Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

My computer getting eated! redirect virus!

Started by zdoodles , Jun 11 2011 03:30 PM

  • Please log in to reply

#1
zdoodles
Posted 11 June 2011 - 03:30 PM

zdoodles

    New Member

  • Member
  • Pip
  • 1 posts
im an experianced hardware tech... but knowing hardware means nothing when a redirect virus from [bleep] is eating my computer... my syptoms are, redirecting, downloading of spyware, upset stomache, downloads of downloaders, headache, slowness, greevence, new viruses every day, homoside of PC, and occasional popup asking me to install a random program I didnt ask for...
I ran, avast, malwarebytes, tried superantispyware, and spybot S&D, hijack this and cant really figure it out... but I was calm because I was listining to "I swear" by "All for one"....
here is my log...
and thanks for yor help. :)

OTL logfile created on: 6/12/2011 11:13:02 AM - Run 1
OTL by OldTimer - Version 3.2.24.0 Folder = C:\Documents and Settings\Crystal\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.94 Gb Total Physical Memory | 1.09 Gb Available Physical Memory | 56.19% Memory free
3.79 Gb Paging File | 3.07 Gb Available in Paging File | 80.98% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 127.99 Gb Total Space | 80.98 Gb Free Space | 63.27% Space Free | Partition Type: NTFS

Computer Name: ACEREATER | User Name: Crystal | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/12 10:59:54 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Crystal\Desktop\OTL.exe
PRC - [2011/05/29 09:11:28 | 000,449,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/05/10 05:10:58 | 003,459,712 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/05/10 05:10:57 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2010/11/22 22:52:46 | 000,718,072 | ---- | M] (Tunngle.net GmbH) -- C:\Program Files\Tunngle\TnglCtrl.exe
PRC - [2010/04/12 01:40:16 | 000,180,224 | ---- | M] (PowerISO Computing, Inc.) -- C:\Program Files\PowerISO\PWRISOVM.EXE
PRC - [2009/06/26 17:21:00 | 000,757,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\vVX1000.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2011/06/12 10:59:54 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Crystal\Desktop\OTL.exe
MOD - [2011/05/10 05:10:55 | 000,199,792 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\snxhk.dll
MOD - [2010/08/23 09:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/05/10 05:10:57 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/11/22 22:52:46 | 000,718,072 | ---- | M] (Tunngle.net GmbH) [Auto | Running] -- C:\Program Files\Tunngle\TnglCtrl.exe -- (TunngleService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Unknown | Running] -- -- (SASKUTIL)
DRV - File not found [Kernel | Unknown | Running] -- -- (SASDIFSV)
DRV - [2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/05/10 05:03:54 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/05/10 05:03:44 | 000,307,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/05/10 05:02:37 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/05/10 05:02:25 | 000,102,616 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/05/10 04:59:56 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/05/10 04:59:37 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/05/10 04:59:35 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/04/12 01:44:34 | 000,059,388 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2010/02/11 05:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2009/09/16 07:02:40 | 000,027,136 | ---- | M] (Tunngle.net) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\tap0901t.sys -- (tap0901t) TAP-Win32 Adapter V9 (Tunngle)
DRV - [2009/06/26 17:21:02 | 001,956,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\VX1000.sys -- (VX1000)
DRV - [2008/04/13 11:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008/04/13 11:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\nmnt.sys -- (nm)
DRV - [2006/04/04 21:58:44 | 001,536,000 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006/03/08 14:27:12 | 004,246,016 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2005/03/04 11:10:26 | 000,074,496 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\Rtlnicxp.sys -- (RTL8023xp)
DRV - [2004/08/03 22:31:32 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\rtl8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2001/08/18 05:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2001/08/18 05:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\nwlnkspx.sys -- (NwlnkSpx)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2011/06/10 16:16:12 | 000,434,940 | R--- | M]) - C:\WINDOWS\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 14971 more lines...
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [VX1000] C:\WINDOWS\vVX1000.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1306475537717 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Crystal\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Crystal\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/05/26 22:47:07 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/12 10:59:41 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Crystal\Desktop\OTL.exe
[2011/06/12 10:44:06 | 001,437,488 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Crystal\Desktop\TDSSKiller.exe
[2011/06/12 10:41:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Crystal\Desktop\GooredFix Backups
[2011/06/12 10:41:13 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Documents and Settings\Crystal\Desktop\GooredFix.exe
[2011/06/12 10:39:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/06/12 10:33:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Crystal\Desktop\New Folder
[2011/06/10 15:30:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Crystal\Local Settings\Application Data\PCHealth
[2011/06/10 15:14:26 | 000,000,000 | ---D | C] -- C:\0fb560187aa60e750a1d64f9b991cf95
[2011/06/10 01:19:33 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/06/10 01:19:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2011/06/10 00:56:27 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/06/10 00:56:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Crystal\Start Menu\Programs\HiJackThis
[2011/06/10 00:42:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/06/09 19:18:59 | 000,019,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/06/09 19:18:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
[2011/06/09 19:18:58 | 000,307,928 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/06/09 19:18:55 | 000,049,240 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/06/09 19:18:55 | 000,025,432 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/06/09 19:18:54 | 000,441,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/06/09 19:18:53 | 000,102,616 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/06/09 19:18:53 | 000,096,344 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/06/09 19:18:52 | 000,030,808 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/06/09 19:18:35 | 000,040,112 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/06/09 19:18:34 | 000,199,304 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/06/09 19:18:15 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/06/09 19:18:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/06/09 19:03:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Crystal\Application Data\Malwarebytes
[2011/06/09 19:03:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/06/09 19:03:44 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/06/09 19:03:42 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/06/09 19:03:42 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/06/09 19:03:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/06/09 15:16:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Crystal\Desktop\Games
[2011/06/09 15:14:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\1602 AD
[2011/06/09 15:13:57 | 000,000,000 | ---D | C] -- C:\Program Files\1602 A.D
[2011/06/09 11:41:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2011/06/09 11:41:08 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2011/06/09 11:41:02 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2011/06/09 11:40:24 | 000,000,000 | ---D | C] -- C:\d6cf7e0b7ed2da0b193b4e0357f000
[2011/06/09 10:01:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Nexon
[2011/06/09 09:56:47 | 000,000,000 | ---D | C] -- C:\Nexon
[2011/06/09 09:56:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NexonUS
[2011/06/09 01:34:33 | 000,000,000 | ---D | C] -- C:\Program Files\Pando Networks
[2011/06/07 22:44:47 | 000,000,000 | ---D | C] -- C:\Program Files\Conquer Online 2.0
[2011/06/07 12:48:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Copy of Minecraft 1.3_01
[2011/06/06 15:38:31 | 000,000,000 | ---D | C] -- C:\Program Files\Bethesda Softworks
[2011/06/06 15:38:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Bethesda Softworks
[2011/06/06 15:38:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Crystal\Local Settings\Application Data\Oblivion
[2011/06/06 15:38:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Crystal\My Documents\My Games
[2011/06/05 23:29:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2011/06/05 23:29:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2011/06/05 23:29:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/06/05 23:28:48 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2011/06/05 23:28:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Crystal\Application Data\Sun
[2011/06/05 22:56:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\The.Elder.Scrolls.IV.Oblivion + NoDVD Crack
[2011/06/04 17:15:41 | 000,000,000 | ---D | C] -- C:\Program Files\Black Isle
[2011/06/04 15:59:59 | 000,000,000 | ---D | C] -- C:\Program Files\Sony Online Entertainment
[2011/06/04 15:00:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Crystal\Application Data\Sony Online Entertainment
[2011/06/04 15:00:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Crystal\Local Settings\Application Data\SCE
[2011/06/04 14:59:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PlanetSide
[2011/06/04 14:59:20 | 000,000,000 | ---D | C] -- C:\Program Files\Sony
[2011/06/03 16:46:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Crystal\Start Menu\Programs\Diablo II
[2011/06/03 16:31:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PowerISO
[2011/06/03 16:31:50 | 000,000,000 | ---D | C] -- C:\Program Files\PowerISO
[2011/06/03 16:29:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Diablo 2 full game with expansion
[2011/06/01 22:33:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Crystal\My Documents\Tunngle
[2011/06/01 22:33:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Crystal\Application Data\Tunngle
[2011/06/01 22:33:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Tunngle
[2011/06/01 22:33:37 | 000,027,136 | ---- | C] (Tunngle.net) -- C:\WINDOWS\System32\drivers\tap0901t.sys
[2011/06/01 22:33:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Tunngle
[2011/06/01 22:33:36 | 000,000,000 | ---D | C] -- C:\Program Files\Tunngle
[2011/06/01 12:39:36 | 000,000,000 | R-SD | C] -- C:\WINDOWS\assembly
[2011/06/01 12:39:00 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2011/06/01 12:38:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET
[2011/05/31 16:25:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
[2011/05/30 17:03:36 | 000,118,784 | ---- | C] (Blizzard Entertainment) -- C:\WINDOWS\DiabUnin.exe
[2011/05/30 17:03:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Crystal\Start Menu\Programs\Diablo
[2011/05/30 17:03:33 | 000,000,000 | ---D | C] -- C:\Program Files\Diablo
[2011/05/30 13:09:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Crystal\Desktop
[2011/05/29 14:16:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\EA Games
[2011/05/29 13:55:53 | 000,000,000 | ---D | C] -- C:\Program Files\EA GAMES
[2011/05/29 13:54:35 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Crystal\Start Menu\Programs\Administrative Tools
[2011/05/27 19:47:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Diablo II
[2011/05/27 19:46:59 | 000,094,208 | ---- | C] (Blizzard Entertainment) -- C:\WINDOWS\DIIUnin.exe
[2011/05/27 19:29:50 | 000,000,000 | ---D | C] -- C:\Program Files\Diablo II
[2011/05/27 08:21:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Crystal\Application Data\Adobe
[2011/05/27 08:18:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Crystal\Application Data\Macromedia
[2011/05/27 02:14:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Crystal\Start Menu\Programs\WinRAR
[2011/05/27 02:14:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Crystal\Application Data\WinRAR
[2011/05/27 02:14:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinRAR
[2011/05/27 02:14:13 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2011/05/27 02:12:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Crystal\Application Data\GlarySoft
[2011/05/27 01:50:58 | 000,000,000 | ---D | C] -- C:\SoftPaq
[2011/05/27 01:49:00 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2011/05/27 01:46:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Crystal\Application Data\WinBatch
[2011/05/27 01:45:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Lang
[2011/05/27 01:43:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\RTCOM
[2011/05/27 01:43:31 | 002,809,856 | ---- | C] (RealTek Semicoductor Corp.) -- C:\WINDOWS\alcwzrd.exe
[2011/05/27 01:43:31 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2011/05/27 01:43:31 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2011/05/27 01:43:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2011/05/27 01:26:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Crystal\Application Data\skypePM
[2011/05/27 01:26:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Skype Extras
[2011/05/27 01:25:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Glary Utilities
[2011/05/27 01:25:27 | 000,000,000 | ---D | C] -- C:\Program Files\Glary Utilities
[2011/05/27 01:25:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Crystal\Application Data\Skype
[2011/05/27 01:24:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2011/05/27 01:24:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[2011/05/27 01:24:22 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2011/05/27 01:24:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Skype
[2011/05/27 00:48:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Crystal\My Documents\Downloads
[2011/05/27 00:43:28 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/05/27 00:28:56 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Crystal\IECompatCache
[2011/05/27 00:28:41 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Crystal\PrivacIE
[2011/05/27 00:28:10 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Crystal\IETldCache
[2011/05/27 00:22:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2011/05/27 00:22:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2011/05/27 00:21:21 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2011/05/27 00:08:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2011/05/26 23:58:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2011/05/26 23:58:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-us
[2011/05/26 23:58:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2011/05/26 23:58:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2011/05/26 23:55:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2011/05/26 23:17:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
[2011/05/26 23:17:13 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$
[2011/05/26 23:17:02 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
[2011/05/26 23:16:41 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrent
[2011/05/26 23:16:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Crystal\Application Data\uTorrent
[2011/05/26 23:11:53 | 000,000,000 | --SD | C] -- C:\WINDOWS\System32\Microsoft
[2011/05/26 23:08:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\provisioning
[2011/05/26 23:08:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\peernet
[2011/05/26 23:07:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2011/05/26 23:05:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ReinstallBackups
[2011/05/26 23:03:47 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2011/05/26 23:03:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\EHome
[2011/05/26 22:56:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2011/05/26 22:54:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2011/05/26 22:52:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution
[2011/05/26 22:52:07 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Crystal\UserData
[2011/05/26 22:50:52 | 000,000,000 | -HSD | C] -- C:\WINDOWS\Installer
[2011/05/26 22:50:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Crystal\Application Data\Identities
[2011/05/26 22:50:45 | 000,000,000 | -H-D | C] -- C:\Program Files\Uninstall Information
[2011/05/26 22:50:44 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Crystal\My Documents\My Pictures
[2011/05/26 22:50:44 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Crystal\My Documents\My Music
[2011/05/26 22:50:42 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Crystal\Application Data\Microsoft
[2011/05/26 22:50:42 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Crystal\SendTo
[2011/05/26 22:50:42 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Crystal\Recent
[2011/05/26 22:50:42 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Crystal\Application Data
[2011/05/26 22:50:42 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Crystal\Start Menu\Programs\Startup
[2011/05/26 22:50:42 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Crystal\Start Menu
[2011/05/26 22:50:42 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Crystal\My Documents
[2011/05/26 22:50:42 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Crystal\Favorites
[2011/05/26 22:50:42 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Crystal\Start Menu\Programs\Accessories
[2011/05/26 22:50:42 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Crystal\Cookies
[2011/05/26 22:50:42 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Crystal\Templates
[2011/05/26 22:50:42 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Crystal\PrintHood
[2011/05/26 22:50:42 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Crystal\NetHood
[2011/05/26 22:50:42 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Crystal\Local Settings
[2011/05/26 22:50:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Crystal\Local Settings\Application Data\Microsoft
[2011/05/26 22:50:03 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2011/05/26 22:49:55 | 000,000,000 | --SD | C] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2011/05/26 22:49:55 | 000,000,000 | --SD | C] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2011/05/26 22:49:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2011/05/26 22:49:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2011/05/26 22:48:28 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2011/05/26 22:48:28 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2011/05/26 22:47:32 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2011/05/26 22:47:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\xircom
[2011/05/26 22:47:16 | 000,000,000 | ---D | C] -- C:\Program Files\xerox
[2011/05/26 22:47:16 | 000,000,000 | ---D | C] -- C:\Program Files\microsoft frontpage
[2011/05/26 22:46:23 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\DRM
[2011/05/26 22:46:15 | 000,000,000 | --SD | C] -- C:\WINDOWS\Downloaded Program Files
[2011/05/26 22:46:15 | 000,000,000 | R--D | C] -- C:\WINDOWS\Offline Web Pages
[2011/05/26 22:45:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\srchasst
[2011/05/26 22:45:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Macromed
[2011/05/26 22:45:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DirectX
[2011/05/26 22:45:27 | 000,000,000 | ---D | C] -- C:\Program Files\Movie Maker
[2011/05/26 22:44:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Restore
[2011/05/26 22:44:58 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Player
[2011/05/26 22:44:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\PCHEALTH
[2011/05/26 22:44:54 | 000,000,000 | ---D | C] -- C:\Program Files\NetMeeting
[2011/05/26 22:44:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Services
[2011/05/26 22:44:47 | 000,000,000 | --SD | C] -- C:\WINDOWS\Tasks
[2011/05/26 22:44:47 | 000,000,000 | ---D | C] -- C:\Program Files\Outlook Express
[2011/05/26 22:44:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MSSoap
[2011/05/26 22:44:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\System
[2011/05/26 22:44:38 | 000,000,000 | ---D | C] -- C:\Program Files\Internet Explorer
[2011/05/26 22:44:37 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Pictures
[2011/05/26 22:44:37 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Music
[2011/05/26 22:44:24 | 000,000,000 | ---D | C] -- C:\Program Files\ComPlus Applications
[2011/05/26 22:44:18 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools
[2011/05/26 22:44:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\Registration
[2011/05/26 22:43:56 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Games
[2011/05/26 22:43:55 | 000,000,000 | -H-D | C] -- C:\Program Files\WindowsUpdate
[2011/05/26 22:43:55 | 000,000,000 | ---D | C] -- C:\Program Files\Online Services
[2011/05/26 22:43:51 | 000,000,000 | ---D | C] -- C:\Program Files\Messenger
[2011/05/26 22:43:43 | 000,000,000 | ---D | C] -- C:\Program Files\MSN
[2011/05/26 22:43:39 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Gaming Zone
[2011/05/26 22:43:29 | 000,000,000 | ---D | C] -- C:\Program Files\Windows NT
[2011/05/26 22:43:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MsDtc
[2011/05/26 22:43:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Com
[2011/05/26 22:42:12 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Accessories
[2011/05/26 15:36:59 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup
[2011/05/26 15:36:59 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu
[2011/05/26 15:36:59 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents
[2011/05/26 15:36:59 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Templates
[2011/05/26 15:36:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Favorites
[2011/05/26 15:36:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Desktop
[2011/05/26 15:36:39 | 000,000,000 | --SD | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2011/05/26 15:36:39 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\All Users\Application Data
[2011/05/26 15:02:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ODBC
[2011/05/26 15:02:09 | 000,000,000 | R--D | C] -- C:\Program Files
[2011/05/26 15:02:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SpeechEngines
[2011/05/26 15:02:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Microsoft Shared
[2011/05/26 15:02:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files
[2011/05/26 15:01:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot2
[2011/05/26 15:01:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot
[2011/05/26 15:01:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings
[2011/05/26 14:55:42 | 000,000,000 | R-SD | C] -- C:\WINDOWS\Fonts
[2011/05/26 14:55:42 | 000,000,000 | RHSD | C] -- C:\WINDOWS\System32\dllcache
[2011/05/26 14:55:42 | 000,000,000 | R--D | C] -- C:\WINDOWS\Web
[2011/05/26 14:55:42 | 000,000,000 | -H-D | C] -- C:\WINDOWS\inf
[2011/05/26 14:55:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\WinSxS
[2011/05/26 14:55:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wins
[2011/05/26 14:55:42 | 000,000,000 | ---D | C] -- C:\WINDOWS
[2011/05/26 14:55:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wbem
[2011/05/26 14:55:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\usmt
[2011/05/26 14:55:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\twain_32
[2011/05/26 14:55:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\Temp
[2011/05/26 14:55:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32
[2011/05/26 14:55:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\system
[2011/05/26 14:55:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\spool
[2011/05/26 14:55:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ShellExt
[2011/05/26 14:55:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Setup
[2011/05/26 14:55:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\security
[2011/05/26 14:55:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\Resources
[2011/05/26 14:55:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\repair
[2011/05/26 14:55:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ras
[2011/05/26 14:55:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\oobe
[2011/05/26 14:55:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\npp
[2011/05/26 14:55:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\mui
[2011/05/26 14:55:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\mui
[2011/05/26 14:55:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\msapps
[2011/05/26 14:55:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\msagent
[2011/05/26 14:55:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\Media
[2011/05/26 14:55:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\java
[2011/05/26 14:55:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\inetsrv
[2011/05/26 14:55:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\IME
[2011/05/26 14:55:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\ime
[2011/05/26 14:55:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\icsxml
[2011/05/26 14:55:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ias
[2011/05/26 14:55:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\Help
[2011/05/26 14:55:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\export
[2011/05/26 14:55:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\etc
[2011/05/26 14:55:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers
[2011/05/26 14:55:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\Driver Cache
[2011/05/26 14:55:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\disdn
[2011/05/26 14:55:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\dhcp
[2011/05/26 14:55:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\Debug
[2011/05/26 14:55:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\Cursors
[2011/05/26 14:55:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\Connection Wizard
[2011/05/26 14:55:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\config
[2011/05/26 14:55:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\Config
[2011/05/26 14:55:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\AppPatch
[2011/05/26 14:55:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\addins
[2011/05/26 14:55:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3com_dmi
[2011/05/26 14:55:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3076
[2011/05/26 14:55:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\2052
[2011/05/26 14:55:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1054
[2011/05/26 14:55:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1042
[2011/05/26 14:55:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1041
[2011/05/26 14:55:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1037
[2011/05/26 14:55:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1033
[2011/05/26 14:55:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1031
[2011/05/26 14:55:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1028
[2011/05/26 14:55:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1025
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/12 10:59:54 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Crystal\Desktop\OTL.exe
[2011/06/12 10:44:02 | 001,305,136 | ---- | M] () -- C:\Documents and Settings\Crystal\Desktop\tdsskiller.zip
[2011/06/12 10:41:14 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Documents and Settings\Crystal\Desktop\GooredFix.exe
[2011/06/11 13:34:40 | 000,002,451 | ---- | M] () -- C:\Documents and Settings\Crystal\Desktop\HiJackThis.lnk
[2011/06/11 13:16:11 | 000,000,316 | ---- | M] () -- C:\WINDOWS\tasks\GlaryInitialize.job
[2011/06/11 13:16:05 | 000,000,310 | -HS- | M] () -- C:\WINDOWS\tasks\yjhz.job
[2011/06/11 13:15:57 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/11 13:15:14 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\Access.dat
[2011/06/10 20:16:30 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011/06/10 16:16:12 | 000,434,940 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/06/10 15:52:58 | 000,457,414 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/06/10 15:52:58 | 000,076,124 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/06/09 21:57:44 | 000,005,120 | ---- | M] () -- C:\Documents and Settings\Crystal\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/09 21:22:52 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/06/09 19:18:59 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/06/09 19:18:53 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/06/09 18:15:44 | 000,086,528 | RHS- | M] () -- C:\WINDOWS\System32\dpserial2.dll
[2011/06/09 17:17:15 | 000,013,002 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/06/09 17:17:10 | 000,095,864 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/06/09 13:39:14 | 000,349,184 | ---- | M] () -- C:\Documents and Settings\Crystal\My Documents\anno1602patch5_int.exe
[2011/06/09 02:12:26 | 2377,931,650 | ---- | M] () -- C:\Documents and Settings\Crystal\Desktop\MSSetupv98.exe
[2011/06/07 17:32:48 | 001,437,488 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Crystal\Desktop\TDSSKiller.exe
[2011/06/06 16:15:23 | 000,000,023 | ---- | M] () -- C:\WINDOWS\BlendSettings.ini
[2011/06/05 23:40:25 | 000,000,129 | ---- | M] () -- C:\Documents and Settings\Crystal\jagex_runescape_preferences2.dat
[2011/06/05 23:40:25 | 000,000,034 | ---- | M] () -- C:\Documents and Settings\Crystal\jagex_runescape_preferences.dat
[2011/06/04 16:00:06 | 000,001,949 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Station Launcher.lnk
[2011/06/03 16:48:27 | 000,037,159 | ---- | M] () -- C:\WINDOWS\DIIUnin.dat
[2011/06/03 16:31:51 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\PowerISO.lnk
[2011/06/01 22:33:38 | 000,000,616 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Tunngle beta.lnk
[2011/05/31 16:28:02 | 000,021,840 | ---- | M] () -- C:\WINDOWS\System32\SIntfNT.dll
[2011/05/31 16:28:02 | 000,017,212 | ---- | M] () -- C:\WINDOWS\System32\SIntf32.dll
[2011/05/31 16:28:02 | 000,012,067 | ---- | M] () -- C:\WINDOWS\System32\SIntf16.dll
[2011/05/30 18:19:44 | 000,000,436 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics
[2011/05/30 17:20:48 | 000,004,696 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/05/30 17:03:36 | 000,118,784 | ---- | M] (Blizzard Entertainment) -- C:\WINDOWS\DiabUnin.exe
[2011/05/30 17:03:36 | 000,005,454 | ---- | M] () -- C:\WINDOWS\DiabUnin.dat
[2011/05/30 17:03:36 | 000,002,829 | ---- | M] () -- C:\WINDOWS\DiabUnin.pif
[2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/05/28 12:07:09 | 000,000,804 | ---- | M] () -- C:\Documents and Settings\Crystal\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/05/27 19:47:00 | 000,002,829 | ---- | M] () -- C:\WINDOWS\DIIUnin.pif
[2011/05/27 19:46:59 | 000,094,208 | ---- | M] (Blizzard Entertainment) -- C:\WINDOWS\DIIUnin.exe
[2011/05/27 02:01:18 | 000,460,824 | ---- | M] () -- C:\img2-001.raw
[2011/05/27 01:26:43 | 000,000,056 | -H-- | M] () -- C:\WINDOWS\System32\ezsidmv.dat
[2011/05/27 01:12:21 | 069,375,043 | ---- | M] () -- C:\Documents and Settings\Crystal\My Documents\KF_v1021_To_v1022_Update.exe
[2011/05/27 01:05:27 | 083,517,619 | ---- | M] () -- C:\Documents and Settings\Crystal\My Documents\KF_v1020_To_v1021_Update.exe
[2011/05/27 01:04:47 | 072,994,267 | ---- | M] () -- C:\Documents and Settings\Crystal\My Documents\KF_v1019_To_v1020_Update.exe
[2011/05/27 01:02:27 | 011,519,814 | ---- | M] () -- C:\Documents and Settings\Crystal\My Documents\KF_v1018_To_v1019_Update.exe
[2011/05/27 01:02:26 | 033,894,672 | ---- | M] () -- C:\Documents and Settings\Crystal\My Documents\KF_v1017_To_v1018_Update.exe
[2011/05/27 01:01:01 | 055,823,703 | ---- | M] () -- C:\Documents and Settings\Crystal\My Documents\KF_v1016_To_v1017_Update.exe
[2011/05/27 00:28:13 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Crystal\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/05/27 00:10:53 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2011/05/26 23:54:59 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2011/05/26 23:09:06 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2011/05/26 23:06:02 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2011/05/26 22:58:18 | 000,012,980 | ---- | M] () -- C:\WINDOWS\System32\wpa.bak
[2011/05/26 22:50:56 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Crystal\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2011/05/26 22:50:51 | 000,025,065 | ---- | M] () -- C:\WINDOWS\System32\wmpscheme.xml
[2011/05/26 22:48:46 | 000,000,261 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2011/05/26 22:47:07 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2011/05/26 22:47:07 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2011/05/26 22:47:07 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2011/05/26 22:47:07 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2011/05/26 22:47:05 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2011/05/26 22:47:05 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2011/05/26 22:47:04 | 000,299,552 | ---- | M] () -- C:\WINDOWS\WMSysPrx.prx
[2011/05/26 22:46:57 | 000,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2011/05/26 22:44:32 | 000,021,640 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/12 10:44:02 | 001,305,136 | ---- | C] () -- C:\Documents and Settings\Crystal\Desktop\tdsskiller.zip
[2011/06/10 16:16:12 | 000,000,734 | ---- | C] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110610-161612.backup
[2011/06/10 00:56:27 | 000,002,451 | ---- | C] () -- C:\Documents and Settings\Crystal\Desktop\HiJackThis.lnk
[2011/06/09 19:18:59 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/06/09 18:15:44 | 000,086,528 | RHS- | C] () -- C:\WINDOWS\System32\dpserial2.dll
[2011/06/09 18:15:44 | 000,000,310 | -HS- | C] () -- C:\WINDOWS\tasks\yjhz.job
[2011/06/09 13:42:27 | 000,349,184 | ---- | C] () -- C:\Documents and Settings\Crystal\My Documents\anno1602patch5_int.exe
[2011/06/09 01:34:58 | 2377,931,650 | ---- | C] () -- C:\Documents and Settings\Crystal\Desktop\MSSetupv98.exe
[2011/06/06 16:04:47 | 000,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini
[2011/06/05 23:31:32 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\Crystal\jagex_runescape_preferences2.dat
[2011/06/05 23:30:05 | 000,000,034 | ---- | C] () -- C:\Documents and Settings\Crystal\jagex_runescape_preferences.dat
[2011/06/04 16:00:06 | 000,001,955 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Station Launcher.lnk
[2011/06/04 16:00:06 | 000,001,949 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Station Launcher.lnk
[2011/06/03 16:31:51 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\PowerISO.lnk
[2011/06/01 22:34:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\Access.dat
[2011/06/01 22:33:38 | 000,000,616 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Tunngle beta.lnk
[2011/05/30 17:03:36 | 000,002,829 | ---- | C] () -- C:\WINDOWS\DiabUnin.pif
[2011/05/30 17:03:33 | 000,005,454 | ---- | C] () -- C:\WINDOWS\DiabUnin.dat
[2011/05/28 12:28:57 | 000,005,120 | ---- | C] () -- C:\Documents and Settings\Crystal\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/28 12:07:09 | 000,000,804 | ---- | C] () -- C:\Documents and Settings\Crystal\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/05/28 09:37:55 | 000,000,436 | ---- | C] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics
[2011/05/27 19:52:46 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2011/05/27 19:52:46 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2011/05/27 19:52:46 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2011/05/27 19:47:02 | 000,037,159 | ---- | C] () -- C:\WINDOWS\DIIUnin.dat
[2011/05/27 19:47:00 | 000,002,829 | ---- | C] () -- C:\WINDOWS\DIIUnin.pif
[2011/05/27 02:01:18 | 000,460,824 | ---- | C] () -- C:\img2-001.raw
[2011/05/27 01:48:51 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2011/05/27 01:44:02 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2011/05/27 01:44:02 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2011/05/27 01:26:43 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2011/05/27 01:25:31 | 000,000,316 | ---- | C] () -- C:\WINDOWS\tasks\GlaryInitialize.job
[2011/05/27 01:25:14 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/05/27 01:24:23 | 000,002,265 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011/05/27 01:12:19 | 069,375,043 | ---- | C] () -- C:\Documents and Settings\Crystal\My Documents\KF_v1021_To_v1022_Update.exe
[2011/05/27 01:05:26 | 083,517,619 | ---- | C] () -- C:\Documents and Settings\Crystal\My Documents\KF_v1020_To_v1021_Update.exe
[2011/05/27 01:04:43 | 072,994,267 | ---- | C] () -- C:\Documents and Settings\Crystal\My Documents\KF_v1019_To_v1020_Update.exe
[2011/05/27 01:02:27 | 011,519,814 | ---- | C] () -- C:\Documents and Settings\Crystal\My Documents\KF_v1018_To_v1019_Update.exe
[2011/05/27 01:02:25 | 033,894,672 | ---- | C] () -- C:\Documents and Settings\Crystal\My Documents\KF_v1017_To_v1018_Update.exe
[2011/05/27 01:00:59 | 055,823,703 | ---- | C] () -- C:\Documents and Settings\Crystal\My Documents\KF_v1016_To_v1017_Update.exe
[2011/05/26 23:49:55 | 000,010,457 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.hta
[2011/05/26 23:49:55 | 000,001,771 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.css
[2011/05/26 23:49:55 | 000,000,855 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpocm.inf
[2011/05/26 23:49:55 | 000,000,420 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmploc.js
[2011/05/26 23:49:54 | 000,613,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.chm
[2011/05/26 23:49:54 | 000,354,468 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud1.wav
[2011/05/26 23:49:54 | 000,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud7.wav
[2011/05/26 23:49:54 | 000,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud6.wav
[2011/05/26 23:49:54 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud9.wav
[2011/05/26 23:49:54 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud8.wav
[2011/05/26 23:49:54 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud3.wav
[2011/05/26 23:49:54 | 000,086,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud5.wav
[2011/05/26 23:49:54 | 000,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud4.wav
[2011/05/26 23:49:54 | 000,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud2.wav
[2011/05/26 23:49:54 | 000,067,374 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.adm
[2011/05/26 23:49:54 | 000,029,070 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmp.inf
[2011/05/26 23:49:54 | 000,023,195 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplay.chm
[2011/05/26 23:49:53 | 000,017,272 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmdm.inf
[2011/05/26 23:49:53 | 000,008,677 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm7.gif
[2011/05/26 23:49:53 | 000,007,892 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm9.gif
[2011/05/26 23:49:53 | 000,007,636 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm2.gif
[2011/05/26 23:49:53 | 000,007,369 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm4.gif
[2011/05/26 23:49:53 | 000,006,769 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmfsdk.inf
[2011/05/26 23:49:53 | 000,006,241 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm3.gif
[2011/05/26 23:49:53 | 000,006,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm6.gif
[2011/05/26 23:49:53 | 000,005,789 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm1.gif
[2011/05/26 23:49:53 | 000,004,193 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm8.gif
[2011/05/26 23:49:53 | 000,002,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm5.gif
[2011/05/26 23:49:52 | 000,300,969 | ---- | C] () -- C:\WINDOWS\System32\dllcache\viz.wmv
[2011/05/26 23:49:52 | 000,017,489 | ---- | C] () -- C:\WINDOWS\System32\dllcache\videobg.gif
[2011/05/26 23:49:52 | 000,005,290 | ---- | C] () -- C:\WINDOWS\System32\dllcache\vidsamp.gif
[2011/05/26 23:49:51 | 000,002,469 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplay.gif
[2011/05/26 23:49:51 | 000,002,375 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplayh.gif
[2011/05/26 23:49:51 | 000,002,371 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpauseh.gif
[2011/05/26 23:49:50 | 000,023,829 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tourbg.gif
[2011/05/26 23:49:50 | 000,003,187 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tour.js
[2011/05/26 23:49:50 | 000,002,450 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpause.gif
[2011/05/26 23:49:50 | 000,001,398 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taon.gif
[2011/05/26 23:49:50 | 000,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taonh.gif
[2011/05/26 23:49:50 | 000,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoff.gif
[2011/05/26 23:49:50 | 000,001,367 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoffh.gif
[2011/05/26 23:49:48 | 000,001,148 | ---- | C] () -- C:\WINDOWS\System32\dllcache\snd.htm
[2011/05/26 23:49:48 | 000,000,908 | ---- | C] () -- C:\WINDOWS\System32\dllcache\skins.inf
[2011/05/26 23:49:46 | 000,572,557 | ---- | C] () -- C:\WINDOWS\System32\dllcache\rtuner.wmv
[2011/05/26 23:49:46 | 000,066,725 | ---- | C] () -- C:\WINDOWS\System32\dllcache\revert.wmz
[2011/05/26 23:49:45 | 000,077,307 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plyr_err.chm
[2011/05/26 23:49:45 | 000,001,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst6.wpl
[2011/05/26 23:49:45 | 000,001,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst5.wpl
[2011/05/26 23:49:45 | 000,001,474 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst3.wpl
[2011/05/26 23:49:45 | 000,001,451 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst12.wpl
[2011/05/26 23:49:45 | 000,001,448 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst4.wpl
[2011/05/26 23:49:45 | 000,001,250 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst1.wpl
[2011/05/26 23:49:45 | 000,001,049 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst2.wpl
[2011/05/26 23:49:45 | 000,001,046 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst7.wpl
[2011/05/26 23:49:45 | 000,001,036 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst8.wpl
[2011/05/26 23:49:45 | 000,000,789 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst11.wpl
[2011/05/26 23:49:45 | 000,000,787 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst10.wpl
[2011/05/26 23:49:45 | 000,000,784 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst9.wpl
[2011/05/26 23:49:45 | 000,000,783 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst13.wpl
[2011/05/26 23:49:45 | 000,000,775 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst14.wpl
[2011/05/26 23:49:45 | 000,000,733 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst15.wpl
[2011/05/26 23:49:43 | 000,375,519 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nuskin.wmv
[2011/05/26 23:49:43 | 000,022,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npds.zip
[2011/05/26 23:49:43 | 000,000,403 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npdrmv2.zip
[2011/05/26 23:49:40 | 000,844,314 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msdxm.ocx
[2011/05/26 23:49:40 | 000,004,126 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msdxmlc.dll
[2011/05/26 23:49:39 | 000,457,607 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mdlib.wmv
[2011/05/26 23:49:39 | 000,018,286 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.inf
[2011/05/26 23:49:39 | 000,002,778 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogoh.gif
[2011/05/26 23:49:39 | 000,002,545 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogo.gif
[2011/05/26 23:49:35 | 000,001,261 | ---- | C] () -- C:\WINDOWS\System32\pid.inf
[2011/05/26 23:49:33 | 000,498,742 | ---- | C] () -- C:\WINDOWS\System32\dllcache\dxmasf.dll
[2011/05/26 23:49:33 | 000,005,971 | ---- | C] () -- C:\WINDOWS\System32\dllcache\events.js
[2011/05/26 23:49:31 | 000,381,425 | ---- | C] () -- C:\WINDOWS\System32\dllcache\copycd.wmv
[2011/05/26 23:49:31 | 000,009,585 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.css
[2011/05/26 23:49:31 | 000,008,298 | ---- | C] () -- C:\WINDOWS\System32\dllcache\contents.htm
[2011/05/26 23:49:31 | 000,006,878 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.js
[2011/05/26 23:49:30 | 000,184,959 | ---- | C] () -- C:\WINDOWS\System32\dllcache\compact.wmz
[2011/05/26 23:49:30 | 000,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnth.gif
[2011/05/26 23:49:30 | 000,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnt.gif
[2011/05/26 23:49:30 | 000,000,772 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cntd.gif
[2011/05/26 23:49:30 | 000,000,760 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapph.gif
[2011/05/26 23:49:30 | 000,000,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapp.gif
[2011/05/26 23:49:29 | 000,000,999 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bktrh.gif
[2011/05/26 23:09:00 | 000,316,640 | ---- | C] () -- C:\WINDOWS\WMSysPr9.prx
[2011/05/26 23:02:26 | 000,007,208 | ---- | C] () -- C:\WINDOWS\System32\secupd.sig
[2011/05/26 23:02:26 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2011/05/26 22:58:19 | 000,012,980 | ---- | C] () -- C:\WINDOWS\System32\wpa.bak
[2011/05/26 22:50:57 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\Crystal\Start Menu\Programs\Internet Explorer.lnk
[2011/05/26 22:50:56 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Crystal\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2011/05/26 22:50:50 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\Crystal\Start Menu\Programs\Outlook Express.lnk
[2011/05/26 22:50:45 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\Crystal\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/05/26 22:50:42 | 000,001,599 | ---- | C] () -- C:\Documents and Settings\Crystal\Start Menu\Programs\Remote Assistance.lnk
[2011/05/26 22:50:42 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\Crystal\Start Menu\Programs\Windows Media Player.lnk
[2011/05/26 22:48:46 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/05/26 22:48:24 | 000,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll
[2011/05/26 22:48:14 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2011/05/26 22:48:09 | 000,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2011/05/26 22:48:08 | 000,196,665 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe
[2011/05/26 22:48:06 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2011/05/26 22:47:51 | 013,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
[2011/05/26 22:47:44 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2011/05/26 22:47:34 | 000,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2011/05/26 22:47:08 | 000,002,625 | ---- | C] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/05/26 22:47:07 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2011/05/26 22:47:07 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2011/05/26 22:47:07 | 000,000,000 | ---- | C] () -- C:\CONFIG.SYS
[2011/05/26 22:47:07 | 000,000,000 | ---- | C] () -- C:\AUTOEXEC.BAT
[2011/05/26 22:47:05 | 000,025,065 | ---- | C] () -- C:\WINDOWS\System32\wmpscheme.xml
[2011/05/26 22:47:05 | 000,023,392 | ---- | C] () -- C:\WINDOWS\System32\nscompat.tlb
[2011/05/26 22:47:05 | 000,016,832 | ---- | C] () -- C:\WINDOWS\System32\amcompat.tlb
[2011/05/26 22:47:04 | 000,299,552 | ---- | C] () -- C:\WINDOWS\WMSysPrx.prx
[2011/05/26 22:45:52 | 004,399,505 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nls302en.lex
[2011/05/26 22:45:06 | 000,048,680 | -HS- | C] () -- C:\WINDOWS\winnt256.bmp
[2011/05/26 22:45:05 | 000,048,680 | -HS- | C] () -- C:\WINDOWS\winnt.bmp
[2011/05/26 22:45:00 | 000,000,984 | ---- | C] () -- C:\WINDOWS\System32\dllcache\srframe.mmf
[2011/05/26 22:44:32 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/05/26 22:43:55 | 000,001,844 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\MSN Explorer.lnk
[2011/05/26 22:43:55 | 000,000,785 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Messenger.lnk
[2011/05/26 22:43:25 | 000,065,832 | ---- | C] () -- C:\WINDOWS\Santa Fe Stucco.bmp
[2011/05/26 22:43:25 | 000,026,680 | ---- | C] () -- C:\WINDOWS\River Sumida.bmp
[2011/05/26 22:43:25 | 000,017,362 | ---- | C] () -- C:\WINDOWS\Rhododendron.bmp
[2011/05/26 22:43:25 | 000,009,522 | ---- | C] () -- C:\WINDOWS\Zapotec.bmp
[2011/05/26 22:43:24 | 000,065,978 | ---- | C] () -- C:\WINDOWS\Soap Bubbles.bmp
[2011/05/26 22:43:24 | 000,065,954 | ---- | C] () -- C:\WINDOWS\Prairie Wind.bmp
[2011/05/26 22:43:24 | 000,026,582 | ---- | C] () -- C:\WINDOWS\Greenstone.bmp
[2011/05/26 22:43:24 | 000,017,336 | ---- | C] () -- C:\WINDOWS\Gone Fishing.bmp
[2011/05/26 22:43:24 | 000,017,062 | ---- | C] () -- C:\WINDOWS\Coffee Bean.bmp
[2011/05/26 22:43:24 | 000,016,730 | ---- | C] () -- C:\WINDOWS\FeatherTexture.bmp
[2011/05/26 22:43:24 | 000,001,272 | ---- | C] () -- C:\WINDOWS\Blue Lace 16.bmp
[2011/05/26 22:43:19 | 000,003,286 | ---- | C] () -- C:\WINDOWS\System32\tslabels.h
[2011/05/26 22:43:19 | 000,001,161 | ---- | C] () -- C:\WINDOWS\System32\usrlogon.cmd
[2011/05/26 22:43:17 | 000,000,768 | ---- | C] () -- C:\WINDOWS\System32\msdtcprf.h
[2011/05/26 22:43:04 | 000,063,488 | ---- | C] () -- C:\WINDOWS\System32\wmimgmt.msc
[2011/05/26 15:02:16 | 000,004,696 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2011/05/26 15:02:13 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/05/26 15:02:11 | 001,685,606 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sam.spd
[2011/05/26 15:02:10 | 000,605,050 | ---- | C] () -- C:\WINDOWS\System32\dllcache\r1033tts.lxa
[2011/05/26 15:02:10 | 000,000,888 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sam.sdf
[2011/05/26 15:02:09 | 000,643,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ltts1033.lxa
[2011/05/26 15:01:55 | 000,001,688 | ---- | C] () -- C:\WINDOWS\System32\AUTOEXEC.NT
[2011/05/26 15:01:47 | 000,797,189 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2011/05/26 15:01:47 | 000,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2011/05/26 15:01:47 | 000,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
[2011/05/26 15:01:47 | 000,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT
[2011/05/26 15:01:47 | 000,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2011/05/26 15:01:47 | 000,007,382 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2011/05/26 15:01:15 | 000,095,864 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/05/26 15:00:22 | 000,000,211 | RHS- | C] () -- C:\boot.ini
[2011/05/26 15:00:20 | 000,000,261 | ---- | C] () -- C:\WINDOWS\System32\$winnt$.inf
[2009/06/26 17:21:02 | 000,015,498 | ---- | C] () -- C:\WINDOWS\VX1000.ini
[2006/03/30 09:15:06 | 000,125,796 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2001/08/18 05:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/18 05:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/08/18 05:00:00 | 000,457,414 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/08/18 05:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/18 05:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/18 05:00:00 | 000,076,124 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/08/18 05:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/18 05:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/18 05:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/08/18 05:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2001/08/18 05:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2011/05/29 13:34:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Crystal\Application Data\GlarySoft
[2011/06/04 15:00:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Crystal\Application Data\Sony Online Entertainment
[2011/06/10 20:32:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Crystal\Application Data\Tunngle
[2011/06/09 17:14:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Crystal\Application Data\uTorrent
[2011/05/27 01:46:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Crystal\Application Data\WinBatch
[2011/06/09 19:18:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/06/09 09:56:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NexonUS
[2011/06/01 22:33:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tunngle
[2011/06/11 13:16:11 | 000,000,316 | ---- | M] () -- C:\WINDOWS\Tasks\GlaryInitialize.job
[2011/06/11 13:16:05 | 000,000,310 | -HS- | M] () -- C:\WINDOWS\Tasks\yjhz.job

========== Purity Check ==========



< End of report >

Attached Files


Edited by zdoodles, 12 June 2011 - 02:25 PM.

  • 0

Advertisements

#2
RKinner
Posted 15 June 2011 - 11:21 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Copy the text in the code box by highlighting and Ctrl + c 


:OTL
[2011/06/09 18:15:44 | 000,086,528 | RHS- | C] () -- C:\WINDOWS\System32\dpserial2.dll
[2011/06/09 18:15:44 | 000,000,310 | -HS- | C] () -- C:\WINDOWS\tasks\yjhz.job
    
:Commands
[RESETHOSTS]
[purity]
[Reboot]
then run OTL and Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the Run Fix button at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it to a reply.

Open OTL again and select either the Use SafeList or All option in the Extra Registry group then the Run Scan button. Post the two logs it produces in your next reply.

Click on the Avast ball. Then click on Additional Protections then on AutoSandbox then on Settings then uncheck Enable AutoSandbox. OK

Right click on the Avast Ball and select Avast! Shields Control and Disable Until Computer is Restarted

ComboFix
:!: If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:

:!: It must be saved to your desktop, do not run it :!:

Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Doubleclick on ComboFix to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.


A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan (Note if the Fix button is enabled and tell me) click save log, save it to your desktop and post in your next reply
Posted Image

Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then run it.
Double click on TDSSKiller.exe
If TDSSKiller alerts you that the system needs to reboot, please consent.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.

Click on the Avast ball. Then click on Scan Computer, then on
Boot-Time Scan then on Settings. Change the Ask at the bottom to Move to Chest. OK then Schedule Now. Reboot and let it run a scan. It may take hours.
Once it finishes it should load windows.

Click on the Avast ball and then on Scan Logs, select the Boot-time scan report then View Results. How many did it find?

Ron
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP