2009/11/27 04:27:26 | 000,000,000 | ---D | M](C:\Program Files\?asks) -- C:\Program Files\Тasks
[2009/11/27 04:27:26 | 000,000,000 | ---D | M](C:\Program Files\?asks) -- C:\Program Files\Тasks
[2009/11/20 19:42:56 | 000,000,000 | ---D | M](C:\Documents and Settings\kathy\My Documents\S?mantec) -- C:\Documents and Settings\kathy\My Documents\Sуmantec
[2009/11/20 19:42:56 | 000,000,000 | ---D | C](C:\Documents and Settings\kathy\My Documents\S?mantec) -- C:\Documents and Settings\kathy\My Documents\Sуmantec
[2009/11/12 20:23:33 | 000,000,000 | ---D | M](C:\Program Files\Common Files\?racle) -- C:\Program Files\Common Files\Οracle
[2009/11/12 20:23:33 | 000,000,000 | ---D | M](C:\Program Files\Common Files\?racle) -- C:\Program Files\Common Files\Οracle
[2009/10/24 13:36:50 | 000,000,000 | ---D | M](C:\Program Files\Common Files\F?nts) -- C:\Program Files\Common Files\Fοnts
[2009/10/24 13:36:50 | 000,000,000 | ---D | M](C:\Program Files\Common Files\F?nts) -- C:\Program Files\Common Files\Fοnts
[2009/09/28 06:45:09 | 000,000,000 | ---D | M](C:\Program Files\??stem) -- C:\Program Files\ѕуstem
[2009/09/28 06:45:09 | 000,000,000 | ---D | M](C:\Program Files\??stem) -- C:\Program Files\ѕуstem
[2009/09/26 01:38:29 | 000,000,000 | ---D | M](C:\Documents and Settings\kathy\Application Data\s?curity) -- C:\Documents and Settings\kathy\Application Data\sеcurity
[2009/09/26 01:38:29 | 000,000,000 | ---D | M](C:\Documents and Settings\kathy\Application Data\s?curity) -- C:\Documents and Settings\kathy\Application Data\sеcurity
[2009/09/24 02:29:40 | 000,000,000 | ---D | C](C:\WINDOWS\??sks) -- C:\WINDOWS\Τаsks
[2009/09/20 12:55:25 | 000,000,000 | ---D | M](C:\WINDOWS\M?crosoft) -- C:\WINDOWS\Mіcrosoft
[2009/09/20 12:55:25 | 000,000,000 | ---D | C](C:\WINDOWS\M?crosoft) -- C:\WINDOWS\Mіcrosoft
[2009/09/20 12:33:08 | 000,000,000 | ---D | M](C:\Program Files\??mantec) -- C:\Program Files\Ѕуmantec
[2009/09/20 12:33:08 | 000,000,000 | ---D | M](C:\Program Files\??mantec) -- C:\Program Files\Ѕуmantec
[2009/09/06 00:32:19 | 000,000,000 | ---D | M](C:\Program Files\s?curity) -- C:\Program Files\sеcurity
[2009/09/06 00:32:19 | 000,000,000 | ---D | M](C:\Program Files\s?curity) -- C:\Program Files\sеcurity
[2009/09/04 13:22:47 | 000,000,000 | ---D | M](C:\Documents and Settings\kathy\Application Data\?ymbols) -- C:\Documents and Settings\kathy\Application Data\ѕymbols
[2009/09/04 13:22:47 | 000,000,000 | ---D | M](C:\Documents and Settings\kathy\Application Data\?ymbols) -- C:\Documents and Settings\kathy\Application Data\ѕymbols
[2009/08/24 16:41:52 | 000,000,000 | ---D | M](C:\WINDOWS\??crosoft) -- C:\WINDOWS\Міcrosoft
[2009/08/24 16:41:52 | 000,000,000 | ---D | C](C:\WINDOWS\??crosoft) -- C:\WINDOWS\Міcrosoft
[2009/08/15 07:16:01 | 000,000,000 | ---D | M](C:\WINDOWS\System32\?ystem) -- C:\WINDOWS\System32\ѕystem
[2009/08/15 07:16:01 | 000,000,000 | ---D | C](C:\WINDOWS\System32\?ystem) -- C:\WINDOWS\System32\ѕystem
[2009/08/08 15:45:39 | 000,000,000 | ---D | M](C:\WINDOWS\System32\?dobe) -- C:\WINDOWS\System32\Аdobe
[2009/08/08 15:45:39 | 000,000,000 | ---D | C](C:\WINDOWS\System32\?dobe) -- C:\WINDOWS\System32\Аdobe
[2009/08/07 16:12:36 | 000,000,000 | ---D | C](C:\WINDOWS\System32\??sembly) -- C:\WINDOWS\System32\аѕsembly
[2009/08/06 08:19:28 | 000,000,000 | ---D | M](C:\Documents and Settings\kathy\My Documents\?ystem) -- C:\Documents and Settings\kathy\My Documents\ѕystem
[2009/08/06 08:19:28 | 000,000,000 | ---D | C](C:\Documents and Settings\kathy\My Documents\?ystem) -- C:\Documents and Settings\kathy\My Documents\ѕystem
[2009/07/25 11:14:51 | 000,000,000 | ---D | M](C:\Documents and Settings\kathy\My Documents\T?sks) -- C:\Documents and Settings\kathy\My Documents\Tаsks
[2009/07/25 11:14:51 | 000,000,000 | ---D | C](C:\Documents and Settings\kathy\My Documents\T?sks) -- C:\Documents and Settings\kathy\My Documents\Tаsks
[2009/07/20 22:31:08 | 000,000,000 | ---D | M](C:\Program Files\F?nts) -- C:\Program Files\Fоnts
[2009/07/20 22:31:08 | 000,000,000 | ---D | M](C:\Program Files\F?nts) -- C:\Program Files\Fоnts
[2009/07/14 00:15:26 | 000,000,000 | ---D | M](C:\WINDOWS\System32\??crosoft.NET) -- C:\WINDOWS\System32\Міcrosoft.NET
[2009/07/14 00:15:26 | 000,000,000 | ---D | C](C:\WINDOWS\System32\??crosoft.NET) -- C:\WINDOWS\System32\Міcrosoft.NET
[2009/07/09 22:24:04 | 000,000,000 | ---D | M](C:\WINDOWS\System32\s?mbols) -- C:\WINDOWS\System32\sуmbols
[2009/07/09 22:24:04 | 000,000,000 | ---D | C](C:\WINDOWS\System32\s?mbols) -- C:\WINDOWS\System32\sуmbols
[2009/07/07 12:40:35 | 000,000,000 | ---D | M](C:\Program Files\Common Files\?ymantec) -- C:\Program Files\Common Files\Ѕymantec
[2009/07/07 12:40:35 | 000,000,000 | ---D | M](C:\Program Files\Common Files\?ymantec) -- C:\Program Files\Common Files\Ѕymantec
[2009/06/30 17:37:15 | 000,000,000 | ---D | M](C:\Documents and Settings\kathy\Application Data\??sembly) -- C:\Documents and Settings\kathy\Application Data\аѕsembly
[2009/06/30 17:37:15 | 000,000,000 | ---D | M](C:\Documents and Settings\kathy\Application Data\??sembly) -- C:\Documents and Settings\kathy\Application Data\аѕsembly
[2009/06/29 03:11:58 | 000,000,000 | ---D | M](C:\Program Files\??crosoft.NET) -- C:\Program Files\Μіcrosoft.NET
[2009/06/29 03:11:58 | 000,000,000 | ---D | M](C:\Program Files\??crosoft.NET) -- C:\Program Files\Μіcrosoft.NET
[2009/06/15 21:36:18 | 000,000,000 | ---D | M](C:\Program Files\Common Files\??pPatch) -- C:\Program Files\Common Files\АрpPatch
[2009/06/15 21:36:18 | 000,000,000 | ---D | M](C:\Program Files\Common Files\??pPatch) -- C:\Program Files\Common Files\АрpPatch
[2009/06/05 18:39:00 | 000,000,000 | ---D | M](C:\Program Files\?icrosoft) -- C:\Program Files\Мicrosoft
[2009/06/05 18:39:00 | 000,000,000 | ---D | M](C:\Program Files\?icrosoft) -- C:\Program Files\Мicrosoft
[2009/05/31 14:40:25 | 000,000,000 | ---D | M](C:\Program Files\?ppPatch) -- C:\Program Files\ΑppPatch
[2009/05/31 14:40:25 | 000,000,000 | ---D | M](C:\Program Files\?ppPatch) -- C:\Program Files\ΑppPatch
[2009/05/16 01:03:29 | 000,000,000 | ---D | M](C:\Program Files\Common Files\??crosoft.NET) -- C:\Program Files\Common Files\Міcrosoft.NET
[2009/05/16 01:03:29 | 000,000,000 | ---D | M](C:\Program Files\Common Files\??crosoft.NET) -- C:\Program Files\Common Files\Міcrosoft.NET
[2009/05/04 11:44:27 | 000,000,000 | ---D | M](C:\Program Files\Common Files\?ystem) -- C:\Program Files\Common Files\ѕystem
[2009/05/04 11:44:27 | 000,000,000 | ---D | M](C:\Program Files\Common Files\?ystem) -- C:\Program Files\Common Files\ѕystem
[2009/04/25 10:50:40 | 000,000,000 | ---D | M](C:\Documents and Settings\kathy\Application Data\??crosoft.NET) -- C:\Documents and Settings\kathy\Application Data\Міcrosoft.NET
[2009/04/25 10:50:40 | 000,000,000 | ---D | M](C:\Documents and Settings\kathy\Application Data\??crosoft.NET) -- C:\Documents and Settings\kathy\Application Data\Міcrosoft.NET
[2009/04/19 17:54:28 | 000,000,000 | ---D | M](C:\Program Files\Common Files\??stem) -- C:\Program Files\Common Files\ѕуstem
[2009/04/19 17:54:28 | 000,000,000 | ---D | M](C:\Program Files\Common Files\??stem) -- C:\Program Files\Common Files\ѕуstem
[2009/03/28 21:02:03 | 000,000,000 | ---D | M](C:\WINDOWS\System32\??mantec) -- C:\WINDOWS\System32\Ѕуmantec
[2009/03/28 21:02:03 | 000,000,000 | ---D | C](C:\WINDOWS\System32\??mantec) -- C:\WINDOWS\System32\Ѕуmantec
[2009/03/25 11:44:32 | 000,000,000 | ---D | M](C:\WINDOWS\System32\?racle) -- C:\WINDOWS\System32\Оracle
[2009/03/24 18:28:47 | 000,000,000 | ---D | M](C:\Program Files\Common Files\??mantec) -- C:\Program Files\Common Files\Ѕуmantec
[2009/03/24 18:28:47 | 000,000,000 | ---D | M](C:\Program Files\Common Files\??mantec) -- C:\Program Files\Common Files\Ѕуmantec
[2009/03/23 18:22:06 | 000,000,000 | ---D | C](C:\WINDOWS\System32\?racle) -- C:\WINDOWS\System32\Оracle
[2009/03/23 18:21:17 | 000,000,000 | ---D | M](C:\Program Files\Common Files\M?crosoft.NET) -- C:\Program Files\Common Files\Mіcrosoft.NET
[2009/03/23 18:21:17 | 000,000,000 | ---D | M](C:\Program Files\Common Files\M?crosoft.NET) -- C:\Program Files\Common Files\Mіcrosoft.NET
[2009/03/22 15:10:26 | 000,000,000 | ---D | M](C:\Program Files\??crosoft) -- C:\Program Files\Μіcrosoft
[2009/03/22 15:10:26 | 000,000,000 | ---D | M](C:\Program Files\??crosoft) -- C:\Program Files\Μіcrosoft
[2009/03/15 18:12:06 | 000,000,000 | ---D | M](C:\Documents and Settings\kathy\My Documents\?dobe) -- C:\Documents and Settings\kathy\My Documents\Αdobe
[2009/03/14 01:28:58 | 000,000,000 | ---D | M](C:\WINDOWS\System32\F?nts) -- C:\WINDOWS\System32\Fοnts
[2009/03/14 01:28:58 | 000,000,000 | ---D | C](C:\WINDOWS\System32\F?nts) -- C:\WINDOWS\System32\Fοnts
[2009/03/07 17:03:11 | 000,000,000 | ---D | M](C:\Program Files\?dobe) -- C:\Program Files\Аdobe
[2009/03/07 17:03:11 | 000,000,000 | ---D | M](C:\Program Files\?dobe) -- C:\Program Files\Аdobe
[2009/02/28 20:10:14 | 000,000,000 | ---D | M](C:\Program Files\Common Files\?ppPatch) -- C:\Program Files\Common Files\АppPatch
[2009/02/28 20:10:14 | 000,000,000 | ---D | M](C:\Program Files\Common Files\?ppPatch) -- C:\Program Files\Common Files\АppPatch
[2009/02/28 18:37:21 | 000,000,000 | ---D | C](C:\Documents and Settings\kathy\My Documents\?dobe) -- C:\Documents and Settings\kathy\My Documents\Αdobe
[2009/02/14 18:49:42 | 000,000,000 | ---D | M](C:\Program Files\Common Files\s?mbols) -- C:\Program Files\Common Files\sуmbols
[2009/02/14 18:49:42 | 000,000,000 | ---D | M](C:\Program Files\Common Files\s?mbols) -- C:\Program Files\Common Files\sуmbols
[2009/02/09 21:13:41 | 000,000,000 | ---D | M](C:\Program Files\Common Files\?dobe) -- C:\Program Files\Common Files\Αdobe
[2009/02/09 21:13:41 | 000,000,000 | ---D | M](C:\Program Files\Common Files\?dobe) -- C:\Program Files\Common Files\Αdobe
[2009/02/08 21:27:01 | 000,000,000 | ---D | M](C:\Program Files\Common Files\?ymbols) -- C:\Program Files\Common Files\ѕymbols
[2009/02/08 21:27:01 | 000,000,000 | ---D | M](C:\Program Files\Common Files\?ymbols) -- C:\Program Files\Common Files\ѕymbols
[2009/02/02 21:35:51 | 000,000,000 | ---D | M](C:\WINDOWS\s?curity) -- C:\WINDOWS\sеcurity
[2009/01/25 20:33:16 | 000,000,000 | ---D | C](C:\WINDOWS\s?curity) -- C:\WINDOWS\sеcurity
[2009/01/22 01:15:18 | 000,000,000 | ---D | M](C:\Program Files\Common Files\?racle) -- C:\Program Files\Common Files\Оracle
[2009/01/22 01:15:18 | 000,000,000 | ---D | M](C:\Program Files\Common Files\?racle) -- C:\Program Files\Common Files\Оracle
[2009/01/21 21:35:48 | 000,000,000 | ---D | M](C:\Program Files\F?nts) -- C:\Program Files\Fοnts
[2009/01/21 21:35:48 | 000,000,000 | ---D | M](C:\Program Files\F?nts) -- C:\Program Files\Fοnts
[2009/01/19 07:36:16 | 000,000,000 | ---D | M](C:\WINDOWS\?ppPatch) -- C:\WINDOWS\ΑppPatch
[2009/01/18 18:35:22 | 000,000,000 | ---D | M](C:\Program Files\A?pPatch) -- C:\Program Files\AрpPatch
[2009/01/18 18:35:22 | 000,000,000 | ---D | M](C:\Program Files\A?pPatch) -- C:\Program Files\AрpPatch
[2009/01/17 11:40:47 | 000,000,000 | ---D | C](C:\WINDOWS\?ppPatch) -- C:\WINDOWS\ΑppPatch
[2009/01/17 11:39:59 | 000,000,000 | ---D | M](C:\WINDOWS\System32\W?nSxS) -- C:\WINDOWS\System32\WіnSxS
[2009/01/11 18:30:51 | 000,000,000 | ---D | M](C:\WINDOWS\System32\?ystem32) -- C:\WINDOWS\System32\ѕystem32
[2009/01/10 21:41:35 | 000,000,000 | ---D | C](C:\WINDOWS\System32\W?nSxS) -- C:\WINDOWS\System32\WіnSxS
[2009/01/08 05:36:16 | 000,000,000 | ---D | M](C:\WINDOWS\??curity) -- C:\WINDOWS\ѕеcurity
[2009/01/05 18:19:29 | 000,000,000 | ---D | C](C:\WINDOWS\System32\?ystem32) -- C:\WINDOWS\System32\ѕystem32
[2009/01/05 16:36:00 | 000,000,000 | ---D | M](C:\Program Files\Common Files\??curity) -- C:\Program Files\Common Files\ѕеcurity
[2009/01/05 16:36:00 | 000,000,000 | ---D | M](C:\Program Files\Common Files\??curity) -- C:\Program Files\Common Files\ѕеcurity
[2009/01/04 17:13:27 | 000,000,000 | ---D | C](C:\WINDOWS\??curity) -- C:\WINDOWS\ѕеcurity
[2009/01/03 01:33:29 | 000,000,000 | ---D | M](C:\Documents and Settings\kathy\My Documents\?racle) -- C:\Documents and Settings\kathy\My Documents\Οracle
[2008/12/31 20:59:08 | 000,000,000 | ---D | M](C:\Documents and Settings\kathy\Application Data\F?nts) -- C:\Documents and Settings\kathy\Application Data\Fоnts
[2008/12/31 20:59:08 | 000,000,000 | ---D | M](C:\Documents and Settings\kathy\Application Data\F?nts) -- C:\Documents and Settings\kathy\Application Data\Fоnts
[2008/12/25 13:09:31 | 000,000,000 | ---D | M](C:\Program Files\?ystem) -- C:\Program Files\ѕystem
[2008/12/25 13:09:31 | 000,000,000 | ---D | M](C:\Program Files\?ystem) -- C:\Program Files\ѕystem
[2008/12/22 02:51:36 | 000,000,000 | ---D | M](C:\Program Files\?ystem32) -- C:\Program Files\ѕystem32
[2008/12/22 02:51:36 | 000,000,000 | ---D | M](C:\Program Files\?ystem32) -- C:\Program Files\ѕystem32
[2008/12/22 02:50:38 | 000,000,000 | ---D | M](C:\WINDOWS\?icrosoft.NET) -- C:\WINDOWS\Μicrosoft.NET
[2008/12/17 12:41:16 | 000,000,000 | ---D | M](C:\Program Files\s?stem32) -- C:\Program Files\sуstem32
[2008/12/17 12:41:16 | 000,000,000 | ---D | M](C:\Program Files\s?stem32) -- C:\Program Files\sуstem32
[2008/12/16 12:12:11 | 000,000,000 | ---D | C](C:\WINDOWS\?icrosoft.NET) -- C:\WINDOWS\Μicrosoft.NET
[2008/12/16 12:11:09 | 000,000,000 | ---D | M](C:\Documents and Settings\kathy\Application Data\??crosoft) -- C:\Documents and Settings\kathy\Application Data\Μіcrosoft
[2008/12/16 12:11:09 | 000,000,000 | ---D | M](C:\Documents and Settings\kathy\Application Data\??crosoft) -- C:\Documents and Settings\kathy\Application Data\Μіcrosoft
[2008/12/11 22:23:52 | 000,000,000 | ---D | M](C:\WINDOWS\?ymbols) -- C:\WINDOWS\ѕymbols
[2008/12/11 22:23:52 | 000,000,000 | ---D | C](C:\WINDOWS\?ymbols) -- C:\WINDOWS\ѕymbols
[2008/12/11 21:42:45 | 000,000,000 | ---D | M](C:\Program Files\?ymbols) -- C:\Program Files\ѕymbols
[2008/12/11 21:42:45 | 000,000,000 | ---D | M](C:\Program Files\?ymbols) -- C:\Program Files\ѕymbols
[2008/12/06 00:26:23 | 000,000,000 | ---D | M](C:\WINDOWS\System32\?icrosoft) -- C:\WINDOWS\System32\Мicrosoft
[2008/12/05 11:54:06 | 000,000,000 | ---D | M](C:\WINDOWS\??pPatch) -- C:\WINDOWS\АрpPatch
[2008/12/05 11:54:06 | 000,000,000 | ---D | C](C:\WINDOWS\??pPatch) -- C:\WINDOWS\АрpPatch
[2008/11/30 21:16:37 | 000,000,000 | ---D | M](C:\Program Files\?ymantec) -- C:\Program Files\Ѕymantec
[2008/11/30 21:16:37 | 000,000,000 | ---D | M](C:\Program Files\?ymantec) -- C:\Program Files\Ѕymantec
[2008/11/29 18:57:52 | 000,000,000 | ---D | M](C:\Program Files\S?mantec) -- C:\Program Files\Sуmantec
[2008/11/29 18:57:52 | 000,000,000 | ---D | M](C:\Program Files\S?mantec) -- C:\Program Files\Sуmantec
[2008/11/27 21:17:23 | 000,000,000 | ---D | M](C:\Documents and Settings\kathy\Application Data\A?pPatch) -- C:\Documents and Settings\kathy\Application Data\AрpPatch
[2008/11/27 21:17:23 | 000,000,000 | ---D | M](C:\Documents and Settings\kathy\Application Data\A?pPatch) -- C:\Documents and Settings\kathy\Application Data\AрpPatch
[2008/11/26 21:05:29 | 000,000,000 | ---D | C](C:\WINDOWS\System32\?icrosoft) -- C:\WINDOWS\System32\Мicrosoft
[2008/11/24 21:11:47 | 000,000,000 | ---D | M](C:\Program Files\?ecurity) -- C:\Program Files\ѕecurity
[2008/11/24 21:11:47 | 000,000,000 | ---D | M](C:\Program Files\?ecurity) -- C:\Program Files\ѕecurity
[2008/11/17 21:17:25 | 000,000,000 | ---D | M](C:\WINDOWS\W?nSxS) -- C:\WINDOWS\WіnSxS
[2008/11/17 21:17:25 | 000,000,000 | ---D | C](C:\WINDOWS\W?nSxS) -- C:\WINDOWS\WіnSxS
[2008/11/16 15:17:06 | 000,000,000 | ---D | M](C:\WINDOWS\System32\?asks) -- C:\WINDOWS\System32\Τasks
[2008/11/16 15:17:06 | 000,000,000 | ---D | C](C:\WINDOWS\System32\?asks) -- C:\WINDOWS\System32\Τasks
[2008/11/15 14:56:23 | 000,000,000 | ---D | C](C:\Documents and Settings\kathy\My Documents\?racle) -- C:\Documents and Settings\kathy\My Documents\Οracle
[2008/11/13 17:15:51 | 000,000,000 | ---D | M](C:\WINDOWS\?asks) -- C:\WINDOWS\Тasks
[2008/02/07 18:00:02 | 000,000,000 | ---D | M](C:\WINDOWS\System32\??curity) -- C:\WINDOWS\System32\ѕеcurity
[2008/02/07 18:00:02 | 000,000,000 | ---D | C](C:\WINDOWS\System32\??curity) -- C:\WINDOWS\System32\ѕеcurity
[2008/01/20 00:08:13 | 000,000,000 | ---D | C](C:\WINDOWS\?asks) -- C:\WINDOWS\Тasks
[2008/01/20 00:08:02 | 000,000,000 | ---D | M](C:\Program Files\Common Files\?ystem32) -- C:\Program Files\Common Files\ѕystem32
[2008/01/20 00:08:02 | 000,000,000 | ---D | M](C:\Program Files\Common Files\?ystem32) -- C:\Program Files\Common Files\ѕystem32
[2008/01/17 18:52:11 | 000,000,000 | ---D | M](C:\WINDOWS\System32\??stem32) -- C:\WINDOWS\System32\ѕуstem32
[2008/01/17 17:50:32 | 000,000,000 | ---D | C](C:\WINDOWS\System32\??stem32) -- C:\WINDOWS\System32\ѕуstem32
[2008/01/11 23:07:39 | 000,000,000 | ---D | M](C:\Program Files\?racle) -- C:\Program Files\Оracle
[2008/01/11 23:07:39 | 000,000,000 | ---D | M](C:\Program Files\?racle) -- C:\Program Files\Оracle
[2008/01/05 03:14:46 | 000,000,000 | ---D | M](C:\Program Files\Common Files\?ssembly) -- C:\Program Files\Common Files\аssembly
[2008/01/05 03:14:46 | 000,000,000 | ---D | M](C:\Program Files\Common Files\?ssembly) -- C:\Program Files\Common Files\аssembly
[2007/12/16 03:16:29 | 000,000,000 | ---D | C](C:\Documents and Settings\kathy\My Documents\?ymbols) -- C:\Documents and Settings\kathy\My Documents\ѕymbols
(C:\Program Files\T?sks) -- C:\Program Files\Tаsks
(C:\Program Files\s?stem32) -- C:\Program Files\sуstem32
(C:\Program Files\S?mantec) -- C:\Program Files\Sуmantec
(C:\Program Files\s?curity) -- C:\Program Files\sеcurity
(C:\Program Files\M?crosoft.NET) -- C:\Program Files\Mіcrosoft.NET
(C:\Program Files\M?crosoft) -- C:\Program Files\Mіcrosoft
(C:\Program Files\F?nts) -- C:\Program Files\Fоnts
(C:\Program Files\F?nts) -- C:\Program Files\Fοnts
(C:\Program Files\Common Files\W?nSxS) -- C:\Program Files\Common Files\WіnSxS
(C:\Program Files\Common Files\s?stem) -- C:\Program Files\Common Files\sуstem
(C:\Program Files\Common Files\s?mbols) -- C:\Program Files\Common Files\sуmbols
(C:\Program Files\Common Files\s?curity) -- C:\Program Files\Common Files\sеcurity
(C:\Program Files\Common Files\M?crosoft.NET) -- C:\Program Files\Common Files\Mіcrosoft.NET
(C:\Program Files\Common Files\F?nts) -- C:\Program Files\Common Files\Fоnts
(C:\Program Files\Common Files\F?nts) -- C:\Program Files\Common Files\Fοnts
(C:\Program Files\Common Files\a?sembly) -- C:\Program Files\Common Files\aѕsembly
(C:\Program Files\Common Files\?ystem32) -- C:\Program Files\Common Files\ѕystem32
(C:\Program Files\Common Files\?ystem) -- C:\Program Files\Common Files\ѕystem
(C:\Program Files\Common Files\?ymbols) -- C:\Program Files\Common Files\ѕymbols
(C:\Program Files\Common Files\?ymantec) -- C:\Program Files\Common Files\Ѕymantec
(C:\Program Files\Common Files\?ssembly) -- C:\Program Files\Common Files\аssembly
(C:\Program Files\Common Files\?racle) -- C:\Program Files\Common Files\Оracle
(C:\Program Files\Common Files\?racle) -- C:\Program Files\Common Files\Οracle
(C:\Program Files\Common Files\?ppPatch) -- C:\Program Files\Common Files\АppPatch
(C:\Program Files\Common Files\?ppPatch) -- C:\Program Files\Common Files\ΑppPatch
(C:\Program Files\Common Files\?ecurity) -- C:\Program Files\Common Files\ѕecurity
(C:\Program Files\Common Files\?dobe) -- C:\Program Files\Common Files\Αdobe
(C:\Program Files\Common Files\??stem32) -- C:\Program Files\Common Files\ѕуstem32
(C:\Program Files\Common Files\??stem) -- C:\Program Files\Common Files\ѕуstem
(C:\Program Files\Common Files\??sembly) -- C:\Program Files\Common Files\аѕsembly
(C:\Program Files\Common Files\??pPatch) -- C:\Program Files\Common Files\АрpPatch
(C:\Program Files\Common Files\??pPatch) -- C:\Program Files\Common Files\ΑрpPatch
(C:\Program Files\Common Files\??mantec) -- C:\Program Files\Common Files\Ѕуmantec
(C:\Program Files\Common Files\??curity) -- C:\Program Files\Common Files\ѕеcurity
(C:\Program Files\Common Files\??crosoft.NET) -- C:\Program Files\Common Files\Міcrosoft.NET
(C:\Program Files\A?pPatch) -- C:\Program Files\AрpPatch
(C:\Program Files\?ystem32) -- C:\Program Files\ѕystem32
(C:\Program Files\?ystem) -- C:\Program Files\ѕystem
(C:\Program Files\?ymbols) -- C:\Program Files\ѕymbols
(C:\Program Files\?ymantec) -- C:\Program Files\Ѕymantec
(C:\Program Files\?racle) -- C:\Program Files\Оracle
(C:\Program Files\?racle) -- C:\Program Files\Οracle
(C:\Program Files\?ppPatch) -- C:\Program Files\ΑppPatch
(C:\Program Files\?icrosoft.NET) -- C:\Program Files\Μicrosoft.NET
(C:\Program Files\?icrosoft) -- C:\Program Files\Мicrosoft
(C:\Program Files\?ecurity) -- C:\Program Files\ѕecurity
(C:\Program Files\?dobe) -- C:\Program Files\Аdobe
(C:\Program Files\?dobe) -- C:\Program Files\Αdobe
(C:\Program Files\?asks) -- C:\Program Files\Тasks
(C:\Program Files\??stem32) -- C:\Program Files\ѕуstem32
(C:\Program Files\??stem) -- C:\Program Files\ѕуstem
(C:\Program Files\??pPatch) -- C:\Program Files\АрpPatch
(C:\Program Files\??pPatch) -- C:\Program Files\ΑрpPatch
(C:\Program Files\??mbols) -- C:\Program Files\ѕуmbols
(C:\Program Files\??mantec) -- C:\Program Files\Ѕуmantec
(C:\Program Files\??crosoft.NET) -- C:\Program Files\Міcrosoft.NET
(C:\Program Files\??crosoft.NET) -- C:\Program Files\Μіcrosoft.NET
(C:\Program Files\??crosoft) -- C:\Program Files\Μіcrosoft
(C:\Documents and Settings\kathy\Application Data\s?stem32) -- C:\Documents and Settings\kathy\Application Data\sуstem32
(C:\Documents and Settings\kathy\Application Data\s?mbols) -- C:\Documents and Settings\kathy\Application Data\sуmbols
(C:\Documents and Settings\kathy\Application Data\s?curity) -- C:\Documents and Settings\kathy\Application Data\sеcurity
(C:\Documents and Settings\kathy\Application Data\M?crosoft) -- C:\Documents and Settings\kathy\Application Data\Mіcrosoft
(C:\Documents and Settings\kathy\Application Data\F?nts) -- C:\Documents and Settings\kathy\Application Data\Fоnts
(C:\Documents and Settings\kathy\Application Data\F?nts) -- C:\Documents and Settings\kathy\Application Data\Fοnts
(C:\Documents and Settings\kathy\Application Data\A?pPatch) -- C:\Documents and Settings\kathy\Application Data\AрpPatch
(C:\Documents and Settings\kathy\Application Data\?ystem) -- C:\Documents and Settings\kathy\Application Data\ѕystem
(C:\Documents and Settings\kathy\Application Data\?ymbols) -- C:\Documents and Settings\kathy\Application Data\ѕymbols
(C:\Documents and Settings\kathy\Application Data\?ymantec) -- C:\Documents and Settings\kathy\Application Data\Ѕymantec
(C:\Documents and Settings\kathy\Application Data\?racle) -- C:\Documents and Settings\kathy\Application Data\Оracle
(C:\Documents and Settings\kathy\Application Data\?racle) -- C:\Documents and Settings\kathy\Application Data\Οracle
(C:\Documents and Settings\kathy\Application Data\?icrosoft.NET) -- C:\Documents and Settings\kathy\Application Data\Мicrosoft.NET
(C:\Documents and Settings\kathy\Application Data\?icrosoft) -- C:\Documents and Settings\kathy\Application Data\Μicrosoft
(C:\Documents and Settings\kathy\Application Data\?ecurity) -- C:\Documents and Settings\kathy\Application Data\ѕecurity
(C:\Documents and Settings\kathy\Application Data\?dobe) -- C:\Documents and Settings\kathy\Application Data\Аdobe
(C:\Documents and Settings\kathy\Application Data\?dobe) -- C:\Documents and Settings\kathy\Application Data\Αdobe
(C:\Documents and Settings\kathy\Application Data\?asks) -- C:\Documents and Settings\kathy\Application Data\Τasks
(C:\Documents and Settings\kathy\Application Data\??stem32) -- C:\Documents and Settings\kathy\Application Data\ѕуstem32
(C:\Documents and Settings\kathy\Application Data\??sembly) -- C:\Documents and Settings\kathy\Application Data\аѕsembly
(C:\Documents and Settings\kathy\Application Data\??mbols) -- C:\Documents and Settings\kathy\Application Data\ѕуmbols
(C:\Documents and Settings\kathy\Application Data\??mantec) -- C:\Documents and Settings\kathy\Application Data\Ѕуmantec
(C:\Documents and Settings\kathy\Application Data\??crosoft.NET) -- C:\Documents and Settings\kathy\Application Data\Міcrosoft.NET
(C:\Documents and Settings\kathy\Application Data\??crosoft) -- C:\Documents and Settings\kathy\Application Data\Міcrosoft
(C:\Documents and Settings\kathy\Application Data\??crosoft) -- C:\Documents and Settings\kathy\Application Data\Μіcrosoft

:Files
ipconfig /flushdns /c
C:\WINDOWS\Τаsks\regedit.exe
C:\Documents and Settings\kathy\Local Settings\Application Data\6o1fpxf5dlxq47de5jb1600yp8m4cy5xnp3yiv
C:\Documents and Settings\All Users\Application Data\6o1fpxf5dlxq47de5jb1600yp8m4cy5xnp3yi

:Commands
[purity]
[resethosts]
[emptytemp]
[EMPTYFLASH]
[CREATERESTOREPOINT]
[Reboot]
Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply
Posted Image

#3
lionclan

Posted 06 June 2011 - 10:35 PM

New Member

Topic Starter
Member
8 posts

Apologies for the delay.

OTL follow-up log:

OTL logfile created on: 6/6/2011 11:59:09 PM - Run 2
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Program Files\mIRC\download
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.48 Mb Total Physical Memory | 185.51 Mb Available Physical Memory | 36.34% Memory free
1.22 Gb Paging File | 0.95 Gb Available in Paging File | 77.68% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 23.71 Gb Free Space | 31.82% Space Free | Partition Type: NTFS
Drive E: | 111.06 Mb Total Space | 15.18 Mb Free Space | 13.67% Space Free | Partition Type: FAT

Computer Name: PERFUNDO | User Name: kathy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/04 19:07:58 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Program Files\mIRC\download\OTLgtg.exe
PRC - [2011/04/14 11:25:41 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/04/21 05:02:07 | 000,215,552 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows NT\Accessories\wordpad.exe
PRC - [2006/11/23 10:45:34 | 002,076,672 | ---- | M] (mIRC Co. Ltd.) -- C:\Program Files\mIRC\mirc.exe
PRC - [2006/07/16 05:01:43 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2001/08/17 22:36:54 | 000,086,016 | ---- | M] (PCtel, Inc.) -- C:\WINDOWS\system32\pctspk.exe

========== Modules (SafeList) ==========

MOD - [2011/06/04 19:07:58 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Program Files\mIRC\download\OTLgtg.exe
MOD - [2006/07/16 05:02:56 | 001,053,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2649_x-ww_aac16c8b\comctl32.dll
MOD - [2006/07/16 05:02:45 | 000,372,736 | ---- | M] () -- C:\WINDOWS\ukatiwuvubomure.dll
MOD - [2004/08/03 17:56:44 | 000,367,616 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dsound.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2010/07/26 16:01:00 | 000,066,112 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus®
SRV - [2001/08/17 22:36:54 | 000,086,016 | ---- | M] (PCtel, Inc.) [Auto | Running] -- C:\WINDOWS\system32\pctspk.exe -- (Pctspk)

========== Driver Services (SafeList) ==========

DRV - [2007/05/10 15:02:19 | 000,639,224 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2006/07/16 05:09:03 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2002/10/15 01:00:00 | 000,101,431 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\IdeChnDr.sys -- (IdeChnDr) Intel®
DRV - [2002/10/15 01:00:00 | 000,013,891 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\IdeBusDr.sys -- (IdeBusDr)
DRV - [2002/07/23 10:01:38 | 000,161,020 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\i81xnt5.sys -- (i81x)
DRV - [2002/07/23 10:01:34 | 000,011,935 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV11NT.sys -- (iAimFP8)
DRV - [2002/07/23 10:01:32 | 000,011,871 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV09NT.sys -- (iAimFP7)
DRV - [2002/07/23 10:01:32 | 000,011,807 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV07nt.sys -- (iAimFP5)
DRV - [2002/07/23 10:01:32 | 000,011,295 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV08NT.sys -- (iAimFP6)
DRV - [2002/07/23 10:01:30 | 000,012,127 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV02NT.sys -- (iAimFP1)
DRV - [2002/07/23 10:01:30 | 000,011,775 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV05NT.sys -- (iAimFP2)
DRV - [2002/07/23 10:01:28 | 000,019,455 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wVchNTxx.sys -- (iAimFP4)
DRV - [2002/07/23 10:01:28 | 000,012,415 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV01nt.sys -- (iAimFP0)
DRV - [2002/07/23 10:01:28 | 000,012,063 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wSiINTxx.sys -- (iAimFP3)
DRV - [2002/07/23 10:01:26 | 000,025,471 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV10nt.sys -- (iAimTV5)
DRV - [2002/07/23 10:01:26 | 000,022,271 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV06nt.sys -- (iAimTV6)
DRV - [2002/07/23 10:01:24 | 000,033,599 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV04nt.sys -- (iAimTV3)
DRV - [2002/07/23 10:01:22 | 000,029,311 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV01nt.sys -- (iAimTV0)
DRV - [2002/07/23 10:01:22 | 000,019,551 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV02NT.sys -- (iAimTV1)
DRV - [2002/07/23 10:01:20 | 000,023,615 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wCh7xxNT.sys -- (iAimTV4)
DRV - [2001/08/17 13:28:16 | 000,397,502 | ---- | M] (PCtel, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\vpctcom.sys -- (Vpctcom)
DRV - [2001/08/17 13:28:16 | 000,064,605 | ---- | M] (PCtel, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\vvoice.sys -- (Vvoice)
DRV - [2001/08/17 13:28:14 | 000,604,253 | ---- | M] (PCTEL, INC.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\vmodem.sys -- (Vmodem)
DRV - [2001/08/17 13:28:12 | 000,128,286 | ---- | M] (PCTEL, INC.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptserli.sys -- (Ptserli)
DRV - [2001/08/17 12:12:24 | 000,070,730 | ---- | M] (Linksys Group, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lne100tx.sys -- (lne100tx)
DRV - [2001/08/17 09:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default = ED 18 0C 03 60 D0 7F 49 BE AE C9 BE 6E 33 9E F7 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "http://www.google.co...m/webhp?rls=ig"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {AB196CF2-BF33-4E98-AD19-67A3CD5A4AA0}:1.9.1

FF - HKLM\software\mozilla\Firefox\extensions\\{AB196CF2-BF33-4E98-AD19-67A3CD5A4AA0}: C:\Documents and Settings\kathy\Local Settings\Application Data\{AB196CF2-BF33-4E98-AD19-67A3CD5A4AA0} [2011/06/05 11:58:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files\Mozilla Firefox 4.0 Beta 8\components [2011/04/03 16:16:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox 4.0 Beta 8\plugins
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/22 18:31:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/22 18:30:59 | 000,000,000 | ---D | M]

[2011/03/12 17:24:25 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\kathy\Application Data\Mozilla\Extensions
[2011/05/11 10:46:48 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\kathy\Application Data\Mozilla\Firefox\Profiles\hng3qhcl.default\extensions
[2011/05/22 18:31:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) --
[2011/06/05 11:58:38 | 000,000,000 | ---D | M] (XULRunner) -- C:\DOCUMENTS AND SETTINGS\KATHY\LOCAL SETTINGS\APPLICATION DATA\{AB196CF2-BF33-4E98-AD19-67A3CD5A4AA0}
[2009/05/08 20:35:36 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/04/14 11:26:02 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2010/01/01 03:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/06/03 20:53:22 | 000,000,000 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O4 - HKLM..\Run: [Jhabiwokojeg] C:\WINDOWS\ukatiwuvubomure.dll ()
O4 - HKCU..\Run: [Glevip] File not found
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\vnd.ms.radio {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\WINDOWS\system32\msdxm.ocx ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\kathy\Local Settings\Application Data\Microsoft\Wallpaper2.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\kathy\Local Settings\Application Data\Microsoft\Wallpaper2.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/12/28 11:50:47 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/06 23:46:23 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/06/06 14:49:42 | 000,589,632 | ---- | C] (AVAST Software) -- C:\Documents and Settings\kathy\Desktop\aswMBR.exe
[2011/06/05 11:58:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kathy\Local Settings\Application Data\{AB196CF2-BF33-4E98-AD19-67A3CD5A4AA0}
[2011/06/04 17:53:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kathy\Desktop\backups
[2011/06/04 12:38:26 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\kathy\IETldCache
[2011/06/04 12:01:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2011/06/04 11:58:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2011/06/04 11:55:31 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2011/06/04 11:55:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US
[2011/06/04 11:54:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MpEngineStore
[2011/06/03 21:37:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot_bak
[2011/06/03 20:47:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kathy\Desktop\SmitfraudFix
[2011/06/03 20:44:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\KB905474
[2011/06/03 20:44:03 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/06/03 20:43:50 | 000,000,000 | ---D | C] -- C:\e366ee99452b59ded35c06bd
[2011/06/03 20:43:27 | 000,000,000 | ---D | C] -- C:\996e4d00c27fa4c99c8a
[2011/06/03 20:43:15 | 000,000,000 | ---D | C] -- C:\ff4c7b36ff72458a78cb5f056b126059
[2011/06/03 20:39:47 | 000,000,000 | ---D | C] -- C:\9d58ec02821eb6fecc8321d7c035
[2011/06/03 20:37:12 | 000,000,000 | ---D | C] -- C:\183a80f4440e33293f
[2011/06/03 20:32:51 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 6.0
[2011/06/03 20:17:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2011/06/03 20:13:34 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2011/06/03 18:55:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2011/06/03 18:52:25 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$
[2011/06/03 18:51:26 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2011/06/03 18:51:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kathy\Application Data\Awol
[2011/06/03 18:51:25 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2011/06/03 18:51:25 | 000,026,624 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw330ext.dll
[2011/06/03 18:47:15 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2011/06/03 18:31:57 | 000,070,730 | ---- | C] (Linksys Group, Inc.) -- C:\WINDOWS\System32\drivers\lne100tx.sys
[2011/06/03 17:58:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2011/06/03 14:23:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\setup.pss
[2011/06/03 09:27:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution
[2011/06/03 09:27:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\Provisioning
[2011/06/03 09:27:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
[2011/06/03 09:27:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\PeerNet
[2011/06/03 09:27:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\Network Diagnostic
[2011/06/03 09:27:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2011/06/03 09:27:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\ehome
[2011/06/03 02:43:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\msmq
[2011/06/03 02:43:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Logfiles
[2011/06/02 20:39:14 | 000,000,000 | ---D | C] -- C:\New Folder
[2011/05/28 01:03:47 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/05/28 01:01:11 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/05/28 01:01:11 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/05/28 01:01:11 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/05/28 01:01:11 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/05/28 01:01:03 | 000,000,000 | --SD | C] -- C:\ComboFix
[2011/05/28 00:59:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/05/28 00:59:02 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/05/27 20:50:06 | 000,218,112 | ---- | C] (Soeperman Enterprises Ltd.) -- C:\Documents and Settings\kathy\Desktop\HijackThis.exe
[2011/05/25 13:29:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kathy\Application Data\ImgBurn
[2011/05/25 06:50:13 | 000,000,000 | ---D | C] -- C:\Program Files\ImgBurn
[2011/05/25 06:50:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ImgBurn
[2011/05/25 00:00:12 | 000,000,000 | ---D | C] -- C:\NEW PANA
[2011/05/24 23:59:33 | 000,000,000 | ---D | C] -- C:\new panasonic drivers
[2011/05/11 01:22:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kathy\Desktop\New Folder
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2045/02/03 01:00:00 | 000,002,554 | ---- | M] () -- C:\WINDOWS\WAVEMIX.INI
[2045/02/03 01:00:00 | 000,001,966 | ---- | M] () -- C:\WINDOWS\System32\DVA.386
[2011/06/06 23:51:12 | 000,000,258 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2011/06/06 23:50:45 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/06/06 23:50:40 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/06 23:45:02 | 000,056,571 | ---- | M] () -- C:\Documents and Settings\kathy\Desktop\paste.rtf
[2011/06/06 14:49:49 | 000,589,632 | ---- | M] (AVAST Software) -- C:\Documents and Settings\kathy\Desktop\aswMBR.exe
[2011/06/04 11:59:33 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/06/04 03:37:44 | 000,107,808 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/06/04 02:22:07 | 000,006,218 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2011/06/03 20:53:29 | 000,001,378 | ---- | M] () -- C:\WINDOWS\System32\tmp.reg
[2011/06/03 20:38:17 | 001,872,472 | ---- | M] () -- C:\Documents and Settings\kathy\Desktop\SmitfraudFix.exe
[2011/06/03 18:53:50 | 000,018,039 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2011/06/03 18:44:36 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2011/06/03 18:44:31 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2011/06/03 18:44:31 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2011/06/03 18:44:20 | 000,000,194 | -HS- | M] () -- C:\boot.ini
[2011/06/03 18:44:12 | 000,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2011/06/03 18:26:21 | 000,311,934 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/06/03 18:26:21 | 000,040,196 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/05/27 23:48:02 | 000,000,020 | ---- | M] () -- C:\Documents and Settings\kathy\defogger_reenable
[2011/05/27 22:22:20 | 612,499,456 | ---- | M] () -- C:\WXPVOL_EN.ISO
[2011/05/25 06:50:13 | 000,001,582 | ---- | M] () -- C:\Documents and Settings\kathy\Application Data\Microsoft\Internet Explorer\Quick Launch\ImgBurn.lnk
[2011/05/25 06:50:13 | 000,001,564 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ImgBurn.lnk
[2011/05/24 21:27:11 | 000,013,312 | ---- | M] () -- C:\WINDOWS\System32\drivers\vdi3ndu1.sys
[2011/05/24 19:59:06 | 000,000,240 | ---- | M] () -- C:\WINDOWS\tasks\Spybot - Search & Destroy - Scheduled Task.job
[2011/05/23 13:06:59 | 000,002,350 | ---- | M] () -- C:\Documents and Settings\kathy\My Documents\Fell On Black Days.rtf
[2011/05/22 18:31:04 | 000,000,778 | ---- | M] () -- C:\Documents and Settings\kathy\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/05/22 18:31:03 | 000,000,760 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/05/20 08:58:39 | 000,000,754 | ---- | M] () -- C:\WINDOWS\WORDPAD.INI
[2011/05/19 22:45:49 | 000,002,694 | ---- | M] () -- C:\Documents and Settings\kathy\My Documents\Don't Let It Bring You Down.rtf
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/06 23:36:32 | 000,056,571 | ---- | C] () -- C:\Documents and Settings\kathy\Desktop\paste.rtf
[2011/06/03 20:53:28 | 000,001,378 | ---- | C] () -- C:\WINDOWS\System32\tmp.reg
[2011/06/03 20:44:24 | 000,000,258 | ---- | C] () -- C:\WINDOWS\tasks\WGASetup.job
[2011/06/03 20:37:54 | 001,872,472 | ---- | C] () -- C:\Documents and Settings\kathy\Desktop\SmitfraudFix.exe
[2011/06/03 18:51:03 | 000,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll
[2011/06/03 18:49:57 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2011/06/03 18:49:29 | 000,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2011/06/03 18:49:24 | 000,196,665 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe
[2011/06/03 18:49:15 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2011/06/03 18:48:41 | 013,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
[2011/06/03 18:48:21 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2011/06/03 18:48:05 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\dllcache\fpencode.dll
[2011/06/03 18:47:28 | 000,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2011/06/03 18:41:52 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Movie Maker.lnk
[2011/06/03 18:24:10 | 000,141,702 | ---- | C] () -- C:\WINDOWS\System32\dllcache\netfx.cat
[2011/06/03 18:24:10 | 000,110,116 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tabletpc.cat
[2011/06/03 18:24:10 | 000,031,965 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mediactr.cat
[2011/06/03 18:24:10 | 000,024,209 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn7.cat
[2011/06/03 18:24:10 | 000,011,651 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn9.cat
[2011/06/03 18:24:10 | 000,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2011/06/03 18:24:10 | 000,007,382 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2011/06/03 18:24:10 | 000,007,245 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSTSWEB.CAT
[2011/06/03 18:24:09 | 000,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2011/06/03 18:24:09 | 000,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
[2011/06/03 18:24:09 | 000,031,281 | ---- | C] () -- C:\WINDOWS\System32\dllcache\FP4.CAT
[2011/06/03 18:24:09 | 000,013,753 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IMS.CAT
[2011/06/03 18:24:09 | 000,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT
[2011/06/03 18:24:09 | 000,009,581 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSMSGS.CAT
[2011/06/03 18:24:09 | 000,007,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmerrenu.cat
[2011/06/03 18:24:08 | 000,797,189 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2011/06/03 18:24:06 | 001,042,903 | ---- | C] () -- C:\WINDOWS\System32\dllcache\SP2.CAT
[2011/06/03 18:24:04 | 002,012,670 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5.CAT
[2011/06/03 18:24:04 | 000,502,724 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5INF.CAT
[2011/05/28 01:03:48 | 000,245,920 | RHS- | C] () -- C:\cmldr
[2011/05/28 01:01:11 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/05/28 01:01:11 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/05/28 01:01:11 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/05/28 01:01:11 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/05/28 01:01:11 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/05/27 23:47:53 | 000,000,020 | ---- | C] () -- C:\Documents and Settings\kathy\defogger_reenable
[2011/05/27 23:32:10 | 612,499,456 | ---- | C] () -- C:\WXPVOL_EN.ISO
[2011/05/25 06:50:13 | 000,001,582 | ---- | C] () -- C:\Documents and Settings\kathy\Application Data\Microsoft\Internet Explorer\Quick Launch\ImgBurn.lnk
[2011/05/25 06:50:13 | 000,001,564 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ImgBurn.lnk
[2011/05/24 21:27:11 | 000,013,312 | ---- | C] () -- C:\WINDOWS\System32\drivers\vdi3ndu1.sys
[2011/05/24 19:59:06 | 000,000,240 | ---- | C] () -- C:\WINDOWS\tasks\Spybot - Search & Destroy - Scheduled Task.job
[2011/05/23 13:06:23 | 000,002,350 | ---- | C] () -- C:\Documents and Settings\kathy\My Documents\Fell On Black Days.rtf
[2011/05/22 18:31:03 | 000,000,766 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011/05/19 21:52:21 | 000,002,694 | ---- | C] () -- C:\Documents and Settings\kathy\My Documents\Don't Let It Bring You Down.rtf
[2011/03/25 04:26:02 | 000,024,623 | -HS- | C] () -- C:\WINDOWS\System32\hhkmp.ini2
[2011/03/14 12:27:13 | 000,024,623 | -HS- | C] () -- C:\WINDOWS\System32\hhkmp.ini
[2010/09/23 18:11:32 | 000,006,218 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/10/05 19:45:04 | 000,013,824 | ---- | C] () -- C:\Documents and Settings\kathy\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/06 04:34:51 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2009/03/27 21:47:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NSREX.INI
[2008/10/19 13:59:44 | 000,016,332 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2008/09/12 00:18:21 | 000,000,022 | ---- | C] () -- C:\WINDOWS\pskt.ini
[2008/09/11 23:14:53 | 000,001,536 | ---- | C] () -- C:\WINDOWS\System32\TrueSoft.dat
[2008/09/11 23:14:46 | 000,000,456 | ---- | C] () -- C:\WINDOWS\System32\pthsp.dat
[2008/02/07 19:57:32 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\kathy\Application Data\0047ab9674cb9a941c4a359502ec95b0ef22087b9f0ba1e2bc.dat
[2008/01/20 07:02:02 | 000,000,953 | ---- | C] () -- C:\WINDOWS\cookies.ini
[2008/01/19 19:18:14 | 001,073,319 | -HS- | C] () -- C:\WINDOWS\System32\arslrudn.ini
[2008/01/19 15:34:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\netscape.INI
[2008/01/19 15:14:32 | 000,635,243 | ---- | C] () -- C:\WINDOWS\ld32408.exe
[2008/01/17 18:34:23 | 000,001,158 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2008/01/17 18:32:41 | 000,030,998 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2007/05/14 17:07:03 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2007/05/10 14:12:19 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2007/05/10 14:09:34 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2007/05/10 14:09:34 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2007/05/10 14:09:34 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2007/05/10 14:08:42 | 000,000,037 | ---- | C] () -- C:\WINDOWS\sierra.ini
[2007/04/22 19:15:29 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007/04/22 19:01:47 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2007/03/18 22:38:31 | 000,002,554 | ---- | C] () -- C:\WINDOWS\WAVEMIX.INI
[2007/03/18 22:38:30 | 000,000,169 | ---- | C] () -- C:\WINDOWS\SimTower.ini
[2007/03/16 01:50:31 | 000,000,444 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2007/01/03 16:16:16 | 000,258,048 | ---- | C] () -- C:\WINDOWS\System32\shpshftr.dll
[2007/01/03 16:16:03 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\igfxdgps.dll
[2007/01/03 16:16:02 | 000,012,351 | ---- | C] () -- C:\WINDOWS\System32\i81xcoin.dll
[2006/12/28 11:56:21 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006/12/28 11:45:02 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/12/28 06:23:48 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/12/28 06:21:50 | 000,107,808 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006/07/16 05:03:01 | 000,012,800 | ---- | C] () -- C:\WINDOWS\System32\WgaTray.exe
[2006/07/16 05:03:01 | 000,003,584 | ---- | C] () -- C:\WINDOWS\System32\WgaLogon.dll
[2006/07/16 05:02:45 | 000,372,736 | ---- | C] () -- C:\WINDOWS\ukatiwuvubomure.dll
[2005/03/25 18:42:50 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/08/03 18:07:22 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2004/08/02 07:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2001/08/23 07:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/08/23 07:00:00 | 000,311,934 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/08/23 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/23 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/23 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/23 07:00:00 | 000,040,196 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/08/23 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/23 07:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/08/23 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2011/06/03 22:04:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kathy\Application Data\Awol
[2011/04/19 21:55:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kathy\Application Data\Canon
[2009/08/20 07:43:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kathy\Application Data\Foxit
[2010/09/05 15:15:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kathy\Application Data\GSplit
[2011/05/25 13:29:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kathy\Application Data\ImgBurn
[2009/05/08 20:39:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kathy\Application Data\OpenOffice.org
[2011/06/06 23:51:12 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\WGASetup.job

========== Purity Check ==========

< End of report >

aswMBR log:

aswMBR version 0.9.5.256 Copyright© 2011 AVAST Software
Run date: 2011-06-07 00:14:03
-----------------------------
00:14:03.656 OS Version: Windows 5.1.2600 Service Pack 2
00:14:03.656 Number of processors: 1 586 0x80A
00:14:03.656 ComputerName: PERFUNDO UserName: kathy
00:14:05.187 Initialize success
00:14:24.578 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e
00:14:24.578 Disk 0 Vendor: WDC_WD800JB-00JJC0 05.01C05 Size: 76319MB BusType: 3
00:14:24.609 Disk 0 MBR read successfully
00:14:24.609 Disk 0 MBR scan
00:14:24.609 Disk 0 Windows XP default MBR code
00:14:24.609 Disk 0 scanning sectors +156280320
00:14:24.671 Disk 0 scanning C:\WINDOWS\system32\drivers
00:14:30.171 Service scanning
00:14:32.843 Disk 0 trace - called modules:
00:14:32.843 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll
00:14:32.843 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x82383ab8]
00:14:32.859 3 CLASSPNP.SYS[f8577fcf] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-e[0x823cbb00]
00:14:32.859 Scan finished successfully
00:14:44.515 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\kathy\Desktop\MBR.dat"
00:14:44.515 The log file has been saved successfully to "C:\Documents and Settings\kathy\Desktop\aswMBR.txt"

#4
Essexboy

Posted 07 June 2011 - 07:20 AM

GeekU Moderator

Retired Staff
69,964 posts

I see that you have run Combofix - could you post the log please

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
O4 - HKLM..\Run: [Jhabiwokojeg] C:\WINDOWS\ukatiwuvubomure.dll ()
O4 - HKCU..\Run: [Glevip] File not found
[2011/05/24 21:27:11 | 000,013,312 | ---- | C] () -- C:\WINDOWS\System32\drivers\vdi3ndu1.sys

:Files
ipconfig /flushdns /c

:Commands
[purity]
[resethosts]
[emptytemp]
[EMPTYFLASH]
[CREATERESTOREPOINT]
[Reboot]
Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

#5
lionclan

Posted 10 June 2011 - 07:06 PM

New Member

Topic Starter
Member
8 posts

About ComboFix, I previously ran ComboFix before any of these posts and then made a mistake with HijackThis that rendered Windows unable to start properly. I then figured out how to restore ComboFix's registry backup and was back with a working but infected OS. Then came what I described in my first post here.

Anyway, I didn't figure those old logs, after which the registry was restored, would be worth much. I ran ComboFix again (might add CF hung the first time as it was fixing the driver volsnap.sys which it said was patched with a rootkit, then tried in safe mode with /nombr switch & eventually succeeded) and then did the OTL fix & scan you advised. Here are the logs.

OTL Log:
OTL logfile created on: 6/10/2011 6:11:08 PM - Run 2
OTL by OldTimer - Version 3.2.23.0 Folder = C:\download
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.48 Mb Total Physical Memory | 238.03 Mb Available Physical Memory | 46.63% Memory free
1.22 Gb Paging File | 0.99 Gb Available in Paging File | 80.98% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 22.60 Gb Free Space | 30.32% Space Free | Partition Type: NTFS
Drive E: | 123.00 Mb Total Space | 68.60 Mb Free Space | 55.77% Space Free | Partition Type: FAT32

Computer Name: PERFUNDO | User Name: kathy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/04 19:07:58 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\download\OTL.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2006/11/23 10:45:34 | 002,076,672 | ---- | M] (mIRC Co. Ltd.) -- C:\Program Files\mIRC\mirc.exe
PRC - [2006/07/16 05:01:43 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2001/08/17 22:36:54 | 000,086,016 | ---- | M] (PCtel, Inc.) -- C:\WINDOWS\system32\pctspk.exe

========== Modules (SafeList) ==========

MOD - [2011/06/04 19:07:58 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\download\OTL.exe
MOD - [2006/07/16 05:02:56 | 001,053,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2649_x-ww_aac16c8b\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2010/07/26 16:01:00 | 000,066,112 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus®
SRV - [2001/08/17 22:36:54 | 000,086,016 | ---- | M] (PCtel, Inc.) [Auto | Running] -- C:\WINDOWS\system32\pctspk.exe -- (Pctspk)

========== Driver Services (SafeList) ==========

DRV - [2007/05/10 15:02:19 | 000,639,224 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2006/07/16 05:09:03 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2002/10/15 01:00:00 | 000,101,431 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\IdeChnDr.sys -- (IdeChnDr) Intel®
DRV - [2002/10/15 01:00:00 | 000,013,891 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\IdeBusDr.sys -- (IdeBusDr)
DRV - [2002/07/23 10:01:38 | 000,161,020 | ---- | M (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\i81xnt5.sys -- (i81x)
DRV - [2002/07/23 10:01:34 | 000,011,935 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV11NT.sys -- (iAimFP8)
DRV - [2002/07/23 10:01:32 | 000,011,871 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV09NT.sys -- (iAimFP7)
DRV - [2002/07/23 10:01:32 | 000,011,807 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV07nt.sys -- (iAimFP5)
DRV - [2002/07/23 10:01:32 | 000,011,295 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV08NT.sys -- (iAimFP6)
DRV - [2002/07/23 10:01:30 | 000,012,127 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV02NT.sys -- (iAimFP1)
DRV - [2002/07/23 10:01:30 | 000,011,775 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV05NT.sys -- (iAimFP2)
DRV - [2002/07/23 10:01:28 | 000,019,455 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wVchNTxx.sys -- (iAimFP4)
DRV - [2002/07/23 10:01:28 | 000,012,415 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV01nt.sys -- (iAimFP0)
DRV - [2002/07/23 10:01:28 | 000,012,063 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wSiINTxx.sys -- (iAimFP3)
DRV - [2002/07/23 10:01:26 | 000,025,471 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV10nt.sys -- (iAimTV5)
DRV - [2002/07/23 10:01:26 | 000,022,271 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV06nt.sys -- (iAimTV6)
DRV - [2002/07/23 10:01:24 | 000,033,599 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV04nt.sys -- (iAimTV3)
DRV - [2002/07/23 10:01:22 | 000,029,311 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV01nt.sys -- (iAimTV0)
DRV - [2002/07/23 10:01:22 | 000,019,551 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV02NT.sys -- (iAimTV1)
DRV - [2002/07/23 10:01:20 | 000,023,615 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wCh7xxNT.sys -- (iAimTV4)
DRV - [2001/08/17 13:28:16 | 000,397,502 | ---- | M] (PCtel, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\vpctcom.sys -- (Vpctcom)
DRV - [2001/08/17 13:28:16 | 000,064,605 | ---- | M] (PCtel, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\vvoice.sys -- (Vvoice)
DRV - [2001/08/17 13:28:14 | 000,604,253 | ---- | M] (PCTEL, INC.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\vmodem.sys -- (Vmodem)
DRV - [2001/08/17 13:28:12 | 000,128,286 | ---- | M] (PCTEL, INC.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptserli.sys -- (Ptserli)
DRV - [2001/08/17 12:12:24 | 000,070,730 | ---- | M] (Linksys Group, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lne100tx.sys -- (lne100tx)
DRV - [2001/08/17 09:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Bing"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "http://www.google.co...m/webhp?rls=ig"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {AB196CF2-BF33-4E98-AD19-67A3CD5A4AA0}:1.9.1

FF - HKLM\software\mozilla\Firefox\extensions\\{3AC9064B-AF59-44FA-AEBC-3FCA816816D2}: C:\Documents and Settings\kathy\Local Settings\Application Data\{3AC9064B-AF59-44FA-AEBC-3FCA816816D2}\ [2011/06/10 17:41:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files\Mozilla Firefox 4.0 Beta 8\components [2011/04/03 16:16:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox 4.0 Beta 8\plugins
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/22 18:31:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/22 18:30:59 | 000,000,000 | ---D | M]

[2011/03/12 17:24:25 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\kathy\Application Data\Mozilla\Extensions
[2011/06/09 13:48:19 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\kathy\Application Data\Mozilla\Firefox\Profiles\hng3qhcl.default\extensions
[2011/05/22 18:31:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) --
() (No name found) -- C:\DOCUMENTS AND SETTINGS\KATHY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\HNG3QHCL.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
[2011/06/10 17:41:23 | 000,000,000 | ---D | M] (XULRunner) -- C:\DOCUMENTS AND SETTINGS\KATHY\LOCAL SETTINGS\APPLICATION DATA\{3AC9064B-AF59-44FA-AEBC-3FCA816816D2}
[2009/05/08 20:35:36 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/04/14 11:26:02 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2010/01/01 03:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/06/10 18:04:13 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O4 - HKCU..\Run: [Apntuzze] File not found
O4 - HKCU..\Run: [Bwctcex] File not found
O4 - HKCU..\Run: [Cheq] File not found
O4 - HKCU..\Run: [Csxavqi] File not found
O4 - HKCU..\Run: [Czssnsq] File not found
O4 - HKCU..\Run: [Damyknqj] File not found
O4 - HKCU..\Run: [Dide] File not found
O4 - HKCU..\Run: [Dnwgbsmq] File not found
O4 - HKCU..\Run: [Efoh] File not found
O4 - HKCU..\Run: [Egfha] File not found
O4 - HKCU..\Run: [Fkvo] File not found
O4 - HKCU..\Run: [Hcuabct] File not found
O4 - HKCU..\Run: [Hgxzps] File not found
O4 - HKCU..\Run: [Hubfsuh] File not found
O4 - HKCU..\Run: [Hzs] File not found
O4 - HKCU..\Run: [Idt] File not found
O4 - HKCU..\Run: [Iytmywy] File not found
O4 - HKCU..\Run: [Jhs] File not found
O4 - HKCU..\Run: [Jksmmmk] File not found
O4 - HKCU..\Run: [Jtyzvdd] File not found
O4 - HKCU..\Run: [Kdtkwriw] File not found
O4 - HKCU..\Run: [Ktkufd] File not found
O4 - HKCU..\Run: [Kvhiq] File not found
O4 - HKCU..\Run: [Lwwdespp] File not found
O4 - HKCU..\Run: [Nalk] File not found
O4 - HKCU..\Run: [Nhkmmt] File not found
O4 - HKCU..\Run: [Nht] File not found
O4 - HKCU..\Run: [Ntgsjcj] File not found
O4 - HKCU..\Run: [Pvkikko] File not found
O4 - HKCU..\Run: [Qmrccvw] File not found
O4 - HKCU..\Run: [Qptlgcdl] File not found
O4 - HKCU..\Run: [Qqqqf] File not found
O4 - HKCU..\Run: [Sfqywb] File not found
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [Torqsabx] File not found
O4 - HKCU..\Run: [Ukfhmk] File not found
O4 - HKCU..\Run: [Umafi] File not found
O4 - HKCU..\Run: [Wjil] File not found
O4 - HKCU..\Run: [Wlw] File not found
O4 - HKCU..\Run: [Wuwn] File not found
O4 - HKCU..\Run: [Ykocki] File not found
O4 - HKCU..\Run: [Yngyje] File not found
O4 - HKCU..\Run: [Yshmjo] File not found
O4 - HKCU..\Run: [Zmpod] File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {3334504D-9980-0010-8000-00AA00389B71} http://download.micr...C4D/mp43dmo.CAB (Reg Error: Key error.)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.micr...922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {50BD5CDA-4BA8-4048-8FAA-763F222E41D8} ms-its:mhtml:file://c:\\nores.mht!http://adxrnet.net/c...::/xpreload.ocx (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\vnd.ms.radio {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\WINDOWS\system32\msdxm.ocx ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\kathy\Local Settings\Application Data\Microsoft\Wallpaper2.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\kathy\Local Settings\Application Data\Microsoft\Wallpaper2.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/12/28 11:50:47 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/10 18:05:06 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/06/10 17:41:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kathy\Local Settings\Application Data\{3AC9064B-AF59-44FA-AEBC-3FCA816816D2}
[2011/06/10 17:37:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/06/10 16:18:22 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/06/10 14:18:31 | 000,000,000 | R--D | C] -- C:\Documents and Settings\kathy\Start Menu\Programs\Administrative Tools
[2011/06/08 04:59:50 | 000,000,000 | ---D | C] -- C:\ff4c7b36ff72458a78cb5f056b126059
[2011/06/08 04:59:49 | 000,000,000 | ---D | C] -- C:\996e4d00c27fa4c99c8a
[2011/06/08 04:59:27 | 000,000,000 | ---D | C] -- C:\9d58ec02821eb6fecc8321d7c035
[2011/06/08 04:58:59 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\kathy\Recent
[2011/06/07 21:51:20 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\kathy\PrivacIE
[2011/06/06 23:46:23 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/06/04 17:53:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kathy\Desktop\backups
[2011/06/04 12:38:26 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\kathy\IETldCache
[2011/06/04 12:01:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2011/06/04 11:58:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2011/06/04 11:55:31 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2011/06/04 11:55:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US
[2011/06/04 11:54:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MpEngineStore
[2011/06/03 21:37:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot_bak
[2011/06/03 20:47:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kathy\Desktop\SmitfraudFix
[2011/06/03 20:44:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\KB905474
[2011/06/03 20:44:03 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2011/06/03 20:43:50 | 000,000,000 | ---D | C] -- C:\e366ee99452b59ded35c06bd
[2011/06/03 20:37:12 | 000,000,000 | ---D | C] -- C:\183a80f4440e33293f
[2011/06/03 20:32:51 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 6.0
[2011/06/03 20:17:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2011/06/03 20:13:34 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2011/06/03 18:55:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2011/06/03 18:52:25 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$
[2011/06/03 18:51:26 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2011/06/03 18:51:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kathy\Application Data\Awol
[2011/06/03 18:51:25 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2011/06/03 18:51:25 | 000,026,624 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw330ext.dll
[2011/06/03 18:47:15 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2011/06/03 18:31:57 | 000,070,730 | ---- | C] (Linksys Group, Inc.) -- C:\WINDOWS\System32\drivers\lne100tx.sys
[2011/06/03 17:58:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2011/06/03 14:23:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\setup.pss
[2011/06/03 09:27:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution
[2011/06/03 09:27:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\Provisioning
[2011/06/03 09:27:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
[2011/06/03 09:27:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\PeerNet
[2011/06/03 09:27:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\Network Diagnostic
[2011/06/03 09:27:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2011/06/03 09:27:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\ehome
[2011/06/03 02:43:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\msmq
[2011/06/03 02:43:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Logfiles
[2011/06/02 20:39:14 | 000,000,000 | ---D | C] -- C:\New Folder
[2011/05/28 01:01:11 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/05/28 01:01:11 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/05/28 01:01:11 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/05/28 01:01:11 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/05/28 00:59:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/05/28 00:59:02 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/05/27 23:41:55 | 004,119,627 | R--- | C] (Swearware) -- C:\ComboFix.exe
[2011/05/27 20:50:06 | 000,218,112 | ---- | C] (Soeperman Enterprises Ltd.) -- C:\Documents and Settings\kathy\Desktop\HijackThis.exe
[2011/05/25 13:29:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kathy\Application Data\ImgBurn
[2011/05/25 06:50:13 | 000,000,000 | ---D | C] -- C:\Program Files\ImgBurn
[2011/05/25 06:50:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ImgBurn
[2011/05/25 00:00:12 | 000,000,000 | ---D | C] -- C:\NEW PANA
[2011/05/24 23:59:33 | 000,000,000 | ---D | C] -- C:\new panasonic drivers

========== Files - Modified Within 30 Days ==========

[2045/02/03 01:00:00 | 000,002,554 | ---- | M] () -- C:\WINDOWS\WAVEMIX.INI
[2045/02/03 01:00:00 | 000,001,966 | ---- | M] () -- C:\WINDOWS\System32\DVA.386
[2011/06/10 18:07:39 | 000,000,258 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2011/06/10 18:07:10 | 000,000,314 | ---- | M] () -- C:\WINDOWS\tasks\Spybot - Search & Destroy Updater - Scheduled Task.job
[2011/06/10 18:07:05 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/10 18:04:13 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/06/10 17:41:31 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Wgecewatebicogic.dat
[2011/06/10 16:18:30 | 000,000,310 | RHS- | M] () -- C:\boot.ini
[2011/06/10 16:13:27 | 004,119,627 | R--- | M] (Swearware) -- C:\ComboFix.exe
[2011/06/10 15:41:04 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Yrapalanahif.bin
[2011/06/10 15:19:54 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/06/09 03:02:28 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/06/08 11:35:37 | 000,006,274 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2011/06/07 23:48:44 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/06/07 00:14:44 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\kathy\Desktop\MBR.dat
[2011/06/06 23:45:02 | 000,056,571 | ---- | M] () -- C:\Documents and Settings\kathy\Desktop\paste.rtf
[2011/06/04 03:37:44 | 000,107,808 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/06/03 20:38:17 | 001,872,472 | ---- | M] () -- C:\Documents and Settings\kathy\Desktop\SmitfraudFix.exe
[2011/06/03 18:53:50 | 000,018,039 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2011/06/03 18:44:36 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2011/06/03 18:44:31 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2011/06/03 18:44:31 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2011/06/03 18:44:20 | 000,000,194 | ---- | M] () -- C:\Boot.bak
[2011/06/03 18:44:12 | 000,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2011/06/03 18:26:21 | 000,311,934 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/06/03 18:26:21 | 000,040,196 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/06/03 17:59:42 | 000,000,198 | -HS- | M] () -- C:\Documents and Settings\kathy\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop(2).ini
[2011/06/02 05:48:13 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malware Protection.lnk
[2011/05/27 23:48:02 | 000,000,020 | ---- | M] () -- C:\Documents and Settings\kathy\defogger_reenable
[2011/05/27 22:22:20 | 612,499,456 | ---- | M] () -- C:\WXPVOL_EN.ISO
[2011/05/25 06:50:13 | 000,001,582 | ---- | M] () -- C:\Documents and Settings\kathy\Application Data\Microsoft\Internet Explorer\Quick Launch\ImgBurn.lnk
[2011/05/25 06:50:13 | 000,001,582 | ---- | M] () -- C:\Documents and Settings\kathy\Application Data\Microsoft\Internet Explorer\Quick Launch\ImgBurn(2).lnk
[2011/05/25 06:50:13 | 000,001,564 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ImgBurn.lnk
[2011/05/24 19:59:06 | 000,000,240 | ---- | M] () -- C:\WINDOWS\tasks\Spybot - Search & Destroy - Scheduled Task.job
[2011/05/23 13:06:59 | 000,002,350 | ---- | M] () -- C:\Documents and Settings\kathy\My Documents\Fell On Black Days.rtf
[2011/05/22 18:31:04 | 000,000,778 | ---- | M] () -- C:\Documents and Settings\kathy\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/05/22 18:31:04 | 000,000,778 | ---- | M] () -- C:\Documents and Settings\kathy\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox(2).lnk
[2011/05/22 18:31:03 | 000,000,760 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/05/20 08:58:39 | 000,000,754 | ---- | M] () -- C:\WINDOWS\WORDPAD.INI
[2011/05/19 22:45:49 | 000,002,694 | ---- | M] () -- C:\Documents and Settings\kathy\My Documents\Don't Let It Bring You Down.rtf

========== Files Created - No Company Name ==========

[2011/06/10 16:38:59 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\kathy\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2011/06/10 16:36:43 | 261,488,640 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VTS_01_1.VOB
[2011/06/10 16:36:42 | 000,825,461 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\report.pdf
[2011/06/10 16:36:42 | 000,501,958 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SR16_Manual.pdf
[2011/06/10 16:36:42 | 000,414,304 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\slipx3.gif
[2011/06/10 16:36:32 | 023,918,736 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\LionClan - Otherside.avi
[2011/06/10 16:36:22 | 019,810,380 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\LionClan - Glycerine.avi
[2011/06/10 16:26:48 | 1073,709,056 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\LionClan - Creep _VTS_01_1.VOB
[2011/06/10 16:26:32 | 024,815,616 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\LionClan - Angel.avi
[2011/06/10 16:24:00 | 288,161,792 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\LionClan - Angel VTS_01_2.VOB
[2011/06/10 16:24:00 | 000,125,351 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\hardship waiver48259.pdf
[2011/06/10 16:24:00 | 000,109,745 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\invepsoa.wri
[2011/06/10 16:24:00 | 000,053,873 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\conditional-release-doc1.pdf
[2011/06/10 16:23:59 | 001,217,711 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\chapter5.pdf
[2011/06/10 16:23:59 | 000,158,193 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\bookmarks.html
[2011/06/10 16:23:58 | 000,039,665 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\03337.pdf
[2011/06/10 16:23:58 | 000,030,001 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\5xGuitarChordTabBig-1.pdf
[2011/06/10 16:23:58 | 000,026,899 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\5xGuitarChordTab-1.pdf
[2011/06/10 16:23:58 | 000,025,384 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\5xGuitarChordTabBig.pdf
[2011/06/10 16:18:30 | 000,000,194 | ---- | C] () -- C:\Boot.bak
[2011/06/08 00:05:40 | 000,000,314 | ---- | C] () -- C:\WINDOWS\tasks\Spybot - Search & Destroy Updater - Scheduled Task.job
[2011/06/07 22:55:54 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/06/07 01:02:27 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Wgecewatebicogic.dat
[2011/06/07 01:02:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Yrapalanahif.bin
[2011/06/07 00:14:44 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\kathy\Desktop\MBR.dat
[2011/06/06 23:36:32 | 000,056,571 | ---- | C] () -- C:\Documents and Settings\kathy\Desktop\paste.rtf
[2011/06/03 20:44:24 | 000,000,258 | ---- | C] () -- C:\WINDOWS\tasks\WGASetup.job
[2011/06/03 20:37:54 | 001,872,472 | ---- | C] () -- C:\Documents and Settings\kathy\Desktop\SmitfraudFix.exe
[2011/06/03 18:51:03 | 000,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll
[2011/06/03 18:49:57 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2011/06/03 18:49:29 | 000,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2011/06/03 18:49:24 | 000,196,665 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe
[2011/06/03 18:49:15 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2011/06/03 18:48:41 | 013,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
[2011/06/03 18:48:21 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2011/06/03 18:48:05 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\dllcache\fpencode.dll
[2011/06/03 18:47:28 | 000,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2011/06/03 18:41:52 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Movie Maker.lnk
[2011/06/03 18:24:10 | 000,141,702 | ---- | C] () -- C:\WINDOWS\System32\dllcache\netfx.cat
[2011/06/03 18:24:10 | 000,110,116 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tabletpc.cat
[2011/06/03 18:24:10 | 000,031,965 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mediactr.cat
[2011/06/03 18:24:10 | 000,024,209 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn7.cat
[2011/06/03 18:24:10 | 000,011,651 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn9.cat
[2011/06/03 18:24:10 | 000,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2011/06/03 18:24:10 | 000,007,382 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2011/06/03 18:24:10 | 000,007,245 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSTSWEB.CAT
[2011/06/03 18:24:09 | 000,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2011/06/03 18:24:09 | 000,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
[2011/06/03 18:24:09 | 000,031,281 | ---- | C] () -- C:\WINDOWS\System32\dllcache\FP4.CAT
[2011/06/03 18:24:09 | 000,013,753 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IMS.CAT
[2011/06/03 18:24:09 | 000,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT
[2011/06/03 18:24:09 | 000,009,581 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSMSGS.CAT
[2011/06/03 18:24:09 | 000,007,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmerrenu.cat
[2011/06/03 18:24:08 | 000,797,189 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2011/06/03 18:24:06 | 001,042,903 | ---- | C] () -- C:\WINDOWS\System32\dllcache\SP2.CAT
[2011/06/03 18:24:04 | 002,012,670 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5.CAT
[2011/06/03 18:24:04 | 000,502,724 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5INF.CAT
[2011/05/28 01:03:48 | 000,245,920 | RHS- | C] () -- C:\cmldr
[2011/05/28 01:01:11 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/05/28 01:01:11 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/05/28 01:01:11 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/05/28 01:01:11 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/05/28 01:01:11 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/05/27 23:47:53 | 000,000,020 | ---- | C] () -- C:\Documents and Settings\kathy\defogger_reenable
[2011/05/27 23:32:10 | 612,499,456 | ---- | C] () -- C:\WXPVOL_EN.ISO
[2011/05/25 06:50:13 | 000,001,582 | ---- | C] () -- C:\Documents and Settings\kathy\Application Data\Microsoft\Internet Explorer\Quick Launch\ImgBurn.lnk
[2011/05/25 06:50:13 | 000,001,582 | ---- | C] () -- C:\Documents and Settings\kathy\Application Data\Microsoft\Internet Explorer\Quick Launch\ImgBurn(2).lnk
[2011/05/25 06:50:13 | 000,001,564 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ImgBurn.lnk
[2011/05/24 19:59:06 | 000,000,240 | ---- | C] () -- C:\WINDOWS\tasks\Spybot - Search & Destroy - Scheduled Task.job
[2011/05/24 19:31:26 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malware Protection.lnk
[2011/05/23 13:06:23 | 000,002,350 | ---- | C] () -- C:\Documents and Settings\kathy\My Documents\Fell On Black Days.rtf
[2011/05/22 18:31:03 | 000,000,766 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011/05/19 21:52:21 | 000,002,694 | ---- | C] () -- C:\Documents and Settings\kathy\My Documents\Don't Let It Bring You Down.rtf
[2011/03/25 04:26:02 | 000,024,623 | -HS- | C] () -- C:\WINDOWS\System32\hhkmp.ini2
[2011/03/14 12:27:13 | 000,024,623 | -HS- | C] () -- C:\WINDOWS\System32\hhkmp.ini
[2010/09/23 18:11:32 | 000,006,274 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/10/05 19:45:04 | 000,013,824 | ---- | C] () -- C:\Documents and Settings\kathy\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/06 04:34:51 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2009/03/27 21:47:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NSREX.INI
[2008/10/19 13:59:44 | 000,016,332 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2008/10/02 14:05:26 | 001,040,303 | -HS- | C] () -- C:\WINDOWS\System32\lsmmwxti.ini
[2008/09/23 19:16:05 | 000,898,638 | -HS- | C] () -- C:\WINDOWS\System32\krheffkn.ini
[2008/09/20 23:23:00 | 001,001,677 | -HS- | C] () -- C:\WINDOWS\System32\fsvyjvkl.ini
[2008/09/14 23:47:16 | 001,071,071 | -HS- | C] () -- C:\WINDOWS\System32\mkhmhyfu.ini
[2008/09/14 08:49:02 | 001,078,208 | -HS- | C] () -- C:\WINDOWS\System32\kaialjnj.ini
[2008/09/13 00:22:24 | 001,078,208 | -HS- | C] () -- C:\WINDOWS\System32\xvvroeie.ini
[2008/09/12 00:24:31 | 001,180,778 | -HS- | C] () -- C:\WINDOWS\System32\gpwktclo.ini
[2008/09/11 23:14:53 | 000,001,536 | ---- | C] () -- C:\WINDOWS\System32\TrueSoft.dat
[2008/09/11 23:14:46 | 000,000,456 | ---- | C] () -- C:\WINDOWS\System32\pthsp.dat
[2008/02/07 19:57:32 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\kathy\Application Data\0047ab9674cb9a941c4a359502ec95b0ef22087b9f0ba1e2bc.dat
[2008/02/07 18:00:49 | 001,219,783 | -HS- | C] () -- C:\WINDOWS\System32\wkijcjlh.ini
[2008/01/21 09:25:38 | 001,086,203 | -HS- | C] () -- C:\WINDOWS\System32\mdqgphut.ini
[2008/01/19 19:18:14 | 001,073,319 | -HS- | C] () -- C:\WINDOWS\System32\arslrudn.ini
[2008/01/19 15:34:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\netscape.INI
[2008/01/19 15:14:32 | 000,635,243 | ---- | C] () -- C:\WINDOWS\ld32408.exe
[2008/01/18 19:15:21 | 001,073,352 | -HS- | C] () -- C:\WINDOWS\System32\yuavlxbo.ini
[2008/01/17 18:34:23 | 000,001,158 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2008/01/17 18:32:41 | 000,030,998 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/01/17 17:20:42 | 001,075,882 | -HS- | C] () -- C:\WINDOWS\System32\todykilb.ini
[2008/01/15 09:53:30 | 001,075,822 | -HS- | C] () -- C:\WINDOWS\System32\fstjrjib.ini
[2008/01/15 09:51:24 | 001,056,916 | -HS- | C] () -- C:\WINDOWS\System32\iuggqneb.ini
[2008/01/04 23:23:01 | 001,018,922 | -HS- | C] () -- C:\WINDOWS\System32\eftifpvt.ini
[2007/12/25 19:39:00 | 001,044,100 | -HS- | C] () -- C:\WINDOWS\System32\svlgcbsq.ini
[2007/12/22 01:37:02 | 000,991,542 | -HS- | C] () -- C:\WINDOWS\System32\kshpldbf.ini
[2007/12/16 03:16:31 | 000,000,002 | ---- | C] () -- C:\WINDOWS\System32\wapiitr.exe
[2007/05/14 17:07:03 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2007/05/10 14:12:19 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2007/05/10 14:09:34 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2007/05/10 14:09:34 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2007/05/10 14:09:34 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2007/05/10 14:08:42 | 000,000,037 | ---- | C] () -- C:\WINDOWS\sierra.ini
[2007/04/22 19:15:29 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007/04/22 19:01:47 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2007/03/18 22:38:31 | 000,002,554 | ---- | C] () -- C:\WINDOWS\WAVEMIX.INI
[2007/03/18 22:38:30 | 000,000,169 | ---- | C] () -- C:\WINDOWS\SimTower.ini
[2007/03/16 01:50:31 | 000,000,444 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2007/01/03 16:16:16 | 000,258,048 | ---- | C] () -- C:\WINDOWS\System32\shpshftr.dll
[2007/01/03 16:16:03 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\igfxdgps.dll
[2007/01/03 16:16:02 | 000,012,351 | ---- | C] () -- C:\WINDOWS\System32\i81xcoin.dll
[2006/12/28 11:56:21 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006/12/28 11:45:02 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/12/28 06:23:48 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/12/28 06:21:50 | 000,107,808 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006/07/16 05:03:01 | 000,012,800 | ---- | C] () -- C:\WINDOWS\System32\WgaTray.exe
[2006/07/16 05:03:01 | 000,003,584 | ---- | C] () -- C:\WINDOWS\System32\WgaLogon.dll
[2005/03/25 18:42:50 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/08/03 18:07:22 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2004/08/02 07:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2001/08/23 07:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/08/23 07:00:00 | 000,311,934 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/08/23 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/23 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/23 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/23 07:00:00 | 000,040,196 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/08/23 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/23 07:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/08/23 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2011/06/03 22:04:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kathy\Application Data\Awol
[2011/04/19 21:55:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kathy\Application Data\Canon
[2009/08/20 07:43:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kathy\Application Data\Foxit
[2010/09/05 15:15:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kathy\Application Data\GSplit
[2011/05/25 13:29:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kathy\Application Data\ImgBurn
[2009/05/08 20:39:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kathy\Application Data\OpenOffice.org
[2011/06/10 18:07:39 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\WGASetup.job

========== Purity Check ==========

< End of report >

ComboFix Log:
ComboFix 11-06-10.08 - kathy 06/10/2011 16:59:49.2.1 - x86 MINIMAL
Running from: C:\ComboFix.exe
Command switches used :: /nombr
* Created a new restore point
.
/wow section - STAGE 24
Could Not Find c:\combofix\temAA
Could Not Find c:\combofix\temAA
Could Not Find c:\combofix\temAA
Could Not Find c:\combofix\temAA
Could Not Find c:\combofix\temAA
Could Not Find c:\combofix\temAA
The process cannot access the file because it is being used by another process.
The process cannot access the file because it is being used by another process.
The process cannot access the file because it is being used by another process.
The process cannot access the file because it is being used by another process.
The system cannot find the path specified.
'.d.a.1.a.3.f.f.' is not recognized as an internal or external command
'.0.\\.' is not recognized as an internal or external command
.
/wow section - STAGE 32
grep: temp2401: No such file or directory
.
/wow section - STAGE 32A
grep: VList: No such file or directory
The system cannot find the file specified.
.
/wow section - STAGE 33
.
/wow section not completed
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\kathy\Local Settings\Application Data\{AB196CF2-BF33-4E98-AD19-67A3CD5A4AA0}
c:\documents and settings\kathy\Local Settings\Application Data\{AB196CF2-BF33-4E98-AD19-67A3CD5A4AA0}\chrome.manifest
c:\documents and settings\kathy\Local Settings\Application Data\{AB196CF2-BF33-4E98-AD19-67A3CD5A4AA0}\chrome\content\_cfg.js
c:\documents and settings\kathy\Local Settings\Application Data\{AB196CF2-BF33-4E98-AD19-67A3CD5A4AA0}\chrome\content\overlay.xul
c:\documents and settings\kathy\Local Settings\Application Data\{AB196CF2-BF33-4E98-AD19-67A3CD5A4AA0}\install.rdf
c:\documents and settings\kathy\WINDOWS
c:\progra~1\COMMON~1\YSTEM3~1\scanregw.exe
c:\program files\appatc~1
c:\program files\asks~1
c:\program files\Common Files\asembl~1
c:\program files\Common Files\crosof~1.net
c:\program files\Common Files\curity~1
c:\program files\Common Files\dobe~1
c:\program files\Common Files\ecurit~1
c:\program files\Common Files\fnts~1
c:\program files\Common Files\fnts~2
c:\program files\Common Files\mantec~1
c:\program files\Common Files\mcroso~1.net
c:\program files\Common Files\oroi
c:\program files\Common Files\oroi\oroia.exe
c:\program files\Common Files\oroi\oroia.lck
c:\program files\Common Files\oroi\oroid\class-barrel
c:\program files\Common Files\oroi\oroid\oroic.dll
c:\program files\Common Files\oroi\oroid\vocabulary
c:\program files\Common Files\oroi\oroih
c:\program files\Common Files\oroi\oroil.lck
c:\program files\Common Files\oroi\oroim.lck
c:\program files\Common Files\ppatch~1
c:\program files\Common Files\ppatch~2
c:\program files\Common Files\pppatc~1
c:\program files\Common Files\pppatc~2
c:\program files\Common Files\racle~1
c:\program files\Common Files\racle~2
c:\program files\Common Files\scurit~1
c:\program files\Common Files\sembly~1
c:\program files\Common Files\smbols~1
c:\program files\Common Files\ssembl~1
c:\program files\Common Files\sstem~1
c:\program files\Common Files\stem~1
c:\program files\Common Files\stem32~1
c:\program files\Common Files\wnsxs~1
c:\program files\Common Files\ymante~1
c:\program files\Common Files\ymbols~1
c:\program files\Common Files\ystem~1
c:\program files\Common Files\ystem3~1
c:\program files\Common Files\ystem3~1\scanregw.exe
c:\program files\crosof~1
c:\program files\crosof~1.net
c:\program files\dobe~1
c:\program files\dobe~2
c:\program files\ecurit~1
c:\program files\fnts~1
c:\program files\fnts~2
c:\program files\icroso~1
c:\program files\icroso~1.net
c:\program files\mantec~1
c:\program files\mbols~1
c:\program files\mcroso~1
c:\program files\mcroso~1.net
c:\program files\ppatch~1
c:\program files\ppatch~2
c:\program files\pppatc~1
c:\program files\racle~1
c:\program files\racle~2
c:\program files\scurit~1
c:\program files\smante~1
c:\program files\sstem3~1
c:\program files\stem~1
c:\program files\stem32~1
c:\program files\Temporary
c:\program files\Temporary\InsiDERInst.ex
c:\program files\Temporary\InsiDERInst.exe
c:\program files\tsks~1
c:\program files\ymante~1
c:\program files\ymbols~1
c:\program files\ystem~1
c:\program files\ystem3~1
c:\windows\appatc~1
c:\windows\asks~1
c:\windows\asks~2
c:\windows\cookies.ini
c:\windows\crosof~1
c:\windows\curity~1
c:\windows\dobe~1
c:\windows\Downloaded Program Files\UGA6P_0001_N122M2210NetInstaller.exe
c:\windows\fnts~1
c:\windows\icroso~1.net
c:\windows\mbols~1
c:\windows\mcroso~1
c:\windows\ppatch~1
c:\windows\pppatc~1
c:\windows\pskt.ini
c:\windows\racle~1
c:\windows\scurit~1
c:\windows\sembly~1
c:\windows\sks~1
c:\windows\SKS~1\regedit.exe
c:\windows\smbols~1
c:\windows\system32\asks~1
c:\windows\system32\asks~2
c:\windows\system32\crosof~1.net
c:\windows\system32\curity~1
c:\windows\system32\dobe~1
c:\windows\system32\dobe~2
c:\windows\system32\fnts~1
c:\windows\system32\icroso~1
c:\windows\system32\mantec~1
c:\windows\system32\mcrh.tmp
c:\windows\system32\mcroso~1
c:\windows\system32\nGpxx01
c:\windows\system32\pac.txt
c:\windows\system32\ppatch~1
c:\windows\system32\pppatc~1
c:\windows\system32\racle~1
c:\windows\system32\scurit~1
c:\windows\system32\sembly~1
c:\windows\system32\sks~1
c:\windows\system32\smbols~1
c:\windows\system32\stem~1
c:\windows\system32\stem32~1
c:\windows\system32\tmp.reg
c:\windows\system32\wnsxs~1
c:\windows\system32\ystem~1
c:\windows\system32\ystem3~1
c:\windows\wnsxs~1
c:\windows\wroetmol.dll
c:\windows\ymbols~1
c:\windows\ystem~1
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_CMDSERVICE
-------\Legacy_FCI
-------\Legacy_PROTECT
-------\Legacy_SYSLIBRARY
-------\Service_FCI
.
.
((((((((((((((((((((((((( Files Created from 2011-05-10 to 2011-06-10 )))))))))))))))))))))))))))))))
.
.
2011-06-10 22:41 . 2011-06-10 22:41 -------- d-----w- c:\documents and settings\kathy\Local Settings\Application Data\{3AC9064B-AF59-44FA-AEBC-3FCA816816D2}
2011-06-08 09:59 . 2011-06-08 09:59 -------- d-----w- C:\ff4c7b36ff72458a78cb5f056b126059
2011-06-08 09:59 . 2011-06-08 09:59 -------- d-----w- C:\996e4d00c27fa4c99c8a
2011-06-08 09:59 . 2011-06-08 09:59 -------- d-----w- C:\9d58ec02821eb6fecc8321d7c035
2011-06-08 02:51 . 2011-06-08 02:51 -------- d-sh--w- c:\documents and settings\kathy\PrivacIE
2011-06-08 02:39 . 2011-06-08 02:39 -------- d-----w- c:\windows\system32\config\systemprofile\IETldCache
2011-06-07 06:02 . 2011-06-10 20:41 0 ----a-w- c:\windows\Yrapalanahif.bin
2011-06-07 04:46 . 2011-06-07 04:46 -------- d-----w- C:\_OTL
2011-06-04 17:38 . 2011-06-04 17:38 -------- d-sh--w- c:\documents and settings\kathy\IETldCache
2011-06-04 17:00 . 2009-10-20 14:41 265728 -c----w- c:\windows\system32\dllcache\http.sys
2011-06-04 16:59 . 2010-05-06 10:41 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2011-06-04 16:59 . 2010-05-06 10:41 599040 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2011-06-04 16:59 . 2010-05-06 10:41 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2011-06-04 16:59 . 2010-05-06 10:41 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2011-06-04 16:59 . 2010-05-06 10:41 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2011-06-04 16:59 . 2010-05-06 10:41 11076096 -c----w- c:\windows\system32\dllcache\ieframe.dll
2011-06-04 16:59 . 2010-05-06 10:41 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2011-06-04 16:55 . 2011-06-04 16:59 -------- dc-h--w- c:\windows\ie8
2011-06-04 16:54 . 2011-06-04 16:54 -------- d-----w- c:\windows\system32\MpEngineStore
2011-06-04 02:37 . 2011-06-04 07:34 -------- d-----w- c:\windows\system32\CatRoot_bak
2011-06-04 01:44 . 2011-06-04 01:44 -------- d-----w- c:\windows\system32\KB905474
2011-06-04 01:43 . 2011-06-04 01:43 -------- d-----w- C:\e366ee99452b59ded35c06bd
2011-06-04 01:37 . 2011-06-04 01:37 -------- d-----w- C:\183a80f4440e33293f
2011-06-04 01:32 . 2011-06-04 01:32 -------- d-----w- c:\program files\MSXML 6.0
2011-06-04 01:17 . 2011-06-04 01:17 -------- d-----w- c:\windows\ServicePackFiles
2011-06-04 01:13 . 2011-06-04 01:13 -------- d-----w- c:\program files\MSXML 4.0
2011-06-04 00:32 . 2009-11-27 17:33 17920 -c----w- c:\windows\system32\dllcache\msyuv.dll
2011-06-04 00:30 . 2009-11-27 16:37 8704 -c----w- c:\windows\system32\dllcache\tsbyuv.dll
2011-06-04 00:30 . 2009-11-27 16:37 48128 -c----w- c:\windows\system32\dllcache\iyuv_32.dll
2011-06-04 00:25 . 2008-06-13 13:10 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2011-06-04 00:25 . 2008-06-13 13:10 272128 ------w- c:\windows\system32\drivers\bthport.sys
2011-06-04 00:23 . 2010-02-24 12:48 457216 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2011-06-04 00:18 . 2010-02-16 17:35 2143744 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2011-06-04 00:17 . 2010-02-16 17:37 2186880 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2011-06-04 00:17 . 2010-02-16 16:57 2021888 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2011-06-04 00:17 . 2010-02-17 16:57 2063744 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2011-06-03 23:51 . 2001-08-23 12:00 101376 -c--a-w- c:\windows\system32\dllcache\srusbusd.dll
2011-06-03 23:50 . 2004-08-03 20:31 15360 -c--a-w- c:\windows\system32\dllcache\padrs804.dll
2011-06-03 23:49 . 2001-08-23 12:00 70656 -c--a-w- c:\windows\system32\dllcache\korwbrkr.dll
2011-06-03 23:48 . 2001-08-23 12:00 10129408 -c--a-w- c:\windows\system32\dllcache\hwxkor.dll
2011-06-03 23:47 . 2004-08-03 22:56 92160 -c--a-w- c:\windows\system32\dllcache\evntwin.exe
2011-06-03 23:46 . 2001-08-23 12:00 45568 -c--a-w- c:\windows\system32\dllcache\browscap.dll
2011-06-03 23:45 . 2001-08-23 12:00 5632 -c--a-w- c:\windows\system32\dllcache\iisrstap.dll
2011-06-03 23:44 . 2004-08-03 22:56 221184 ----a-w- c:\windows\system32\wmpns.dll
2011-06-03 23:44 . 2011-06-03 23:44 -------- d-----w- c:\documents and settings\Default User\Local Settings\Application Data\Microsoft
2011-06-03 23:38 . 2010-04-16 13:29 18432 -c--a-w- c:\windows\system32\dllcache\iedw.exe
2011-06-03 23:38 . 2010-04-16 13:29 18432 ----a-w- c:\program files\Internet Explorer\iedw.exe
2011-06-03 23:36 . 2006-07-16 10:01 28672 ----a-w- c:\program files\Messenger\custsat.dll
2011-06-03 23:31 . 2001-08-17 17:12 70730 ----a-w- c:\windows\system32\drivers\lne100tx.sys
2011-06-03 23:26 . 2001-08-23 12:00 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2011-06-03 23:26 . 2001-08-23 12:00 24661 ----a-w- c:\windows\system32\spxcoins.dll
2011-06-03 23:26 . 2001-08-23 12:00 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2011-06-03 23:26 . 2001-08-23 12:00 13312 ----a-w- c:\windows\system32\irclass.dll
2011-06-03 23:24 . 2008-05-12 06:24 21024 ----a-w- c:\windows\system32\PANSON24.DRV
2011-06-03 23:23 . 2004-08-03 23:58 13753 ----a-r- c:\windows\SET49.tmp
2011-06-03 23:23 . 2004-08-03 23:57 1086058 ----a-r- c:\windows\SET3D.tmp
2011-06-03 23:23 . 2004-08-04 00:03 1042903 ----a-r- c:\windows\SET3C.tmp
2011-06-03 23:00 . 2002-07-17 13:42 577536 ----a-w- c:\windows\system32\igfxres.dll
2011-06-03 22:58 . 2009-08-07 00:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2011-06-03 22:58 . 2009-08-07 00:24 17632 ----a-w- c:\windows\system32\wuaueng.dll.mui
2011-06-03 14:27 . 2011-06-03 18:17 -------- d-----w- c:\windows\system32\en
2011-06-03 14:27 . 2011-06-03 18:17 -------- d-----w- c:\windows\PeerNet
2011-06-03 14:27 . 2011-06-03 14:27 -------- d-----w- c:\windows\Provisioning
2011-06-03 14:27 . 2011-06-03 14:27 -------- d-----w- c:\windows\ehome
2011-06-03 07:43 . 2011-06-03 07:43 -------- d-----w- c:\windows\system32\msmq
2011-06-03 07:43 . 2011-06-03 07:43 -------- d-----w- c:\windows\system32\Logfiles
2011-06-03 07:05 . 2004-08-03 22:56 363520 -c--a-w- c:\windows\system32\dllcache\w3svc.dll
2011-06-03 07:04 . 2004-08-03 22:56 45056 -c--a-w- c:\windows\system32\dllcache\ssinc51.dll
2011-06-03 07:04 . 2004-08-03 22:56 358400 -c--a-w- c:\windows\system32\dllcache\snmpincl.dll
2011-06-03 07:04 . 2004-08-03 22:56 358400 ----a-w- c:\windows\system32\wbem\snmpincl.dll
2011-06-03 07:04 . 2004-08-03 22:56 188416 -c--a-w- c:\windows\system32\dllcache\snmpsmir.dll
2011-06-03 07:04 . 2004-08-03 22:56 188416 ----a-w- c:\windows\system32\wbem\snmpsmir.dll
2011-06-03 07:04 . 2004-08-03 22:56 456704 -c--a-w- c:\windows\system32\dllcache\smtpsvc.dll
2011-06-03 07:04 . 2004-08-03 22:56 236544 -c--a-w- c:\windows\system32\dllcache\smi2smir.exe
2011-06-03 07:04 . 2004-08-03 22:56 236544 ----a-w- c:\windows\system32\wbem\snmp\smi2smir.exe
2011-06-03 07:01 . 2004-08-03 22:56 37888 -c--a-w- c:\windows\system32\dllcache\md5filt.dll
2011-06-03 07:01 . 2004-08-03 22:56 257024 -c--a-w- c:\windows\system32\dllcache\infocomm.dll
2011-06-03 07:00 . 2004-08-03 22:56 79872 -c--a-w- c:\windows\system32\dllcache\iislog51.dll
2011-06-03 07:00 . 2004-08-03 22:56 61440 -c--a-w- c:\windows\system32\dllcache\httpod51.dll
2011-06-03 07:00 . 2004-08-03 22:56 268288 -c--a-w- c:\windows\system32\dllcache\httpext.dll
2011-06-03 06:57 . 2006-04-18 04:23 369664 -c--a-w- c:\windows\system32\dllcache\asp51.dll
2011-06-03 06:56 . 2004-08-03 22:56 46592 -c--a-w- c:\windows\system32\dllcache\coadmin.dll
2011-06-03 06:56 . 2004-08-03 22:56 290816 -c--a-w- c:\windows\system32\dllcache\adsiis51.dll
2011-06-03 06:56 . 2004-08-03 22:56 290816 ----a-w- c:\windows\system32\adsiis.dll
2011-06-03 01:39 . 2011-06-03 01:46 -------- d-----w- C:\New Folder
2011-05-28 02:24 . 2008-05-12 06:24 21024 ----a-w- C:\PANSON24.DRV
2011-05-25 18:29 . 2011-05-25 18:29 -------- d-----w- c:\documents and settings\kathy\Application Data\ImgBurn
2011-05-25 11:50 . 2011-05-25 11:50 -------- d-----w- c:\program files\ImgBurn
2011-05-25 05:00 . 2011-05-25 05:00 -------- d-----w- C:\NEW PANA
2011-05-25 04:59 . 2011-05-25 05:00 -------- d-----w- C:\new panasonic drivers
2011-05-25 02:27 . 2011-05-25 02:27 13312 ----a-w- c:\windows\system32\drivers\vdi3ndu1.sys
2011-05-22 23:31 . 2011-04-14 16:26 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-05-22 23:31 . 2011-04-14 16:25 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-05-22 23:31 . 2011-04-14 16:25 1874904 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
2011-05-22 23:31 . 2011-04-14 16:25 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
2011-05-22 23:31 . 2011-04-14 16:25 465880 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2011-05-22 23:31 . 2011-04-14 16:25 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2011-05-22 23:31 . 2010-01-01 08:00 1974616 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_42.dll
2011-05-22 23:31 . 2010-01-01 08:00 1892184 ----a-w- c:\program files\Mozilla Firefox\d3dx9_42.dll
2011-05-20 02:39 . 2011-05-20 02:39 86188 ----a-w- c:\program files\Mozilla Firefox\0.14358515392301985.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2045-02-03 06:00 . 2010-11-15 06:07 92208 ----a-w- c:\windows\system\WING.DLL
2045-02-03 06:00 . 2010-11-15 06:07 12800 ----a-w- c:\windows\system\WING32.DLL
2045-02-03 06:00 . 2007-03-19 03:39 27136 ----a-w- c:\windows\system\WAVMIX16.DLL
2045-02-03 06:00 . 2007-03-19 03:39 92208 ----a-w- c:\windows\system32\WING.DLL
2045-02-03 06:00 . 2007-03-19 03:39 6736 ----a-w- c:\windows\system32\WINGDIB.DRV
2045-02-03 06:00 . 2007-03-19 03:39 5024 ----a-w- c:\windows\system32\WINGPAL.WND
2045-02-03 06:00 . 2007-03-19 03:39 1966 ----a-w- c:\windows\system32\DVA.386
2045-02-03 06:00 . 2007-03-19 03:39 188960 ----a-w- c:\windows\system32\WINGDE.DLL
2045-02-03 06:00 . 2007-03-19 03:39 12800 ----a-w- c:\windows\system32\WING32.DLL
2045-02-03 06:00 . 2007-03-19 03:38 27136 ----a-w- c:\windows\system32\WAVMIX16.DLL
2011-05-14 06:26 . 2006-12-28 11:15 73728 ----a-w- c:\windows\DUMP4565.tmp
2011-03-29 10:09 . 2011-03-25 09:26 24623 --sha-w- c:\windows\system32\hhkmp.ini2
2011-03-25 09:35 . 2011-03-25 09:44 3404136 ----a-w- C:\procexp.exe
2011-04-14 16:26 . 2011-05-22 23:31 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Zmpod"="c:\windows\?asks\j?vaw.exe" [?]
"Yshmjo"="c:\windows\system32\?icrosoft\r?gsvr32.exe" [?]
"Yngyje"="c:\windows\system32\?racle\s?rvices.exe" [?]
"Ykocki"="c:\program files\Common Files\?dobe\m?hta.exe" [?]
"Wuwn"="c:\program files\??mantec\c?rss.exe" [?]
"Wlw"="c:\program files\Common Files\?ymbols\?ti2evxx.exe" [?]
"Wjil"="c:\program files\Common Files\?ystem\m?iexec.exe" [?]
"Umafi"="c:\documents and settings\kathy\Application Data\F?nts\s?chost.exe" [?]
"Ukfhmk"="c:\program files\Common Files\s?mbols\?hkntfs.exe" [?]
"Torqsabx"="c:\program files\?racle\m?config.exe" [?]
"Sfqywb"="c:\documents and settings\kathy\My Documents\?racle\?vchost.exe" [?]
"Qqqqf"="c:\documents and settings\kathy\My Documents\??stem32\r?gedit.exe" [?]
"Qptlgcdl"="c:\documents and settings\kathy\Application Data\??crosoft\w?nspool.exe" [?]
"Qmrccvw"="c:\documents and settings\kathy\My Documents\?ymbols\w?auboot.exe" [?]
"Pvkikko"="c:\program files\Common Files\?racle\d?xplore.exe" [?]
"Ntgsjcj"="c:\windows\?icrosoft.NET\?srss.exe" [?]
"Nht"="c:\documents and settings\kathy\My Documents\?ymbols\n?pdb.exe" [?]
"Nhkmmt"="c:\program files\A?pPatch\?explore.exe" [?]
"Nalk"="c:\windows\?ppPatch\?ervices.exe" [?]
"Lwwdespp"="c:\documents and settings\kathy\My Documents\?dobe\r?gsvr32.exe" [?]
"Kvhiq"="c:\program files\Common Files\?ymbols\n?pdb.exe" [?]
"Ktkufd"="c:\windows\s?curity\j?vaw.exe" [?]
"Kdtkwriw"="c:\program files\Common Files\?ppPatch\n?tdde.exe" [?]
"Jtyzvdd"="c:\program files\s?curity\??xplore.exe" [?]
"Jksmmmk"="c:\windows\system32\W?nSxS\?ttrib.exe" [?]
"Jhs"="c:\program files\?ppPatch\w?nspool.exe" [?]
"Iytmywy"="c:\program files\Common Files\??curity\n?tdde.exe" [?]
"Idt"="c:\windows\??curity\l?[bleep].exe" [?]
"Hzs"="c:\program files\?ecurity\s?rvices.exe" [?]
"Hubfsuh"="c:\program files\Common Files\??mantec\?xplorer.exe" [?]
"Hgxzps"="c:\program files\??crosoft\w?nlogon.exe" [?]
"Hcuabct"="c:\documents and settings\kathy\My Documents\?asks\?ttrib.exe" [?]
"Fkvo"="c:\program files\Common Files\??stem\r?gedit.exe" [?]
"Egfha"="c:\program files\Common Files\M?crosoft.NET\n?tepad.exe" [?]
"Efoh"="c:\windows\system32\?ystem32\n?lookup.exe" [?]
"Dnwgbsmq"="c:\documents and settings\kathy\Application Data\?dobe\e?plorer.exe" [?]
"Dide"="c:\documents and settings\kathy\Application Data\?ecurity\u?erinit.exe" [?]
"Damyknqj"="c:\program files\S?mantec\??ool32.exe" [?]
"Czssnsq"="c:\windows\system32\??sembly\?explore.exe" [?]
"Csxavqi"="c:\program files\Common Files\?racle\??plorer.exe" [?]
"Cheq"="c:\program files\Common Files\?racle\r?ndll32.exe" [?]
"Bwctcex"="c:\program files\?ymbols\w?auboot.exe" [?]
"Apntuzze"="c:\documents and settings\kathy\Application Data\??sembly\w?nlogon.exe" [?]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Jhabiwokojeg"="c:\windows\awitonudo.dll" [2006-07-16 368128]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background
"MySpaceIM"=c:\program files\MySpace\IM\MySpaceIM.exe
"Words"=c:\program files\Words\Words.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"HotKeysCmds"=c:\windows\System32\hkcmd.exe
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"IgfxTray"=c:\windows\System32\igfxtray.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
.
R0 Xyj42;Xyj42; [x]
R1 jlpmgfqb;jlpmgfqb;c:\windows\system32\drivers\jlpmgfqb.sys [x]
R3 iAimFP8;iAimFP8;c:\windows\system32\DRIVERS\wADV11nt.sys [2002-07-23 11935]
R3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe [2004-08-03 14336]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2007-05-10 639224]
S3 lne100tx;Linksys LNE100TX Fast Ethernet PCI Adapter;c:\windows\system32\DRIVERS\lne100tx.sys [2001-08-17 70730]
S3 Ptserli;PCTEL Serial Device Driver for INTEL;c:\windows\system32\DRIVERS\ptserli.sys [2001-08-17 128286]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
DcomLaunch REG_MULTI_SZ DcomLaunch
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-25 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2010-09-23 20:31]
.
2011-06-10 c:\windows\Tasks\Spybot - Search & Destroy Updater - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SDUpdate.exe [2010-09-23 20:31]
.
2011-06-10 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2011-06-04 03:18]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
TCP: DhcpNameServer = 192.168.1.254
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {50BD5CDA-4BA8-4048-8FAA-763F222E41D8} - ms-its:mhtml:file://c:\\nores.mht!http://adxrnet.net/c...::/xpreload.ocx
FF - ProfilePath - c:\documents and settings\kathy\Application Data\Mozilla\Firefox\Profiles\hng3qhcl.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/webhp?rls=ig
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{18D69F3C-27AA-2D5C-8E38-58C02C5385E8} - c:\windows\System32\dppq.dll
BHO-{875A1348-7674-42aa-ADAC-B4F36A004A2D} - c:\program files\QdrDrive\QdrDrive8.dll
BHO-{BBB05D9E-0297-404D-A6BF-D8F2876B84A6} - (no file)
BHO-{EAF1AF45-6130-4CC5-8051-6A58BB253F93} - c:\windows\System32\pmkhh.dll
HKCU-Run-QdrModule10 - c:\program files\QdrModule\QdrModule10.exe
HKCU-Run-oroi - c:\progra~1\COMMON~1\oroi\oroim.exe
HKCU-Run-Odtw - c:\progra~1\COMMON~1\YSTEM3~1\scanregw.exe
HKCU-Run-Glevip - c:\windows\wroetmol.dll
HKCU-Run-Asue - c:\windows\SKS~1\regedit.exe
HKLM-Run-F9FBFAF6FBFCFCF - D0D2D1CDD2D3D.exe
ShellExecuteHooks-{BBB05D9E-0297-404D-A6BF-D8F2876B84A6} - (no file)
Notify-fccabba - fccabba.dll
AddRemove-exoSyphen Studios, Digital Hazard - c:\program files\exoSyphen Studios
AddRemove-Kingpin - c:\program files\Kingpin\Uninst.isu
AddRemove-Medieval Total War - c:\program files\Total War\Medieval - Total War\Uninst.isu
AddRemove-Simtowerv1.0 - c:\maxis\Simtower\DeIsL1.isu
AddRemove-xInsIDE - c:\program files\xInsIDE\xInsIDE.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-10 17:41
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2424)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\pctspk.exe
c:\program files\Internet Explorer\IEXPLORE.EXE
c:\program files\Internet Explorer\IEXPLORE.EXE
c:\windows\system32\taskmgr.exe
.
**************************************************************************
.
Completion time: 2011-06-10 17:47:22 - machine was rebooted
ComboFix-quarantined-files.txt 2011-06-10 22:47
.
Pre-Run: 23,276,433,408 bytes free
Post-Run: 24,135,720,960 bytes free
.
Current=3 Default=3 Failed=0 LastKnownGood=5 Sets=1,2,3,4,5
- - End Of File - - 21AAFDA30DBD36D2DBA63E4DE2A63E87

#6
Essexboy

Posted 11 June 2011 - 05:47 AM

GeekU Moderator

Retired Staff
69,964 posts

Hmm 'tis still severely infected - when you have completed the OTL run could you delete your current copy of combofix (right click - delete) and download then run a new copy. As there are some drivers that need removing and Combofix does a cleaner job

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
[2011/06/05 11:58:38 | 000,000,000 | ---D | M] (XULRunner) -- C:\DOCUMENTS AND SETTINGS\KATHY\LOCAL SETTINGS\APPLICATION DATA\{AB196CF2-BF33-4E98-AD19-67A3CD5A4AA0}
[2011/06/10 17:41:23 | 000,000,000 | ---D | M] (XULRunner) -- C:\DOCUMENTS AND SETTINGS\KATHY\LOCAL SETTINGS\APPLICATION DATA\{3AC9064B-AF59-44FA-AEBC-3FCA816816D2}
O4 - HKLM..\Run: [Jhabiwokojeg] C:\WINDOWS\ukatiwuvubomure.dll ()
O4 - HKCU..\Run: [Glevip] File not found
O4 - HKCU..\Run: [Apntuzze] File not found
O4 - HKCU..\Run: [Bwctcex] File not found
O4 - HKCU..\Run: [Cheq] File not found
O4 - HKCU..\Run: [Csxavqi] File not found
O4 - HKCU..\Run: [Czssnsq] File not found
O4 - HKCU..\Run: [Damyknqj] File not found
O4 - HKCU..\Run: [Dide] File not found
O4 - HKCU..\Run: [Dnwgbsmq] File not found
O4 - HKCU..\Run: [Efoh] File not found
O4 - HKCU..\Run: [Egfha] File not found
O4 - HKCU..\Run: [Fkvo] File not found
O4 - HKCU..\Run: [Hcuabct] File not found
O4 - HKCU..\Run: [Hgxzps] File not found
O4 - HKCU..\Run: [Hubfsuh] File not found
O4 - HKCU..\Run: [Hzs] File not found
O4 - HKCU..\Run: [Idt] File not found
O4 - HKCU..\Run: [Iytmywy] File not found
O4 - HKCU..\Run: [Jhs] File not found
O4 - HKCU..\Run: [Jksmmmk] File not found
O4 - HKCU..\Run: [Jtyzvdd] File not found
O4 - HKCU..\Run: [Kdtkwriw] File not found
O4 - HKCU..\Run: [Ktkufd] File not found
O4 - HKCU..\Run: [Kvhiq] File not found
O4 - HKCU..\Run: [Lwwdespp] File not found
O4 - HKCU..\Run: [Nalk] File not found
O4 - HKCU..\Run: [Nhkmmt] File not found
O4 - HKCU..\Run: [Nht] File not found
O4 - HKCU..\Run: [Ntgsjcj] File not found
O4 - HKCU..\Run: [Pvkikko] File not found
O4 - HKCU..\Run: [Qmrccvw] File not found
O4 - HKCU..\Run: [Qptlgcdl] File not found
O4 - HKCU..\Run: [Qqqqf] File not found
O4 - HKCU..\Run: [Sfqywb] File not found
O4 - HKCU..\Run: [Torqsabx] File not found
O4 - HKCU..\Run: [Ukfhmk] File not found
O4 - HKCU..\Run: [Umafi] File not found
O4 - HKCU..\Run: [Wjil] File not found
O4 - HKCU..\Run: [Wlw] File not found
O4 - HKCU..\Run: [Wuwn] File not found
O4 - HKCU..\Run: [Ykocki] File not found
O4 - HKCU..\Run: [Yngyje] File not found
O4 - HKCU..\Run: [Yshmjo] File not found
O4 - HKCU..\Run: [Zmpod] File not found
O16 - DPF: {50BD5CDA-4BA8-4048-8FAA-763F222E41D8} ms-its:mhtml:file://c:\\nores.mht!http://adxrnet.net/c...::/xpreload.ocx (Reg Error: Key error.)
[2011/06/10 15:41:04 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Yrapalanahif.bin
[2011/06/02 05:48:13 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malware Protection.lnk
[2008/10/02 14:05:26 | 001,040,303 | -HS- | C] () -- C:\WINDOWS\System32\lsmmwxti.ini
[2008/09/23 19:16:05 | 000,898,638 | -HS- | C] () -- C:\WINDOWS\System32\krheffkn.ini
[2008/09/20 23:23:00 | 001,001,677 | -HS- | C] () -- C:\WINDOWS\System32\fsvyjvkl.ini
[2008/09/14 23:47:16 | 001,071,071 | -HS- | C] () -- C:\WINDOWS\System32\mkhmhyfu.ini
[2008/09/14 08:49:02 | 001,078,208 | -HS- | C] () -- C:\WINDOWS\System32\kaialjnj.ini
[2008/09/13 00:22:24 | 001,078,208 | -HS- | C] () -- C:\WINDOWS\System32\xvvroeie.ini
[2008/09/12 00:24:31 | 001,180,778 | -HS- | C] () -- C:\WINDOWS\System32\gpwktclo.ini
[2008/02/07 19:57:32 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\kathy\Application Data\0047ab9674cb9a941c4a359502ec95b0ef22087b9f0ba1e2bc.dat
[2008/02/07 18:00:49 | 001,219,783 | -HS- | C] () -- C:\WINDOWS\System32\wkijcjlh.ini
[2008/01/21 09:25:38 | 001,086,203 | -HS- | C] () -- C:\WINDOWS\System32\mdqgphut.ini
[2008/01/19 19:18:14 | 001,073,319 | -HS- | C] () -- C:\WINDOWS\System32\arslrudn.ini
[2008/01/19 15:14:32 | 000,635,243 | ---- | C] () -- C:\WINDOWS\ld32408.exe
[2008/01/18 19:15:21 | 001,073,352 | -HS- | C] () -- C:\WINDOWS\System32\yuavlxbo.ini
[2008/01/17 18:34:23 | 000,001,158 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2008/01/17 18:32:41 | 000,030,998 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/01/17 17:20:42 | 001,075,882 | -HS- | C] () -- C:\WINDOWS\System32\todykilb.ini
[2008/01/15 09:53:30 | 001,075,822 | -HS- | C] () -- C:\WINDOWS\System32\fstjrjib.ini
[2008/01/15 09:51:24 | 001,056,916 | -HS- | C] () -- C:\WINDOWS\System32\iuggqneb.ini
[2008/01/04 23:23:01 | 001,018,922 | -HS- | C] () -- C:\WINDOWS\System32\eftifpvt.ini
[2007/12/25 19:39:00 | 001,044,100 | -HS- | C] () -- C:\WINDOWS\System32\svlgcbsq.ini
[2007/12/22 01:37:02 | 000,991,542 | -HS- | C] () -- C:\WINDOWS\System32\kshpldbf.ini
[2007/12/16 03:16:31 | 000,000,002 | ---- | C] () -- C:\WINDOWS\System32\wapiitr.exe

:Files
ipconfig /flushdns /c
c:\program files\Mozilla Firefox\0.14358515392301985.exe
C:\WINDOWS\ukatiwuvubomure.dll
c:\windows\awitonudo.dll
attrib -H c:\*.* /s /d /c

:Commands
[purity]
[resethosts]
[emptytemp]
[EMPTYFLASH]
[CREATERESTOREPOINT]
[Reboot]
Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

#7
lionclan

Posted 11 June 2011 - 02:00 PM

New Member

Topic Starter
Member
8 posts

Getting some browser redirects at search sites now, by the way. I've installed NoScript and am avoiding search engines.

New Combofix log:
ComboFix 11-06-11.01 - kathy 06/11/2011 15:12:04.3.1 - x86
Running from: c:\documents and settings\kathy\Desktop\ComboFix.exe
* Created a new restore point
.
/wow section - STAGE 3
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\hhkmp.ini
c:\windows\system32\hhkmp.ini2
.
.
((((((((((((((((((((((((( Files Created from 2011-05-11 to 2011-06-11 )))))))))))))))))))))))))))))))
.
.
2011-06-08 09:59 . 2011-06-08 09:59 -------- d-----w- C:\ff4c7b36ff72458a78cb5f056b126059
2011-06-08 09:59 . 2011-06-08 09:59 -------- d-----w- C:\996e4d00c27fa4c99c8a
2011-06-08 09:59 . 2011-06-08 09:59 -------- d-----w- C:\9d58ec02821eb6fecc8321d7c035
2011-06-08 02:51 . 2011-06-08 02:51 -------- d-sh--w- c:\documents and settings\kathy\PrivacIE
2011-06-08 02:39 . 2011-06-08 02:39 -------- d-----w- c:\windows\system32\config\systemprofile\IETldCache
2011-06-07 04:46 . 2011-06-07 04:46 -------- d-----w- C:\_OTL
2011-06-04 17:38 . 2011-06-04 17:38 -------- d-sh--w- c:\documents and settings\kathy\IETldCache
2011-06-04 17:00 . 2009-10-20 14:41 265728 -c----w- c:\windows\system32\dllcache\http.sys
2011-06-04 16:59 . 2010-05-06 10:41 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2011-06-04 16:59 . 2010-05-06 10:41 599040 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2011-06-04 16:59 . 2010-05-06 10:41 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2011-06-04 16:59 . 2010-05-06 10:41 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2011-06-04 16:59 . 2010-05-06 10:41 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2011-06-04 16:59 . 2010-05-06 10:41 11076096 -c----w- c:\windows\system32\dllcache\ieframe.dll
2011-06-04 16:59 . 2010-05-06 10:41 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2011-06-04 16:55 . 2011-06-04 16:59 -------- dc-h--w- c:\windows\ie8
2011-06-04 16:54 . 2011-06-04 16:54 -------- d-----w- c:\windows\system32\MpEngineStore
2011-06-04 02:37 . 2011-06-04 07:34 -------- d-----w- c:\windows\system32\CatRoot_bak
2011-06-04 01:44 . 2011-06-04 01:44 -------- d-----w- c:\windows\system32\KB905474
2011-06-04 01:43 . 2011-06-04 01:43 -------- d-----w- C:\e366ee99452b59ded35c06bd
2011-06-04 01:37 . 2011-06-04 01:37 -------- d-----w- C:\183a80f4440e33293f
2011-06-04 01:32 . 2011-06-04 01:32 -------- d-----w- c:\program files\MSXML 6.0
2011-06-04 01:17 . 2011-06-04 01:17 -------- d-----w- c:\windows\ServicePackFiles
2011-06-04 01:13 . 2011-06-04 01:13 -------- d-----w- c:\program files\MSXML 4.0
2011-06-04 00:32 . 2009-11-27 17:33 17920 -c----w- c:\windows\system32\dllcache\msyuv.dll
2011-06-04 00:30 . 2009-11-27 16:37 8704 -c----w- c:\windows\system32\dllcache\tsbyuv.dll
2011-06-04 00:30 . 2009-11-27 16:37 48128 -c----w- c:\windows\system32\dllcache\iyuv_32.dll
2011-06-04 00:25 . 2008-06-13 13:10 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2011-06-04 00:25 . 2008-06-13 13:10 272128 ------w- c:\windows\system32\drivers\bthport.sys
2011-06-04 00:23 . 2010-02-24 12:48 457216 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2011-06-04 00:18 . 2010-02-16 17:35 2143744 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2011-06-04 00:17 . 2010-02-16 17:37 2186880 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2011-06-04 00:17 . 2010-02-16 16:57 2021888 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2011-06-04 00:17 . 2010-02-17 16:57 2063744 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2011-06-03 23:51 . 2001-08-23 12:00 101376 -c--a-w- c:\windows\system32\dllcache\srusbusd.dll
2011-06-03 23:50 . 2004-08-03 20:31 15360 -c--a-w- c:\windows\system32\dllcache\padrs804.dll
2011-06-03 23:49 . 2001-08-23 12:00 70656 -c--a-w- c:\windows\system32\dllcache\korwbrkr.dll
2011-06-03 23:48 . 2001-08-23 12:00 10129408 -c--a-w- c:\windows\system32\dllcache\hwxkor.dll
2011-06-03 23:47 . 2004-08-03 22:56 92160 -c--a-w- c:\windows\system32\dllcache\evntwin.exe
2011-06-03 23:46 . 2001-08-23 12:00 45568 -c--a-w- c:\windows\system32\dllcache\browscap.dll
2011-06-03 23:45 . 2001-08-23 12:00 5632 -c--a-w- c:\windows\system32\dllcache\iisrstap.dll
2011-06-03 23:44 . 2004-08-03 22:56 221184 ----a-w- c:\windows\system32\wmpns.dll
2011-06-03 23:44 . 2011-06-03 23:44 -------- d-----w- c:\documents and settings\Default User\Local Settings\Application Data\Microsoft
2011-06-03 23:38 . 2010-04-16 13:29 18432 -c--a-w- c:\windows\system32\dllcache\iedw.exe
2011-06-03 23:38 . 2010-04-16 13:29 18432 ----a-w- c:\program files\Internet Explorer\iedw.exe
2011-06-03 23:36 . 2006-07-16 10:01 28672 ----a-w- c:\program files\Messenger\custsat.dll
2011-06-03 23:31 . 2001-08-17 17:12 70730 ----a-w- c:\windows\system32\drivers\lne100tx.sys
2011-06-03 23:26 . 2001-08-23 12:00 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2011-06-03 23:26 . 2001-08-23 12:00 24661 ----a-w- c:\windows\system32\spxcoins.dll
2011-06-03 23:26 . 2001-08-23 12:00 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2011-06-03 23:26 . 2001-08-23 12:00 13312 ----a-w- c:\windows\system32\irclass.dll
2011-06-03 23:24 . 2008-05-12 06:24 21024 ----a-w- c:\windows\system32\PANSON24.DRV
2011-06-03 23:00 . 2002-07-17 13:42 577536 ----a-w- c:\windows\system32\igfxres.dll
2011-06-03 22:58 . 2009-08-07 00:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2011-06-03 22:58 . 2009-08-07 00:24 17632 ----a-w- c:\windows\system32\wuaueng.dll.mui
2011-06-03 14:27 . 2011-06-03 18:17 -------- d-----w- c:\windows\system32\en
2011-06-03 14:27 . 2011-06-03 18:17 -------- d-----w- c:\windows\PeerNet
2011-06-03 14:27 . 2011-06-03 14:27 -------- d-----w- c:\windows\Provisioning
2011-06-03 14:27 . 2011-06-03 14:27 -------- d-----w- c:\windows\ehome
2011-06-03 07:43 . 2011-06-03 07:43 -------- d-----w- c:\windows\system32\msmq
2011-06-03 07:43 . 2011-06-03 07:43 -------- d-----w- c:\windows\system32\Logfiles
2011-06-03 07:05 . 2004-08-03 22:56 363520 -c--a-w- c:\windows\system32\dllcache\w3svc.dll
2011-06-03 07:04 . 2004-08-03 22:56 45056 -c--a-w- c:\windows\system32\dllcache\ssinc51.dll
2011-06-03 07:04 . 2004-08-03 22:56 358400 -c--a-w- c:\windows\system32\dllcache\snmpincl.dll
2011-06-03 07:04 . 2004-08-03 22:56 358400 ----a-w- c:\windows\system32\wbem\snmpincl.dll
2011-06-03 07:04 . 2004-08-03 22:56 188416 -c--a-w- c:\windows\system32\dllcache\snmpsmir.dll
2011-06-03 07:04 . 2004-08-03 22:56 188416 ----a-w- c:\windows\system32\wbem\snmpsmir.dll
2011-06-03 07:04 . 2004-08-03 22:56 456704 -c--a-w- c:\windows\system32\dllcache\smtpsvc.dll
2011-06-03 07:04 . 2004-08-03 22:56 236544 -c--a-w- c:\windows\system32\dllcache\smi2smir.exe
2011-06-03 07:04 . 2004-08-03 22:56 236544 ----a-w- c:\windows\system32\wbem\snmp\smi2smir.exe
2011-06-03 07:01 . 2004-08-03 22:56 37888 -c--a-w- c:\windows\system32\dllcache\md5filt.dll
2011-06-03 07:01 . 2004-08-03 22:56 257024 -c--a-w- c:\windows\system32\dllcache\infocomm.dll
2011-06-03 07:00 . 2004-08-03 22:56 79872 -c--a-w- c:\windows\system32\dllcache\iislog51.dll
2011-06-03 07:00 . 2004-08-03 22:56 61440 -c--a-w- c:\windows\system32\dllcache\httpod51.dll
2011-06-03 07:00 . 2004-08-03 22:56 268288 -c--a-w- c:\windows\system32\dllcache\httpext.dll
2011-06-03 06:57 . 2006-04-18 04:23 369664 -c--a-w- c:\windows\system32\dllcache\asp51.dll
2011-06-03 06:56 . 2004-08-03 22:56 46592 -c--a-w- c:\windows\system32\dllcache\coadmin.dll
2011-06-03 06:56 . 2004-08-03 22:56 290816 -c--a-w- c:\windows\system32\dllcache\adsiis51.dll
2011-06-03 06:56 . 2004-08-03 22:56 290816 ----a-w- c:\windows\system32\adsiis.dll
2011-06-03 01:39 . 2011-06-03 01:46 -------- d-----w- C:\New Folder
2011-05-28 02:24 . 2008-05-12 06:24 21024 ----a-w- C:\PANSON24.DRV
2011-05-25 18:29 . 2011-05-25 18:29 -------- d-----w- c:\documents and settings\kathy\Application Data\ImgBurn
2011-05-25 11:50 . 2011-05-25 11:50 -------- d-----w- c:\program files\ImgBurn
2011-05-25 05:00 . 2011-05-25 05:00 -------- d-----w- C:\NEW PANA
2011-05-25 04:59 . 2011-05-25 05:00 -------- d-----w- C:\new panasonic drivers
2011-05-22 23:31 . 2011-04-14 16:26 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-05-22 23:31 . 2011-04-14 16:25 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-05-22 23:31 . 2011-04-14 16:25 1874904 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
2011-05-22 23:31 . 2011-04-14 16:25 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
2011-05-22 23:31 . 2011-04-14 16:25 465880 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2011-05-22 23:31 . 2011-04-14 16:25 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2011-05-22 23:31 . 2010-01-01 08:00 1974616 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_42.dll
2011-05-22 23:31 . 2010-01-01 08:00 1892184 ----a-w- c:\program files\Mozilla Firefox\d3dx9_42.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2045-02-03 06:00 . 2010-11-15 06:07 92208 ----a-w- c:\windows\system\WING.DLL
2045-02-03 06:00 . 2010-11-15 06:07 12800 ----a-w- c:\windows\system\WING32.DLL
2045-02-03 06:00 . 2007-03-19 03:39 27136 ----a-w- c:\windows\system\WAVMIX16.DLL
2045-02-03 06:00 . 2007-03-19 03:39 92208 ----a-w- c:\windows\system32\WING.DLL
2045-02-03 06:00 . 2007-03-19 03:39 6736 ----a-w- c:\windows\system32\WINGDIB.DRV
2045-02-03 06:00 . 2007-03-19 03:39 5024 ----a-w- c:\windows\system32\WINGPAL.WND
2045-02-03 06:00 . 2007-03-19 03:39 1966 ----a-w- c:\windows\system32\DVA.386
2045-02-03 06:00 . 2007-03-19 03:39 188960 ----a-w- c:\windows\system32\WINGDE.DLL
2045-02-03 06:00 . 2007-03-19 03:39 12800 ----a-w- c:\windows\system32\WING32.DLL
2045-02-03 06:00 . 2007-03-19 03:38 27136 ----a-w- c:\windows\system32\WAVMIX16.DLL
2011-03-25 09:35 . 2011-03-25 09:44 3404136 ----a-w- C:\procexp.exe
2011-04-14 16:26 . 2011-05-22 23:31 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background
"MySpaceIM"=c:\program files\MySpace\IM\MySpaceIM.exe
"Words"=c:\program files\Words\Words.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"HotKeysCmds"=c:\windows\System32\hkcmd.exe
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"IgfxTray"=c:\windows\System32\igfxtray.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
.
R0 Xyj42;Xyj42; [x]
R1 jlpmgfqb;jlpmgfqb;c:\windows\system32\drivers\jlpmgfqb.sys [x]
R3 iAimFP8;iAimFP8;c:\windows\system32\DRIVERS\wADV11nt.sys [2002-07-23 11935]
R3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe [2004-08-03 14336]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2007-05-10 639224]
S3 lne100tx;Linksys LNE100TX Fast Ethernet PCI Adapter;c:\windows\system32\DRIVERS\lne100tx.sys [2001-08-17 70730]
S3 Ptserli;PCTEL Serial Device Driver for INTEL;c:\windows\system32\DRIVERS\ptserli.sys [2001-08-17 128286]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
DcomLaunch REG_MULTI_SZ DcomLaunch
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-25 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2010-09-23 20:31]
.
2011-06-11 c:\windows\Tasks\Spybot - Search & Destroy Updater - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SDUpdate.exe [2010-09-23 20:31]
.
2011-06-11 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2011-06-04 03:18]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
TCP: DhcpNameServer = 192.168.1.254
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\kathy\Application Data\Mozilla\Firefox\Profiles\hng3qhcl.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/webhp?rls=ig
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-Netscape Navigator 4.08 - c:\windows\ld32408.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-11 15:21
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2011-06-11 15:25:32
ComboFix-quarantined-files.txt 2011-06-11 20:25
.
Pre-Run: 24,244,465,664 bytes free
Post-Run: 24,233,742,336 bytes free
.
Current=3 Default=3 Failed=0 LastKnownGood=5 Sets=1,2,3,4,5
- - End Of File - - 67DA018A7852A2E31A4D74360145C395

OTL log:
OTL logfile created on: 6/11/2011 2:53:11 PM - Run 3
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Program Files\mIRC\download
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.48 Mb Total Physical Memory | 245.96 Mb Available Physical Memory | 48.18% Memory free
1.22 Gb Paging File | 0.99 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 22.60 Gb Free Space | 30.32% Space Free | Partition Type: NTFS
Drive E: | 123.00 Mb Total Space | 68.60 Mb Free Space | 55.77% Space Free | Partition Type: FAT32

Computer Name: PERFUNDO | User Name: kathy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/04 19:07:58 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Program Files\mIRC\download\OTLgtg.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2006/11/23 10:45:34 | 002,076,672 | ---- | M] (mIRC Co. Ltd.) -- C:\Program Files\mIRC\mirc.exe
PRC - [2006/07/16 05:01:43 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2001/08/17 22:36:54 | 000,086,016 | ---- | M] (PCtel, Inc.) -- C:\WINDOWS\system32\pctspk.exe

========== Modules (SafeList) ==========

MOD - [2011/06/04 19:07:58 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Program Files\mIRC\download\OTLgtg.exe
MOD - [2006/07/16 05:02:56 | 001,053,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2649_x-ww_aac16c8b\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2010/07/26 16:01:00 | 000,066,112 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus®
SRV - [2001/08/17 22:36:54 | 000,086,016 | ---- | M] (PCtel, Inc.) [Auto | Running] -- C:\WINDOWS\system32\pctspk.exe -- (Pctspk)

========== Driver Services (SafeList) ==========

DRV - [2007/05/10 15:02:19 | 000,639,224 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2006/07/16 05:09:03 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2002/10/15 01:00:00 | 000,101,431 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\IdeChnDr.sys -- (IdeChnDr) Intel®
DRV - [2002/10/15 01:00:00 | 000,013,891 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\IdeBusDr.sys -- (IdeBusDr)
DRV - [2002/07/23 10:01:38 | 000,161,020 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\i81xnt5.sys -- (i81x)
DRV - [2002/07/23 10:01:34 | 000,011,935 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV11NT.sys -- (iAimFP8)
DRV - [2002/07/23 10:01:32 | 000,011,871 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV09NT.sys -- (iAimFP7)
DRV - [2002/07/23 10:01:32 | 000,011,807 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV07nt.sys -- (iAimFP5)
DRV - [2002/07/23 10:01:32 | 000,011,295 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV08NT.sys -- (iAimFP6)
DRV - [2002/07/23 10:01:30 | 000,012,127 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV02NT.sys -- (iAimFP1)
DRV - [2002/07/23 10:01:30 | 000,011,775 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV05NT.sys -- (iAimFP2)
DRV - [2002/07/23 10:01:28 | 000,019,455 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wVchNTxx.sys -- (iAimFP4)
DRV - [2002/07/23 10:01:28 | 000,012,415 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV01nt.sys -- (iAimFP0)
DRV - [2002/07/23 10:01:28 | 000,012,063 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wSiINTxx.sys -- (iAimFP3)
DRV - [2002/07/23 10:01:26 | 000,025,471 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV10nt.sys -- (iAimTV5)
DRV - [2002/07/23 10:01:26 | 000,022,271 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV06nt.sys -- (iAimTV6)
DRV - [2002/07/23 10:01:24 | 000,033,599 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV04nt.sys -- (iAimTV3)
DRV - [2002/07/23 10:01:22 | 000,029,311 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV01nt.sys -- (iAimTV0)
DRV - [2002/07/23 10:01:22 | 000,019,551 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV02NT.sys -- (iAimTV1)
DRV - [2002/07/23 10:01:20 | 000,023,615 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wCh7xxNT.sys -- (iAimTV4)
DRV - [2001/08/17 13:28:16 | 000,397,502 | ---- | M] (PCtel, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\vpctcom.sys -- (Vpctcom)
DRV - [2001/08/17 13:28:16 | 000,064,605 | ---- | M] (PCtel, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\vvoice.sys -- (Vvoice)
DRV - [2001/08/17 13:28:14 | 000,604,253 | ---- | M] (PCTEL, INC.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\vmodem.sys -- (Vmodem)
DRV - [2001/08/17 13:28:12 | 000,128,286 | ---- | M] (PCTEL, INC.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptserli.sys -- (Ptserli)
DRV - [2001/08/17 12:12:24 | 000,070,730 | ---- | M] (Linksys Group, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lne100tx.sys -- (lne100tx)
DRV - [2001/08/17 09:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "http://www.google.co...m/webhp?rls=ig"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {AB196CF2-BF33-4E98-AD19-67A3CD5A4AA0}:1.9.1

FF - HKLM\software\mozilla\Firefox\extensions\\{3AC9064B-AF59-44FA-AEBC-3FCA816816D2}: C:\Documents and Settings\kathy\Local Settings\Application Data\{3AC9064B-AF59-44FA-AEBC-3FCA816816D2}\
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files\Mozilla Firefox 4.0 Beta 8\components [2011/04/03 16:16:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox 4.0 Beta 8\plugins
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/22 18:31:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/22 18:30:59 | 000,000,000 | ---D | M]

[2011/03/12 17:24:25 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\kathy\Application Data\Mozilla\Extensions
[2011/06/09 13:48:19 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\kathy\Application Data\Mozilla\Firefox\Profiles\hng3qhcl.default\extensions
[2011/05/22 18:31:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) --
() (No name found) -- C:\DOCUMENTS AND SETTINGS\KATHY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\HNG3QHCL.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\KATHY\LOCAL SETTINGS\APPLICATION DATA\{3AC9064B-AF59-44FA-AEBC-3FCA816816D2}
[2009/05/08 20:35:36 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/04/14 11:26:02 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2010/01/01 03:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/06/11 14:46:01 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {3334504D-9980-0010-8000-00AA00389B71} http://download.micr...C4D/mp43dmo.CAB (Reg Error: Key error.)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.micr...922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\vnd.ms.radio {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\WINDOWS\system32\msdxm.ocx ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\kathy\Local Settings\Application Data\Microsoft\Wallpaper2.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\kathy\Local Settings\Application Data\Microsoft\Wallpaper2.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/12/28 11:50:47 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/11 14:37:08 | 004,120,119 | ---- | C] (Swearware) -- C:\Documents and Settings\kathy\Desktop\ComboFix.exe
[2011/06/10 18:05:06 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/06/10 17:37:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/06/10 16:18:22 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/06/10 14:18:31 | 000,000,000 | R--D | C] -- C:\Documents and Settings\kathy\Start Menu\Programs\Administrative Tools
[2011/06/08 04:59:50 | 000,000,000 | ---D | C] -- C:\ff4c7b36ff72458a78cb5f056b126059
[2011/06/08 04:59:49 | 000,000,000 | ---D | C] -- C:\996e4d00c27fa4c99c8a
[2011/06/08 04:59:27 | 000,000,000 | ---D | C] -- C:\9d58ec02821eb6fecc8321d7c035
[2011/06/08 04:58:59 | 000,000,000 | R--D | C] -- C:\Documents and Settings\kathy\Recent
[2011/06/07 21:51:20 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\kathy\PrivacIE
[2011/06/06 23:46:23 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/06/04 17:53:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kathy\Desktop\backups
[2011/06/04 12:38:26 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\kathy\IETldCache
[2011/06/04 12:01:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2011/06/04 11:58:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2011/06/04 11:55:31 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2011/06/04 11:55:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US
[2011/06/04 11:54:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MpEngineStore
[2011/06/03 21:37:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot_bak
[2011/06/03 20:47:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kathy\Desktop\SmitfraudFix
[2011/06/03 20:44:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\KB905474
[2011/06/03 20:44:03 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2011/06/03 20:43:50 | 000,000,000 | ---D | C] -- C:\e366ee99452b59ded35c06bd
[2011/06/03 20:37:12 | 000,000,000 | ---D | C] -- C:\183a80f4440e33293f
[2011/06/03 20:32:51 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 6.0
[2011/06/03 20:17:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2011/06/03 20:13:34 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2011/06/03 18:55:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2011/06/03 18:52:25 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$
[2011/06/03 18:51:26 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2011/06/03 18:51:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kathy\Application Data\Awol
[2011/06/03 18:51:25 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2011/06/03 18:51:25 | 000,026,624 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw330ext.dll
[2011/06/03 18:47:15 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2011/06/03 18:31:57 | 000,070,730 | ---- | C] (Linksys Group, Inc.) -- C:\WINDOWS\System32\drivers\lne100tx.sys
[2011/06/03 17:58:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2011/06/03 14:23:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\setup.pss
[2011/06/03 09:27:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution
[2011/06/03 09:27:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\Provisioning
[2011/06/03 09:27:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
[2011/06/03 09:27:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\PeerNet
[2011/06/03 09:27:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\Network Diagnostic
[2011/06/03 09:27:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2011/06/03 09:27:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\ehome
[2011/06/03 02:43:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\msmq
[2011/06/03 02:43:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Logfiles
[2011/06/02 20:39:14 | 000,000,000 | ---D | C] -- C:\New Folder
[2011/05/28 01:01:11 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/05/28 01:01:11 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/05/28 01:01:11 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/05/28 01:01:11 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/05/28 00:59:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/05/28 00:59:02 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/05/27 20:50:06 | 000,218,112 | ---- | C] (Soeperman Enterprises Ltd.) -- C:\Documents and Settings\kathy\Desktop\HijackThis.exe
[2011/05/25 13:29:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kathy\Application Data\ImgBurn
[2011/05/25 06:50:13 | 000,000,000 | ---D | C] -- C:\Program Files\ImgBurn
[2011/05/25 06:50:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ImgBurn
[2011/05/25 00:00:12 | 000,000,000 | ---D | C] -- C:\NEW PANA
[2011/05/24 23:59:33 | 000,000,000 | ---D | C] -- C:\new panasonic drivers

========== Files - Modified Within 30 Days ==========

[2045/02/03 01:00:00 | 000,002,554 | ---- | M] () -- C:\WINDOWS\WAVEMIX.INI
[2045/02/03 01:00:00 | 000,001,966 | ---- | M] () -- C:\WINDOWS\System32\DVA.386
[2011/06/11 14:50:19 | 000,000,258 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2011/06/11 14:49:20 | 000,000,314 | ---- | M] () -- C:\WINDOWS\tasks\Spybot - Search & Destroy Updater - Scheduled Task.job
[2011/06/11 14:49:16 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/11 14:46:01 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/06/11 14:29:55 | 000,002,639 | ---- | M] () -- C:\Documents and Settings\kathy\Desktop\SaturdayFix.rtf
[2011/06/11 14:14:47 | 004,120,119 | ---- | M] (Swearware) -- C:\Documents and Settings\kathy\Desktop\ComboFix.exe
[2011/06/11 05:53:13 | 000,000,754 | ---- | M] () -- C:\WINDOWS\WORDPAD.INI
[2011/06/10 17:41:31 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Wgecewatebicogic.dat
[2011/06/10 16:18:30 | 000,000,310 | RHS- | M] () -- C:\boot.ini
[2011/06/10 15:19:54 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/06/09 03:02:28 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/06/08 11:35:37 | 000,006,274 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2011/06/07 23:48:44 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/06/07 00:14:44 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\kathy\Desktop\MBR.dat
[2011/06/06 23:45:02 | 000,056,571 | ---- | M] () -- C:\Documents and Settings\kathy\Desktop\paste.rtf
[2011/06/04 03:37:44 | 000,107,808 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/06/03 20:38:17 | 001,872,472 | ---- | M] () -- C:\Documents and Settings\kathy\Desktop\SmitfraudFix.exe
[2011/06/03 18:53:50 | 000,018,039 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2011/06/03 18:44:36 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2011/06/03 18:44:31 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2011/06/03 18:44:31 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2011/06/03 18:44:20 | 000,000,194 | ---- | M] () -- C:\Boot.bak
[2011/06/03 18:44:12 | 000,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2011/06/03 18:26:21 | 000,311,934 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/06/03 18:26:21 | 000,040,196 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/06/03 17:59:42 | 000,000,198 | -HS- | M] () -- C:\Documents and Settings\kathy\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop(2).ini
[2011/05/27 23:48:02 | 000,000,020 | ---- | M] () -- C:\Documents and Settings\kathy\defogger_reenable
[2011/05/27 22:22:20 | 612,499,456 | ---- | M] () -- C:\WXPVOL_EN.ISO
[2011/05/25 06:50:13 | 000,001,582 | ---- | M] () -- C:\Documents and Settings\kathy\Application Data\Microsoft\Internet Explorer\Quick Launch\ImgBurn.lnk
[2011/05/25 06:50:13 | 000,001,564 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ImgBurn.lnk
[2011/05/24 19:59:06 | 000,000,240 | ---- | M] () -- C:\WINDOWS\tasks\Spybot - Search & Destroy - Scheduled Task.job
[2011/05/23 13:06:59 | 000,002,350 | ---- | M] () -- C:\Documents and Settings\kathy\My Documents\Fell On Black Days.rtf
[2011/05/22 18:31:04 | 000,000,778 | ---- | M] () -- C:\Documents and Settings\kathy\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/05/22 18:31:04 | 000,000,778 | ---- | M] () -- C:\Documents and Settings\kathy\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox(2).lnk
[2011/05/22 18:31:03 | 000,000,760 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/05/19 22:45:49 | 000,002,694 | ---- | M] () -- C:\Documents and Settings\kathy\My Documents\Don't Let It Bring You Down.rtf

========== Files Created - No Company Name ==========

[2011/06/11 14:29:55 | 000,002,639 | ---- | C] () -- C:\Documents and Settings\kathy\Desktop\SaturdayFix.rtf
[2011/06/10 16:38:59 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\kathy\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2011/06/10 16:36:43 | 261,488,640 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VTS_01_1.VOB
[2011/06/10 16:36:42 | 000,825,461 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\report.pdf
[2011/06/10 16:36:42 | 000,501,958 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SR16_Manual.pdf
[2011/06/10 16:36:42 | 000,414,304 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\slipx3.gif
[2011/06/10 16:36:32 | 023,918,736 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\LionClan - Otherside.avi
[2011/06/10 16:36:22 | 019,810,380 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\LionClan - Glycerine.avi
[2011/06/10 16:26:48 | 1073,709,056 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\LionClan - Creep _VTS_01_1.VOB
[2011/06/10 16:26:32 | 024,815,616 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\LionClan - Angel.avi
[2011/06/10 16:24:00 | 288,161,792 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\LionClan - Angel VTS_01_2.VOB
[2011/06/10 16:24:00 | 000,125,351 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\hardship waiver48259.pdf
[2011/06/10 16:24:00 | 000,109,745 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\invepsoa.wri
[2011/06/10 16:24:00 | 000,053,873 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\conditional-release-doc1.pdf
[2011/06/10 16:23:59 | 001,217,711 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\chapter5.pdf
[2011/06/10 16:23:59 | 000,158,193 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\bookmarks.html
[2011/06/10 16:23:58 | 000,039,665 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\03337.pdf
[2011/06/10 16:23:58 | 000,030,001 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\5xGuitarChordTabBig-1.pdf
[2011/06/10 16:23:58 | 000,026,899 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\5xGuitarChordTab-1.pdf
[2011/06/10 16:23:58 | 000,025,384 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\5xGuitarChordTabBig.pdf
[2011/06/10 16:18:30 | 000,000,194 | ---- | C] () -- C:\Boot.bak
[2011/06/08 00:05:40 | 000,000,314 | ---- | C] () -- C:\WINDOWS\tasks\Spybot - Search & Destroy Updater - Scheduled Task.job
[2011/06/07 22:55:54 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/06/07 01:02:27 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Wgecewatebicogic.dat
[2011/06/07 00:14:44 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\kathy\Desktop\MBR.dat
[2011/06/06 23:36:32 | 000,056,571 | ---- | C] () -- C:\Documents and Settings\kathy\Desktop\paste.rtf
[2011/06/03 20:44:24 | 000,000,258 | ---- | C] () -- C:\WINDOWS\tasks\WGASetup.job
[2011/06/03 20:37:54 | 001,872,472 | ---- | C] () -- C:\Documents and Settings\kathy\Desktop\SmitfraudFix.exe
[2011/06/03 18:51:03 | 000,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll
[2011/06/03 18:49:57 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2011/06/03 18:49:29 | 000,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2011/06/03 18:49:24 | 000,196,665 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe
[2011/06/03 18:49:15 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2011/06/03 18:48:41 | 013,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
[2011/06/03 18:48:21 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2011/06/03 18:48:05 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\dllcache\fpencode.dll
[2011/06/03 18:47:28 | 000,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2011/06/03 18:41:52 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Movie Maker.lnk
[2011/06/03 18:24:10 | 000,141,702 | ---- | C] () -- C:\WINDOWS\System32\dllcache\netfx.cat
[2011/06/03 18:24:10 | 000,110,116 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tabletpc.cat
[2011/06/03 18:24:10 | 000,031,965 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mediactr.cat
[2011/06/03 18:24:10 | 000,024,209 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn7.cat
[2011/06/03 18:24:10 | 000,011,651 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn9.cat
[2011/06/03 18:24:10 | 000,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2011/06/03 18:24:10 | 000,007,382 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2011/06/03 18:24:10 | 000,007,245 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSTSWEB.CAT
[2011/06/03 18:24:09 | 000,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2011/06/03 18:24:09 | 000,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
[2011/06/03 18:24:09 | 000,031,281 | ---- | C] () -- C:\WINDOWS\System32\dllcache\FP4.CAT
[2011/06/03 18:24:09 | 000,013,753 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IMS.CAT
[2011/06/03 18:24:09 | 000,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT
[2011/06/03 18:24:09 | 000,009,581 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSMSGS.CAT
[2011/06/03 18:24:09 | 000,007,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmerrenu.cat
[2011/06/03 18:24:08 | 000,797,189 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2011/06/03 18:24:06 | 001,042,903 | ---- | C] () -- C:\WINDOWS\System32\dllcache\SP2.CAT
[2011/06/03 18:24:04 | 002,012,670 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5.CAT
[2011/06/03 18:24:04 | 000,502,724 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5INF.CAT
[2011/05/28 01:03:48 | 000,245,920 | RHS- | C] () -- C:\cmldr
[2011/05/28 01:01:11 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/05/28 01:01:11 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/05/28 01:01:11 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/05/28 01:01:11 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/05/28 01:01:11 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/05/27 23:47:53 | 000,000,020 | ---- | C] () -- C:\Documents and Settings\kathy\defogger_reenable
[2011/05/27 23:32:10 | 612,499,456 | ---- | C] () -- C:\WXPVOL_EN.ISO
[2011/05/25 06:50:13 | 000,001,582 | ---- | C] () -- C:\Documents and Settings\kathy\Application Data\Microsoft\Internet Explorer\Quick Launch\ImgBurn.lnk
[2011/05/25 06:50:13 | 000,001,564 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ImgBurn.lnk
[2011/05/24 19:59:06 | 000,000,240 | ---- | C] () -- C:\WINDOWS\tasks\Spybot - Search & Destroy - Scheduled Task.job
[2011/05/23 13:06:23 | 000,002,350 | ---- | C] () -- C:\Documents and Settings\kathy\My Documents\Fell On Black Days.rtf
[2011/05/22 18:31:03 | 000,000,766 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011/05/19 21:52:21 | 000,002,694 | ---- | C] () -- C:\Documents and Settings\kathy\My Documents\Don't Let It Bring You Down.rtf
[2011/03/25 04:26:02 | 000,024,623 | -HS- | C] () -- C:\WINDOWS\System32\hhkmp.ini2
[2011/03/14 12:27:13 | 000,024,623 | -HS- | C] () -- C:\WINDOWS\System32\hhkmp.ini
[2010/09/23 18:11:32 | 000,006,274 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/10/05 19:45:04 | 000,013,824 | ---- | C] () -- C:\Documents and Settings\kathy\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/06 04:34:51 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2009/03/27 21:47:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NSREX.INI
[2008/10/19 13:59:44 | 000,016,332 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2008/09/11 23:14:53 | 000,001,536 | ---- | C] () -- C:\WINDOWS\System32\TrueSoft.dat
[2008/09/11 23:14:46 | 000,000,456 | ---- | C] () -- C:\WINDOWS\System32\pthsp.dat
[2008/01/19 15:34:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\netscape.INI
[2007/05/14 17:07:03 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2007/05/10 14:12:19 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2007/05/10 14:09:34 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2007/05/10 14:09:34 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2007/05/10 14:09:34 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2007/05/10 14:08:42 | 000,000,037 | ---- | C] () -- C:\WINDOWS\sierra.ini
[2007/04/22 19:15:29 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007/04/22 19:01:47 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2007/03/18 22:38:31 | 000,002,554 | ---- | C] () -- C:\WINDOWS\WAVEMIX.INI
[2007/03/18 22:38:30 | 000,000,169 | ---- | C] () -- C:\WINDOWS\SimTower.ini
[2007/03/16 01:50:31 | 000,000,444 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2007/01/03 16:16:16 | 000,258,048 | ---- | C] () -- C:\WINDOWS\System32\shpshftr.dll
[2007/01/03 16:16:03 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\igfxdgps.dll
[2007/01/03 16:16:02 | 000,012,351 | ---- | C] () -- C:\WINDOWS\System32\i81xcoin.dll
[2006/12/28 11:56:21 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006/12/28 11:45:02 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/12/28 06:23:48 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/12/28 06:21:50 | 000,107,808 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006/07/16 05:03:01 | 000,012,800 | ---- | C] () -- C:\WINDOWS\System32\WgaTray.exe
[2006/07/16 05:03:01 | 000,003,584 | ---- | C] () -- C:\WINDOWS\System32\WgaLogon.dll
[2005/03/25 18:42:50 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/08/03 18:07:22 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2004/08/02 07:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2001/08/23 07:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/08/23 07:00:00 | 000,311,934 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/08/23 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/23 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/23 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/23 07:00:00 | 000,040,196 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/08/23 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/23 07:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/08/23 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2011/06/03 22:04:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kathy\Application Data\Awol
[2011/04/19 21:55:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kathy\Application Data\Canon
[2009/08/20 07:43:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kathy\Application Data\Foxit
[2010/09/05 15:15:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kathy\Application Data\GSplit
[2011/05/25 13:29:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kathy\Application Data\ImgBurn
[2009/05/08 20:39:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kathy\Application Data\OpenOffice.org
[2011/06/11 14:50:19 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\WGASetup.job

========== Purity Check ==========

< End of report >

Edited by lionclan, 11 June 2011 - 02:23 PM.

#8
Essexboy

Posted 11 June 2011 - 02:13 PM

GeekU Moderator

Retired Staff
69,964 posts

OK lets kill the drivers now and then see what problems remain

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

File::
c:\windows\system32\drivers\jlpmgfqb.sys

Driver::
Xyj42
jlpmgfqb

Save this as CFScript.txt, in the same location as ComboFix.exe

Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply, along with a fresh OTL log.

#9
lionclan

Posted 11 June 2011 - 03:31 PM

New Member

Topic Starter
Member
8 posts

ComboFix 11-06-11.01 - kathy 06/11/2011 16:50:50.4.1 - x86
Running from: c:\documents and settings\kathy\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\kathy\Desktop\CFScript.txt
* Created a new restore point
.
FILE ::
"c:\windows\system32\drivers\jlpmgfqb.sys"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
Infected copy of c:\windows\system32\drivers\volsnap.sys was found and disinfected
Restored copy from - Kitty had a snack

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_XYJ42
-------\Service_jlpmgfqb
-------\Service_Xyj42
.
.
((((((((((((((((((((((((( Files Created from 2011-05-11 to 2011-06-11 )))))))))))))))))))))))))))))))
.
.
2011-06-08 09:59 . 2011-06-08 09:59 -------- d-----w- C:\ff4c7b36ff72458a78cb5f056b126059
2011-06-08 09:59 . 2011-06-08 09:59 -------- d-----w- C:\996e4d00c27fa4c99c8a
2011-06-08 09:59 . 2011-06-08 09:59 -------- d-----w- C:\9d58ec02821eb6fecc8321d7c035
2011-06-08 02:51 . 2011-06-08 02:51 -------- d-sh--w- c:\documents and settings\kathy\PrivacIE
2011-06-08 02:39 . 2011-06-08 02:39 -------- d-----w- c:\windows\system32\config\systemprofile\IETldCache
2011-06-07 04:46 . 2011-06-07 04:46 -------- d-----w- C:\_OTL
2011-06-04 17:38 . 2011-06-04 17:38 -------- d-sh--w- c:\documents and settings\kathy\IETldCache
2011-06-04 17:00 . 2009-10-20 14:41 265728 -c----w- c:\windows\system32\dllcache\http.sys
2011-06-04 16:59 . 2010-05-06 10:41 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2011-06-04 16:59 . 2010-05-06 10:41 599040 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2011-06-04 16:59 . 2010-05-06 10:41 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2011-06-04 16:59 . 2010-05-06 10:41 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2011-06-04 16:59 . 2010-05-06 10:41 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2011-06-04 16:59 . 2010-05-06 10:41 11076096 -c----w- c:\windows\system32\dllcache\ieframe.dll
2011-06-04 16:59 . 2010-05-06 10:41 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2011-06-04 16:55 . 2011-06-04 16:59 -------- dc-h--w- c:\windows\ie8
2011-06-04 16:54 . 2011-06-04 16:54 -------- d-----w- c:\windows\system32\MpEngineStore
2011-06-04 02:37 . 2011-06-04 07:34 -------- d-----w- c:\windows\system32\CatRoot_bak
2011-06-04 01:44 . 2011-06-04 01:44 -------- d-----w- c:\windows\system32\KB905474
2011-06-04 01:43 . 2011-06-04 01:43 -------- d-----w- C:\e366ee99452b59ded35c06bd
2011-06-04 01:37 . 2011-06-04 01:37 -------- d-----w- C:\183a80f4440e33293f
2011-06-04 01:32 . 2011-06-04 01:32 -------- d-----w- c:\program files\MSXML 6.0
2011-06-04 01:17 . 2011-06-04 01:17 -------- d-----w- c:\windows\ServicePackFiles
2011-06-04 01:13 . 2011-06-04 01:13 -------- d-----w- c:\program files\MSXML 4.0
2011-06-04 00:32 . 2009-11-27 17:33 17920 -c----w- c:\windows\system32\dllcache\msyuv.dll
2011-06-04 00:30 . 2009-11-27 16:37 8704 -c----w- c:\windows\system32\dllcache\tsbyuv.dll
2011-06-04 00:30 . 2009-11-27 16:37 48128 -c----w- c:\windows\system32\dllcache\iyuv_32.dll
2011-06-04 00:25 . 2008-06-13 13:10 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2011-06-04 00:25 . 2008-06-13 13:10 272128 ------w- c:\windows\system32\drivers\bthport.sys
2011-06-04 00:23 . 2010-02-24 12:48 457216 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2011-06-04 00:18 . 2010-02-16 17:35 2143744 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2011-06-04 00:17 . 2010-02-16 17:37 2186880 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2011-06-04 00:17 . 2010-02-16 16:57 2021888 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2011-06-04 00:17 . 2010-02-17 16:57 2063744 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2011-06-03 23:51 . 2001-08-23 12:00 101376 -c--a-w- c:\windows\system32\dllcache\srusbusd.dll
2011-06-03 23:50 . 2004-08-03 20:31 15360 -c--a-w- c:\windows\system32\dllcache\padrs804.dll
2011-06-03 23:49 . 2001-08-23 12:00 70656 -c--a-w- c:\windows\system32\dllcache\korwbrkr.dll
2011-06-03 23:48 . 2001-08-23 12:00 10129408 -c--a-w- c:\windows\system32\dllcache\hwxkor.dll
2011-06-03 23:47 . 2004-08-03 22:56 92160 -c--a-w- c:\windows\system32\dllcache\evntwin.exe
2011-06-03 23:46 . 2001-08-23 12:00 45568 -c--a-w- c:\windows\system32\dllcache\browscap.dll
2011-06-03 23:45 . 2001-08-23 12:00 5632 -c--a-w- c:\windows\system32\dllcache\iisrstap.dll
2011-06-03 23:44 . 2004-08-03 22:56 221184 ----a-w- c:\windows\system32\wmpns.dll
2011-06-03 23:44 . 2011-06-03 23:44 -------- d-----w- c:\documents and settings\Default User\Local Settings\Application Data\Microsoft
2011-06-03 23:38 . 2010-04-16 13:29 18432 -c--a-w- c:\windows\system32\dllcache\iedw.exe
2011-06-03 23:38 . 2010-04-16 13:29 18432 ----a-w- c:\program files\Internet Explorer\iedw.exe
2011-06-03 23:36 . 2006-07-16 10:01 28672 ----a-w- c:\program files\Messenger\custsat.dll
2011-06-03 23:31 . 2001-08-17 17:12 70730 ----a-w- c:\windows\system32\drivers\lne100tx.sys
2011-06-03 23:26 . 2001-08-23 12:00 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2011-06-03 23:26 . 2001-08-23 12:00 24661 ----a-w- c:\windows\system32\spxcoins.dll
2011-06-03 23:26 . 2001-08-23 12:00 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2011-06-03 23:26 . 2001-08-23 12:00 13312 ----a-w- c:\windows\system32\irclass.dll
2011-06-03 23:24 . 2008-05-12 06:24 21024 ----a-w- c:\windows\system32\PANSON24.DRV
2011-06-03 23:00 . 2002-07-17 13:42 577536 ----a-w- c:\windows\system32\igfxres.dll
2011-06-03 22:58 . 2009-08-07 00:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2011-06-03 22:58 . 2009-08-07 00:24 17632 ----a-w- c:\windows\system32\wuaueng.dll.mui
2011-06-03 14:27 . 2011-06-03 18:17 -------- d-----w- c:\windows\system32\en
2011-06-03 14:27 . 2011-06-03 18:17 -------- d-----w- c:\windows\PeerNet
2011-06-03 14:27 . 2011-06-03 14:27 -------- d-----w- c:\windows\Provisioning
2011-06-03 14:27 . 2011-06-03 14:27 -------- d-----w- c:\windows\ehome
2011-06-03 07:43 . 2011-06-03 07:43 -------- d-----w- c:\windows\system32\msmq
2011-06-03 07:43 . 2011-06-03 07:43 -------- d-----w- c:\windows\system32\Logfiles
2011-06-03 07:05 . 2004-08-03 22:56 363520 -c--a-w- c:\windows\system32\dllcache\w3svc.dll
2011-06-03 07:04 . 2004-08-03 22:56 45056 -c--a-w- c:\windows\system32\dllcache\ssinc51.dll
2011-06-03 07:04 . 2004-08-03 22:56 358400 -c--a-w- c:\windows\system32\dllcache\snmpincl.dll
2011-06-03 07:04 . 2004-08-03 22:56 358400 ----a-w- c:\windows\system32\wbem\snmpincl.dll
2011-06-03 07:04 . 2004-08-03 22:56 188416 -c--a-w- c:\windows\system32\dllcache\snmpsmir.dll
2011-06-03 07:04 . 2004-08-03 22:56 188416 ----a-w- c:\windows\system32\wbem\snmpsmir.dll
2011-06-03 07:04 . 2004-08-03 22:56 456704 -c--a-w- c:\windows\system32\dllcache\smtpsvc.dll
2011-06-03 07:04 . 2004-08-03 22:56 236544 -c--a-w- c:\windows\system32\dllcache\smi2smir.exe
2011-06-03 07:04 . 2004-08-03 22:56 236544 ----a-w- c:\windows\system32\wbem\snmp\smi2smir.exe
2011-06-03 07:01 . 2004-08-03 22:56 37888 -c--a-w- c:\windows\system32\dllcache\md5filt.dll
2011-06-03 07:01 . 2004-08-03 22:56 257024 -c--a-w- c:\windows\system32\dllcache\infocomm.dll
2011-06-03 07:00 . 2004-08-03 22:56 79872 -c--a-w- c:\windows\system32\dllcache\iislog51.dll
2011-06-03 07:00 . 2004-08-03 22:56 61440 -c--a-w- c:\windows\system32\dllcache\httpod51.dll
2011-06-03 07:00 . 2004-08-03 22:56 268288 -c--a-w- c:\windows\system32\dllcache\httpext.dll
2011-06-03 06:57 . 2006-04-18 04:23 369664 -c--a-w- c:\windows\system32\dllcache\asp51.dll
2011-06-03 06:56 . 2004-08-03 22:56 46592 -c--a-w- c:\windows\system32\dllcache\coadmin.dll
2011-06-03 06:56 . 2004-08-03 22:56 290816 -c--a-w- c:\windows\system32\dllcache\adsiis51.dll
2011-06-03 06:56 . 2004-08-03 22:56 290816 ----a-w- c:\windows\system32\adsiis.dll
2011-06-03 01:39 . 2011-06-03 01:46 -------- d-----w- C:\New Folder
2011-05-28 02:24 . 2008-05-12 06:24 21024 ----a-w- C:\PANSON24.DRV
2011-05-25 18:29 . 2011-05-25 18:29 -------- d-----w- c:\documents and settings\kathy\Application Data\ImgBurn
2011-05-25 11:50 . 2011-05-25 11:50 -------- d-----w- c:\program files\ImgBurn
2011-05-25 05:00 . 2011-05-25 05:00 -------- d-----w- C:\NEW PANA
2011-05-25 04:59 . 2011-05-25 05:00 -------- d-----w- C:\new panasonic drivers
2011-05-22 23:31 . 2011-04-14 16:26 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-05-22 23:31 . 2011-04-14 16:25 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-05-22 23:31 . 2011-04-14 16:25 1874904 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
2011-05-22 23:31 . 2011-04-14 16:25 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
2011-05-22 23:31 . 2011-04-14 16:25 465880 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2011-05-22 23:31 . 2011-04-14 16:25 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2011-05-22 23:31 . 2010-01-01 08:00 1974616 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_42.dll
2011-05-22 23:31 . 2010-01-01 08:00 1892184 ----a-w- c:\program files\Mozilla Firefox\d3dx9_42.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2045-02-03 06:00 . 2010-11-15 06:07 92208 ----a-w- c:\windows\system\WING.DLL
2045-02-03 06:00 . 2010-11-15 06:07 12800 ----a-w- c:\windows\system\WING32.DLL
2045-02-03 06:00 . 2007-03-19 03:39 27136 ----a-w- c:\windows\system\WAVMIX16.DLL
2045-02-03 06:00 . 2007-03-19 03:39 92208 ----a-w- c:\windows\system32\WING.DLL
2045-02-03 06:00 . 2007-03-19 03:39 6736 ----a-w- c:\windows\system32\WINGDIB.DRV
2045-02-03 06:00 . 2007-03-19 03:39 5024 ----a-w- c:\windows\system32\WINGPAL.WND
2045-02-03 06:00 . 2007-03-19 03:39 1966 ----a-w- c:\windows\system32\DVA.386
2045-02-03 06:00 . 2007-03-19 03:39 188960 ----a-w- c:\windows\system32\WINGDE.DLL
2045-02-03 06:00 . 2007-03-19 03:39 12800 ----a-w- c:\windows\system32\WING32.DLL
2045-02-03 06:00 . 2007-03-19 03:38 27136 ----a-w- c:\windows\system32\WAVMIX16.DLL
2011-03-25 09:35 . 2011-03-25 09:44 3404136 ----a-w- C:\procexp.exe
2011-04-14 16:26 . 2011-05-22 23:31 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-06-11_20.21.54 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-06-11 22:03 . 2011-06-11 22:03 16384 c:\windows\temp\Perflib_Perfdata_6fc.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background
"MySpaceIM"=c:\program files\MySpace\IM\MySpaceIM.exe
"Words"=c:\program files\Words\Words.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"HotKeysCmds"=c:\windows\System32\hkcmd.exe
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"IgfxTray"=c:\windows\System32\igfxtray.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
.
R3 iAimFP8;iAimFP8;c:\windows\system32\DRIVERS\wADV11nt.sys [2002-07-23 11935]
R3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe [2004-08-03 14336]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2007-05-10 639224]
S3 lne100tx;Linksys LNE100TX Fast Ethernet PCI Adapter;c:\windows\system32\DRIVERS\lne100tx.sys [2001-08-17 70730]
S3 Ptserli;PCTEL Serial Device Driver for INTEL;c:\windows\system32\DRIVERS\ptserli.sys [2001-08-17 128286]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
DcomLaunch REG_MULTI_SZ DcomLaunch
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-25 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2010-09-23 20:31]
.
2011-06-11 c:\windows\Tasks\Spybot - Search & Destroy Updater - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SDUpdate.exe [2010-09-23 20:31]
.
2011-06-11 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2011-06-04 03:18]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
TCP: DhcpNameServer = 192.168.1.254
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\kathy\Application Data\Mozilla\Firefox\Profiles\hng3qhcl.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/webhp?rls=ig
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-11 17:03
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(1136)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\pctspk.exe
.
**************************************************************************
.
Completion time: 2011-06-11 17:08:17 - machine was rebooted
ComboFix-quarantined-files.txt 2011-06-11 22:08
ComboFix2.txt 2011-06-11 20:25
.
Pre-Run: 24,218,955,776 bytes free
Post-Run: 24,211,382,272 bytes free
.
Current=3 Default=3 Failed=0 LastKnownGood=5 Sets=1,2,3,4,5
- - End Of File - - AD7907D76483A62E6BE421FC9EC803D6

OTL logfile created on: 6/11/2011 5:17:54 PM - Run 4
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Program Files\mIRC\download
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.48 Mb Total Physical Memory | 266.00 Mb Available Physical Memory | 52.11% Memory free
1.22 Gb Paging File | 1.04 Gb Available in Paging File | 85.36% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 22.57 Gb Free Space | 30.29% Space Free | Partition Type: NTFS
Drive E: | 123.00 Mb Total Space | 68.60 Mb Free Space | 55.77% Space Free | Partition Type: FAT32

Computer Name: PERFUNDO | User Name: kathy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/04 19:07:58 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Program Files\mIRC\download\OTLgtg.exe
PRC - [2011/04/14 11:25:41 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2008/04/21 05:02:07 | 000,215,552 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows NT\Accessories\wordpad.exe
PRC - [2006/11/23 10:45:34 | 002,076,672 | ---- | M] (mIRC Co. Ltd.) -- C:\Program Files\mIRC\mirc.exe
PRC - [2006/07/16 05:01:43 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2001/08/17 22:36:54 | 000,086,016 | ---- | M] (PCtel, Inc.) -- C:\WINDOWS\system32\pctspk.exe

========== Modules (SafeList) ==========

MOD - [2011/06/04 19:07:58 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Program Files\mIRC\download\OTLgtg.exe
MOD - [2006/07/16 05:02:56 | 001,053,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2649_x-ww_aac16c8b\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2010/07/26 16:01:00 | 000,066,112 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus®
SRV - [2001/08/17 22:36:54 | 000,086,016 | ---- | M] (PCtel, Inc.) [Auto | Running] -- C:\WINDOWS\system32\pctspk.exe -- (Pctspk)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
DRV - [2007/05/10 15:02:19 | 000,639,224 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2006/07/16 05:09:03 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2002/10/15 01:00:00 | 000,101,431 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\IdeChnDr.sys -- (IdeChnDr) Intel®
DRV - [2002/10/15 01:00:00 | 000,013,891 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\IdeBusDr.sys -- (IdeBusDr)
DRV - [2002/07/23 10:01:38 | 000,161,020 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\i81xnt5.sys -- (i81x)
DRV - [2002/07/23 10:01:34 | 000,011,935 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV11NT.sys -- (iAimFP8)
DRV - [2002/07/23 10:01:32 | 000,011,871 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV09NT.sys -- (iAimFP7)
DRV - [2002/07/23 10:01:32 | 000,011,807 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV07nt.sys -- (iAimFP5)
DRV - [2002/07/23 10:01:32 | 000,011,295 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV08NT.sys -- (iAimFP6)
DRV - [2002/07/23 10:01:30 | 000,012,127 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV02NT.sys -- (iAimFP1)
DRV - [2002/07/23 10:01:30 | 000,011,775 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV05NT.sys -- (iAimFP2)
DRV - [2002/07/23 10:01:28 | 000,019,455 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wVchNTxx.sys -- (iAimFP4)
DRV - [2002/07/23 10:01:28 | 000,012,415 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV01nt.sys -- (iAimFP0)
DRV - [2002/07/23 10:01:28 | 000,012,063 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wSiINTxx.sys -- (iAimFP3)
DRV - [2002/07/23 10:01:26 | 000,025,471 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV10nt.sys -- (iAimTV5)
DRV - [2002/07/23 10:01:26 | 000,022,271 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV06nt.sys -- (iAimTV6)
DRV - [2002/07/23 10:01:24 | 000,033,599 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV04nt.sys -- (iAimTV3)
DRV - [2002/07/23 10:01:22 | 000,029,311 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV01nt.sys -- (iAimTV0)
DRV - [2002/07/23 10:01:22 | 000,019,551 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV02NT.sys -- (iAimTV1)
DRV - [2002/07/23 10:01:20 | 000,023,615 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wCh7xxNT.sys -- (iAimTV4)
DRV - [2001/08/17 13:28:16 | 000,397,502 | ---- | M] (PCtel, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\vpctcom.sys -- (Vpctcom)
DRV - [2001/08/17 13:28:16 | 000,064,605 | ---- | M] (PCtel, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\vvoice.sys -- (Vvoice)
DRV - [2001/08/17 13:28:14 | 000,604,253 | ---- | M] (PCTEL, INC.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\vmodem.sys -- (Vmodem)
DRV - [2001/08/17 13:28:12 | 000,128,286 | ---- | M] (PCTEL, INC.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptserli.sys -- (Ptserli)
DRV - [2001/08/17 12:12:24 | 000,070,730 | ---- | M] (Linksys Group, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lne100tx.sys -- (lne100tx)
DRV - [2001/08/17 09:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "http://www.google.co...m/webhp?rls=ig"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {AB196CF2-BF33-4E98-AD19-67A3CD5A4AA0}:1.9.1

FF - HKLM\software\mozilla\Firefox\extensions\\{3AC9064B-AF59-44FA-AEBC-3FCA816816D2}: C:\Documents and Settings\kathy\Local Settings\Application Data\{3AC9064B-AF59-44FA-AEBC-3FCA816816D2}\
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files\Mozilla Firefox 4.0 Beta 8\components [2011/04/03 16:16:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox 4.0 Beta 8\plugins
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/22 18:31:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/22 18:30:59 | 000,000,000 | ---D | M]

[2011/03/12 17:24:25 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\kathy\Application Data\Mozilla\Extensions
[2011/06/09 13:48:19 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\kathy\Application Data\Mozilla\Firefox\Profiles\hng3qhcl.default\extensions
[2011/05/22 18:31:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) --
() (No name found) -- C:\DOCUMENTS AND SETTINGS\KATHY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\HNG3QHCL.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
[2009/05/08 20:35:36 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/04/14 11:26:02 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2010/01/01 03:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/06/11 17:03:02 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {3334504D-9980-0010-8000-00AA00389B71} http://download.micr...C4D/mp43dmo.CAB (Reg Error: Key error.)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.micr...922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\vnd.ms.radio {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\WINDOWS\system32\msdxm.ocx ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\kathy\Local Settings\Application Data\Microsoft\Wallpaper2.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\kathy\Local Settings\Application Data\Microsoft\Wallpaper2.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/12/28 11:50:47 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/11 14:37:08 | 004,120,119 | R--- | C] (Swearware) -- C:\Documents and Settings\kathy\Desktop\ComboFix.exe
[2011/06/10 17:37:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/06/10 16:18:22 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/06/10 14:18:31 | 000,000,000 | R--D | C] -- C:\Documents and Settings\kathy\Start Menu\Programs\Administrative Tools
[2011/06/08 04:59:50 | 000,000,000 | ---D | C] -- C:\ff4c7b36ff72458a78cb5f056b126059
[2011/06/08 04:59:49 | 000,000,000 | ---D | C] -- C:\996e4d00c27fa4c99c8a
[2011/06/08 04:59:27 | 000,000,000 | ---D | C] -- C:\9d58ec02821eb6fecc8321d7c035
[2011/06/08 04:58:59 | 000,000,000 | R--D | C] -- C:\Documents and Settings\kathy\Recent
[2011/06/07 21:51:20 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\kathy\PrivacIE
[2011/06/06 23:46:23 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/06/04 17:53:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kathy\Desktop\backups
[2011/06/04 12:38:26 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\kathy\IETldCache
[2011/06/04 12:01:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2011/06/04 11:58:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2011/06/04 11:55:31 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2011/06/04 11:55:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US
[2011/06/04 11:54:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MpEngineStore
[2011/06/03 21:37:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot_bak
[2011/06/03 20:47:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kathy\Desktop\SmitfraudFix
[2011/06/03 20:44:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\KB905474
[2011/06/03 20:44:03 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2011/06/03 20:43:50 | 000,000,000 | ---D | C] -- C:\e366ee99452b59ded35c06bd
[2011/06/03 20:37:12 | 000,000,000 | ---D | C] -- C:\183a80f4440e33293f
[2011/06/03 20:32:51 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 6.0
[2011/06/03 20:17:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2011/06/03 20:13:34 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2011/06/03 18:55:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2011/06/03 18:52:25 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$
[2011/06/03 18:51:26 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2011/06/03 18:51:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kathy\Application Data\Awol
[2011/06/03 18:51:25 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2011/06/03 18:51:25 | 000,026,624 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw330ext.dll
[2011/06/03 18:47:15 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2011/06/03 18:31:57 | 000,070,730 | ---- | C] (Linksys Group, Inc.) -- C:\WINDOWS\System32\drivers\lne100tx.sys
[2011/06/03 17:58:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2011/06/03 14:23:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\setup.pss
[2011/06/03 09:27:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution
[2011/06/03 09:27:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\Provisioning
[2011/06/03 09:27:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
[2011/06/03 09:27:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\PeerNet
[2011/06/03 09:27:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\Network Diagnostic
[2011/06/03 09:27:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2011/06/03 09:27:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\ehome
[2011/06/03 02:43:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\msmq
[2011/06/03 02:43:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Logfiles
[2011/06/02 20:39:14 | 000,000,000 | ---D | C] -- C:\New Folder
[2011/05/28 01:01:11 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/05/28 01:01:11 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/05/28 01:01:11 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/05/28 01:01:11 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/05/28 00:59:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/05/28 00:59:02 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/05/27 20:50:06 | 000,218,112 | ---- | C] (Soeperman Enterprises Ltd.) -- C:\Documents and Settings\kathy\Desktop\HijackThis.exe
[2011/05/25 13:29:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kathy\Application Data\ImgBurn
[2011/05/25 06:50:13 | 000,000,000 | ---D | C] -- C:\Program Files\ImgBurn
[2011/05/25 06:50:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ImgBurn
[2011/05/25 00:00:12 | 000,000,000 | ---D | C] -- C:\NEW PANA
[2011/05/24 23:59:33 | 000,000,000 | ---D | C] -- C:\new panasonic drivers

========== Files - Modified Within 30 Days ==========

[2045/02/03 01:00:00 | 000,002,554 | ---- | M] () -- C:\WINDOWS\WAVEMIX.INI
[2045/02/03 01:00:00 | 000,001,966 | ---- | M] () -- C:\WINDOWS\System32\DVA.386
[2011/06/11 17:03:11 | 000,000,258 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2011/06/11 17:03:02 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/06/11 17:02:53 | 000,000,314 | ---- | M] () -- C:\WINDOWS\tasks\Spybot - Search & Destroy Updater - Scheduled Task.job
[2011/06/11 17:02:48 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/11 14:29:55 | 000,002,639 | ---- | M] () -- C:\Documents and Settings\kathy\Desktop\SaturdayFix.rtf
[2011/06/11 14:14:47 | 004,120,119 | R--- | M] (Swearware) -- C:\Documents and Settings\kathy\Desktop\ComboFix.exe
[2011/06/11 05:53:13 | 000,000,754 | ---- | M] () -- C:\WINDOWS\WORDPAD.INI
[2011/06/10 17:41:31 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Wgecewatebicogic.dat
[2011/06/10 16:18:30 | 000,000,310 | RHS- | M] () -- C:\boot.ini
[2011/06/10 15:19:54 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/06/09 03:02:28 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/06/08 11:35:37 | 000,006,274 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2011/06/07 23:48:44 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/06/07 00:14:44 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\kathy\Desktop\MBR.dat
[2011/06/06 23:45:02 | 000,056,571 | ---- | M] () -- C:\Documents and Settings\kathy\Desktop\paste.rtf
[2011/06/04 03:37:44 | 000,107,808 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/06/03 20:38:17 | 001,872,472 | ---- | M] () -- C:\Documents and Settings\kathy\Desktop\SmitfraudFix.exe
[2011/06/03 18:53:50 | 000,018,039 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2011/06/03 18:44:36 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2011/06/03 18:44:31 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2011/06/03 18:44:31 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2011/06/03 18:44:20 | 000,000,194 | ---- | M] () -- C:\Boot.bak
[2011/06/03 18:44:12 | 000,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2011/06/03 18:26:21 | 000,311,934 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/06/03 18:26:21 | 000,040,196 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/06/03 17:59:42 | 000,000,198 | -HS- | M] () -- C:\Documents and Settings\kathy\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop(2).ini
[2011/05/27 23:48:02 | 000,000,020 | ---- | M] () -- C:\Documents and Settings\kathy\defogger_reenable
[2011/05/27 22:22:20 | 612,499,456 | ---- | M] () -- C:\WXPVOL_EN.ISO
[2011/05/25 06:50:13 | 000,001,582 | ---- | M] () -- C:\Documents and Settings\kathy\Application Data\Microsoft\Internet Explorer\Quick Launch\ImgBurn.lnk
[2011/05/25 06:50:13 | 000,001,564 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ImgBurn.lnk
[2011/05/24 19:59:06 | 000,000,240 | ---- | M] () -- C:\WINDOWS\tasks\Spybot - Search & Destroy - Scheduled Task.job
[2011/05/23 13:06:59 | 000,002,350 | ---- | M] () -- C:\Documents and Settings\kathy\My Documents\Fell On Black Days.rtf
[2011/05/22 18:31:04 | 000,000,778 | ---- | M] () -- C:\Documents and Settings\kathy\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/05/22 18:31:03 | 000,000,760 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/05/19 22:45:49 | 000,002,694 | ---- | M] () -- C:\Documents and Settings\kathy\My Documents\Don't Let It Bring You Down.rtf

========== Files Created - No Company Name ==========

[2011/06/11 14:29:55 | 000,002,639 | ---- | C] () -- C:\Documents and Settings\kathy\Desktop\SaturdayFix.rtf
[2011/06/10 16:38:59 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\kathy\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2011/06/10 16:36:43 | 261,488,640 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VTS_01_1.VOB
[2011/06/10 16:36:42 | 000,825,461 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\report.pdf
[2011/06/10 16:36:42 | 000,501,958 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SR16_Manual.pdf
[2011/06/10 16:36:42 | 000,414,304 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\slipx3.gif
[2011/06/10 16:36:32 | 023,918,736 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\LionClan - Otherside.avi
[2011/06/10 16:36:22 | 019,810,380 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\LionClan - Glycerine.avi
[2011/06/10 16:26:48 | 1073,709,056 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\LionClan - Creep _VTS_01_1.VOB
[2011/06/10 16:26:32 | 024,815,616 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\LionClan - Angel.avi
[2011/06/10 16:24:00 | 288,161,792 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\LionClan - Angel VTS_01_2.VOB
[2011/06/10 16:24:00 | 000,125,351 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\hardship waiver48259.pdf
[2011/06/10 16:24:00 | 000,109,745 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\invepsoa.wri
[2011/06/10 16:24:00 | 000,053,873 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\conditional-release-doc1.pdf
[2011/06/10 16:23:59 | 001,217,711 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\chapter5.pdf
[2011/06/10 16:23:59 | 000,158,193 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\bookmarks.html
[2011/06/10 16:23:58 | 000,039,665 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\03337.pdf
[2011/06/10 16:23:58 | 000,030,001 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\5xGuitarChordTabBig-1.pdf
[2011/06/10 16:23:58 | 000,026,899 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\5xGuitarChordTab-1.pdf
[2011/06/10 16:23:58 | 000,025,384 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\5xGuitarChordTabBig.pdf
[2011/06/10 16:18:30 | 000,000,194 | ---- | C] () -- C:\Boot.bak
[2011/06/08 00:05:40 | 000,000,314 | ---- | C] () -- C:\WINDOWS\tasks\Spybot - Search & Destroy Updater - Scheduled Task.job
[2011/06/07 22:55:54 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/06/07 01:02:27 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Wgecewatebicogic.dat
[2011/06/07 00:14:44 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\kathy\Desktop\MBR.dat
[2011/06/06 23:36:32 | 000,056,571 | ---- | C] () -- C:\Documents and Settings\kathy\Desktop\paste.rtf
[2011/06/03 20:44:24 | 000,000,258 | ---- | C] () -- C:\WINDOWS\tasks\WGASetup.job
[2011/06/03 20:37:54 | 001,872,472 | ---- | C] () -- C:\Documents and Settings\kathy\Desktop\SmitfraudFix.exe
[2011/06/03 18:51:03 | 000,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll
[2011/06/03 18:49:57 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2011/06/03 18:49:29 | 000,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2011/06/03 18:49:24 | 000,196,665 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe
[2011/06/03 18:49:15 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2011/06/03 18:48:41 | 013,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
[2011/06/03 18:48:21 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2011/06/03 18:48:05 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\dllcache\fpencode.dll
[2011/06/03 18:47:28 | 000,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2011/06/03 18:41:52 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Movie Maker.lnk
[2011/06/03 18:24:10 | 000,141,702 | ---- | C] () -- C:\WINDOWS\System32\dllcache\netfx.cat
[2011/06/03 18:24:10 | 000,110,116 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tabletpc.cat
[2011/06/03 18:24:10 | 000,031,965 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mediactr.cat
[2011/06/03 18:24:10 | 000,024,209 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn7.cat
[2011/06/03 18:24:10 | 000,011,651 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn9.cat
[2011/06/03 18:24:10 | 000,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2011/06/03 18:24:10 | 000,007,382 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2011/06/03 18:24:10 | 000,007,245 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSTSWEB.CAT
[2011/06/03 18:24:09 | 000,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2011/06/03 18:24:09 | 000,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
[2011/06/03 18:24:09 | 000,031,281 | ---- | C] () -- C:\WINDOWS\System32\dllcache\FP4.CAT
[2011/06/03 18:24:09 | 000,013,753 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IMS.CAT
[2011/06/03 18:24:09 | 000,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT
[2011/06/03 18:24:09 | 000,009,581 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSMSGS.CAT
[2011/06/03 18:24:09 | 000,007,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmerrenu.cat
[2011/06/03 18:24:08 | 000,797,189 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2011/06/03 18:24:06 | 001,042,903 | ---- | C] () -- C:\WINDOWS\System32\dllcache\SP2.CAT
[2011/06/03 18:24:04 | 002,012,670 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5.CAT
[2011/06/03 18:24:04 | 000,502,724 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5INF.CAT
[2011/05/28 01:03:48 | 000,245,920 | RHS- | C] () -- C:\cmldr
[2011/05/28 01:01:11 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/05/28 01:01:11 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/05/28 01:01:11 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/05/28 01:01:11 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/05/28 01:01:11 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/05/27 23:47:53 | 000,000,020 | ---- | C] () -- C:\Documents and Settings\kathy\defogger_reenable
[2011/05/27 23:32:10 | 612,499,456 | ---- | C] () -- C:\WXPVOL_EN.ISO
[2011/05/25 06:50:13 | 000,001,582 | ---- | C] () -- C:\Documents and Settings\kathy\Application Data\Microsoft\Internet Explorer\Quick Launch\ImgBurn.lnk
[2011/05/25 06:50:13 | 000,001,564 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ImgBurn.lnk
[2011/05/24 19:59:06 | 000,000,240 | ---- | C] () -- C:\WINDOWS\tasks\Spybot - Search & Destroy - Scheduled Task.job
[2011/05/23 13:06:23 | 000,002,350 | ---- | C] () -- C:\Documents and Settings\kathy\My Documents\Fell On Black Days.rtf
[2011/05/22 18:31:03 | 000,000,766 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011/05/19 21:52:21 | 000,002,694 | ---- | C] () -- C:\Documents and Settings\kathy\My Documents\Don't Let It Bring You Down.rtf
[2010/09/23 18:11:32 | 000,006,274 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/10/05 19:45:04 | 000,013,824 | ---- | C] () -- C:\Documents and Settings\kathy\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/06 04:34:51 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2009/03/27 21:47:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NSREX.INI
[2008/10/19 13:59:44 | 000,016,332 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2008/09/11 23:14:53 | 000,001,536 | ---- | C] () -- C:\WINDOWS\System32\TrueSoft.dat
[2008/09/11 23:14:46 | 000,000,456 | ---- | C] () -- C:\WINDOWS\System32\pthsp.dat
[2008/01/19 15:34:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\netscape.INI
[2007/05/14 17:07:03 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2007/05/10 14:12:19 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2007/05/10 14:09:34 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2007/05/10 14:09:34 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2007/05/10 14:09:34 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2007/05/10 14:08:42 | 000,000,037 | ---- | C] () -- C:\WINDOWS\sierra.ini
[2007/04/22 19:15:29 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007/04/22 19:01:47 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2007/03/18 22:38:31 | 000,002,554 | ---- | C] () -- C:\WINDOWS\WAVEMIX.INI
[2007/03/18 22:38:30 | 000,000,169 | ---- | C] () -- C:\WINDOWS\SimTower.ini
[2007/03/16 01:50:31 | 000,000,444 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2007/01/03 16:16:16 | 000,258,048 | ---- | C] () -- C:\WINDOWS\System32\shpshftr.dll
[2007/01/03 16:16:03 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\igfxdgps.dll
[2007/01/03 16:16:02 | 000,012,351 | ---- | C] () -- C:\WINDOWS\System32\i81xcoin.dll
[2006/12/28 11:56:21 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006/12/28 11:45:02 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/12/28 06:23:48 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/12/28 06:21:50 | 000,107,808 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006/07/16 05:03:01 | 000,012,800 | ---- | C] () -- C:\WINDOWS\System32\WgaTray.exe
[2006/07/16 05:03:01 | 000,003,584 | ---- | C] () -- C:\WINDOWS\System32\WgaLogon.dll
[2005/03/25 18:42:50 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/08/03 18:07:22 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2004/08/02 07:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2001/08/23 07:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/08/23 07:00:00 | 000,311,934 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/08/23 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/23 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/23 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/23 07:00:00 | 000,040,196 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/08/23 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/23 07:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/08/23 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2011/06/03 22:04:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kathy\Application Data\Awol
[2011/04/19 21:55:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kathy\Application Data\Canon
[2009/08/20 07:43:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kathy\Application Data\Foxit
[2010/09/05 15:15:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kathy\Application Data\GSplit
[2011/05/25 13:29:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kathy\Application Data\ImgBurn
[2009/05/08 20:39:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kathy\Application Data\OpenOffice.org
[2011/06/11 17:03:11 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\WGASetup.job

========== Purity Check ==========

< End of report >

#10
Essexboy

Posted 12 June 2011 - 02:38 AM

GeekU Moderator

Retired Staff
69,964 posts

How is the computer behaving now ?

Posted Image

Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

#11
lionclan

Posted 12 June 2011 - 12:15 PM

New Member

Topic Starter
Member
8 posts

No more browser redirects or obvious problems. I'm somewhat concerned about whether any vulnerable services are running, remembering earlier AVZ alerts to that effect, and whether Windows' firewall is still on and functioning correctly.

After using Malwarebytes as you advised, I also scannned (but did no repairs) with Spybot S&D. All it found was Clickspring.Outerinfo and the cookies DoubleClick, FastClick, Right Media, Statcounter, Zedo, MediaPlex. Here's the MBAM log.

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6839

Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

6/12/2011 5:54:05 AM
mbam-log-2011-06-12 (05-54-05).txt

Scan type: Quick scan
Objects scanned: 136705
Time elapsed: 7 minute(s), 1 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\AppID\{F7FA36A4-3177-4B57-B9C1-E9C5B2E0D3A9} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\OINCS.OINAnalytics (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\OINCS.OINAnalytics.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\OINAnalytics.DLL (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\wintcid.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\winysgd.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\b122.ex (Trojan.Downloader) -> Quarantined and deleted successfully.

Edited by lionclan, 12 June 2011 - 12:25 PM.

#12
Essexboy

Posted 12 June 2011 - 12:48 PM

GeekU Moderator

Retired Staff
69,964 posts

If you could attach a AVZ scan zip I will check it out for you - but AVZ is overcautious

Details of how to generate one here If you could attach the entire zip file please

#13
lionclan

Posted 12 June 2011 - 02:21 PM

New Member

Topic Starter
Member
8 posts

I don't have Kaspersky installed but here is what AVZ made.

Attention !!! Database was last updated 1/22/2011 it is necessary to update the database (via File - Database update)
AVZ Antiviral Toolkit log; AVZ version is 4.35 private build
Scanning started at 12.06.2011 15:09:34
Database loaded: signatures - 284681, NN profile(s) - 2, malware removal microprograms - 56, signature database released 22.01.2011 20:07
Heuristic microprograms loaded: 386
PVS microprograms loaded: 9
Digital signatures of system files loaded: 257597
Heuristic analyzer mode: Medium heuristics mode
Malware removal mode: disabled
Windows version is: 5.1.2600, Service Pack 2 ; AVZ is run with administrator rights
System Restore: enabled
1. Searching for Rootkits and other software intercepting API functions
1.1 Searching for user-mode API hooks
Analysis: kernel32.dll, export table found in section .text
Analysis: ntdll.dll, export table found in section .text
Analysis: user32.dll, export table found in section .text
Analysis: advapi32.dll, export table found in section .text
Analysis: ws2_32.dll, export table found in section .text
Analysis: wininet.dll, export table found in section .text
Analysis: rasapi32.dll, export table found in section .text
Analysis: urlmon.dll, export table found in section .text
Analysis: netapi32.dll, export table found in section .text
>> Danger ! Process masking detected
1.2 Searching for kernel-mode API hooks
Driver loaded successfully
SDT found (RVA=083120)
Kernel ntoskrnl.exe found in memory at address 804D7000
SDT = 8055A120
KiST = 804E26B8 (284)
Functions checked: 284, intercepted: 0, restored: 0
1.3 Checking IDT and SYSENTER
Analyzing CPU 1
CmpCallCallBacks = 0013A616
Disable callback OK
Checking IDT and SYSENTER - complete
1.4 Searching for masking processes and drivers
Checking not performed: extended monitoring driver (AVZPM) is not installed
1.5 Checking IRP handlers
Driver loaded successfully
Checking - complete
2. Scanning RAM
Number of processes found: 20
Number of modules loaded: 229
Scanning RAM - complete
3. Scanning disks
Direct reading: C:\Qoobox\BackEnv\SetPath.bat
C:\System Volume Information\_restore{EE28ED23-5B67-4E4A-960A-1AA37372AA6D}\RP10\A0004063.exe >>> suspicion for Trojan-Downloader.Win32.Hilldoor.b ( 0AE40A9F 04DFABCF 0024CDB5 00217095 14336)
C:\System Volume Information\_restore{EE28ED23-5B67-4E4A-960A-1AA37372AA6D}\RP10\A0004064.exe >>> suspicion for Trojan-Downloader.Win32.Hilldoor.b ( 0AE0DC66 04D95439 0024CDB5 00217095 14336)
C:\System Volume Information\_restore{EE28ED23-5B67-4E4A-960A-1AA37372AA6D}\RP6\A0001865.exe >>> suspicion for Trojan-Downloader.Win32.Hilldoor.b ( 0AE0AA26 04D95439 0024CDB5 00217095 14336)
C:\System Volume Information\_restore{EE28ED23-5B67-4E4A-960A-1AA37372AA6D}\RP6\A0001866.exe >>> suspicion for AdvWare.Win32.SuperJuan.tfd ( 0B7200EB 0249C70B 00282CED 00248B31 97280)
4. Checking Winsock Layered Service Provider (SPI/LSP)
LSP settings checked. No errors detected
5. Searching for keyboard/mouse/windows events hooks (Keyloggers, Trojan DLLs)
6. Searching for opened TCP/UDP ports used by malicious software
Checking - disabled by user
7. Heuristic system check
Checking - complete
8. Searching for vulnerabilities
>> Services: potentially dangerous service allowed: RemoteRegistry (Remote Registry)
>> Services: potentially dangerous service allowed: TermService (Terminal Services)
>> Services: potentially dangerous service allowed: SSDPSRV (SSDP Discovery Service)
>> Services: potentially dangerous service allowed: TlntSvr (Telnet)
>> Services: potentially dangerous service allowed: Schedule (Task Scheduler)
>> Services: potentially dangerous service allowed: mnmsrvc (NetMeeting Remote Desktop Sharing)
>> Services: potentially dangerous service allowed: RDSessMgr (Remote Desktop Help Session Manager)
> Services: please bear in mind that the set of services depends on the use of the PC (home PC, office PC connected to corporate network, etc)!
>> Security: disk drives' autorun is enabled
>> Security: administrative shares (C$, D$ ...) are enabled
>> Security: anonymous user access is enabled
>> Security: sending Remote Assistant queries is enabled
Checking - complete
9. Troubleshooting wizard
>> HDD autorun is allowed
>> Network drives autorun is allowed
>> Removable media autorun is allowed
Checking - complete
Files scanned: 53660, extracted from archives: 28749, malicious software found 0, suspicions - 4
Scanning finished at 12.06.2011 15:31:37
Time of scanning: 00:22:09
If you have a suspicion on presence of viruses or questions on the suspected objects,
you can address http://project911.kaspersky-labs.com/

Edited by lionclan, 12 June 2011 - 02:26 PM.

#14
Essexboy

Posted 12 June 2011 - 02:27 PM

GeekU Moderator

Retired Staff
69,964 posts

Those are normal warnings from AVZ it is just being paranoid, I can close them for you but it is in reality not a problem. Although closing them does sometimes cause problems

Any other problems apparent ?

#15
lionclan

Posted 12 June 2011 - 04:48 PM

New Member

Topic Starter
Member
8 posts

No noticable problems. Except.. is the Clickspring.Outerinfo I mentioned from Spybot anything to be concerned about? Some pages suggest it is malware and not merely a cookie.