Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Empty Start Menu and Administrative Tools

Started by fazthegreat , Jun 07 2011 03:32 PM

  • Please log in to reply

#1
fazthegreat
Posted 07 June 2011 - 03:32 PM

fazthegreat

    New Member

  • Member
  • Pip
  • 1 posts
Hi Guys, I am running windows XP, recently my computer got infected. I used Malware bytes and it found some trojans, seems like the problem is gone but the [bleep] virus messed up a lot of settings on my computer.

1- First was that my desktop files were hidden,so I used Unhide.exe which showed my desktop files.
2- Google, Yahoo redirects...everytime I googled and clicked on a listing it would redirect me to other websites. Thanks God I was able to fix this as well by following a different post on yor website, thank you so much!
3- Now the only thing left is that my Start Menu>Program Files show all the folders but they are all empty. Also, my administrative tools are empty. I downloaded OTL as you advised and below is the log, please help!


OTL logfile created on: 6/7/2011 5:21:34 PM - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\FozailR\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.22 Gb Total Physical Memory | 2.42 Gb Available Physical Memory | 75.23% Memory free
5.06 Gb Paging File | 4.47 Gb Available in Paging File | 88.31% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 160.48 Gb Free Space | 68.91% Space Free | Partition Type: NTFS
Drive E: | 232.88 Gb Total Space | 178.48 Gb Free Space | 76.64% Space Free | Partition Type: NTFS
Drive J: | 499.99 Gb Total Space | 497.18 Gb Free Space | 99.44% Space Free | Partition Type: NTFS

Computer Name: NTW-WKS04 | User Name: fozailr | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/07 17:20:57 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\FozailR\Desktop\OTL.exe
PRC - [2010/04/30 12:30:46 | 000,181,584 | ---- | M] (Sunbelt Software) -- C:\Program Files\Sunbelt Software\SBEAgent\SBPIMSvc.exe
PRC - [2010/03/03 04:52:26 | 000,296,968 | ---- | M] (ScriptLogic Corporation) -- C:\Program Files\RemoteSupportManager\rmgui.exe
PRC - [2010/03/03 04:52:26 | 000,063,496 | ---- | M] (ScriptLogic Corporation) -- C:\Program Files\RemoteSupportManager\DAMaint.exe
PRC - [2010/03/03 04:50:46 | 001,267,720 | ---- | M] (ScriptLogic Corporation) -- C:\Program Files\RemoteSupportManager\DesktopAuthority.exe
PRC - [2008/04/14 05:42:24 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/12/07 07:09:33 | 000,107,544 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Dynamics CRM\Client\res\web\bin\Microsoft.Crm.Application.Hoster.exe
PRC - [2007/11/14 13:52:14 | 000,434,176 | ---- | M] (Jive Software) -- C:\Program Files\Spark\Spark.exe
PRC - [2006/11/09 11:00:44 | 000,024,576 | ---- | M] () -- C:\Documents and Settings\FozailR\Local Settings\Application Data\Lexar Media\LxrAutorun.exe
PRC - [2006/01/09 13:56:04 | 000,049,152 | ---- | M] () -- C:\WINDOWS\system32\LxrSII1s.exe
PRC - [2005/02/28 18:53:04 | 000,053,248 | ---- | M] (Vimicro) -- C:\WINDOWS\VM_STI.EXE
PRC - [2004/09/07 16:56:00 | 002,199,552 | ---- | M] () -- C:\Program Files\EyeNI\EyeNI1000\mysql\bin\mysqld-opt.exe


========== Modules (SafeList) ==========

MOD - [2011/06/07 17:20:57 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\FozailR\Desktop\OTL.exe
MOD - [2010/03/03 04:52:26 | 000,059,400 | ---- | M] (ScriptLogic Corporation) -- C:\WINDOWS\system32\DAinit.dll
MOD - [2008/04/14 05:42:52 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (Smcinst)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2010/04/30 12:31:50 | 002,730,120 | ---- | M] (Sunbelt Software) [Auto | Stopped] -- C:\Program Files\Sunbelt Software\SBEAgent\SBAMSvc.exe -- (SBAMSvc)
SRV - [2010/04/30 12:30:46 | 000,181,584 | ---- | M] (Sunbelt Software) [Auto | Running] -- C:\Program Files\Sunbelt Software\SBEAgent\SBPIMSvc.exe -- (SBPIMSvc)
SRV - [2010/03/25 16:21:24 | 000,120,232 | ---- | M] (stumbleupon.com) [On_Demand | Stopped] -- C:\Program Files\StumbleUpon\StumbleUponUpdateService.exe -- (StumbleUponUpdateService)
SRV - [2010/03/03 04:52:26 | 000,063,496 | ---- | M] (ScriptLogic Corporation) [Auto | Running] -- C:\Program Files\RemoteSupportManager\DAMaint.exe -- (DAMaint)
SRV - [2010/03/03 04:50:46 | 001,267,720 | ---- | M] (ScriptLogic Corporation) [Auto | Running] -- C:\Program Files\RemoteSupportManager\DesktopAuthority.exe -- (RemoteSupportManager)
SRV - [2009/03/11 17:06:37 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/02/11 20:12:38 | 000,167,936 | ---- | M] () [Auto | Stopped] -- C:\Program Files\TRENDnet\TEW-649UB\WLSVC.exe -- (WLSVC)
SRV - [2008/07/29 13:10:46 | 003,201,024 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon90)
SRV - [2008/06/26 10:24:08 | 000,031,592 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe -- (getPlus® Helper) getPlus®
SRV - [2008/04/14 05:42:24 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (W3SVC)
SRV - [2008/04/14 05:42:24 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (SMTPSVC) Simple Mail Transfer Protocol (SMTP)
SRV - [2008/04/14 05:42:24 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN)
SRV - [2006/01/09 13:56:04 | 000,049,152 | ---- | M] () [Auto | Running] -- C:\WINDOWS\System32\LxrSII1s.exe -- (LxrSII1s)
SRV - [2004/09/07 16:56:00 | 002,199,552 | ---- | M] () [Auto | Running] -- C:\Program Files\EyeNI\EyeNI1000\mysql\bin\mysqld-opt.exe -- (Jiris_Service)


========== Driver Services (SafeList) ==========

DRV - [2010/04/28 15:12:40 | 000,322,904 | ---- | M] (Sunbelt Software, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SbFw.sys -- (SbFw)
DRV - [2010/04/28 15:12:40 | 000,204,632 | ---- | M] (Sunbelt Software, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\sbtis.sys -- (SbTis)
DRV - [2010/04/28 15:12:40 | 000,086,232 | ---- | M] (Sunbelt Software, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sbhips.sys -- (sbhips)
DRV - [2010/03/03 04:52:40 | 000,011,144 | ---- | M] (ScriptLogic Corporation) [Kernel | Auto | Running] -- C:\Program Files\RemoteSupportManager\DAtf.sys -- (DAtf)
DRV - [2010/03/03 04:52:32 | 000,009,352 | ---- | M] (ScriptLogic Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\DAmirr.sys -- (DAmirr)
DRV - [2010/03/03 04:52:30 | 000,012,168 | ---- | M] (ScriptLogic Corporation) [Kernel | Auto | Running] -- C:\Program Files\RemoteSupportManager\DAinfo.sys -- (DAInfo)
DRV - [2010/01/14 05:42:42 | 000,067,800 | ---- | M] (Sunbelt Software, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SbFwIm.sys -- (SBFWIMCL)
DRV - [2010/01/04 06:29:42 | 000,069,720 | ---- | M] (Sunbelt Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\sbapifs.sys -- (sbapifs)
DRV - [2010/01/04 06:29:40 | 000,013,400 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\sbaphd.sys -- (sbaphd)
DRV - [2009/10/13 09:02:36 | 000,095,024 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SBREDrv.sys -- (SBRE)
DRV - [2008/07/24 12:58:07 | 000,392,960 | ---- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (SenFiltService)
DRV - [2008/04/14 00:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008/02/27 11:54:00 | 000,020,480 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\WLNdis50.sys -- (WLNdis50)
DRV - [2007/09/04 16:53:34 | 000,055,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Microsoft Visual Studio 9.0\Team Tools\Performance Tools\VSPerfDrv90.sys -- (VSPerfDrv90)
DRV - [2006/12/14 09:37:40 | 000,072,672 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LxrSII1d.sys -- (LxrSII1d)
DRV - [2006/04/24 17:52:28 | 000,100,736 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata)
DRV - [2006/02/17 11:28:32 | 000,013,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006/02/17 11:28:30 | 000,034,176 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2004/12/23 12:21:42 | 000,093,600 | ---- | M] (VM) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbVM31b.sys -- (ZSMC301b)
DRV - [2004/10/27 15:21:30 | 000,145,920 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService)
DRV - [2001/08/17 12:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\el90xbc5.sys -- (EL90XBC)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...f8&oe=utf8&rlz=
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:43902;

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {d3127aca-e3b8-4416-9ed8-027db9124fed}:0.55
FF - prefs.js..extensions.enabledItems: [email protected]:2.2.8.9
FF - prefs.js..extensions.enabledItems: [email protected]:1.5.4
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.3
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {e3f6c2cc-d8db-498c-af6c-499fb211db97}:1.11.2.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.8.5
FF - prefs.js..extensions.enabledItems: [email protected]:1.1.5
FF - prefs.js..extensions.enabledItems: {317B5128-0B0B-49b2-B2DB-1E7560E16C74}:2.7.1
FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.9

FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Fiddler2\FiddlerHook [2010/05/13 14:04:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\Documents and Settings\All Users\Application Data\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2011/04/27 10:16:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/06 12:38:51 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/06 12:38:51 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\SeaMonkey 2.0.6\extensions\\Components: C:\Program Files\SeaMonkey\components [2011/06/06 12:38:51 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\SeaMonkey 2.0.6\extensions\\Plugins: C:\Program Files\SeaMonkey\plugins [2010/09/07 09:22:29 | 000,000,000 | ---D | M]

[2010/09/07 09:22:47 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\FozailR\Application Data\Mozilla\Extensions
[2010/09/07 09:22:47 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\FozailR\Application Data\Mozilla\Extensions\{92650c4d-4b8e-4d2a-b7eb-24ecf4f6b63a}
[2011/06/06 09:36:10 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\FozailR\Application Data\Mozilla\Firefox\Profiles\7zwnyux4.default\extensions
[2010/05/14 13:56:22 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\FozailR\Application Data\Mozilla\Firefox\Profiles\7zwnyux4.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/06/06 09:26:08 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\FozailR\Application Data\Mozilla\Firefox\Profiles\7zwnyux4.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2011/03/16 13:19:05 | 000,000,000 | ---D | M] (SeoQuake) -- C:\Documents and Settings\FozailR\Application Data\Mozilla\Firefox\Profiles\7zwnyux4.default\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}
[2011/02/17 12:26:30 | 000,000,000 | ---D | M] (Web Developer) -- C:\Documents and Settings\FozailR\Application Data\Mozilla\Firefox\Profiles\7zwnyux4.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2011/02/17 12:20:16 | 000,000,000 | ---D | M] () -- C:\Documents and Settings\FozailR\Application Data\Mozilla\Firefox\Profiles\7zwnyux4.default\extensions\{d3127aca-e3b8-4416-9ed8-027db9124fed}
[2011/05/31 15:42:36 | 000,000,000 | ---D | M] (Page Speed) -- C:\Documents and Settings\FozailR\Application Data\Mozilla\Firefox\Profiles\7zwnyux4.default\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}
[2011/05/31 15:42:36 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\FozailR\Application Data\Mozilla\Firefox\Profiles\7zwnyux4.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011/02/17 12:26:30 | 000,000,000 | ---D | M] (User Agent Switcher) -- C:\Documents and Settings\FozailR\Application Data\Mozilla\Firefox\Profiles\7zwnyux4.default\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}
[2010/05/14 13:56:21 | 000,000,000 | ---D | M] (Firebug) -- C:\Documents and Settings\FozailR\Application Data\Mozilla\Firefox\Profiles\7zwnyux4.default\extensions\[email protected]
[2011/05/31 15:42:36 | 000,000,000 | ---D | M] ("RankChecker") -- C:\Documents and Settings\FozailR\Application Data\Mozilla\Firefox\Profiles\7zwnyux4.default\extensions\[email protected]
[2011/05/31 15:42:36 | 000,000,000 | ---D | M] ("SEO For Firefox") -- C:\Documents and Settings\FozailR\Application Data\Mozilla\Firefox\Profiles\7zwnyux4.default\extensions\[email protected]
[2011/04/21 14:46:02 | 000,000,000 | ---D | M] ("Seo Toolbar") -- C:\Documents and Settings\FozailR\Application Data\Mozilla\Firefox\Profiles\7zwnyux4.default\extensions\[email protected]
[2011/02/17 12:26:31 | 000,000,000 | ---D | M] (YSlow) -- C:\Documents and Settings\FozailR\Application Data\Mozilla\Firefox\Profiles\7zwnyux4.default\extensions\[email protected]
[2010/09/07 09:22:47 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\FozailR\Application Data\Mozilla\SeaMonkey\Profiles\5dg7t0bj.default\extensions
[2011/06/06 09:36:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/13 14:04:21 | 000,000,000 | ---D | M] (FiddlerHook) -- C:\PROGRAM FILES\FIDDLER2\FIDDLERHOOK
[2009/03/05 12:26:22 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF

O1 HOSTS File: ([2011/03/25 09:36:13 | 000,000,850 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 192.168.250.19 intranet.my-fbs.us
O1 - Hosts: 192.168.250.104 www.fraserintranet.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (StumbleUpon Launcher) - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll (stumbleupon.com)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (IE Developer Toolbar BHO) - {CC7E636D-39AA-49b6-B511-65413DA137A1} - C:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll (Microsoft Corporation)
O2 - BHO: (Microsoft Web Test Recorder 9.0 Helper) - {E31CE47F-C268-41ba-897B-B415E613947D} - C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO90.dll (Microsoft Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Clipmarks.Toolbar) - {1205D44C-FFD2-44E5-AA1D-929DCA37EB7A} - C:\Program Files\Clipmarks\clipmarks.dll (Clipmarks, LLC)
O3 - HKLM\..\Toolbar: (StumbleUpon Toolbar) - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll (stumbleupon.com)
O3 - HKCU\..\Toolbar\ShellBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Clipmarks.Toolbar) - {1205D44C-FFD2-44E5-AA1D-929DCA37EB7A} - C:\Program Files\Clipmarks\clipmarks.dll (Clipmarks, LLC)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE (Vimicro)
O4 - HKLM..\Run: [DA Remote Management GUI] C:\Program Files\RemoteSupportManager\rmgui.exe (ScriptLogic Corporation)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [MSCRM] C:\Program Files\Microsoft Dynamics CRM\Client\ConfigWizard\CrmForOutlookInstaller.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [SBAMTray] C:\Program Files\Sunbelt Software\SBEAgent\SBAMTray.exe (Sunbelt Software)
O4 - HKCU..\Run: [Google Update] File not found
O4 - HKCU..\Run: [LxrAutorun] C:\Documents and Settings\FozailR\Local Settings\Application Data\Lexar Media\LxrAutorun.exe ()
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [MSCRMStartup] C:\Program Files\Microsoft Dynamics CRM\Client\res\web\bin\Microsoft.Crm.Application.Hoster.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Spark] C:\Program Files\Spark\Spark.exe (Jive Software)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: consentpromptbehavioruser = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: enableinstallerdetection = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: enablelua = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll (Google Inc.)
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O9 - Extra Button: IE Developer Toolbar - {48FFE35F-36D9-44bd-A6CC-1D34414EAC0D} - C:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll (Microsoft Corporation)
O9 - Extra Button: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files\Fiddler2\Fiddler.exe (Eric Lawrence)
O9 - Extra 'Tools' menuitem : Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files\Fiddler2\Fiddler.exe (Eric Lawrence)
O9 - Extra Button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O9 - Extra 'Tools' menuitem : Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://go.microsoft....k/?linkid=58813 (Office Genuine Advantage Validation Tool)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus....ek_sys_ctrl.cab (asusTek_sysctrl Class)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} http://www.nvidia.co.../sysreqlab3.cab (System Requirements Lab Class)
O16 - DPF: {31564D57-0000-0010-8000-00AA00389B71} http://codecs.micros.../i386/wmvax.cab (Reg Error: Key error.)
O16 - DPF: {32564D57-9980-0010-8000-00AA00389B71} http://codecs.micros...386/wmv8dmo.cab (Reg Error: Key error.)
O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} http://download.micr...D0C/wmv9dmo.cab (Reg Error: Key error.)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.aka...vex-2.2.4.1.cab (DLM Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1278619213202 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1278619204515 (MUWebControl Class)
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.co...iaSmartScan.cab (NVIDIA Smart Scan)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} http://lads.myspace....ceUploader2.cab (MySpace Uploader Control)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.micros...ntent/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://wwwimages.ado...obat/nos/gp.cab (get_atlcom Class)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logme...trl.cab?lmi=100 (Performance Viewer Activex Control)
O16 - DPF: Web-Based Email Tools http://email.secures...et/Download.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.250.13 192.168.252.10
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ntwebs.local
O20 - AppInit_DLLs: (DAinit.dll) - C:\WINDOWS\System32\DAinit.dll (ScriptLogic Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet32: DllName - cryptnet32.dll - File not found
O20 - Winlogon\Notify\NavLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/07/24 12:21:57 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2007/07/04 00:19:22 | 000,000,000 | ---- | M] () - E:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{83b65e20-94af-11dd-991c-001bfc00f972}\Shell - "" = AutoRun
O33 - MountPoints2\{83b65e20-94af-11dd-991c-001bfc00f972}\Shell\1\Command - "" = RECYCLER\RECYCLER\autorun.exe
O33 - MountPoints2\{83b65e20-94af-11dd-991c-001bfc00f972}\Shell\2\Command - "" = RECYCLER\RECYCLER\autorun.exe
O33 - MountPoints2\{83b65e20-94af-11dd-991c-001bfc00f972}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{83b65e20-94af-11dd-991c-001bfc00f972}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RECYCLER\RECYCLER\autorun.exe
O33 - MountPoints2\{9080c35d-9b7f-11dd-992d-001bfc00f972}\Shell\AutoRun\command - "" = F:\Autorun.exe /run
O33 - MountPoints2\{9080c35d-9b7f-11dd-992d-001bfc00f972}\Shell\Shell00\Command - "" = F:\Autorun.exe /run
O33 - MountPoints2\{9080c35d-9b7f-11dd-992d-001bfc00f972}\Shell\Shell01\Command - "" = F:\Autorun.exe /action
O33 - MountPoints2\{9080c35d-9b7f-11dd-992d-001bfc00f972}\Shell\Shell02\Command - "" = F:\Autorun.exe /uninstall
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/07 17:21:08 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\FozailR\Desktop\OTL.exe
[2011/06/07 17:11:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\FozailR\Desktop\tdsskiller
[2011/06/07 17:10:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\FozailR\Desktop\GooredFix Backups
[2011/06/07 15:27:55 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/06/07 12:49:25 | 000,000,000 | R--D | C] -- C:\Documents and Settings\FozailR\Recent
[2011/06/07 12:40:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\FozailR\Start Menu\Programs\Windows XP Restore
[2011/06/06 12:40:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2011/06/06 12:40:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2011/06/06 12:39:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2011/06/06 12:38:48 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/06/03 15:29:08 | 000,000,000 | ---D | C] -- C:\WhiteStarLLC
[2011/06/03 12:49:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\FozailR\Local Settings\Application Data\LogMeIn
[2011/06/03 12:49:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2011/05/31 16:49:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\FozailR\My Documents\GFX-Patterns1
[2011/05/26 10:30:57 | 000,000,000 | ---D | C] -- C:\IYC.com
[2011/05/25 17:18:49 | 000,000,000 | ---D | C] -- C:\New Folder (2)
[2011/05/25 17:04:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\FozailR\Local Settings\Application Data\GlobalSCAPE
[2011/05/25 17:04:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\GlobalSCAPE
[2011/05/25 17:03:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\FozailR\Application Data\GlobalSCAPE
[2011/05/25 17:03:46 | 000,000,000 | ---D | C] -- C:\Program Files\GlobalSCAPE
[2011/05/25 17:03:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\GlobalSCAPE
[2011/05/25 14:01:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\FozailR\My Documents\bmd556001
[2011/05/25 13:43:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\FozailR\My Documents\decaptcher_dll
[2011/05/23 16:08:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\FozailR\My Documents\cgi-bin
[2011/05/23 14:51:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\FozailR\My Documents\Web-Directory-22
[2011/05/23 12:38:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\FozailR\My Documents\OceanBlue_v2.1.2
[2011/05/16 10:09:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\FozailR\My Documents\FW Cross Network Rack Cleanup_files
[2011/05/11 10:18:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\FozailR\My Documents\bocareviews
[2011/05/11 10:16:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\FozailR\My Documents\make-basic-website
[2011/05/11 10:09:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\FozailR\My Documents\totalhumanhealth
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/07 17:20:57 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\FozailR\Desktop\OTL.exe
[2011/06/07 17:18:00 | 000,000,986 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1056822473-1600158498-2327631252-1234UA.job
[2011/06/07 17:15:16 | 000,043,531 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011/06/07 17:15:11 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/06/07 17:15:10 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/07 17:14:47 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011/06/07 17:14:36 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/07 17:11:40 | 001,305,136 | ---- | M] () -- C:\Documents and Settings\FozailR\Desktop\tdsskiller.zip
[2011/06/07 17:08:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/07 14:57:59 | 000,606,105 | ---- | M] () -- C:\unhide.exe
[2011/06/07 14:05:12 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/06/07 12:52:59 | 000,006,422 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol
[2011/06/07 12:40:39 | 000,000,817 | ---- | M] () -- C:\Documents and Settings\FozailR\Desktop\Windows XP Restore.lnk
[2011/06/07 12:40:39 | 000,000,168 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~16637732r
[2011/06/07 12:40:39 | 000,000,144 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~16637732
[2011/06/07 12:40:32 | 000,000,336 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\16637732
[2011/06/06 17:43:08 | 000,123,136 | ---- | M] () -- C:\Documents and Settings\FozailR\My Documents\Resume-FozailRaja-Nologo.pdf
[2011/06/06 17:42:34 | 000,123,127 | ---- | M] () -- C:\Documents and Settings\FozailR\My Documents\Resume-FozailRaja.pdf
[2011/06/06 17:23:26 | 000,014,185 | ---- | M] () -- C:\Documents and Settings\FozailR\My Documents\Resume-FozailRaja.rtf
[2011/06/06 14:18:00 | 000,000,934 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1056822473-1600158498-2327631252-1234Core.job
[2011/06/06 12:40:15 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2011/06/06 12:36:03 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/06/06 10:51:26 | 000,000,841 | ---- | M] () -- C:\Documents and Settings\FozailR\Desktop\BookmarkingDemon 5.lnk
[2011/06/06 09:27:47 | 000,065,056 | ---- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/06/06 00:56:54 | 000,001,770 | ---- | M] () -- C:\Documents and Settings\FozailR\My Documents\Default.rdp
[2011/06/01 09:29:26 | 000,005,984 | ---- | M] () -- C:\Documents and Settings\FozailR\My Documents\logo.jpg
[2011/05/31 16:49:08 | 000,094,683 | ---- | M] () -- C:\Documents and Settings\FozailR\My Documents\GFX-Patterns1.zip
[2011/05/31 11:50:36 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\FozailR\My Documents\Nobis Krug.jpg
[2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/05/25 17:03:52 | 000,001,738 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CuteFTP 8 Professional.lnk
[2011/05/25 14:01:21 | 018,906,103 | ---- | M] () -- C:\Documents and Settings\FozailR\My Documents\bmd556001.zip
[2011/05/25 13:42:52 | 000,034,548 | ---- | M] () -- C:\Documents and Settings\FozailR\My Documents\decaptcher_dll.zip
[2011/05/24 15:53:47 | 001,630,712 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/05/24 12:08:13 | 000,539,685 | ---- | M] () -- C:\Documents and Settings\FozailR\My Documents\mnl.jpg
[2011/05/24 11:42:27 | 000,393,126 | ---- | M] () -- C:\Documents and Settings\FozailR\My Documents\DC_Master logo.eps
[2011/05/23 14:51:02 | 000,128,307 | ---- | M] () -- C:\Documents and Settings\FozailR\My Documents\Web-Directory-22.zip
[2011/05/23 12:38:16 | 000,220,863 | ---- | M] () -- C:\Documents and Settings\FozailR\My Documents\OceanBlue_v2.1.2.zip
[2011/05/16 10:09:03 | 000,036,059 | ---- | M] () -- C:\Documents and Settings\FozailR\My Documents\FW Cross Network Rack Cleanup.htm
[2011/05/13 16:27:10 | 000,162,578 | ---- | M] () -- C:\Documents and Settings\FozailR\My Documents\forwar-nextbuttosn.psd
[2011/05/12 11:09:31 | 000,027,819 | ---- | M] () -- C:\Documents and Settings\FozailR\My Documents\eventshelp.jpg
[2011/05/12 11:08:53 | 000,027,819 | ---- | M] () -- C:\Documents and Settings\FozailR\My Documents\admin.jpg
[2011/05/12 11:08:42 | 000,306,631 | ---- | M] () -- C:\Documents and Settings\FozailR\My Documents\admin.psd
[2011/05/09 22:43:26 | 000,000,699 | ---- | M] () -- C:\easyslider.css
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/07 17:11:39 | 001,305,136 | ---- | C] () -- C:\Documents and Settings\FozailR\Desktop\tdsskiller.zip
[2011/06/07 15:19:41 | 000,001,582 | ---- | C] () -- C:\Documents and Settings\FozailR\Application Data\Microsoft\Internet Explorer\Quick Launch\SeaMonkey.lnk
[2011/06/07 15:19:41 | 000,000,939 | ---- | C] () -- C:\Documents and Settings\FozailR\Application Data\Microsoft\Internet Explorer\Quick Launch\Sothink SWF Decompiler.lnk
[2011/06/07 15:19:41 | 000,000,820 | ---- | C] () -- C:\Documents and Settings\FozailR\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2011/06/07 15:19:41 | 000,000,800 | ---- | C] () -- C:\Documents and Settings\FozailR\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/06/07 15:19:41 | 000,000,653 | ---- | C] () -- C:\Documents and Settings\FozailR\Application Data\Microsoft\Internet Explorer\Quick Launch\WinMerge.lnk
[2011/06/07 15:19:41 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\FozailR\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2011/06/07 15:19:40 | 000,002,278 | ---- | C] () -- C:\Documents and Settings\FozailR\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/06/07 15:19:40 | 000,002,131 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\RadControls for ASPNET AJAX Q2 2008 Live Examples.lnk
[2011/06/07 15:19:40 | 000,002,131 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\RadControls for ASPNET AJAX Q1 2009 Live Examples.lnk
[2011/06/07 15:19:40 | 000,001,871 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\RadControls for ASP.NET AJAX Q2 2009 Live Examples.lnk
[2011/06/07 15:19:40 | 000,001,738 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CuteFTP 8 Professional.lnk
[2011/06/07 15:19:40 | 000,001,702 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\FraserLink2.lnk
[2011/06/07 15:19:40 | 000,001,663 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\FileZilla Client.lnk
[2011/06/07 15:19:40 | 000,001,648 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Wireless Configuration Utility.lnk
[2011/06/07 15:19:40 | 000,001,620 | ---- | C] () -- C:\Documents and Settings\FozailR\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/06/07 15:19:40 | 000,001,610 | ---- | C] () -- C:\Documents and Settings\FozailR\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2011/06/07 15:19:40 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2011/06/07 15:19:40 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/06/07 15:19:40 | 000,001,592 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2011/06/07 15:19:40 | 000,001,564 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SeaMonkey.lnk
[2011/06/07 15:19:40 | 000,001,510 | ---- | C] () -- C:\Documents and Settings\FozailR\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk
[2011/06/07 15:19:40 | 000,001,492 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Opera.lnk
[2011/06/07 15:19:40 | 000,001,209 | ---- | C] () -- C:\Documents and Settings\FozailR\Application Data\Microsoft\Internet Explorer\Quick Launch\Flash Decompiler Trillix.lnk
[2011/06/07 15:19:40 | 000,000,921 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Sothink SWF Decompiler.lnk
[2011/06/07 15:19:40 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\FozailR\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/06/07 15:19:40 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\FozailR\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Explorer.lnk
[2011/06/07 15:19:40 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Yahoo! Messenger.lnk
[2011/06/07 15:19:40 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\FozailR\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2011/06/07 15:19:40 | 000,000,719 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2011/06/07 15:19:40 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/07 15:19:40 | 000,000,690 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Market Samurai.lnk
[2011/06/07 15:19:40 | 000,000,675 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\WebPosition 4.lnk
[2011/06/07 15:19:40 | 000,000,656 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Core FTP Lite.lnk
[2011/06/07 15:19:40 | 000,000,635 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\WinMerge.lnk
[2011/06/07 15:19:40 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\PuTTY.lnk
[2011/06/07 15:19:40 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\FozailR\Application Data\Microsoft\Internet Explorer\Quick Launch\E-mail.lnk
[2011/06/07 15:19:39 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/06/07 14:58:57 | 000,606,105 | ---- | C] () -- C:\unhide.exe
[2011/06/07 12:40:39 | 000,000,817 | ---- | C] () -- C:\Documents and Settings\FozailR\Desktop\Windows XP Restore.lnk
[2011/06/07 12:40:39 | 000,000,168 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~16637732r
[2011/06/07 12:40:39 | 000,000,144 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~16637732
[2011/06/07 12:40:32 | 000,000,336 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\16637732
[2011/06/06 17:43:08 | 000,123,136 | ---- | C] () -- C:\Documents and Settings\FozailR\My Documents\Resume-FozailRaja-Nologo.pdf
[2011/06/06 17:42:34 | 000,123,127 | ---- | C] () -- C:\Documents and Settings\FozailR\My Documents\Resume-FozailRaja.pdf
[2011/06/06 17:23:26 | 000,014,185 | ---- | C] () -- C:\Documents and Settings\FozailR\My Documents\Resume-FozailRaja.rtf
[2011/06/01 09:30:33 | 000,005,984 | ---- | C] () -- C:\Documents and Settings\FozailR\My Documents\logo.jpg
[2011/05/31 16:49:11 | 000,094,683 | ---- | C] () -- C:\Documents and Settings\FozailR\My Documents\GFX-Patterns1.zip
[2011/05/31 11:50:16 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\FozailR\My Documents\Nobis Krug.jpg
[2011/05/25 14:01:21 | 018,906,103 | ---- | C] () -- C:\Documents and Settings\FozailR\My Documents\bmd556001.zip
[2011/05/25 13:42:55 | 000,034,548 | ---- | C] () -- C:\Documents and Settings\FozailR\My Documents\decaptcher_dll.zip
[2011/05/24 12:08:12 | 000,539,685 | ---- | C] () -- C:\Documents and Settings\FozailR\My Documents\mnl.jpg
[2011/05/24 11:42:27 | 000,393,126 | ---- | C] () -- C:\Documents and Settings\FozailR\My Documents\DC_Master logo.eps
[2011/05/23 14:51:04 | 000,128,307 | ---- | C] () -- C:\Documents and Settings\FozailR\My Documents\Web-Directory-22.zip
[2011/05/23 12:38:16 | 000,220,863 | ---- | C] () -- C:\Documents and Settings\FozailR\My Documents\OceanBlue_v2.1.2.zip
[2011/05/16 10:09:02 | 000,036,059 | ---- | C] () -- C:\Documents and Settings\FozailR\My Documents\FW Cross Network Rack Cleanup.htm
[2011/05/13 16:27:06 | 000,162,578 | ---- | C] () -- C:\Documents and Settings\FozailR\My Documents\forwar-nextbuttosn.psd
[2011/05/12 11:09:31 | 000,027,819 | ---- | C] () -- C:\Documents and Settings\FozailR\My Documents\eventshelp.jpg
[2011/05/12 11:08:53 | 000,027,819 | ---- | C] () -- C:\Documents and Settings\FozailR\My Documents\admin.jpg
[2011/05/10 14:20:14 | 000,306,631 | ---- | C] () -- C:\Documents and Settings\FozailR\My Documents\admin.psd
[2011/05/09 22:43:26 | 000,000,699 | ---- | C] () -- C:\easyslider.css
[2011/01/11 18:05:18 | 000,008,592 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll
[2010/12/13 20:00:08 | 000,376,832 | ---- | C] () -- C:\WINDOWS\System32\AegisI5Installer.exe
[2010/12/13 20:00:07 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\drivers\WLNdis50.sys
[2010/12/03 15:54:24 | 000,296,919 | ---- | C] () -- C:\WINDOWS\System32\shimg.dll
[2010/12/03 15:54:24 | 000,026,112 | ---- | C] () -- C:\WINDOWS\System32\dll.dll
[2010/10/19 15:57:57 | 000,000,410 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2010/09/22 16:11:14 | 001,135,690 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1056822473-1600158498-2327631252-1234-0.dat
[2010/09/22 16:11:13 | 000,384,594 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2010/07/02 08:59:31 | 000,406,272 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2009/11/11 12:58:48 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\RunSetup.dll
[2009/11/11 12:58:48 | 000,024,576 | ---- | C] () -- C:\WINDOWS\RunSetup.dll
[2009/08/27 12:27:41 | 000,006,656 | ---- | C] () -- C:\WINDOWS\System32\CNMVS5k.DLL
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/05/27 10:04:03 | 000,360,283 | ---- | C] () -- C:\Documents and Settings\FozailR\Local Settings\Application Data\debuggee.mdmp
[2009/03/11 11:09:07 | 000,000,125 | ---- | C] () -- C:\WINDOWS\fd3.INI
[2009/01/08 15:25:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\frontpg.ini
[2008/12/29 16:07:06 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\FozailR\Local Settings\Application Data\PUTTY.RND
[2008/10/16 16:35:37 | 000,072,672 | ---- | C] () -- C:\WINDOWS\System32\drivers\LxrSII1d.sys
[2008/10/16 16:35:37 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\LxrSII1s.exe
[2008/08/19 14:54:19 | 000,065,056 | ---- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2008/07/30 11:53:36 | 000,017,920 | ---- | C] () -- C:\Documents and Settings\FozailR\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/07/29 16:43:31 | 002,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll
[2008/07/25 08:38:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/07/24 16:36:49 | 000,021,791 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.ini
[2008/07/24 16:36:48 | 000,001,037 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini
[2008/07/24 16:36:16 | 000,038,576 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
[2008/07/24 16:36:16 | 000,010,225 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini
[2008/07/24 16:36:15 | 000,011,435 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini
[2008/07/24 13:29:54 | 000,000,610 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/07/24 13:19:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2008/07/24 13:10:50 | 000,102,400 | ---- | C] () -- C:\WINDOWS\AwdSLP.exe
[2008/07/24 12:44:26 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2008/07/24 12:44:25 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2008/07/24 12:23:49 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/07/24 12:19:17 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/07/24 08:12:40 | 000,004,327 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/07/24 08:11:37 | 001,630,712 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006/01/24 18:15:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/01/24 18:15:00 | 001,519,616 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2006/01/24 18:15:00 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/01/24 18:15:00 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2006/01/24 18:15:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/01/24 18:15:00 | 000,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/01/24 18:15:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/01/24 18:15:00 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2006/01/24 18:15:00 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2006/01/24 18:15:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/01/24 18:15:00 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2004/08/04 02:07:22 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/02 15:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2001/08/23 09:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 09:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/08/23 09:00:00 | 000,592,732 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/08/23 09:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/23 09:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/23 09:00:00 | 000,121,498 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/08/23 09:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/23 09:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/23 09:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/08/23 09:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2009/09/03 16:15:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Bug Shooting
[2011/05/25 17:04:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GlobalSCAPE
[2011/06/03 12:49:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2008/07/24 13:43:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PreEmptive Solutions
[2010/09/29 16:37:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/05/17 15:44:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FozailR\Application Data\AnvSoft
[2010/05/17 15:41:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FozailR\Application Data\Audacity
[2011/06/06 14:50:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FozailR\Application Data\CoreFTP
[2009/12/07 18:05:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FozailR\Application Data\CuteRank
[2011/06/06 10:14:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FozailR\Application Data\FileZilla
[2011/05/25 17:03:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FozailR\Application Data\GlobalSCAPE
[2008/08/29 16:12:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FozailR\Application Data\JAM Software
[2009/06/17 15:56:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FozailR\Application Data\MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1
[2011/01/03 11:42:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FozailR\Application Data\Notepad++
[2008/10/08 16:54:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FozailR\Application Data\OfficeUpdate12
[2011/06/03 16:36:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FozailR\Application Data\Opera
[2011/03/14 17:18:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FozailR\Application Data\StumbleUpon
[2009/08/17 16:47:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FozailR\Application Data\Subversion
[2011/04/21 14:33:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FozailR\Application Data\SWI-Prolog
[2011/04/21 14:48:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FozailR\Application Data\xpce

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\FozailR\Desktop\Repair_v2.9.1.1.exe:SummaryInformation
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:98781370

< End of report >
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP