Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Explorer task bar and desktop icons won't show on boot after runni

Started by Timeless152 , Jun 29 2011 08:38 AM

  • This topic is locked This topic is locked

#1
Timeless152
Posted 29 June 2011 - 08:38 AM

Timeless152

    New Member

  • Member
  • Pip
  • 3 posts
I have a computer that the Explorer task bar and desktop icons won't show on boot after running MBAM and Spybot Search and Destroy. This is a Windows XP Home Edition with SP3 just installed after running the spyware removal programs. Here are the logs from Spybot, MBAM and OTL. Ran Spybot first, then MBAM twice and then installed SP3 in safe mode. Attempted to the use Kelly's Korner fixes for getting the explorer task bar to show. No Joy. Only can move around using the task manager. Wish I found this site sooner. Thank you in advance for helping me with this problem.

Here are the logs:

-----------------Spybot Search and Destroy 1.6.2.46 Log----------------

--- Report generated: 2011-06-23 23:32 ---

CouponBar: [SBI $EFE6495E] Class ID (Registry key, fixed)
HKEY_CLASSES_ROOT\CLSID\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}

CouponBar: [SBI $CB95FB49] Class ID (Registry key, fixed)
HKEY_CLASSES_ROOT\CLSID\{A85A5E6A-DE2C-4F4E-99DC-F469DF5A0EEC}

CouponBar: [SBI $51FE8B2E] Root class (Registry key, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\cpbrkpie.Coupon6Ctrl.1

CouponBar: [SBI $51FE8B2E] Class ID (Registry key, fixing failed)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}

CouponBar: [SBI $7A5ACBCB] Interface (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{6E780F0B-BCD6-40CB-B2DB-7AF47AB4D4A4}

CouponBar: [SBI $7B15781E] Interface (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{A138BE8B-F051-4802-9A3F-A750A6D862D4}

CouponBar: [SBI $E3788A7B] Type library (Registry key, fixed)
HKEY_CLASSES_ROOT\TypeLib\{87255C51-CD7D-4506-B9AD-97606DAF53F3}

Fraud.AntiMalwares: [SBI $C1242A60] Autorun settings (braviax) (Registry value, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\braviax

Fraud.DefenseCenter: [SBI $8B9C68F8] Settings (Registry change, fixed)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr

Fraud.DefenseCenter: [SBI $8B9C68F8] Settings (Registry change, fixed)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr

Fraud.DefenseCenter: [SBI $400D394B] Settings (Registry change, fixed)
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr

Fraud.InternetSecurity2011: [SBI $F7DAA6B2] Settings (Registry change, fixed)
HKEY_LOCAL_MACHINE\Software\CLASSES\exefile\shell\open\command\

Fraud.PCAntispyware2010: [SBI $8674B16C] Program directory (Directory, fixed)
C:\Program Files\PC_Antispyware2010\

Fraud.PCAntispyware2010: [SBI $1CBFAD7B] Settings (Registry key, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\PC_Antispyware2010

Fraud.PCAntispyware2010: [SBI $607F92D2] Data (File, fixed)
C:\Program Files\PC_Antispyware2010\htmlayout.dll
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E

Fraud.PCAntispyware2010: [SBI $807C453F] Data (File, fixed)
C:\Program Files\PC_Antispyware2010\PC_Antispyware2010.cfg
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E

Fraud.PCAntispyware2010: [SBI $CDE3A67C] Data (File, fixed)
C:\Program Files\PC_Antispyware2010\pthreadVC2.dll
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E

Fraud.PCAntispyware2010: [SBI $25714D3B] Program directory (Directory, fixed)
C:\Program Files\PC_Antispyware2010\data\

Fraud.PCAntispyware2010: [SBI $0F76B3F2] Data (File, fixed)
C:\Program Files\PC_Antispyware2010\data\daily.cvd
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E

Fraud.InternetSecurity2011: [SBI $C021A337] Settings (Registry value, fixed)
HKEY_LOCAL_MACHINE\Software\Clients\StartMenuInternet\Firefox.EXE\shell\open\command\=..."C:\Documents and Settings\NetworkService\Local Settings\Application Data\boi.exe" -a...

Fraud.InternetSecurity2011: [SBI $3F1FA92F] Settings (Registry value, fixed)
HKEY_LOCAL_MACHINE\Software\Clients\StartMenuInternet\Firefox.EXE\shell\safemode\command\=..."C:\Documents and Settings\NetworkService\Local Settings\Application Data\boi.exe" -a...

Fraud.InternetSecurity2011: [SBI $2A617167] Settings (Registry value, fixed)
HKEY_LOCAL_MACHINE\Software\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\=..."C:\Documents and Settings\NetworkService\Local Settings\Application Data\boi.exe" -a...

Fraud.InternetSecurity2011: [SBI $E57DC831] User settings (Registry value, fixed)
HKEY_USERS\.DEFAULT\Software\Classes\.exe\shell\open\command\=..."C:\Documents and Settings\NetworkService\Local Settings\Application Data\bdf.exe" -a "%1" %*...

Fraud.InternetSecurity2011: [SBI $E57DC831] User settings (Registry value, fixed)
HKEY_USERS\S-1-5-18\Software\Classes\.exe\shell\open\command\=..."C:\Documents and Settings\NetworkService\Local Settings\Application Data\bdf.exe" -a "%1" %*...

Fraud.InternetSecurity2011: [SBI $8D38ECE3] User settings (Registry value, fixed)
HKEY_USERS\.DEFAULT\Software\Classes\exefile\shell\open\command\=..."C:\Documents and Settings\NetworkService\Local Settings\Application Data\bdf.exe" -a "%1" %*...

Fraud.InternetSecurity2011: [SBI $8D38ECE3] User settings (Registry value, fixed)
HKEY_USERS\S-1-5-18\Software\Classes\exefile\shell\open\command\=..."C:\Documents and Settings\NetworkService\Local Settings\Application Data\bdf.exe" -a "%1" %*...

Fraud.InternetSecurity2011: [SBI $9CCE589D] User settings (Registry change, fixed)
HKEY_USERS\.DEFAULT\Software\Classes\.exe\shell\open\command\

Fraud.InternetSecurity2011: [SBI $9CCE589D] User settings (Registry change, fixed)
HKEY_USERS\S-1-5-18\Software\Classes\.exe\shell\open\command\

Fraud.InternetSecurity2011: [SBI $F153D38E] User settings (Registry change, fixed)
HKEY_USERS\.DEFAULT\Software\Classes\exefile\shell\open\command\

Fraud.InternetSecurity2011: [SBI $F153D38E] User settings (Registry change, fixed)
HKEY_USERS\S-1-5-18\Software\Classes\exefile\shell\open\command\

Fraud.InternetSecurity2011: [SBI $92D135B6] User settings (Registry value, fixed)
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\featurecontrol\FEATURE_BROWSER_EMULATION\svchost.exe

Fraud.InternetSecurity2011: [SBI $8D9E5DA2] User settings (Registry value, fixing failed)
HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\featurecontrol\FEATURE_BROWSER_EMULATION\svchost.exe

Fraud.InternetSecurity2011: [SBI $5AEDDF0A] Settings (Registry change, fixed)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\DisableNotifications

Fraud.InternetSecurity2011: [SBI $758FB1E3] Settings (Registry change, fixed)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\DoNotAllowExceptions

Fraud.InternetSecurity2011: [SBI $CDC1B6A2] Settings (Registry change, fixed)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\EnableFirewall

Fraud.InternetSecurity2011: [SBI $76913945] Settings (Registry change, fixed)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\DisableNotifications

Fraud.InternetSecurity2011: [SBI $5814B995] Settings (Registry change, fixed)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\DisableNotifications

Fraud.InternetSecurity2011: [SBI $7776D77C] Settings (Registry change, fixed)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\DoNotAllowExceptions

Fraud.InternetSecurity2011: [SBI $D802F795] Settings (Registry change, fixed)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\EnableFirewall

Fraud.InternetSecurity2011: [SBI $24996904] Settings (Registry change, fixed)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\DisableNotifications

Fraud.InternetSecurity2011: [SBI $F16F6CE5] Settings (Registry change, fixed)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\DisableNotifications

Fraud.InternetSecurity2011: [SBI $DE0D020C] Settings (Registry change, fixed)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\DoNotAllowExceptions

Fraud.InternetSecurity2011: [SBI $6D4031BB] Settings (Registry change, fixed)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\EnableFirewall

Fraud.InternetSecurity2011: [SBI $FD1F9FD2] Settings (Registry change, fixed)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\DisableNotifications

Fraud.InternetSecurity2011: [SBI $378CD8D9] Settings (Registry change, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify

Fraud.InternetSecurity2011: [SBI $9EDDC71B] Settings (Registry change, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusOverride

Fraud.InternetSecurity2011: [SBI $BF76AFF0] Settings (Registry change, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify

Fraud.InternetSecurity2011: [SBI $EE344D69] Settings (Registry change, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallOverride

Fraud.InternetSecurity2011: [SBI $7D8AC3AB] Settings (Registry change, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify

Fraud.InternetSecurity2011: [SBI $07CC9A4D] Settings (Registry change, fixed)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Start

Fraud.InternetSecurity2011: [SBI $953CC77A] Settings (Registry change, fixed)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\EnableFirewall

Fraud.InternetSecurity2011: [SBI $61C84F7D] Settings (Registry change, fixed)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Start

Fraud.InternetSecurity2011: [SBI $04E0038B] Settings (Registry change, fixed)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\EnableFirewall

Fraud.InternetSecurity2011: [SBI $F5EC9C27] Settings (Registry change, fixed)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Start

Fraud.InternetSecurity2011: [SBI $7DE0D860] Settings (Registry change, fixed)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\EnableFirewall

Fraud.InternetSecurity2011: [SBI $75AFFB3E] Executable (File, fixed)
C:\Documents and Settings\NetworkService\Local Settings\Application Data\adv.exe
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E

Fraud.WindowsRecovery: [SBI $2B978A00] User settings (Registry change, fixed)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallPaper

Fraud.WindowsRecovery: [SBI $2B978A00] User settings (Registry change, fixed)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallPaper

Fraud.WindowsRecovery: [SBI $12304834] User settings (Registry value, fixed)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\Associations\LowRiskFileTypes=.../{hq:/s`s:/ogn:/uyu:/dyd:/c`u:/bnl:/ble:/sdf:/lrh:/iul:/iulm:/fhg:/clq:/kqf:/`wh:/lqf:/lqdf:/lnw:/lq2:/l2t:/v`w:/rbs:...

Fraud.WindowsRecovery: [SBI $12304834] User settings (Registry value, fixed)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Associations\LowRiskFileTypes=.../{hq:/s`s:/ogn:/uyu:/dyd:/c`u:/bnl:/ble:/sdf:/lrh:/iul:/iulm:/fhg:/clq:/kqf:/`wh:/lqf:/lqdf:/lnw:/lq2:/l2t:/v`w:/rbs:...

Fraud.WindowsRecovery: [SBI $D041D1D8] User settings (Registry change, fixed)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDesktop

Fraud.WindowsRecovery: [SBI $D041D1D8] User settings (Registry change, fixed)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDesktop

Fraud.WindowsRecovery: [SBI $472FA608] User settings (Registry change, fixed)
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Download\CheckExeSignatures

Fraud.WindowsRecovery: [SBI $472FA608] User settings (Registry change, fixed)
HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Download\CheckExeSignatures

Fraud.WindowsRecovery: [SBI $84E25D2B] User settings (Registry change, fixed)
HKEY_USERS\S-1-5-21-2762213242-3546677925-3853632924-500\Software\Microsoft\Internet Explorer\Main\Check_Associations

Fraud.WindowsRecovery: [SBI $9C28881C] User settings (Registry change, fixed)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Hidden

Fraud.WindowsRecovery: [SBI $9C28881C] User settings (Registry change, fixed)
HKEY_USERS\S-1-5-21-2762213242-3546677925-3853632924-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Hidden

Fraud.WindowsRecovery: [SBI $9C28881C] User settings (Registry change, fixed)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Hidden

Fraud.WindowsRecovery: [SBI $422DAA64] User settings (Registry change, fixed)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden

Fraud.WindowsRecovery: [SBI $422DAA64] User settings (Registry change, fixed)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden

Fraud.WindowsRecovery: [SBI $99A8C3F7] Settings (Registry value, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\DisableTaskMgr

Fraud.WindowsRecovery: [SBI $30953CB0] Autorun settings (MIEVkbROiwOsxhm) (Registry value, fixed)
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MIEVkbROiwOsxhm

Fraud.WindowsRecovery: [SBI $30953CB0] Program file (File, fixed)
C:\Documents and Settings\All Users\Application Data\MIEVkbROiwOsxhm.exe
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E

Fraud.WindowsRecovery: [SBI $30953CB0] Autorun settings (MIEVkbROiwOsxhm) (Registry value, fixing failed)
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MIEVkbROiwOsxhm

Fraud.WindowsRecovery: [SBI $3FB6B9E5] Executable (File, fixed)
C:\Documents and Settings\All Users\Application Data\17751844.exe
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E

Fraud.WindowsRecovery: [SBI $03AC88CD] Data (File, fixed)
C:\Documents and Settings\All Users\Application Data\~17751844
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E

Fraud.WindowsRecovery: [SBI $FEF5094A] Data (File, fixed)
C:\Documents and Settings\All Users\Application Data\~17751844r
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E

Fraud.WindowsRecovery: [SBI $752F7006] Data (File, fixed)
C:\Documents and Settings\All Users\Application Data\17751844
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E

Fraud.WindowsRecovery: [SBI $9C8FE954] Settings (Registry value, fixed)
HKEY_USERS\.DEFAULT\Software\75fa38b7-8b94-4995-ad32-52e938867954

Fraud.WindowsRecovery: [SBI $9C8FE954] Settings (Registry value, fixing failed)
HKEY_USERS\S-1-5-18\Software\75fa38b7-8b94-4995-ad32-52e938867954

Fraud.WindowsRecovery: [SBI $597FC39E] Settings (Registry value, fixed)
HKEY_USERS\.DEFAULT\Software\BD

Fraud.WindowsRecovery: [SBI $597FC39E] Settings (Registry value, fixing failed)
HKEY_USERS\S-1-5-18\Software\BD

Win32.Muollo: [SBI $CA7F4F5E] Autorun settings ({F0CDBEBB-8C50-3DE4-5A89-98D993722185}) (Registry value, fixed)
HKEY_USERS\S-1-5-21-2762213242-3546677925-3853632924-501\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{F0CDBEBB-8C50-3DE4-5A89-98D993722185}

Win32.Muollo: [SBI $CA7F4F5E] Autorun settings ({F0CDBEBB-8C50-3DE4-63CA-7E55AA31C709}) (Registry value, fixed)
HKEY_USERS\S-1-5-21-2762213242-3546677925-3853632924-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{F0CDBEBB-8C50-3DE4-63CA-7E55AA31C709}

Win32.Muollo: [SBI $CA7F4F5E] Autorun settings ({F0CDBEBB-8C50-3DE4-06AD-C2EDCF567BB1}) (Registry value, fixed)
HKEY_USERS\S-1-5-21-2762213242-3546677925-3853632924-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{F0CDBEBB-8C50-3DE4-06AD-C2EDCF567BB1}

Win32.Muollo: [SBI $CA7F4F5E] Autorun settings ({F0CDBEBB-8C50-3DE4-CFEA-B8E5061101B9}) (Registry value, fixed)
HKEY_USERS\S-1-5-21-2762213242-3546677925-3853632924-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{F0CDBEBB-8C50-3DE4-CFEA-B8E5061101B9}

Win32.Muollo: [SBI $CA7F4F5E] Program file (File, fixed)
C:\Documents and Settings\Mishayla Hawkins\Application Data\Yzlel\orre.exe
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E

Win32.Muollo: [SBI $CA7F4F5E] Autorun settings ({AE74ADF8-B252-164C-AF1C-D20C68FC2CA2}) (Registry value, fixed)
HKEY_USERS\S-1-5-21-2762213242-3546677925-3853632924-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{AE74ADF8-B252-164C-AF1C-D20C68FC2CA2}

Win32.Muollo: [SBI $CA7F4F5E] Program file (File, fixed)
C:\Documents and Settings\Mishayla Hawkins\Application Data\Irohah\tyek.exe
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E

Win32.Muollo: [SBI $51A4B09C] Program directory (Directory, fixed)
C:\Documents and Settings\Mishayla Hawkins\Application Data\Irohah\


--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2011-06-23 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-11-04 advcheck.dll (1.6.5.20)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2011-03-18 Includes\Adware.sbi (*)
2011-06-21 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2010-12-14 Includes\Dialer.sbi (*)
2011-03-08 Includes\DialerC.sbi (*)
2011-02-24 Includes\HeavyDuty.sbi (*)
2011-03-29 Includes\Hijackers.sbi (*)
2011-05-16 Includes\HijackersC.sbi (*)
2010-09-15 Includes\iPhone.sbi (*)
2010-12-14 Includes\Keyloggers.sbi (*)
2011-03-08 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2011-04-05 Includes\Malware.sbi (*)
2011-06-22 Includes\MalwareC.sbi (*)
2011-02-24 Includes\PUPS.sbi (*)
2011-05-24 Includes\PUPSC.sbi (*)
2010-01-25 Includes\Revision.sbi (*)
2011-02-24 Includes\Security.sbi (*)
2011-05-03 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2011-02-24 Includes\Spyware.sbi (*)
2011-06-14 Includes\SpywareC.sbi (*)
2010-03-08 Includes\Tracks.uti
2011-06-20 Includes\Trojans.sbi (*)
2011-05-11 Includes\TrojansC-02.sbi (*)
2011-05-11 Includes\TrojansC-03.sbi (*)
2011-06-20 Includes\TrojansC-04.sbi (*)
2011-06-21 Includes\TrojansC-05.sbi (*)
2011-06-14 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll

-----------------MBAM log, initial scan.------------------

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6705

Windows 5.1.2600 Service Pack 2 (Safe Mode)
Internet Explorer 8.0.6001.18372

6/25/2011 1:20:29 PM
mbam-log-2011-06-25 (13-20-29).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 329371
Time elapsed: 2 hour(s), 31 minute(s), 19 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 46

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PC_Antispyware2010 (Rogue.PCAntispyware2010) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
c:\documents and settings\Owner\start menu\Programs\pc_antispyware2010 (Rogue.PCAntispyware2010) -> Quarantined and deleted successfully.

Files Infected:
c:\documents and settings\administrator.your-8f49424569\start menu\Programs\Startup\azbua.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\documents and settings\administrator.your-8f49424569\start menu\Programs\Startup\pauc.exe (Worm.Palevo.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\default user\start menu\Programs\Startup\pauc.exe (Worm.Palevo.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\guest.your-8f49424569\my documents\downloads\video(2).exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\documents and settings\guest.your-8f49424569\my documents\downloads\video.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\documents and settings\lolita hawkins\local settings\Temp\3uc0woaj.exe.part (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\documents and settings\lolita hawkins\local settings\Temp\igjrx8bw.exe.part (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\documents and settings\lolita hawkins\local settings\Temp\l9kljrc6.exe.part (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\documents and settings\lolita hawkins\local settings\Temp\mqtxz4e1.exe.part (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\documents and settings\lolita hawkins\local settings\Temp\o0qsue+b.exe.part (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\documents and settings\lolita hawkins\local settings\Temp\okorvoqq.exe.part (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\documents and settings\lolita hawkins\local settings\Temp\p7ufopqm.exe.part (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\documents and settings\lolita hawkins\local settings\Temp\rxcmhkaj.exe.part (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\documents and settings\lolita hawkins\local settings\Temp\zqhuhbl4.exe.part (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\documents and settings\lolita hawkins\start menu\Programs\Startup\zameo.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\documents and settings\Timeless\start menu\Programs\Startup\pauc.exe (Worm.Palevo.Gen) -> Quarantined and deleted successfully.
c:\system volume information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\RP640\A0275387.exe (Worm.Palevo.Gen) -> Quarantined and deleted successfully.
c:\system volume information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\RP640\A0275408.exe (Worm.Palevo.Gen) -> Quarantined and deleted successfully.
c:\system volume information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\RP640\A0279408.exe (Worm.Palevo.Gen) -> Quarantined and deleted successfully.
c:\system volume information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\RP640\A0279418.exe (Worm.Palevo.Gen) -> Quarantined and deleted successfully.
c:\system volume information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\RP641\A0282431.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\RP641\A0282435.exe (Worm.Palevo.Gen) -> Quarantined and deleted successfully.
c:\system volume information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\RP647\A0324562.exe (Worm.Palevo.Gen) -> Quarantined and deleted successfully.
c:\system volume information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\RP648\A0328569.exe (Worm.Palevo.Gen) -> Quarantined and deleted successfully.
c:\system volume information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\RP648\A0328570.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\system volume information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\RP648\A0329569.exe (Worm.Palevo.Gen) -> Quarantined and deleted successfully.
c:\system volume information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\RP649\A0331574.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\system volume information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\RP653\A0397567.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\system volume information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\RP653\A0397747.dll (Rogue.AntiVirusPro) -> Quarantined and deleted successfully.
c:\system volume information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\RP653\A0397755.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\RP653\A0397756.exe (Trojan.FakeMS.Gen) -> Quarantined and deleted successfully.
c:\system volume information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\RP653\A0397757.exe (Rogue.WindowsRecoveryConsole) -> Quarantined and deleted successfully.
c:\system volume information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\RP653\A0397758.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\system volume information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\RP653\A0397759.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\system volume information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\RP654\A0397794.exe (Rogue.Installer.Gen) -> Quarantined and deleted successfully.
c:\system volume information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\RP654\A0397795.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\system volume information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\RP654\A0397796.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\8C.tmp (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\jar_cache2704934489226644016.tmp (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\jar_cache2855927186862743232.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\jar_cache5838048637473941343.tmp (Rogue.Installer.Gen) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\jar_cache7709483439375593844.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\jar_cache8146231466414622232.tmp (Trojan.FakeMS.Gen) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\jar_cache8735218653255109572.tmp (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\jar_cache8859558935543392131.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\lolita hawkins\local settings\Temp\0.2293010354332108.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

--------MBAM secondary Scan------------

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6949

Windows 5.1.2600 Service Pack 2 (Safe Mode)
Internet Explorer 8.0.6001.18372

6/26/2011 5:47:58 PM
mbam-log-2011-06-26 (17-47-58).txt

Scan type: Full scan (C:\|)
Objects scanned: 330390
Time elapsed: 5 hour(s), 28 minute(s), 28 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 10

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\cK10600IcFlG10600 (Trojan.FakeAlert) -> Value: cK10600IcFlG10600 -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\all users\application data\ck10600icflg10600\ck10600icflg10600.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\documents and settings\lolita hawkins\0.9845039334786351.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\documents and settings\lolita hawkins\application data\Sun\Java\deployment\cache\6.0\29\6591739d-39ee5e0d (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\system volume information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\RP653\A0396563.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\system volume information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\RP654\A0400790.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\system volume information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\RP654\A0400791.exe (Worm.Palevo.Gen) -> Quarantined and deleted successfully.
c:\system volume information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\RP654\A0400792.exe (Worm.Palevo.Gen) -> Quarantined and deleted successfully.
c:\system volume information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\RP654\A0400793.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\system volume information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\RP654\A0400794.exe (Worm.Palevo.Gen) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\jar_cache8998206600556023454.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.

----OTL Log-----------

netsvcs
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%PROGRAMFILES%\Internet Explorer\*.dat
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs
  • 0

Advertisements

#2
Essexboy
Posted 30 June 2011 - 12:17 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi could you re-run OTL as you posted the wrong bit

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under the Custom Scan box paste this in

    netsvcs
    %SYSTEMDRIVE%\*.exe
    %USERPROFILE%\..|smtmp;true;true;true /FP
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    %systemroot%\*. /mp /s
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    CREATERESTOREPOINT

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs

THEN

Download aswMBR.exe ( 1.8mb ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply
Posted Image
  • 0

#3
Timeless152
Posted 30 June 2011 - 10:48 PM

Timeless152

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
Hello EB, thanks for helping me out. Here are the reports you requested.

OTL logfile created on: 6/30/2011 9:57:51 PM - Run 3
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Documents and Settings\Administrator.YOUR-8F49424569\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18372)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

445.11 Mb Total Physical Memory | 260.31 Mb Available Physical Memory | 58.48% Memory free
1.03 Gb Paging File | 0.92 Gb Available in Paging File | 89.68% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 106.50 Gb Total Space | 73.29 Gb Free Space | 68.81% Space Free | Partition Type: NTFS
Drive D: | 5.27 Gb Total Space | 1.84 Gb Free Space | 34.98% Space Free | Partition Type: FAT32

Computer Name: YOUR-8F49424569 | User Name: Administrator | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Administrator.YOUR-8F49424569\Desktop\OTL.exe (OldTimer Tools)
PRC - c:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\MPF\MpfSrv.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Administrator.YOUR-8F49424569\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\calcpgrd.dll ()
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (AppMgmt) -- File not found
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (McAfee SiteAdvisor Service) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)
SRV - (MpfService) -- C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)
SRV - (MSK80Service) -- C:\Program Files\McAfee\MSK\MskSrver.exe (McAfee, Inc.)
SRV - (mcmscsvc) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
SRV - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (McShield) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
SRV - (McSysmon) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
SRV - (MBackMonitor) -- C:\Program Files\McAfee\MBK\MBackMonitor.exe (McAfee)
SRV - (McProxy) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
SRV - (McNASvc) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)
SRV - (TomTomHOMEService) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (PrismXL) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS (New Boundary Technologies, Inc.)
SRV - (spupdsvc) -- C:\WINDOWS\system32\spupdsvc.exe (Microsoft Corporation)
SRV - (SavRoam) -- C:\Program Files\Symantec AntiVirus\SavRoam.exe (symantec)
SRV - (Symantec AntiVirus) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe (Symantec Corporation)
SRV - (DefWatch) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe (Symantec Corporation)
SRV - (SNDSrvc) -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (Symantec Corporation)
SRV - (SPBBCSvc) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe (Symantec Corporation)
SRV - (ccSetMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (Symantec Corporation)
SRV - (ccEvtMgr) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (Symantec Corporation)
SRV - (LiveUpdate) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_1.EXE (Symantec Corporation)


========== Driver Services (SafeList) ==========

DRV - (NAVEX15) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110603.002\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110603.002\NAVENG.SYS (Symantec Corporation)
DRV - (MBAMSwissArmy) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (mfehidk) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfesmfk) -- C:\WINDOWS\system32\drivers\mfesmfk.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (mferkdk) -- C:\WINDOWS\system32\drivers\mferkdk.sys (McAfee, Inc.)
DRV - (MPFP) -- C:\WINDOWS\system32\drivers\Mpfp.sys (McAfee, Inc.)
DRV - (SymEvent) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (ASCTRM) -- C:\WINDOWS\System32\drivers\asctrm.sys (Windows ® 2000 DDK provider)
DRV - (WDC_SAM) -- C:\WINDOWS\system32\drivers\wdcsam.sys (Western Digital Technologies)
DRV - (SYMTDI) -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS (Symantec Corporation)
DRV - (SYMREDRV) -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS (Symantec Corporation)
DRV - (SPBBCDrv) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation)
DRV - (SAVRT) -- C:\Program Files\Symantec AntiVirus\savrt.sys (Symantec Corporation)
DRV - (SAVRTPEL) -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys (Symantec Corporation)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation )
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (rtl8139) Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)
DRV - (HSFHWBS2) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (wanatw) WAN Miniport (ATW) -- C:\WINDOWS\system32\drivers\wanatw4.sys (America Online, Inc.)
DRV - (mxnic) -- C:\WINDOWS\system32\drivers\mxnic.sys (Macronix International Co., Ltd. )


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_page_URL = http://www.gateway.c...Sys=DTP&M=W3507
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.c...Sys=DTP&M=W3507
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_page_URL = http://www.gateway.c...Sys=DTP&M=W3507
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.c...Sys=DTP&M=W3507
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" =

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" =

IE - HKU\S-1-5-21-2762213242-3546677925-3853632924-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.emachines.com/
IE - HKU\S-1-5-21-2762213242-3546677925-3853632924-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.72.0
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3.1

FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\Documents and Settings\J'mari Hawkins\Application Data\MySpace\Toolbar\bin\ [2010/07/12 15:30:45 | 000,000,000 | -H-D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2011/05/25 11:17:07 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.20\extensions\\Components: L:\System\Apps\3C9F7B3F-D55C-42cd-8537-B878518B73AF\Exec\firefox\components
FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.20\extensions\\Plugins: L:\System\Apps\3C9F7B3F-D55C-42cd-8537-B878518B73AF\Exec\firefox\plugins
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/15 14:41:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/26 18:14:15 | 000,000,000 | ---D | M]

[2011/06/26 20:12:47 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator.YOUR-8F49424569\Application Data\Mozilla\Extensions
[2011/06/30 21:49:37 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator.YOUR-8F49424569\Application Data\Mozilla\Firefox\Profiles\b9c9c8ou.default\extensions
[2011/06/28 21:50:22 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Administrator.YOUR-8F49424569\Application Data\Mozilla\Firefox\Profiles\b9c9c8ou.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/01/12 21:31:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/12 15:30:45 | 000,000,000 | -H-D | M] (MySpace Toolbar for Windows) -- C:\DOCUMENTS AND SETTINGS\J'MARI HAWKINS\APPLICATION DATA\MYSPACE\TOOLBAR\BIN
[2009/01/08 18:08:45 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/05/25 11:17:07 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES\MCAFEE\SITEADVISOR
[2009/11/19 17:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2009/11/19 17:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
[2010/11/23 01:53:43 | 000,002,024 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\McSiteAdvisor.xml

O1 HOSTS File: ([2011/06/26 23:32:32 | 000,000,736 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKU\S-1-5-21-2762213242-3546677925-3853632924-500\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [McENUI] C:\Program Files\McAfee\MHN\McENUI.exe (McAfee, Inc.)
O4 - HKLM..\Run: [readericon] C:\Program Files\Digital Media Reader\readericon45G.exe (Alcor Micro, Corp.)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [UserFaultCheck] File not found
O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKU\S-1-5-21-2762213242-3546677925-3853632924-500..\Run: [Power2GoExpress] File not found
O4 - HKU\S-1-5-21-2762213242-3546677925-3853632924-500..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\.DEFAULT..\RunOnce: [cK10600IcFlG10600] File not found
O4 - HKU\S-1-5-18..\RunOnce: [cK10600IcFlG10600] File not found
O4 - HKU\S-1-5-21-2762213242-3546677925-3853632924-500..\RunOnce: [SpybotDeletingB2036] C:\WINDOWS\System32\command.com ()
O4 - HKU\S-1-5-21-2762213242-3546677925-3853632924-500..\RunOnce: [SpybotDeletingB293] C:\WINDOWS\System32\command.com ()
O4 - HKU\S-1-5-21-2762213242-3546677925-3853632924-500..\RunOnce: [SpybotDeletingB5489] C:\WINDOWS\System32\command.com ()
O4 - HKU\S-1-5-21-2762213242-3546677925-3853632924-500..\RunOnce: [SpybotDeletingB8385] C:\WINDOWS\System32\command.com ()
O4 - HKU\S-1-5-21-2762213242-3546677925-3853632924-500..\RunOnce: [SpybotDeletingD4089] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2762213242-3546677925-3853632924-500..\RunOnce: [SpybotDeletingD6558] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2762213242-3546677925-3853632924-500..\RunOnce: [SpybotDeletingD7929] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2762213242-3546677925-3853632924-500..\RunOnce: [SpybotDeletingD8176] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2762213242-3546677925-3853632924-500..\RunOnce: [TSClientAXDisabler] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2762213242-3546677925-3853632924-500..\RunOnce: [TSClientMSIUninstaller] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\J'mari Hawkins\Start Menu\Programs\Startup\LimeWire On Startup.lnk = File not found
O4 - Startup: C:\Documents and Settings\Lolita Hawkins\Start Menu\Programs\Startup\LimeWire On Startup.lnk = File not found
O4 - Startup: C:\Documents and Settings\Mishayla Hawkins\Start Menu\Programs\Startup\LimeWire On Startup.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2762213242-3546677925-3853632924-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2762213242-3546677925-3853632924-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoToolbarsOnTaskbar = 0
O7 - HKU\S-1-5-21-2762213242-3546677925-3853632924-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
O7 - HKU\S-1-5-21-2762213242-3546677925-3853632924-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKU\S-1-5-21-2762213242-3546677925-3853632924-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 0
O7 - HKU\S-1-5-21-2762213242-3546677925-3853632924-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClassicShell = 0
O7 - HKU\S-1-5-21-2762213242-3546677925-3853632924-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0
O7 - HKU\S-1-5-21-2762213242-3546677925-3853632924-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoMovingBands = 0
O7 - HKU\S-1-5-21-2762213242-3546677925-3853632924-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCloseDragDropBands = 0
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.micr...922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2)
O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKU\.DEFAULT Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-18 Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-19 Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-20 Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-2762213242-3546677925-3853632924-500 Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\emachines.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\emachines.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/26 14:04:39 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2004/09/13 12:15:24 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\D\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKU\S-1-5-21-2762213242-3546677925-3853632924-500..exefile [open] -- "%1" %*
O36 - AppCertDlls: dianapir - (C:\WINDOWS\system32\defrepad.dll) - File not found
O36 - AppCertDlls: dvdpetup - (C:\WINDOWS\system32\calcpgrd.dll) - C:\WINDOWS\system32\calcpgrd.dll ()
O36 - AppCertDlls: dvduetup - (C:\WINDOWS\system32\charwwin.dll) - File not found
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\.DEFAULT\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-18\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-2762213242-3546677925-3853632924-500\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Error starting restore point: The function was called in safe mode.
Error closing restore point: The sequence number is invalid.

========== Files/Folders - Created Within 30 Days ==========

[2011/06/28 10:04:27 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/06/28 08:55:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2011/06/28 08:42:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2011/06/28 08:42:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2011/06/28 08:42:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2011/06/28 08:42:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2011/06/28 08:21:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2011/06/28 08:02:36 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2011/06/28 08:02:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\EHome
[2011/06/27 00:52:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.YOUR-8F49424569\Local Settings\Application Data\Walmart MP3 Music Downloads
[2011/06/27 00:16:06 | 000,000,000 | ---D | C] -- C:\290c5cefdfe9389e6e32
[2011/06/26 20:21:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.YOUR-8F49424569\My Documents\Downloads
[2011/06/26 20:12:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.YOUR-8F49424569\Application Data\MySpace
[2011/06/26 20:03:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.YOUR-8F49424569\Local Settings\Application Data\Mozilla
[2011/06/26 20:03:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.YOUR-8F49424569\Application Data\Mozilla
[2011/06/25 20:48:07 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator.YOUR-8F49424569\Start Menu\Programs\Administrative Tools
[2011/06/25 10:19:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.YOUR-8F49424569\Application Data\Malwarebytes
[2011/06/25 10:18:33 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/06/25 10:18:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/06/25 10:18:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/06/25 10:18:18 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/06/25 10:18:18 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/06/25 10:17:20 | 000,579,072 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator.YOUR-8F49424569\Desktop\OTL.exe
[2011/06/25 10:17:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.YOUR-8F49424569\Desktop\2011 Malware tools
[2011/06/23 22:19:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.YOUR-8F49424569\Local Settings\Application Data\Adobe
[2011/06/23 22:12:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2011/06/23 22:12:47 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/06/23 22:12:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2011/06/23 22:05:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.YOUR-8F49424569\Application Data\Macromedia
[2011/06/23 22:00:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.YOUR-8F49424569\Application Data\Adobe
[2011/06/23 22:00:11 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator.YOUR-8F49424569\PrivacIE
[2011/06/23 21:59:35 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator.YOUR-8F49424569\IETldCache
[2011/06/23 21:36:01 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator.YOUR-8F49424569\Application Data\Identities
[2011/06/23 21:36:01 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator.YOUR-8F49424569\Application Data\AOL
[2011/06/23 21:36:00 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator.YOUR-8F49424569\Application Data\McAfee
[2011/06/23 21:35:58 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator.YOUR-8F49424569\Application Data\Microsoft
[2011/06/23 21:35:58 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator.YOUR-8F49424569\Application Data
[2011/06/23 21:35:58 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator.YOUR-8F49424569\Cookies
[2011/06/23 21:35:58 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator.YOUR-8F49424569\Application Data\You've Got Pictures Screensaver
[2011/06/23 21:35:58 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator.YOUR-8F49424569\Application Data\SampleView
[2011/06/23 21:35:57 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator.YOUR-8F49424569\Favorites
[2011/06/23 21:35:57 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator.YOUR-8F49424569\Local Settings\Application Data\Google
[2011/06/23 21:35:57 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator.YOUR-8F49424569\Desktop
[2011/06/23 21:35:55 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator.YOUR-8F49424569\Local Settings\Application Data\Symantec
[2011/06/23 21:35:55 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator.YOUR-8F49424569\Local Settings\Application Data\Microsoft Help
[2011/06/23 21:35:55 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator.YOUR-8F49424569\Local Settings\Application Data\Microsoft
[2011/06/23 21:35:55 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator.YOUR-8F49424569\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150020}
[2011/06/23 21:35:53 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator.YOUR-8F49424569\SendTo
[2011/06/23 21:35:53 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator.YOUR-8F49424569\Recent
[2011/06/23 21:35:53 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator.YOUR-8F49424569\My Documents\My Pictures
[2011/06/23 21:35:53 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator.YOUR-8F49424569\My Documents\My Music
[2011/06/23 21:35:53 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator.YOUR-8F49424569\My Documents
[2011/06/23 21:35:53 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator.YOUR-8F49424569\PrintHood
[2011/06/23 21:35:53 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator.YOUR-8F49424569\NetHood
[2011/06/23 21:35:53 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator.YOUR-8F49424569\Local Settings
[2011/06/23 21:35:52 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator.YOUR-8F49424569\Start Menu\Programs\Startup
[2011/06/23 21:35:52 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator.YOUR-8F49424569\Start Menu
[2011/06/23 21:35:52 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator.YOUR-8F49424569\Start Menu\Programs\Accessories
[2011/06/23 21:35:52 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator.YOUR-8F49424569\WINDOWS
[2011/06/23 21:35:52 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator.YOUR-8F49424569\Templates
[2011/06/23 21:35:52 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator.YOUR-8F49424569\Start Menu\Programs\System Recovery
[2011/06/23 21:35:52 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator.YOUR-8F49424569\Start Menu\Programs\America Online
[2011/06/08 17:39:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\cK10600IcFlG10600
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/30 21:37:10 | 000,029,867 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2011/06/30 21:34:46 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/06/30 21:34:27 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/28 09:54:38 | 000,444,028 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/06/28 09:54:38 | 000,071,904 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/06/28 09:38:49 | 000,182,632 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/06/28 09:33:51 | 000,002,883 | ---- | M] () -- C:\WINDOWS\System32\spupdsvc.inf
[2011/06/28 08:20:13 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2011/06/27 10:43:09 | 000,000,464 | ---- | M] () -- C:\WINDOWS\tasks\SDMsgUpdate (TE).job
[2011/06/27 10:40:00 | 000,000,444 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{CD650D35-8416-405F-98AA-81E886EFB608}.job
[2011/06/26 23:32:32 | 000,000,736 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/06/26 22:47:13 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\Administrator.YOUR-8F49424569\Desktop\Shortcut to firefox.lnk
[2011/06/26 20:22:40 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Administrator.YOUR-8F49424569\Desktop\settings.dat
[2011/06/25 10:18:34 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/25 09:44:42 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator.YOUR-8F49424569\Desktop\OTL.exe
[2011/06/24 03:29:08 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/06/24 02:14:00 | 000,000,245 | RHS- | M] () -- C:\boot.ini
[2011/06/23 23:32:01 | 000,001,723 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2011/06/23 22:45:44 | 000,435,276 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.bak
[2011/06/23 22:35:41 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\Administrator.YOUR-8F49424569\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Explorer.lnk
[2011/06/23 22:12:53 | 000,000,951 | ---- | M] () -- C:\Documents and Settings\Administrator.YOUR-8F49424569\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/06/23 22:12:53 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\Administrator.YOUR-8F49424569\Desktop\Spybot - Search & Destroy.lnk
[2011/06/23 21:40:12 | 000,012,448 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\583ajdg3vs2074475r23v5
[2011/06/23 21:40:12 | 000,012,448 | -HS- | M] () -- C:\Documents and Settings\Administrator.YOUR-8F49424569\Local Settings\Application Data\583ajdg3vs2074475r23v5
[2011/06/15 23:55:25 | 000,013,170 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\4c6fc4y216yk6gq5l2707x55p5b
[2011/06/08 18:16:11 | 001,228,854 | ---- | M] () -- C:\fsqwr.bmp
[2011/06/01 01:00:00 | 000,000,332 | ---- | M] () -- C:\WINDOWS\tasks\McQcTask.job
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/28 08:55:18 | 000,002,883 | ---- | C] () -- C:\WINDOWS\System32\spupdsvc.inf
[2011/06/28 08:21:34 | 000,064,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmc20.cod
[2011/06/28 08:21:32 | 000,129,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\cxthsfs2.cty
[2011/06/28 08:21:25 | 000,067,866 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwlan5.img
[2011/06/26 22:47:13 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\Administrator.YOUR-8F49424569\Desktop\Shortcut to firefox.lnk
[2011/06/26 20:22:40 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator.YOUR-8F49424569\Desktop\settings.dat
[2011/06/25 10:18:34 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/23 22:35:41 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\Administrator.YOUR-8F49424569\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Explorer.lnk
[2011/06/23 22:12:53 | 000,000,951 | ---- | C] () -- C:\Documents and Settings\Administrator.YOUR-8F49424569\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/06/23 22:12:53 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\Administrator.YOUR-8F49424569\Desktop\Spybot - Search & Destroy.lnk
[2011/06/23 21:40:12 | 000,012,448 | -HS- | C] () -- C:\Documents and Settings\Administrator.YOUR-8F49424569\Local Settings\Application Data\583ajdg3vs2074475r23v5
[2011/06/23 21:36:50 | 000,000,674 | -H-- | C] () -- C:\Documents and Settings\Administrator.YOUR-8F49424569\Application Data\Microsoft\Internet Explorer\Quick Launch\America Online 9.0.lnk
[2011/06/23 21:36:46 | 000,000,746 | -H-- | C] () -- C:\Documents and Settings\Administrator.YOUR-8F49424569\Application Data\Microsoft\Internet Explorer\Quick Launch\Gateway Games.lnk
[2011/06/23 21:36:45 | 000,000,779 | -H-- | C] () -- C:\Documents and Settings\Administrator.YOUR-8F49424569\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/06/23 21:36:45 | 000,000,079 | -H-- | C] () -- C:\Documents and Settings\Administrator.YOUR-8F49424569\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2011/06/23 21:36:41 | 000,000,786 | -H-- | C] () -- C:\Documents and Settings\Administrator.YOUR-8F49424569\Desktop\Windows Media Player.lnk
[2011/06/23 21:36:03 | 000,001,599 | -H-- | C] () -- C:\Documents and Settings\Administrator.YOUR-8F49424569\Start Menu\Programs\Remote Assistance.lnk
[2011/06/23 21:36:03 | 000,000,767 | -H-- | C] () -- C:\Documents and Settings\Administrator.YOUR-8F49424569\Start Menu\Programs\Internet Explorer.lnk
[2011/06/23 21:36:03 | 000,000,738 | -H-- | C] () -- C:\Documents and Settings\Administrator.YOUR-8F49424569\Start Menu\Programs\Outlook Express.lnk
[2011/06/10 18:21:46 | 000,013,170 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\4c6fc4y216yk6gq5l2707x55p5b
[2011/06/08 18:16:10 | 001,228,854 | ---- | C] () -- C:\fsqwr.bmp
[2011/05/25 11:32:07 | 000,065,024 | -H-- | C] () -- C:\WINDOWS\System32\calcpgrd.dll
[2011/05/23 13:36:42 | 000,012,554 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\3797358692
[2011/05/23 13:33:57 | 000,012,546 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\1808849042
[2011/05/23 13:31:07 | 000,012,554 | -HS- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\583ajdg3vs2074475r23v5
[2011/05/23 13:31:07 | 000,012,448 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\583ajdg3vs2074475r23v5
[2011/04/08 12:22:19 | 000,014,288 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\1906823016
[2011/04/08 08:46:14 | 000,014,410 | -HS- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\8b2703d6w31732awm2mipwed7
[2011/04/08 08:46:14 | 000,014,296 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\8b2703d6w31732awm2mipwed7
[2011/03/10 00:38:19 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/09/10 17:21:36 | 000,141,025 | ---- | C] () -- C:\WINDOWS\hpoins27.dat
[2010/09/10 17:21:36 | 000,000,932 | ---- | C] () -- C:\WINDOWS\hpomdl27.dat
[2009/08/21 10:43:50 | 000,019,586 | ---- | C] () -- C:\Program Files\Common Files\jipeqimi._sy
[2009/08/21 10:43:49 | 000,017,754 | ---- | C] () -- C:\Program Files\Common Files\ocahacu.dat
[2009/08/21 10:43:47 | 000,019,748 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\opekatic.sys
[2009/08/21 10:43:47 | 000,012,381 | ---- | C] () -- C:\Program Files\Common Files\iqyzecifa._sy
[2009/08/21 10:43:47 | 000,011,122 | ---- | C] () -- C:\Program Files\Common Files\yfef.reg
[2009/08/21 10:43:46 | 000,010,531 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\exowyheg.dat
[2009/08/21 10:43:45 | 000,017,308 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\tihibyby.dll
[2009/08/21 10:43:44 | 000,014,139 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\xobigo.pif
[2009/08/21 10:43:32 | 000,017,522 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\pyxy.exe
[2009/08/21 10:43:30 | 000,016,574 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\obuzu._dl
[2009/02/21 22:17:46 | 000,001,723 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/02/18 07:10:08 | 000,002,913 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2009/02/11 14:31:30 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\String Comparison
[2009/02/11 14:31:30 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT
[2009/02/11 14:31:30 | 000,000,012 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Sync Services
[2009/01/20 14:33:43 | 000,000,004 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2009/01/20 14:06:47 | 000,117,964 | ---- | C] () -- C:\WINDOWS\hpoins09.dat
[2009/01/20 14:06:47 | 000,011,645 | ---- | C] () -- C:\WINDOWS\hpomdl09.dat
[2009/01/06 02:24:15 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2009/01/05 22:05:45 | 000,000,004 | ---- | C] () -- C:\WINDOWS\Pix11.dat
[2009/01/05 22:00:38 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2009/01/05 21:56:53 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/01/05 21:52:26 | 000,471,300 | ---- | C] () -- C:\WINDOWS\wallpe.exe
[2009/01/05 21:26:44 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/01/05 21:08:41 | 000,000,060 | ---- | C] () -- C:\WINDOWS\System32\SYSDRV.DAT
[2006/09/07 03:56:01 | 000,112,421 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2004/08/27 06:50:59 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/08/27 05:54:47 | 000,516,096 | ---- | C] () -- C:\WINDOWS\System32\HotlineClient.exe
[2004/08/26 14:07:50 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/26 14:01:37 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/26 12:12:43 | 000,001,226 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/08/26 12:12:43 | 000,000,463 | ---- | C] () -- C:\WINDOWS\System32\emver.ini
[2004/08/26 12:12:13 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/26 12:12:10 | 000,444,028 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/26 12:12:10 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/26 12:12:10 | 000,071,904 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/26 12:12:10 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/26 12:12:08 | 000,005,151 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/26 12:12:07 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/26 12:12:05 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/26 12:12:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/26 12:11:59 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/26 12:11:54 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/26 12:11:46 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/26 06:54:56 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/26 06:54:01 | 000,182,632 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

========== LOP Check ==========

[2009/01/05 21:58:21 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Administrator.YOUR-8F49424569\Application Data\SampleView
[2011/06/26 17:47:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\cK10600IcFlG10600
[2009/02/11 14:31:30 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\EnterNHelp
[2010/09/29 18:26:00 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2009/02/11 14:32:20 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Nikon
[2009/01/28 14:53:41 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom
[2009/02/11 14:31:30 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Ultima_T15
[2009/01/05 21:31:42 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2011/06/23 21:58:21 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2009/01/05 21:58:21 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Default User\Application Data\SampleView
[2009/01/05 21:58:21 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Guest\Application Data\SampleView
[2011/05/17 14:48:10 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Guest.YOUR-8F49424569\Application Data\Ahop
[2011/04/01 17:21:17 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Guest.YOUR-8F49424569\Application Data\Boylew
[2011/05/25 19:21:06 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Guest.YOUR-8F49424569\Application Data\Myogvi
[2010/10/05 16:48:57 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Guest.YOUR-8F49424569\Application Data\NCH Swift Sound
[2010/10/05 16:49:01 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Guest.YOUR-8F49424569\Application Data\Recordpad
[2009/01/05 21:58:21 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Guest.YOUR-8F49424569\Application Data\SampleView
[2011/03/05 23:26:38 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Guest.YOUR-8F49424569\Application Data\WildTangent
[2011/04/22 10:57:26 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Guest.YOUR-8F49424569\Application Data\Yhweu
[2009/07/06 19:42:17 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\J'mari Hawkins\Application Data\LimeWire
[2010/11/24 16:16:58 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\J'mari Hawkins\Application Data\NCH Swift Sound
[2010/11/24 16:16:59 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\J'mari Hawkins\Application Data\Recordpad
[2009/01/05 21:58:21 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\J'mari Hawkins\Application Data\SampleView
[2010/08/05 20:01:17 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\J'mari Hawkins\Application Data\TomTom
[2011/05/23 13:43:42 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\J'mari Hawkins\Application Data\Xoebex
[2011/03/19 11:42:37 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\J'mari Hawkins\Application Data\Ybyc
[2009/09/23 18:34:27 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore
[2011/04/09 08:49:47 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Lolita Hawkins\Application Data\Bycya
[2009/07/20 13:39:13 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Lolita Hawkins\Application Data\LimeWire
[2010/09/23 09:29:01 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Lolita Hawkins\Application Data\NCH Swift Sound
[2009/05/23 19:31:53 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Lolita Hawkins\Application Data\Nikon
[2010/09/23 09:29:03 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Lolita Hawkins\Application Data\Recordpad
[2009/01/05 21:58:21 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Lolita Hawkins\Application Data\SampleView
[2011/05/25 19:16:53 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Lolita Hawkins\Application Data\Umcy
[2009/01/11 13:42:37 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Lolita Hawkins\Application Data\Viewpoint
[2009/01/27 19:23:01 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Lolita Hawkins\Application Data\WildTangent
[2009/03/29 14:51:52 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Mishayla Hawkins\Application Data\LimeWire
[2011/05/05 17:02:20 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Mishayla Hawkins\Application Data\Meovfe
[2010/10/13 19:12:11 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Mishayla Hawkins\Application Data\NCH Swift Sound
[2010/09/24 00:49:27 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Mishayla Hawkins\Application Data\Recordpad
[2009/01/05 21:58:21 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Mishayla Hawkins\Application Data\SampleView
[2011/05/05 15:40:31 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Mishayla Hawkins\Application Data\Uxivsi
[2009/10/11 22:31:44 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Mishayla Hawkins\Application Data\WildTangent
[2011/06/23 23:32:10 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Mishayla Hawkins\Application Data\Yzlel
[2009/01/05 21:58:21 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Timeless\Application Data\SampleView
[2011/03/15 01:00:01 | 000,000,340 | ---- | M] () -- C:\WINDOWS\Tasks\McDefragTask.job
[2011/06/01 01:00:00 | 000,000,332 | ---- | M] () -- C:\WINDOWS\Tasks\McQcTask.job
[2011/06/27 10:43:09 | 000,000,464 | ---- | M] () -- C:\WINDOWS\Tasks\SDMsgUpdate (TE).job
[2010/10/13 21:46:00 | 000,000,278 | ---- | M] () -- C:\WINDOWS\Tasks\switchDowngrade.job
[2011/03/04 11:41:00 | 000,000,300 | ---- | M] () -- C:\WINDOWS\Tasks\switchSevenDays.job
[2010/09/29 21:46:58 | 000,000,278 | ---- | M] () -- C:\WINDOWS\Tasks\switchShakeIcon.job
[2011/06/27 10:40:00 | 000,000,444 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{CD650D35-8416-405F-98AA-81E886EFB608}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >

< %USERPROFILE%\..|smtmp;true;true;true /FP >


< MD5 for: EXPLORER.EXE >
[2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\SoftwareDistribution\Download\79123dd72d0f61d4ed8c7a816ed338d7\explorer.exe
[2007/06/13 07:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007/06/13 06:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2004/08/04 15:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/04/14 05:42:38 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/13 20:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\SoftwareDistribution\Download\79123dd72d0f61d4ed8c7a816ed338d7\svchost.exe
[2008/04/14 05:42:38 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2004/08/04 15:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: USERINIT.EXE >
[2004/08/04 15:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/14 05:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\SoftwareDistribution\Download\79123dd72d0f61d4ed8c7a816ed338d7\userinit.exe
[2008/04/14 05:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004/08/04 15:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/14 05:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\SoftwareDistribution\Download\79123dd72d0f61d4ed8c7a816ed338d7\winlogon.exe
[2008/04/14 05:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/03/26 18:10:46 | 000,552,376 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/03/26 18:10:46 | 000,552,376 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/03/26 18:10:46 | 000,552,376 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" [2011/03/26 18:02:14 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/03/26 18:02:14 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/03/26 18:02:14 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2009/01/15 03:03:28 | 000,172,544 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2009/01/15 03:03:28 | 000,172,544 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2009/01/15 03:03:28 | 000,172,544 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/01/15 03:17:22 | 000,636,264 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2009/01/15 03:17:22 | 000,636,264 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/03/26 18:10:46 | 000,552,376 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/03/26 18:10:46 | 000,552,376 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/03/26 18:10:46 | 000,552,376 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" [2011/03/26 18:02:14 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/03/26 18:02:14 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/03/26 18:02:14 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2009/01/15 03:03:28 | 000,172,544 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2009/01/15 03:03:28 | 000,172,544 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2009/01/15 03:03:28 | 000,172,544 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/01/15 03:17:22 | 000,636,264 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2009/01/15 03:17:22 | 000,636,264 | ---- | M] (Microsoft Corporation)

< End of report >


-------------------------------------

aswMBR version 0.9.7.675 Copyright© 2011 AVAST Software
Run date: 2011-06-30 22:22:47
-----------------------------
22:22:47.906 OS Version: Windows 5.1.2600 Service Pack 3
22:22:47.906 Number of processors: 1 586 0x604
22:22:47.921 ComputerName: YOUR-8F49424569 UserName: Administrator
22:22:51.796 Initialize success
22:34:46.312 AVAST engine defs: 11063001
22:35:45.421 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdePort4
22:35:45.437 Disk 0 Vendor: ST3120213A 3.AAE Size: 114473MB BusType: 3
22:35:45.453 Device \Device\Ide\IdeDeviceP4T0L0-16 -> \??\IDE#DiskST3120213A______________________________3.AAE___#5&67218f7&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} not found
22:35:45.468 Device \Driver\atapi -> DriverStartIo 8530f41f
22:35:45.500 Disk 0 MBR read successfully
22:35:45.515 Disk 0 MBR scan
22:35:45.531 Disk 0 TDL4@MBR code has been found
22:35:45.546 Disk 0 MBR hidden
22:35:45.562 Disk 0 MBR [TDL4] **ROOTKIT**
22:35:45.578 Disk 0 trace - called modules:
22:35:45.593 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8530f5d9]<<
22:35:45.609 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8538d220]
22:35:45.625 3 CLASSPNP.SYS[f7633fd7] -> nt!IofCallDriver -> \Device\0000008a[0x853725b0]
22:35:47.437 5 ACPI.sys[f752a620] -> nt!IofCallDriver -> [0x85372030]
22:35:47.515 \Driver\atapi[0x852cebb8] -> IRP_MJ_CREATE -> 0x8530f5d9
22:35:52.703 AVAST engine scan C:\WINDOWS
23:03:42.609 File: C:\WINDOWS\$NtServicePackUninstall$\volsnap.sys TDL3 **ROOTKIT** Win32:Alureon-PS
00:07:49.140 File: C:\WINDOWS\system32\calcpgrd.dll TDL3 **ROOTKIT** Win32:Malware-gen
00:29:27.109 File: C:\WINDOWS\Temp\jar_cache5679381992765973664.tmp TDL3 **ROOTKIT** Win32:Ursnif-W [Trj]
00:29:28.078 File: C:\WINDOWS\Temp\jar_cache7906394329637760043.tmp TDL3 **ROOTKIT** Win32:Crypt-JAF [Trj]
00:33:04.859 AVAST engine scan C:\Documents and Settings\Administrator.YOUR-8F49424569
00:34:22.031 AVAST engine scan C:\Documents and Settings\All Users
00:36:02.703 Scan finished successfully
00:41:58.578 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Administrator.YOUR-8F49424569\Desktop\MBR.dat"
00:41:58.609 The log file has been saved successfully to "C:\Documents and Settings\Administrator.YOUR-8F49424569\Desktop\aswMBR.txt"
  • 0

#4
Essexboy
Posted 01 July 2011 - 11:37 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there we have a lot going on here so I will try to clear as much as possible in one fell swoop. Please run these programmes in this order.
On completion of all this could you let me know how the system is behaving

Download Unhide.exe to your desktop and run

THEN

Download RogueKiller to your desktop

  • Quit all running programs
  • For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
  • When prompted, type 6 and validate
  • The RKreport.txt shall be generated next to the executable.
  • If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe
Please post the contents of the RKreport.txt in your next Reply.

NEXT

Re-Run aswMBR

Click Scan

On completion of the scan

Click the Fix Button

Posted Image

Save the log as before and post in your next reply

NEARLY THERE

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O3 - HKU\S-1-5-21-2762213242-3546677925-3853632924-500\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
    O4 - HKU\.DEFAULT..\RunOnce: [cK10600IcFlG10600] File not found
    O4 - HKU\S-1-5-18..\RunOnce: [cK10600IcFlG10600] File not found
    O7 - HKU\S-1-5-21-2762213242-3546677925-3853632924-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoToolbarsOnTaskbar = 0
    O7 - HKU\S-1-5-21-2762213242-3546677925-3853632924-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
    O7 - HKU\S-1-5-21-2762213242-3546677925-3853632924-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
    O7 - HKU\S-1-5-21-2762213242-3546677925-3853632924-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 0
    O7 - HKU\S-1-5-21-2762213242-3546677925-3853632924-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClassicShell = 0
    O7 - HKU\S-1-5-21-2762213242-3546677925-3853632924-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0
    O7 - HKU\S-1-5-21-2762213242-3546677925-3853632924-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoMovingBands = 0
    O7 - HKU\S-1-5-21-2762213242-3546677925-3853632924-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCloseDragDropBands = 0
    O36 - AppCertDlls: dianapir - (C:\WINDOWS\system32\defrepad.dll) - File not found
    O36 - AppCertDlls: dvdpetup - (C:\WINDOWS\system32\calcpgrd.dll) - C:\WINDOWS\system32\calcpgrd.dll ()
    O36 - AppCertDlls: dvduetup - (C:\WINDOWS\system32\charwwin.dll) - File not found
    [2011/06/08 17:39:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\cK10600IcFlG10600
    [2011/06/27 10:43:09 | 000,000,464 | ---- | M] () -- C:\WINDOWS\tasks\SDMsgUpdate (TE).job
    [2011/06/23 21:40:12 | 000,012,448 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\583ajdg3vs2074475r23v5
    [2011/06/23 21:40:12 | 000,012,448 | -HS- | M] () -- C:\Documents and Settings\Administrator.YOUR-8F49424569\Local Settings\Application Data\583ajdg3vs2074475r23v5
    [2011/06/15 23:55:25 | 000,013,170 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\4c6fc4y216yk6gq5l2707x55p5b
    [2011/06/10 18:21:46 | 000,013,170 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\4c6fc4y216yk6gq5l2707x55p5b
    [2011/05/25 11:32:07 | 000,065,024 | -H-- | C] () -- C:\WINDOWS\System32\calcpgrd.dll
    [2011/05/23 13:36:42 | 000,012,554 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\3797358692
    [2011/05/23 13:33:57 | 000,012,546 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\1808849042
    [2011/05/23 13:31:07 | 000,012,554 | -HS- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\583ajdg3vs2074475r23v5
    [2011/05/23 13:31:07 | 000,012,448 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\583ajdg3vs2074475r23v5
    [2011/04/08 12:22:19 | 000,014,288 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\1906823016
    [2011/04/08 08:46:14 | 000,014,410 | -HS- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\8b2703d6w31732awm2mipwed7
    [2011/04/08 08:46:14 | 000,014,296 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\8b2703d6w31732awm2mipwed7
    [2009/08/21 10:43:50 | 000,019,586 | ---- | C] () -- C:\Program Files\Common Files\jipeqimi._sy
    [2009/08/21 10:43:49 | 000,017,754 | ---- | C] () -- C:\Program Files\Common Files\ocahacu.dat
    [2009/08/21 10:43:47 | 000,019,748 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\opekatic.sys
    [2009/08/21 10:43:47 | 000,012,381 | ---- | C] () -- C:\Program Files\Common Files\iqyzecifa._sy
    [2009/08/21 10:43:47 | 000,011,122 | ---- | C] () -- C:\Program Files\Common Files\yfef.reg
    [2009/08/21 10:43:46 | 000,010,531 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\exowyheg.dat
    [2009/08/21 10:43:45 | 000,017,308 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\tihibyby.dll
    [2009/08/21 10:43:44 | 000,014,139 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\xobigo.pif
    [2009/08/21 10:43:32 | 000,017,522 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\pyxy.exe
    [2009/08/21 10:43:30 | 000,016,574 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\obuzu._dl
    [2011/06/26 17:47:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\cK10600IcFlG10600
    [2011/05/17 14:48:10 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Guest.YOUR-8F49424569\Application Data\Ahop
    [2011/04/01 17:21:17 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Guest.YOUR-8F49424569\Application Data\Boylew
    [2011/05/25 19:21:06 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Guest.YOUR-8F49424569\Application Data\Myogvi
    [2011/04/22 10:57:26 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Guest.YOUR-8F49424569\Application Data\Yhweu
    [2011/05/23 13:43:42 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\J'mari Hawkins\Application Data\Xoebex
    [2011/03/19 11:42:37 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\J'mari Hawkins\Application Data\Ybyc
    [2011/04/09 08:49:47 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Lolita Hawkins\Application Data\Bycya


    :Files
    ipconfig /flushdns /c
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\8b2703d6w31732awm2mipwed7
    C:\Documents and Settings\All Users\Application Data\8b2703d6w31732awm2mipwed7
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\583ajdg3vs2074475r23v5
    C:\Documents and Settings\All Users\Application Data\583ajdg3vs2074475r23v5
    C:\Documents and Settings\All Users\Application Data\4c6fc4y216yk6gq5l2707x55p5b
    C:\Documents and Settings\All Users\Application Data\4c6fc4y216yk6gq5l2707x55p5b
    attrib -H c:\*.* /s /d /c

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

AND FINALLY

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image
  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

  • Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
  • 0

#5
Timeless152
Posted 04 July 2011 - 08:43 PM

Timeless152

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
Hello EB. Sorry, I thought I posted all this information earlier but it's not showing. Computer still runs slow in normal mode. I was not able to run comb fix because it still says norton corporate edition is still running. I attempted to follow the directions to disable the program but I can't because the explorer bar still not showing. Is there another way to disable norton? Here is the logs from the other programs you asked me to do.

RogueKiller V5.2.7 [06/30/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-to...-Remontees.html

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Safe mode with network support
User: Administrator [Admin rights]
Mode: Shortcuts HJfix -- Date : 07/01/2011 19:54:16

Bad processes: 0

File attributes restored:
Desktop: Success 0 / Fail 0
Quick launch: Success 0 / Fail 0
Programs: Success 13 / Fail 0
Start menu: Success 0 / Fail 0
User folder: Success 76 / Fail 0
My documents: Success 6 / Fail 0
My favorites: Success 0 / Fail 0
My pictures: Success 0 / Fail 0
My music: Success 0 / Fail 0
My videos: Success 0 / Fail 0
Local drives: Success 1491 / Fail 0
Backup: [NOT FOUND]

Drives:
[C:] \Device\HarddiskVolume1 -- 0x3 --> Restored
[D:] \Device\HarddiskVolume2 -- 0x3 --> Restored
[E:] \Device\CdRom0 -- 0x5 --> Skipped
[F:] \Device\Harddisk1\DP(1)0-0+7 -- 0x2 --> Restored
[G:] \Device\Harddisk2\DP(1)0-0+8 -- 0x2 --> Restored
[H:] \Device\Harddisk3\DP(1)0-0+9 -- 0x2 --> Restored
[I:] \Device\Harddisk4\DP(1)0-0+a -- 0x2 --> Restored

Finished : << RKreport[1].txt >>
RKreport[1].txt

----------------------------------------------------

aswMBR version 0.9.7.675 Copyright© 2011 AVAST Software
Run date: 2011-07-01 19:58:30
-----------------------------
19:58:30.312 OS Version: Windows 5.1.2600 Service Pack 3
19:58:30.312 Number of processors: 1 586 0x604
19:58:30.312 ComputerName: YOUR-8F49424569 UserName: Administrator
19:58:33.875 Initialize success
19:59:41.500 AVAST engine defs: 11063001
20:00:09.765 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdePort4
20:00:09.796 Disk 0 Vendor: ST3120213A 3.AAE Size: 114473MB BusType: 3
20:00:09.812 Device \Device\Ide\IdeDeviceP4T0L0-16 -> \??\IDE#DiskST3120213A______________________________3.AAE___#5&67218f7&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} not found
20:00:09.828 Device \Driver\atapi -> DriverStartIo 8530f41f
20:00:09.843 Disk 0 MBR read successfully
20:00:09.859 Disk 0 MBR scan
20:00:09.875 Disk 0 TDL4@MBR code has been found
20:00:09.890 Disk 0 MBR hidden
20:00:09.906 Disk 0 MBR [TDL4] **ROOTKIT**
20:00:09.921 Disk 0 trace - called modules:
20:00:09.937 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8530f5d9]<<
20:00:09.953 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8538d220]
20:00:09.968 3 CLASSPNP.SYS[f7633fd7] -> nt!IofCallDriver -> \Device\0000008a[0x853725b0]
20:00:11.984 5 ACPI.sys[f752a620] -> nt!IofCallDriver -> [0x85372030]
20:00:12.062 \Driver\atapi[0x852cebb8] -> IRP_MJ_CREATE -> 0x8530f5d9
20:00:15.593 AVAST engine scan C:\WINDOWS
20:27:43.750 File: C:\WINDOWS\$NtServicePackUninstall$\volsnap.sys TDL3 **ROOTKIT** Win32:Alureon-PS
21:31:39.187 File: C:\WINDOWS\system32\calcpgrd.dll TDL3 **ROOTKIT** Win32:Malware-gen
21:53:59.203 File: C:\WINDOWS\Temp\jar_cache5679381992765973664.tmp TDL3 **ROOTKIT** Win32:Ursnif-W [Trj]
21:54:00.609 File: C:\WINDOWS\Temp\jar_cache7906394329637760043.tmp TDL3 **ROOTKIT** Win32:Crypt-JAF [Trj]
21:57:36.468 AVAST engine scan C:\Documents and Settings\Administrator.YOUR-8F49424569
21:59:00.218 AVAST engine scan C:\Documents and Settings\All Users
22:00:40.968 Scan finished successfully
22:00:59.078 Disk 0 fixing MBR ...
22:01:09.171 Disk 0 MBR restored successfully
22:01:09.250 Verifying disinfection
22:01:19.500 Infection fixed successfully - please reboot ASAP
22:01:41.656 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Administrator.YOUR-8F49424569\Desktop\MBR.dat"
22:01:41.671 The log file has been saved successfully to "C:\Documents and Settings\Administrator.YOUR-8F49424569\Desktop\aswMBR.txt"

--------------------------------------------

OTL logfile created on: 7/1/2011 10:47:28 PM - Run 4
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Documents and Settings\Administrator.YOUR-8F49424569\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18372)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

445.11 Mb Total Physical Memory | 212.31 Mb Available Physical Memory | 47.70% Memory free
1.03 Gb Paging File | 0.89 Gb Available in Paging File | 86.65% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 106.50 Gb Total Space | 77.36 Gb Free Space | 72.64% Space Free | Partition Type: NTFS
Drive D: | 5.27 Gb Total Space | 1.84 Gb Free Space | 34.97% Space Free | Partition Type: FAT32

Computer Name: YOUR-8F49424569 | User Name: Administrator | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Administrator.YOUR-8F49424569\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\McAfee\MPF\MpfSrv.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Administrator.YOUR-8F49424569\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (AppMgmt) -- File not found
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (McAfee SiteAdvisor Service) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)
SRV - (MpfService) -- C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)
SRV - (MSK80Service) -- C:\Program Files\McAfee\MSK\MskSrver.exe (McAfee, Inc.)
SRV - (mcmscsvc) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
SRV - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (McShield) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
SRV - (McSysmon) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
SRV - (MBackMonitor) -- C:\Program Files\McAfee\MBK\MBackMonitor.exe (McAfee)
SRV - (McProxy) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
SRV - (McNASvc) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)
SRV - (TomTomHOMEService) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (PrismXL) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS (New Boundary Technologies, Inc.)
SRV - (spupdsvc) -- C:\WINDOWS\system32\spupdsvc.exe (Microsoft Corporation)
SRV - (SavRoam) -- C:\Program Files\Symantec AntiVirus\SavRoam.exe (symantec)
SRV - (Symantec AntiVirus) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe (Symantec Corporation)
SRV - (DefWatch) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe (Symantec Corporation)
SRV - (SNDSrvc) -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (Symantec Corporation)
SRV - (SPBBCSvc) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe (Symantec Corporation)
SRV - (ccSetMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (Symantec Corporation)
SRV - (ccEvtMgr) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (Symantec Corporation)
SRV - (LiveUpdate) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_1.EXE (Symantec Corporation)


========== Driver Services (SafeList) ==========

DRV - (NAVEX15) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110603.002\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110603.002\NAVENG.SYS (Symantec Corporation)
DRV - (MBAMSwissArmy) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (mfehidk) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfesmfk) -- C:\WINDOWS\system32\drivers\mfesmfk.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (mferkdk) -- C:\WINDOWS\system32\drivers\mferkdk.sys (McAfee, Inc.)
DRV - (MPFP) -- C:\WINDOWS\system32\drivers\Mpfp.sys (McAfee, Inc.)
DRV - (SymEvent) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (ASCTRM) -- C:\WINDOWS\System32\drivers\asctrm.sys (Windows ® 2000 DDK provider)
DRV - (WDC_SAM) -- C:\WINDOWS\system32\drivers\wdcsam.sys (Western Digital Technologies)
DRV - (SYMTDI) -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS (Symantec Corporation)
DRV - (SYMREDRV) -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS (Symantec Corporation)
DRV - (SPBBCDrv) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation)
DRV - (SAVRT) -- C:\Program Files\Symantec AntiVirus\savrt.sys (Symantec Corporation)
DRV - (SAVRTPEL) -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys (Symantec Corporation)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation )
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (rtl8139) Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)
DRV - (HSFHWBS2) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (wanatw) WAN Miniport (ATW) -- C:\WINDOWS\system32\drivers\wanatw4.sys (America Online, Inc.)
DRV - (mxnic) -- C:\WINDOWS\system32\drivers\mxnic.sys (Macronix International Co., Ltd. )


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_page_URL = http://www.gateway.c...Sys=DTP&M=W3507
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.c...Sys=DTP&M=W3507
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_page_URL = http://www.gateway.c...Sys=DTP&M=W3507
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.c...Sys=DTP&M=W3507
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" =

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" =

IE - HKU\S-1-5-21-2762213242-3546677925-3853632924-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.emachines.com/
IE - HKU\S-1-5-21-2762213242-3546677925-3853632924-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.72.0
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3.1

FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\Documents and Settings\J'mari Hawkins\Application Data\MySpace\Toolbar\bin\ [2010/07/12 15:30:45 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2011/05/25 11:17:07 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.20\extensions\\Components: L:\System\Apps\3C9F7B3F-D55C-42cd-8537-B878518B73AF\Exec\firefox\components
FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.20\extensions\\Plugins: L:\System\Apps\3C9F7B3F-D55C-42cd-8537-B878518B73AF\Exec\firefox\plugins
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/15 14:41:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/26 18:14:15 | 000,000,000 | ---D | M]

[2011/06/26 20:12:47 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator.YOUR-8F49424569\Application Data\Mozilla\Extensions
[2011/07/01 00:43:10 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator.YOUR-8F49424569\Application Data\Mozilla\Firefox\Profiles\b9c9c8ou.default\extensions
[2011/06/28 21:50:22 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Administrator.YOUR-8F49424569\Application Data\Mozilla\Firefox\Profiles\b9c9c8ou.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/01/12 21:31:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/12 15:30:45 | 000,000,000 | ---D | M] (MySpace Toolbar for Windows) -- C:\DOCUMENTS AND SETTINGS\J'MARI HAWKINS\APPLICATION DATA\MYSPACE\TOOLBAR\BIN
[2009/01/08 18:08:45 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/05/25 11:17:07 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES\MCAFEE\SITEADVISOR
[2009/11/19 17:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2009/11/19 17:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
[2010/11/23 01:53:43 | 000,002,024 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\McSiteAdvisor.xml

O1 HOSTS File: ([2011/07/01 22:27:34 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [McENUI] C:\Program Files\McAfee\MHN\McENUI.exe (McAfee, Inc.)
O4 - HKLM..\Run: [readericon] C:\Program Files\Digital Media Reader\readericon45G.exe (Alcor Micro, Corp.)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [UserFaultCheck] File not found
O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKU\S-1-5-21-2762213242-3546677925-3853632924-500..\Run: [Power2GoExpress] File not found
O4 - HKU\S-1-5-21-2762213242-3546677925-3853632924-500..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-2762213242-3546677925-3853632924-500..\RunOnce: [SpybotDeletingB2036] C:\WINDOWS\System32\command.com ()
O4 - HKU\S-1-5-21-2762213242-3546677925-3853632924-500..\RunOnce: [SpybotDeletingB293] C:\WINDOWS\System32\command.com ()
O4 - HKU\S-1-5-21-2762213242-3546677925-3853632924-500..\RunOnce: [SpybotDeletingB5489] C:\WINDOWS\System32\command.com ()
O4 - HKU\S-1-5-21-2762213242-3546677925-3853632924-500..\RunOnce: [SpybotDeletingB8385] C:\WINDOWS\System32\command.com ()
O4 - HKU\S-1-5-21-2762213242-3546677925-3853632924-500..\RunOnce: [SpybotDeletingD4089] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2762213242-3546677925-3853632924-500..\RunOnce: [SpybotDeletingD6558] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2762213242-3546677925-3853632924-500..\RunOnce: [SpybotDeletingD7929] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2762213242-3546677925-3853632924-500..\RunOnce: [SpybotDeletingD8176] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2762213242-3546677925-3853632924-500..\RunOnce: [TSClientAXDisabler] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2762213242-3546677925-3853632924-500..\RunOnce: [TSClientMSIUninstaller] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\J'mari Hawkins\Start Menu\Programs\Startup\LimeWire On Startup.lnk = File not found
O4 - Startup: C:\Documents and Settings\Lolita Hawkins\Start Menu\Programs\Startup\LimeWire On Startup.lnk = File not found
O4 - Startup: C:\Documents and Settings\Mishayla Hawkins\Start Menu\Programs\Startup\LimeWire On Startup.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2762213242-3546677925-3853632924-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.micr...922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2)
O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKU\.DEFAULT Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-18 Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-19 Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-20 Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-2762213242-3546677925-3853632924-500 Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\emachines.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\emachines.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/26 14:04:39 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2004/09/13 12:15:24 | 000,000,053 | --S- | M] () - D:\Autorun.inf -- [ FAT32 ]
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\D\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKU\S-1-5-21-2762213242-3546677925-3853632924-500..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\.DEFAULT\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-18\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-2762213242-3546677925-3853632924-500\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/01 19:54:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.YOUR-8F49424569\Desktop\archived reports
[2011/07/01 19:54:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.YOUR-8F49424569\Desktop\RK_Quarantine
[2011/06/30 21:53:38 | 001,904,128 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Administrator.YOUR-8F49424569\Desktop\aswMBR.exe
[2011/06/28 10:04:27 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/06/28 08:42:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2011/06/28 08:42:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2011/06/28 08:42:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2011/06/28 08:42:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2011/06/28 08:21:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2011/06/28 08:02:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2011/06/28 08:02:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\EHome
[2011/06/27 00:52:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.YOUR-8F49424569\Local Settings\Application Data\Walmart MP3 Music Downloads
[2011/06/27 00:16:06 | 000,000,000 | ---D | C] -- C:\290c5cefdfe9389e6e32
[2011/06/26 20:21:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.YOUR-8F49424569\My Documents\Downloads
[2011/06/26 20:12:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.YOUR-8F49424569\Application Data\MySpace
[2011/06/26 20:03:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.YOUR-8F49424569\Local Settings\Application Data\Mozilla
[2011/06/26 20:03:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.YOUR-8F49424569\Application Data\Mozilla
[2011/06/25 20:48:07 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator.YOUR-8F49424569\Start Menu\Programs\Administrative Tools
[2011/06/25 10:19:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.YOUR-8F49424569\Application Data\Malwarebytes
[2011/06/25 10:18:33 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/06/25 10:18:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/06/25 10:18:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/06/25 10:18:18 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/06/25 10:18:18 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/06/25 10:17:20 | 000,579,072 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator.YOUR-8F49424569\Desktop\OTL.exe
[2011/06/25 10:17:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.YOUR-8F49424569\Desktop\2011 Malware tools
[2011/06/23 22:19:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.YOUR-8F49424569\Local Settings\Application Data\Adobe
[2011/06/23 22:12:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2011/06/23 22:12:47 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/06/23 22:12:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2011/06/23 22:05:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.YOUR-8F49424569\Application Data\Macromedia
[2011/06/23 22:00:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.YOUR-8F49424569\Application Data\Adobe
[2011/06/23 22:00:11 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator.YOUR-8F49424569\PrivacIE
[2011/06/23 21:59:35 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator.YOUR-8F49424569\IETldCache
[2011/06/23 21:36:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.YOUR-8F49424569\Application Data\Identities
[2011/06/23 21:36:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.YOUR-8F49424569\Application Data\AOL
[2011/06/23 21:36:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.YOUR-8F49424569\Application Data\McAfee
[2011/06/23 21:35:58 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator.YOUR-8F49424569\Application Data\Microsoft
[2011/06/23 21:35:58 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator.YOUR-8F49424569\Application Data
[2011/06/23 21:35:58 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator.YOUR-8F49424569\Cookies
[2011/06/23 21:35:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.YOUR-8F49424569\Application Data\You've Got Pictures Screensaver
[2011/06/23 21:35:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.YOUR-8F49424569\Application Data\SampleView
[2011/06/23 21:35:57 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator.YOUR-8F49424569\Favorites
[2011/06/23 21:35:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.YOUR-8F49424569\Local Settings\Application Data\Google
[2011/06/23 21:35:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.YOUR-8F49424569\Desktop
[2011/06/23 21:35:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.YOUR-8F49424569\Local Settings\Application Data\Symantec
[2011/06/23 21:35:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.YOUR-8F49424569\Local Settings\Application Data\Microsoft Help
[2011/06/23 21:35:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.YOUR-8F49424569\Local Settings\Application Data\Microsoft
[2011/06/23 21:35:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.YOUR-8F49424569\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150020}
[2011/06/23 21:35:53 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator.YOUR-8F49424569\SendTo
[2011/06/23 21:35:53 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator.YOUR-8F49424569\Recent
[2011/06/23 21:35:53 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator.YOUR-8F49424569\My Documents\My Pictures
[2011/06/23 21:35:53 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator.YOUR-8F49424569\My Documents\My Music
[2011/06/23 21:35:53 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator.YOUR-8F49424569\My Documents
[2011/06/23 21:35:53 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator.YOUR-8F49424569\Local Settings
[2011/06/23 21:35:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.YOUR-8F49424569\PrintHood
[2011/06/23 21:35:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.YOUR-8F49424569\NetHood
[2011/06/23 21:35:52 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator.YOUR-8F49424569\Start Menu\Programs\Startup
[2011/06/23 21:35:52 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator.YOUR-8F49424569\Start Menu
[2011/06/23 21:35:52 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator.YOUR-8F49424569\Start Menu\Programs\Accessories
[2011/06/23 21:35:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.YOUR-8F49424569\WINDOWS
[2011/06/23 21:35:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.YOUR-8F49424569\Templates
[2011/06/23 21:35:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.YOUR-8F49424569\Start Menu\Programs\System Recovery
[2011/06/23 21:35:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.YOUR-8F49424569\Start Menu\Programs\America Online
[2011/06/08 17:39:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\cK10600IcFlG10600
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/07/01 22:40:45 | 000,030,087 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2011/07/01 22:38:37 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/07/01 22:27:34 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/07/01 22:01:41 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Administrator.YOUR-8F49424569\Desktop\MBR.dat
[2011/07/01 19:07:52 | 000,230,932 | ---- | M] () -- C:\Documents and Settings\Administrator.YOUR-8F49424569\Desktop\page__gopid__2031945.html
[2011/07/01 19:01:28 | 000,516,608 | ---- | M] () -- C:\Documents and Settings\Administrator.YOUR-8F49424569\Desktop\RogueKiller.exe
[2011/07/01 18:59:43 | 000,684,297 | ---- | M] () -- C:\Documents and Settings\Administrator.YOUR-8F49424569\Desktop\unhide.exe
[2011/06/30 21:54:10 | 001,904,128 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Administrator.YOUR-8F49424569\Desktop\aswMBR.exe
[2011/06/30 21:34:46 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/06/28 09:54:38 | 000,444,028 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/06/28 09:54:38 | 000,071,904 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/06/28 09:38:49 | 000,182,632 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/06/28 09:33:51 | 000,002,883 | ---- | M] () -- C:\WINDOWS\System32\spupdsvc.inf
[2011/06/28 08:20:13 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2011/06/27 10:40:00 | 000,000,444 | ---- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{CD650D35-8416-405F-98AA-81E886EFB608}.job
[2011/06/26 22:47:13 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\Administrator.YOUR-8F49424569\Desktop\Shortcut to firefox.lnk
[2011/06/26 20:22:40 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Administrator.YOUR-8F49424569\Desktop\settings.dat
[2011/06/25 10:18:34 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/25 09:44:42 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator.YOUR-8F49424569\Desktop\OTL.exe
[2011/06/24 03:29:08 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/06/24 02:14:00 | 000,000,245 | RHS- | M] () -- C:\boot.ini
[2011/06/23 23:32:01 | 000,001,723 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2011/06/23 22:45:44 | 000,435,276 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.bak
[2011/06/23 22:35:41 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\Administrator.YOUR-8F49424569\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Explorer.lnk
[2011/06/23 22:12:53 | 000,000,951 | ---- | M] () -- C:\Documents and Settings\Administrator.YOUR-8F49424569\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/06/23 22:12:53 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\Administrator.YOUR-8F49424569\Desktop\Spybot - Search & Destroy.lnk
[2011/06/08 18:16:11 | 001,228,854 | ---- | M] () -- C:\fsqwr.bmp
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/07/01 19:07:41 | 000,230,932 | ---- | C] () -- C:\Documents and Settings\Administrator.YOUR-8F49424569\Desktop\page__gopid__2031945.html
[2011/07/01 19:01:27 | 000,516,608 | ---- | C] () -- C:\Documents and Settings\Administrator.YOUR-8F49424569\Desktop\RogueKiller.exe
[2011/07/01 18:59:41 | 000,684,297 | ---- | C] () -- C:\Documents and Settings\Administrator.YOUR-8F49424569\Desktop\unhide.exe
[2011/07/01 00:41:58 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Administrator.YOUR-8F49424569\Desktop\MBR.dat
[2011/06/28 08:55:18 | 000,002,883 | ---- | C] () -- C:\WINDOWS\System32\spupdsvc.inf
[2011/06/28 08:21:34 | 000,064,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmc20.cod
[2011/06/28 08:21:32 | 000,129,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\cxthsfs2.cty
[2011/06/28 08:21:25 | 000,067,866 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwlan5.img
[2011/06/26 22:47:13 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\Administrator.YOUR-8F49424569\Desktop\Shortcut to firefox.lnk
[2011/06/26 20:22:40 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator.YOUR-8F49424569\Desktop\settings.dat
[2011/06/25 10:18:34 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/23 22:35:41 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\Administrator.YOUR-8F49424569\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Explorer.lnk
[2011/06/23 22:12:53 | 000,000,951 | ---- | C] () -- C:\Documents and Settings\Administrator.YOUR-8F49424569\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/06/23 22:12:53 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\Administrator.YOUR-8F49424569\Desktop\Spybot - Search & Destroy.lnk
[2011/06/23 21:36:50 | 000,000,674 | ---- | C] () -- C:\Documents and Settings\Administrator.YOUR-8F49424569\Application Data\Microsoft\Internet Explorer\Quick Launch\America Online 9.0.lnk
[2011/06/23 21:36:46 | 000,000,746 | ---- | C] () -- C:\Documents and Settings\Administrator.YOUR-8F49424569\Application Data\Microsoft\Internet Explorer\Quick Launch\Gateway Games.lnk
[2011/06/23 21:36:45 | 000,000,779 | ---- | C] () -- C:\Documents and Settings\Administrator.YOUR-8F49424569\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/06/23 21:36:45 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Administrator.YOUR-8F49424569\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2011/06/23 21:36:41 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\Administrator.YOUR-8F49424569\Desktop\Windows Media Player.lnk
[2011/06/23 21:36:03 | 000,001,599 | ---- | C] () -- C:\Documents and Settings\Administrator.YOUR-8F49424569\Start Menu\Programs\Remote Assistance.lnk
[2011/06/23 21:36:03 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\Administrator.YOUR-8F49424569\Start Menu\Programs\Internet Explorer.lnk
[2011/06/23 21:36:03 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\Administrator.YOUR-8F49424569\Start Menu\Programs\Outlook Express.lnk
[2011/06/08 18:16:10 | 001,228,854 | ---- | C] () -- C:\fsqwr.bmp
[2011/03/10 00:38:19 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/09/10 17:21:36 | 000,141,025 | ---- | C] () -- C:\WINDOWS\hpoins27.dat
[2010/09/10 17:21:36 | 000,000,932 | ---- | C] () -- C:\WINDOWS\hpomdl27.dat
[2009/02/21 22:17:46 | 000,001,723 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/02/18 07:10:08 | 000,002,913 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2009/02/11 14:31:30 | 000,000,268 | R--- | C] () -- C:\Documents and Settings\All Users\Application Data\String Comparison
[2009/02/11 14:31:30 | 000,000,020 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT
[2009/02/11 14:31:30 | 000,000,012 | R--- | C] () -- C:\Documents and Settings\All Users\Application Data\Sync Services
[2009/01/20 14:33:43 | 000,000,004 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2009/01/20 14:06:47 | 000,117,964 | ---- | C] () -- C:\WINDOWS\hpoins09.dat
[2009/01/20 14:06:47 | 000,011,645 | ---- | C] () -- C:\WINDOWS\hpomdl09.dat
[2009/01/06 02:24:15 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2009/01/05 22:05:45 | 000,000,004 | ---- | C] () -- C:\WINDOWS\Pix11.dat
[2009/01/05 22:00:38 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2009/01/05 21:56:53 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/01/05 21:52:26 | 000,471,300 | ---- | C] () -- C:\WINDOWS\wallpe.exe
[2009/01/05 21:26:44 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/01/05 21:08:41 | 000,000,060 | ---- | C] () -- C:\WINDOWS\System32\SYSDRV.DAT
[2006/09/07 03:56:01 | 000,112,421 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2004/08/27 06:50:59 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/08/27 05:54:47 | 000,516,096 | ---- | C] () -- C:\WINDOWS\System32\HotlineClient.exe
[2004/08/26 14:07:50 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/26 14:01:37 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/26 12:12:43 | 000,001,226 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/08/26 12:12:43 | 000,000,463 | ---- | C] () -- C:\WINDOWS\System32\emver.ini
[2004/08/26 12:12:13 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/26 12:12:10 | 000,444,028 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/26 12:12:10 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/26 12:12:10 | 000,071,904 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/26 12:12:10 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/26 12:12:08 | 000,005,151 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/26 12:12:07 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/26 12:12:05 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/26 12:12:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/26 12:11:59 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/26 12:11:54 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/26 12:11:46 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/26 06:54:56 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/26 06:54:01 | 000,182,632 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

========== LOP Check ==========

[2009/01/05 21:58:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.YOUR-8F49424569\Application Data\SampleView
[2011/06/26 17:47:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\cK10600IcFlG10600
[2009/02/11 14:31:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EnterNHelp
[2010/09/29 18:26:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2009/02/11 14:32:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nikon
[2009/01/28 14:53:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom
[2009/02/11 14:31:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ultima_T15
[2009/01/05 21:31:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2011/06/23 21:58:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2009/01/05 21:58:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\SampleView
[2009/01/05 21:58:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\SampleView
[2010/10/05 16:48:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest.YOUR-8F49424569\Application Data\NCH Swift Sound
[2010/10/05 16:49:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest.YOUR-8F49424569\Application Data\Recordpad
[2009/01/05 21:58:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest.YOUR-8F49424569\Application Data\SampleView
[2011/03/05 23:26:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest.YOUR-8F49424569\Application Data\WildTangent
[2009/07/06 19:42:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\J'mari Hawkins\Application Data\LimeWire
[2010/11/24 16:16:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\J'mari Hawkins\Application Data\NCH Swift Sound
[2010/11/24 16:16:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\J'mari Hawkins\Application Data\Recordpad
[2009/01/05 21:58:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\J'mari Hawkins\Application Data\SampleView
[2010/08/05 20:01:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\J'mari Hawkins\Application Data\TomTom
[2009/09/23 18:34:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore
[2009/07/20 13:39:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lolita Hawkins\Application Data\LimeWire
[2010/09/23 09:29:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lolita Hawkins\Application Data\NCH Swift Sound
[2009/05/23 19:31:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lolita Hawkins\Application Data\Nikon
[2010/09/23 09:29:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lolita Hawkins\Application Data\Recordpad
[2009/01/05 21:58:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lolita Hawkins\Application Data\SampleView
[2011/05/25 19:16:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lolita Hawkins\Application Data\Umcy
[2009/01/11 13:42:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lolita Hawkins\Application Data\Viewpoint
[2009/01/27 19:23:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lolita Hawkins\Application Data\WildTangent
[2009/03/29 14:51:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mishayla Hawkins\Application Data\LimeWire
[2011/05/05 17:02:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mishayla Hawkins\Application Data\Meovfe
[2010/10/13 19:12:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mishayla Hawkins\Application Data\NCH Swift Sound
[2010/09/24 00:49:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mishayla Hawkins\Application Data\Recordpad
[2009/01/05 21:58:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mishayla Hawkins\Application Data\SampleView
[2011/05/05 15:40:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mishayla Hawkins\Application Data\Uxivsi
[2009/10/11 22:31:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mishayla Hawkins\Application Data\WildTangent
[2011/06/23 23:32:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mishayla Hawkins\Application Data\Yzlel
[2009/01/05 21:58:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Timeless\Application Data\SampleView
[2011/03/15 01:00:01 | 000,000,340 | ---- | M] () -- C:\WINDOWS\Tasks\McDefragTask.job
[2011/06/01 01:00:00 | 000,000,332 | ---- | M] () -- C:\WINDOWS\Tasks\McQcTask.job
[2010/10/13 21:46:00 | 000,000,278 | ---- | M] () -- C:\WINDOWS\Tasks\switchDowngrade.job
[2011/03/04 11:41:00 | 000,000,300 | ---- | M] () -- C:\WINDOWS\Tasks\switchSevenDays.job
[2010/09/29 21:46:58 | 000,000,278 | ---- | M] () -- C:\WINDOWS\Tasks\switchShakeIcon.job
[2011/06/27 10:40:00 | 000,000,444 | ---- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{CD650D35-8416-405F-98AA-81E886EFB608}.job

========== Purity Check ==========



< End of report >
  • 0

#6
Essexboy
Posted 05 July 2011 - 10:30 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Might not need combofix, if TDSSKiller gets all five :)

On completion of this run your system should start performing a lot better, but there are multiple rootkits that need removing

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.


    Posted Image

  • If an infected file is detected, the default action will be Cure, click on Continue.


    Posted Image

  • If a suspicious file is detected, the default action will be Skip, click on Continue.


    Posted Image

  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.


    Posted Image

  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

THEN

Download and run this small VBS programme it should restore your taskbar
  • 0

#7
Essexboy
Posted 09 July 2011 - 07:56 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP