Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Trojan Downloader

Started by noknojon , Aug 15 2011 05:23 PM

  • This topic is locked This topic is locked

#1
noknojon
Posted 15 August 2011 - 05:23 PM

noknojon

    Member

  • Member
  • PipPipPip
  • 533 posts
Hi All.

I think that MSE has caught and removed (currently quarantined) the trojan listed below.
Can we please check and remove any other related problems that may not have been caught.
Thank You.

Category: Trojan Downloader
Description: This program is dangerous and downloads other programs.
Recommended action: Remove this software immediately.
Security Essentials detected programs that may compromise your privacy or damage your computer. You can still access the files that these programs use without removing them (not recommended).
To access these files, select the Allow action and click Apply actions. If this option is not available, log on as administrator or ask the security administrator for help.
Items:
file:C:\DOCUME~1\JOHN~1.JOH\LOCALS~1\Temp\jar_cache1086238567399310939.tmp->bingo/efir.class
file:C:\DOCUME~1\JOHN~1.JOH\LOCALS~1\Temp\jar_cache3471953394565732644.tmp->bingo/efir.class
file:C:\DOCUME~1\JOHN~1.JOH\LOCALS~1\Temp\jar_cache6570491977139150566.tmp->bingo/efir.class
file:C:\DOCUME~1\JOHN~1.JOH\LOCALS~1\Temp\jar_cache7911010309555019647.tmp->bingo/efir.class

OTL logfile created on: 16/08/2011 9:03:56 AM - Run 1
OTL by OldTimer - Version 3.2.26.4 Folder = C:\Documents and Settings\John.JOHN-1E5571CE01\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

2.00 Gb Total Physical Memory | 1.52 Gb Available Physical Memory | 76.04% Memory free
3.85 Gb Paging File | 3.43 Gb Available in Paging File | 89.17% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.76 Gb Total Space | 451.48 Gb Free Space | 96.93% Space Free | Partition Type: NTFS

Computer Name: JOHN-1E5571CE01 | User Name: John | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/16 09:01:04 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\John.JOHN-1E5571CE01\Desktop\OTL.exe
PRC - [2011/08/12 17:47:21 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
PRC - [2011/08/03 21:49:00 | 002,255,464 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/06/15 16:19:14 | 000,307,200 | ---- | M] (PowerISO Computing, Inc.) -- C:\Program Files\PowerISO\PWRISOVM.EXE
PRC - [2011/06/15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2011/04/19 16:44:40 | 000,993,848 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psia.exe
PRC - [2011/04/19 16:44:40 | 000,399,416 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\sua.exe
PRC - [2011/04/19 16:44:40 | 000,291,896 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psi_tray.exe
PRC - [2010/03/04 23:38:00 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2010/02/19 12:09:46 | 002,233,239 | ---- | M] ( ITX Associates) -- C:\Program Files\AzTools\blueline.exe
PRC - [2006/08/31 16:01:32 | 001,422,848 | ---- | M] () -- C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe
PRC - [2006/08/03 19:25:48 | 000,591,360 | R--- | M] () -- C:\Program Files\ASUS\AASP\1.00.05\aaCenter.exe


========== Modules (No Company Name) ==========

MOD - [2011/07/05 10:08:34 | 000,355,432 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\nView\nvShell.dll
MOD - [2010/03/04 23:38:00 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
MOD - [2006/08/31 16:01:32 | 001,422,848 | ---- | M] () -- C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe
MOD - [2006/08/14 14:41:54 | 000,155,648 | ---- | M] () -- C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.dll
MOD - [2006/08/03 19:25:48 | 000,591,360 | R--- | M] () -- C:\Program Files\ASUS\AASP\1.00.05\aaCenter.exe
MOD - [2006/01/10 18:50:20 | 000,024,576 | R--- | M] () -- C:\WINDOWS\system32\AsIO.dll
MOD - [2005/06/22 19:39:56 | 000,204,851 | R--- | M] () -- C:\Program Files\ASUS\AASP\1.00.05\PowerDll.dll
MOD - [2003/10/21 16:31:30 | 000,102,400 | R--- | M] () -- C:\Program Files\ASUS\AASP\1.00.05\cpuutil.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/08/12 17:47:21 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011/08/03 21:49:00 | 002,255,464 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2011/04/19 16:44:40 | 000,993,848 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent)
SRV - [2011/04/19 16:44:40 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2010/03/04 23:38:00 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccess)


========== Driver Services (SafeList) ==========

DRV - [2011/08/16 08:36:26 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5A645644-FED7-4078-AFCB-CF61869C7830}\MpKslf3fb4702.sys -- (MpKslf3fb4702)
DRV - [2011/08/04 17:05:59 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2011/07/13 07:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/06/15 18:23:56 | 000,060,156 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2011/03/19 02:08:54 | 000,025,240 | ---- | M] (Almico Software) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)
DRV - [2010/09/01 18:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psi_mf.sys -- (PSI)
DRV - [2010/07/06 03:13:10 | 000,234,392 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2009/11/12 14:48:56 | 000,005,504 | ---- | M] () [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2006/08/04 18:29:24 | 000,043,904 | R--- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\jraid.sys -- (JRAID)
DRV - [2006/03/18 04:18:58 | 000,392,960 | R--- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (SenFiltService)
DRV - [2006/02/07 21:52:58 | 000,006,912 | R--- | M] (JMicron ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\JGOGO.sys -- (JGOGO)
DRV - [2005/12/22 12:22:18 | 000,005,685 | R--- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AsIO.sys -- (AsIO)
DRV - [2004/08/13 12:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [1996/04/04 05:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.netspace.net.au/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.au/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-au
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E4 09 67 7B D3 4C CC 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)



O1 HOSTS File: ([2011/08/07 18:19:15 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O4 - HKLM..\Run: [Ai Nap] C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe ()
O4 - HKLM..\Run: [AsusServiceProvider] C:\Program Files\ASUS\AASP\1.00.05\aaCenter.exe ()
O4 - HKLM..\Run: [JMB36X Configure] C:\WINDOWS\System32\JMRaidTool.exe (JMicron Technology Corp.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Secunia PSI Tray.lnk = C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia)
O4 - Startup: C:\Documents and Settings\John.JOHN-1E5571CE01\Start Menu\Programs\Startup\AutorunsDisabled [2011/08/07 15:28:39 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Documents and Settings\John.JOHN-1E5571CE01\Start Menu\Programs\Startup\Lotus QuickStart.lnk = C:\lotus\wordpro\ltsstart.exe (Lotus Development Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &ieSpell Options - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O8 - Extra context menu item: Check &Spelling - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll (Google Inc.)
O8 - Extra context menu item: Lookup on Merriam Webster - C:\Program Files\ieSpell\Merriam Webster.HTM ()
O8 - Extra context menu item: Lookup on Wikipedia - C:\Program Files\ieSpell\wikipedia.HTM ()
O9 - Extra Button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1311140735000 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/07/11 19:47:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/08/16 09:00:56 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\John.JOHN-1E5571CE01\Desktop\OTL.exe
[2011/08/14 08:46:52 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2011/08/11 16:11:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Masque Casino Game Pak II
[2011/08/11 10:25:04 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2011/08/11 10:24:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Windows Live
[2011/08/11 10:23:51 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2011/08/11 09:49:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\WindowsPowerShell
[2011/08/11 09:49:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\winrm
[2011/08/11 09:49:06 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$968930Uinstall_KB968930$
[2011/08/10 19:31:07 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2011/08/08 20:13:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John.JOHN-1E5571CE01\Start Menu\Programs\SpeedFan
[2011/08/08 20:13:06 | 000,000,000 | ---D | C] -- C:\Program Files\SpeedFan
[2011/08/08 12:49:41 | 000,000,000 | ---D | C] -- C:\Program Files\Speccy
[2011/08/07 18:40:21 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/08/07 18:15:55 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/08/07 18:14:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/08/07 15:28:39 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\John.JOHN-1E5571CE01\Start Menu\Programs\Startup\AutorunsDisabled
[2011/08/04 17:06:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\!SASCORE
[2011/08/04 16:59:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John.JOHN-1E5571CE01\Local Settings\Application Data\Temp
[2011/08/03 18:00:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John.JOHN-1E5571CE01\Application Data\Windows Search
[2011/08/03 09:05:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2011/08/03 09:03:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2011/08/03 09:00:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Google
[2011/08/03 08:23:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John.JOHN-1E5571CE01\Local Settings\Application Data\Secunia PSI
[2011/08/03 08:22:59 | 000,000,000 | ---D | C] -- C:\Program Files\Secunia
[2011/08/01 22:03:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John.JOHN-1E5571CE01\My Documents\New Folder
[2011/07/31 11:47:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\PopCap Games
[2011/07/31 11:47:39 | 000,000,000 | ---D | C] -- C:\Program Files\PopCap Games
[2011/07/31 11:39:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John.JOHN-1E5571CE01\Start Menu\Programs\Lotus SmartSuite
[2011/07/31 11:37:55 | 000,000,000 | ---D | C] -- C:\lotus
[2011/07/31 11:24:55 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\CanonBJ
[2011/07/30 16:30:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John.JOHN-1E5571CE01\My Documents\Autoruns
[2011/07/30 13:23:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John.JOHN-1E5571CE01\Application Data\Special K Software
[2011/07/30 13:23:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\500 From Special K
[2011/07/30 13:23:11 | 000,000,000 | ---D | C] -- C:\Program Files\500 From Special K
[2011/07/30 13:22:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John.JOHN-1E5571CE01\My Documents\500_95
[2011/07/28 08:39:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John.JOHN-1E5571CE01\Local Settings\Application Data\ApplicationHistory
[2011/07/27 22:29:32 | 000,000,000 | ---D | C] -- C:\Program Files\BurnAware Free
[2011/07/27 22:27:55 | 004,468,623 | ---- | C] (Burnaware Technologies ) -- C:\Documents and Settings\John.JOHN-1E5571CE01\My Documents\burnaware_free.exe
[2011/07/27 22:13:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Microsoft Silverlight
[2011/07/27 22:12:34 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2011/07/27 22:12:25 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2011/07/27 22:12:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Documents\microsoft
[2011/07/27 22:12:14 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live SkyDrive
[2011/07/27 22:00:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2011/07/27 21:57:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2011/07/27 21:56:59 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2011/07/27 21:56:53 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2011/07/27 21:56:26 | 000,000,000 | ---D | C] -- C:\ed3780a8a2b3cfed0eef580e0b1e
[2011/07/27 21:54:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John.JOHN-1E5571CE01\Application Data\Windows Desktop Search
[2011/07/27 21:54:01 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Desktop Search
[2011/07/27 21:52:59 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Connect 2
[2011/07/27 21:52:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF
[2011/07/26 22:07:56 | 000,000,000 | R--D | C] -- C:\Documents and Settings\John.JOHN-1E5571CE01\My Documents\My Videos
[2011/07/26 18:46:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\PowerISO
[2011/07/26 18:46:10 | 000,000,000 | ---D | C] -- C:\Program Files\PowerISO
[2011/07/26 17:41:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John.JOHN-1E5571CE01\Application Data\Google
[2011/07/26 17:41:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Google Earth
[2011/07/26 17:38:12 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2011/07/26 17:38:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John.JOHN-1E5571CE01\Local Settings\Application Data\Google
[2011/07/26 17:00:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Uniblue
[2011/07/26 16:44:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John.JOHN-1E5571CE01\Application Data\Canneverbe Limited
[2011/07/26 16:44:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Canneverbe Limited
[2011/07/26 16:44:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John.JOHN-1E5571CE01\Local Settings\Application Data\OpenCandy
[2011/07/26 16:44:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John.JOHN-1E5571CE01\Application Data\OpenCandy
[2011/07/26 16:44:12 | 000,000,000 | ---D | C] -- C:\Program Files\CDBurnerXP
[2011/07/26 16:29:53 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2011/07/26 16:20:56 | 005,015,880 | ---- | C] (Canneverbe Limited ) -- C:\Documents and Settings\John.JOHN-1E5571CE01\My Documents\cdbxp_setup_4.3.8.2568.exe
[2011/07/26 15:44:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John.JOHN-1E5571CE01\Application Data\ieSpell
[2011/07/25 08:51:53 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/07/21 16:59:45 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\John.JOHN-1E5571CE01\My Documents\TFC.exe
[2011/07/21 13:24:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John.JOHN-1E5571CE01\Start Menu\Programs\HiJackThis
[2011/07/21 13:24:06 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/07/21 11:20:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Phantom EFX
[2011/07/21 11:15:13 | 000,000,000 | ---D | C] -- C:\Program Files\ieSpell
[2011/07/21 10:48:43 | 000,000,000 | ---D | C] -- C:\Program Files\AzTools
[2011/07/21 10:47:58 | 005,509,039 | ---- | C] ( ) -- C:\Documents and Settings\John.JOHN-1E5571CE01\My Documents\BluelineFull.exe
[2011/07/21 10:01:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe
[2011/07/21 09:58:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John.JOHN-1E5571CE01\My Documents\Downloads
[2011/07/21 09:49:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John.JOHN-1E5571CE01\My Documents\hosts
[2011/07/21 09:42:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John.JOHN-1E5571CE01\Application Data\Orca Profiles
[2011/07/21 09:42:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Orca Browser
[2011/07/21 09:42:05 | 000,000,000 | ---D | C] -- C:\Program Files\Orca Browser
[2011/07/21 09:14:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2011/07/21 09:14:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Sun
[2011/07/21 09:14:29 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/07/21 09:14:00 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2011/07/21 09:12:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John.JOHN-1E5571CE01\Application Data\Sun
[2011/07/20 20:54:44 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\John.JOHN-1E5571CE01\IECompatCache
[2011/07/20 20:51:17 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/07/20 20:50:29 | 003,216,552 | ---- | C] (Piriform Ltd) -- C:\Documents and Settings\John.JOHN-1E5571CE01\My Documents\ccsetup308.exe
[2011/07/20 20:21:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\Logs
[2011/07/20 20:10:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John.JOHN-1E5571CE01\Application Data\SUPERAntiSpyware.com
[2011/07/20 20:10:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\SUPERAntiSpyware.com
[2011/07/20 20:10:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\SUPERAntiSpyware
[2011/07/20 20:10:34 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/07/20 20:10:02 | 011,613,408 | ---- | C] (SUPERAntiSpyware.com) -- C:\Documents and Settings\John.JOHN-1E5571CE01\My Documents\SUPERAntiSpyware.exe
[2011/07/20 17:49:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\RealGames
[2011/07/20 17:49:47 | 000,000,000 | ---D | C] -- C:\Program Files\Real
[2011/07/20 17:32:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John.JOHN-1E5571CE01\Local Settings\Application Data\Identities
[2011/07/20 17:08:46 | 000,000,000 | R--D | C] -- C:\Documents and Settings\John.JOHN-1E5571CE01\Start Menu\Programs\Administrative Tools
[2011/07/20 16:55:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\NVIDIA Corporation
[2011/07/20 16:55:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\NVIDIA
[2011/07/20 16:54:25 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2011/07/20 16:45:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John.JOHN-1E5571CE01\Application Data\Malwarebytes
[2011/07/20 16:45:27 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/07/20 16:45:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/07/20 16:45:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
[2011/07/20 16:45:23 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/07/20 16:45:23 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/07/20 16:44:49 | 009,466,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\John.JOHN-1E5571CE01\My Documents\mbam-setup-1.51.1.1800.exe
[2011/07/20 16:38:32 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2011/07/20 16:32:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2011/07/20 16:21:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2011/07/20 16:21:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2011/07/20 16:21:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2011/07/20 16:21:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2011/07/20 16:17:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2011/07/20 16:13:59 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2011/07/20 15:50:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2011/07/20 15:42:23 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011/07/20 15:37:23 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\John.JOHN-1E5571CE01\PrivacIE
[2011/07/20 15:29:00 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\John.JOHN-1E5571CE01\IETldCache
[2011/07/20 15:25:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2011/07/20 15:24:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2011/07/20 15:23:41 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2011/07/20 15:23:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US
[2011/07/20 15:17:54 | 000,000,000 | ---D | C] -- C:\75b0df1d4ae4eb5862201e4466e4
[2011/07/20 14:28:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Windows Genuine Advantage
[2011/07/20 14:27:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
[2011/07/20 14:24:05 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\John.JOHN-1E5571CE01\UserData
[2011/07/20 14:23:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John.JOHN-1E5571CE01\Application Data\Macromedia
[2011/07/20 14:18:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John.JOHN-1E5571CE01\Application Data\AdobeUM
[2011/07/20 14:17:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John.JOHN-1E5571CE01\Local Settings\Application Data\Adobe
[2011/07/20 14:17:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John.JOHN-1E5571CE01\Application Data\Adobe
[2011/07/20 13:51:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec
[2011/07/20 13:51:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2011/07/20 13:51:17 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
[2011/07/20 13:29:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Adobe
[2011/07/20 13:29:36 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2011/07/20 13:25:27 | 000,000,000 | ---D | C] -- C:\Program Files\ASUS
[2011/07/20 13:25:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\ASUS
[2011/07/20 13:23:11 | 000,000,000 | R--D | C] -- C:\WINDOWS\AsDmiHtm
[2011/07/20 13:16:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\JMicron Technology Corp
[2011/07/20 13:16:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\JM
[2011/07/20 13:15:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2011/07/20 13:14:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Realtek
[2011/07/20 13:14:27 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2011/07/20 13:14:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\OPTIONS
[2011/07/20 13:09:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\SoundMAX
[2011/07/20 13:09:40 | 000,000,000 | ---D | C] -- C:\Program Files\Analog Devices
[2011/07/20 13:09:39 | 000,045,056 | ---- | C] (adi) -- C:\WINDOWS\System32\CleanUp.exe
[2011/07/20 13:06:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\ASUSInstAll
[2011/07/20 13:06:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\system32
[2011/07/20 13:06:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\INF
[2011/07/20 13:06:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\system32\DRIVERS
[2011/07/20 13:05:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ReinstallBackups
[2011/07/20 13:05:29 | 000,000,000 | ---D | C] -- C:\Program Files\Intel
[2011/07/19 23:01:52 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup
[2011/07/19 23:01:52 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu
[2011/07/19 23:01:52 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users.WINDOWS\Documents
[2011/07/19 23:01:52 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users.WINDOWS\Templates
[2011/07/19 23:01:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Favorites
[2011/07/19 23:01:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Desktop
[2011/07/19 23:01:34 | 000,000,000 | --SD | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft
[2011/07/19 23:01:34 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data
[2011/07/19 13:33:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John.JOHN-1E5571CE01\Application Data\Identities
[2011/07/19 13:33:30 | 000,000,000 | R--D | C] -- C:\Documents and Settings\John.JOHN-1E5571CE01\My Documents\My Pictures
[2011/07/19 13:33:30 | 000,000,000 | R--D | C] -- C:\Documents and Settings\John.JOHN-1E5571CE01\My Documents\My Music
[2011/07/19 13:33:27 | 000,000,000 | --SD | C] -- C:\Documents and Settings\John.JOHN-1E5571CE01\Application Data\Microsoft
[2011/07/19 13:33:27 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\John.JOHN-1E5571CE01\SendTo
[2011/07/19 13:33:27 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\John.JOHN-1E5571CE01\Recent
[2011/07/19 13:33:27 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\John.JOHN-1E5571CE01\Application Data
[2011/07/19 13:33:27 | 000,000,000 | R--D | C] -- C:\Documents and Settings\John.JOHN-1E5571CE01\Start Menu\Programs\Startup
[2011/07/19 13:33:27 | 000,000,000 | R--D | C] -- C:\Documents and Settings\John.JOHN-1E5571CE01\Start Menu
[2011/07/19 13:33:27 | 000,000,000 | R--D | C] -- C:\Documents and Settings\John.JOHN-1E5571CE01\My Documents
[2011/07/19 13:33:27 | 000,000,000 | R--D | C] -- C:\Documents and Settings\John.JOHN-1E5571CE01\Favorites
[2011/07/19 13:33:27 | 000,000,000 | R--D | C] -- C:\Documents and Settings\John.JOHN-1E5571CE01\Start Menu\Programs\Accessories
[2011/07/19 13:33:27 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\John.JOHN-1E5571CE01\Cookies
[2011/07/19 13:33:27 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\John.JOHN-1E5571CE01\Templates
[2011/07/19 13:33:27 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\John.JOHN-1E5571CE01\PrintHood
[2011/07/19 13:33:27 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\John.JOHN-1E5571CE01\NetHood
[2011/07/19 13:33:27 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\John.JOHN-1E5571CE01\Local Settings
[2011/07/19 13:33:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John.JOHN-1E5571CE01\Local Settings\Application Data\Microsoft
[2011/07/19 13:33:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John.JOHN-1E5571CE01\Desktop
[2011/07/19 13:15:07 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2011/07/19 13:15:07 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2011/07/19 13:14:18 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2011/07/19 13:12:48 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users.WINDOWS\DRM
[2011/07/19 13:11:07 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users.WINDOWS\Documents\My Pictures
[2011/07/19 13:10:52 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Games
[2011/07/19 13:10:31 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Administrative Tools
[2011/07/19 13:10:23 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users.WINDOWS\Documents\My Music
[2011/07/19 13:09:24 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users.WINDOWS\Documents\My Videos
[2011/07/19 13:08:58 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Accessories
[2011/07/19 12:48:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\setupupd
[2011/07/19 11:05:09 | 000,000,000 | ---D | C] -- C:\windist
[2011/07/19 10:33:00 | 000,000,000 | ---D | C] -- C:\Program Files\directx
[2011/07/19 10:30:51 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2011/07/19 10:30:51 | 000,000,000 | ---D | C] -- C:\Program Files\Phantom EFX
[2011/07/19 10:30:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2011/07/18 14:56:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2011/07/18 14:40:52 | 000,000,000 | ---D | C] -- C:\Program Files\Support Tools
[2011/07/18 14:36:01 | 000,000,000 | ---D | C] -- C:\Program Files\Application Compatibility Toolkit
[2011/07/18 12:12:38 | 000,000,000 | R-SD | C] -- C:\WINDOWS\assembly
[2011/07/18 12:12:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET
[2011/07/18 12:12:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\URTTemp
[2011/07/18 12:05:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\IIS Temporary Compressed Files
[2011/07/18 12:04:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\msmq
[2011/07/18 12:04:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Logfiles
[2011/07/18 12:04:03 | 000,000,000 | ---D | C] -- C:\Inetpub
[2011/07/18 12:03:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\setup.pss

========== Files - Modified Within 30 Days ==========

[2011/08/16 09:01:04 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\John.JOHN-1E5571CE01\Desktop\OTL.exe
[2011/08/16 08:49:09 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/08/16 08:41:26 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/08/16 08:36:54 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/08/16 08:36:26 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/08/16 08:36:23 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/08/15 22:02:33 | 000,000,016 | ---- | M] () -- C:\WINDOWS\popcinfo.dat
[2011/08/15 09:44:28 | 000,000,235 | ---- | M] () -- C:\Documents and Settings\John.JOHN-1E5571CE01\Desktop\MBAM Forums.url
[2011/08/14 11:09:39 | 000,000,333 | ---- | M] () -- C:\Documents and Settings\John.JOHN-1E5571CE01\Desktop\BleepingComputer.url
[2011/08/14 09:23:41 | 000,142,832 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/08/11 09:59:33 | 000,522,316 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/08/11 09:59:33 | 000,094,210 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/08/11 09:49:27 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/08/10 19:32:09 | 000,280,276 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/08/10 19:32:09 | 000,000,001 | ---- | M] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/08/10 19:32:07 | 000,280,276 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/08/08 20:13:08 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\John.JOHN-1E5571CE01\Desktop\SpeedFan.lnk
[2011/08/08 20:13:06 | 000,000,045 | ---- | M] () -- C:\WINDOWS\System32\initdebug.nfo
[2011/08/08 12:49:44 | 000,000,654 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Speccy.lnk
[2011/08/07 18:19:15 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/08/07 18:15:58 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/08/07 10:50:36 | 000,002,477 | ---- | M] () -- C:\Documents and Settings\John.JOHN-1E5571CE01\Desktop\HiJackThis.lnk
[2011/08/06 20:20:50 | 000,000,307 | ---- | M] () -- C:\Documents and Settings\John.JOHN-1E5571CE01\Desktop\MajorGeeks Support Forums.url
[2011/08/03 21:49:00 | 002,128,778 | ---- | M] () -- C:\WINDOWS\System32\nvdata.data
[2011/08/03 21:49:00 | 000,061,440 | ---- | M] (Khronos Group) -- C:\WINDOWS\System32\OpenCL.dll
[2011/08/03 21:49:00 | 000,003,249 | ---- | M] () -- C:\WINDOWS\System32\nvinfo.pb
[2011/08/03 19:59:11 | 000,000,520 | ---- | M] () -- C:\Documents and Settings\John.JOHN-1E5571CE01\My Documents\spider.sav
[2011/08/03 08:23:02 | 000,000,753 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2011/07/31 11:47:42 | 000,000,920 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Bejeweled 2 Deluxe.lnk
[2011/07/31 11:46:00 | 000,000,614 | ---- | M] () -- C:\Documents and Settings\John.JOHN-1E5571CE01\Desktop\Lotus Word Pro.lnk
[2011/07/31 11:39:53 | 000,000,575 | ---- | M] () -- C:\Documents and Settings\John.JOHN-1E5571CE01\Start Menu\Programs\Startup\Lotus QuickStart.lnk
[2011/07/30 17:52:40 | 000,000,368 | ---- | M] () -- C:\Documents and Settings\John.JOHN-1E5571CE01\Application Data\burnaware.ini
[2011/07/30 17:32:11 | 000,000,800 | ---- | M] () -- C:\Documents and Settings\John.JOHN-1E5571CE01\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/07/30 16:44:05 | 000,000,698 | ---- | M] () -- C:\Documents and Settings\John.JOHN-1E5571CE01\Desktop\Shortcut (2) to autoruns.lnk
[2011/07/30 16:29:49 | 000,620,972 | ---- | M] () -- C:\Documents and Settings\John.JOHN-1E5571CE01\My Documents\Autoruns.zip
[2011/07/30 13:23:15 | 000,001,724 | ---- | M] () -- C:\Documents and Settings\John.JOHN-1E5571CE01\Desktop\500 From Special K.lnk
[2011/07/30 13:22:25 | 003,503,914 | ---- | M] () -- C:\Documents and Settings\John.JOHN-1E5571CE01\My Documents\500_95.zip
[2011/07/29 10:34:02 | 000,000,227 | ---- | M] () -- C:\Documents and Settings\John.JOHN-1E5571CE01\Desktop\SystemLookup.url
[2011/07/27 22:29:36 | 000,000,729 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\BurnAware Free.lnk
[2011/07/27 22:28:03 | 004,468,623 | ---- | M] (Burnaware Technologies ) -- C:\Documents and Settings\John.JOHN-1E5571CE01\My Documents\burnaware_free.exe
[2011/07/27 21:54:06 | 000,001,787 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Windows Search.lnk
[2011/07/27 21:53:08 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2011/07/27 21:53:08 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2011/07/27 21:52:09 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2011/07/26 18:46:12 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\PowerISO.lnk
[2011/07/26 18:45:55 | 001,878,829 | ---- | M] () -- C:\Documents and Settings\John.JOHN-1E5571CE01\My Documents\PowerISO48.exe
[2011/07/26 17:41:03 | 000,001,915 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Google Earth.lnk
[2011/07/26 16:44:15 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\CDBurnerXP.lnk
[2011/07/26 16:21:02 | 005,015,880 | ---- | M] (Canneverbe Limited ) -- C:\Documents and Settings\John.JOHN-1E5571CE01\My Documents\cdbxp_setup_4.3.8.2568.exe
[2011/07/25 17:20:56 | 000,000,369 | ---- | M] () -- C:\Documents and Settings\John.JOHN-1E5571CE01\Desktop\Forums - Geeks to Go! –.url
[2011/07/24 19:35:33 | 000,001,503 | ---- | M] () -- C:\Documents and Settings\John.JOHN-1E5571CE01\Desktop\Paint.lnk
[2011/07/24 18:00:53 | 000,000,513 | ---- | M] () -- C:\Documents and Settings\John.JOHN-1E5571CE01\W32.IRCBot
[2011/07/21 18:48:41 | 000,000,361 | ---- | M] () -- C:\Documents and Settings\John.JOHN-1E5571CE01\Desktop\Yahoo!7 Mail - Free Email with Unlimited Storage for Australia.url
[2011/07/21 17:00:12 | 000,000,558 | ---- | M] () -- C:\Documents and Settings\John.JOHN-1E5571CE01\Desktop\Shortcut to TFC.lnk
[2011/07/21 16:59:51 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\John.JOHN-1E5571CE01\My Documents\TFC.exe
[2011/07/21 13:27:31 | 000,001,498 | ---- | M] () -- C:\Documents and Settings\John.JOHN-1E5571CE01\Desktop\Calculator.lnk
[2011/07/21 13:23:39 | 001,402,880 | ---- | M] () -- C:\Documents and Settings\John.JOHN-1E5571CE01\My Documents\HiJackThis.msi
[2011/07/21 11:25:35 | 000,002,054 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Launch Reel Deal Slots - Nickels And More.lnk
[2011/07/21 11:18:26 | 000,001,519 | ---- | M] () -- C:\Documents and Settings\John.JOHN-1E5571CE01\Desktop\Notepad.lnk
[2011/07/21 11:14:48 | 002,091,426 | ---- | M] () -- C:\Documents and Settings\John.JOHN-1E5571CE01\My Documents\ieSpellSetup264573.exe
[2011/07/21 10:48:44 | 000,000,673 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Blueline.lnk
[2011/07/21 10:48:03 | 005,509,039 | ---- | M] ( ) -- C:\Documents and Settings\John.JOHN-1E5571CE01\My Documents\BluelineFull.exe
[2011/07/21 09:49:11 | 000,970,882 | ---- | M] () -- C:\Documents and Settings\John.JOHN-1E5571CE01\My Documents\hosts.zip
[2011/07/21 09:42:12 | 000,000,704 | ---- | M] () -- C:\Documents and Settings\John.JOHN-1E5571CE01\Application Data\Microsoft\Internet Explorer\Quick Launch\Orca Browser.lnk
[2011/07/21 09:42:12 | 000,000,686 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Orca Browser.lnk
[2011/07/21 09:41:42 | 010,044,049 | ---- | M] () -- C:\Documents and Settings\John.JOHN-1E5571CE01\My Documents\osetup.exe
[2011/07/20 20:51:18 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\CCleaner.lnk
[2011/07/20 20:50:33 | 003,216,552 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\John.JOHN-1E5571CE01\My Documents\ccsetup308.exe
[2011/07/20 20:18:13 | 000,000,565 | ---- | M] () -- C:\Documents and Settings\John.JOHN-1E5571CE01\Desktop\Shortcut to Magical Jelly Bean.lnk
[2011/07/20 20:10:37 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/07/20 20:10:06 | 011,613,408 | ---- | M] (SUPERAntiSpyware.com) -- C:\Documents and Settings\John.JOHN-1E5571CE01\My Documents\SUPERAntiSpyware.exe
[2011/07/20 19:33:09 | 000,000,167 | ---- | M] () -- C:\Documents and Settings\John.JOHN-1E5571CE01\Desktop\Go to Facebook Home.url
[2011/07/20 19:11:56 | 000,000,604 | ---- | M] () -- C:\Documents and Settings\John.JOHN-1E5571CE01\Desktop\Shortcut to ATF-Cleaner.lnk
[2011/07/20 17:49:49 | 000,001,751 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\CueClub.lnk
[2011/07/20 17:49:19 | 000,000,669 | ---- | M] () -- C:\Documents and Settings\John.JOHN-1E5571CE01\My Documents\Shortcut to (PC Game) -POOL GAME - Cue Club (full version).lnk
[2011/07/20 17:32:05 | 000,000,738 | ---- | M] () -- C:\Documents and Settings\John.JOHN-1E5571CE01\Desktop\Outlook Express.lnk
[2011/07/20 16:57:02 | 000,001,490 | ---- | M] () -- C:\Documents and Settings\John.JOHN-1E5571CE01\Desktop\Spider Solitaire.lnk
[2011/07/20 16:54:29 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\nvdrswr.lk
[2011/07/20 16:48:32 | 000,001,680 | ---- | M] () -- C:\Documents and Settings\John.JOHN-1E5571CE01\Desktop\Microsoft Security Essentials.lnk
[2011/07/20 16:45:28 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/20 16:44:52 | 009,466,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\John.JOHN-1E5571CE01\My Documents\mbam-setup-1.51.1.1800.exe
[2011/07/20 16:33:08 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2011/07/20 16:17:16 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2011/07/20 15:58:54 | 000,001,491 | ---- | M] () -- C:\Documents and Settings\John.JOHN-1E5571CE01\Desktop\Solitaire.lnk
[2011/07/20 15:58:43 | 000,001,520 | ---- | M] () -- C:\Documents and Settings\John.JOHN-1E5571CE01\Desktop\Hearts.lnk
[2011/07/20 15:58:36 | 000,001,522 | ---- | M] () -- C:\Documents and Settings\John.JOHN-1E5571CE01\Desktop\Freecell.lnk
[2011/07/20 15:43:30 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2011/07/20 15:29:02 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\John.JOHN-1E5571CE01\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/07/20 15:13:12 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.bak
[2011/07/20 14:42:05 | 000,019,134 | ---- | M] () -- C:\WINDOWS\Ascd_tmp.ini
[2011/07/20 13:50:09 | 000,000,670 | ---- | M] () -- C:\WINDOWS\setup.iss
[2011/07/20 13:49:45 | 000,019,512 | ---- | M] () -- C:\WINDOWS\Ascd_log.ini
[2011/07/19 13:33:39 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\John.JOHN-1E5571CE01\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2011/07/19 13:31:54 | 000,008,192 | ---- | M] () -- C:\WINDOWS\REGLOCS.OLD
[2011/07/19 13:15:35 | 000,000,560 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2011/07/19 13:13:48 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\INF\oem0.PNF
[2011/07/19 13:13:48 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\INF\oem0.inf
[2011/07/19 13:13:34 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/07/19 13:13:21 | 000,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2011/07/19 13:10:51 | 000,021,640 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/07/19 13:08:24 | 000,000,211 | ---- | M] () -- C:\Boot.bak

========== Files Created - No Company Name ==========

[2011/08/08 20:13:08 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\John.JOHN-1E5571CE01\Desktop\SpeedFan.lnk
[2011/08/08 20:13:05 | 000,000,045 | ---- | C] () -- C:\WINDOWS\System32\initdebug.nfo
[2011/08/08 12:49:44 | 000,000,654 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Speccy.lnk
[2011/08/07 18:15:58 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/08/07 18:15:57 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/08/03 19:59:11 | 000,000,520 | ---- | C] () -- C:\Documents and Settings\John.JOHN-1E5571CE01\My Documents\spider.sav
[2011/08/03 09:05:59 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Adobe Reader X.lnk
[2011/08/03 08:23:02 | 000,000,753 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2011/08/03 08:23:02 | 000,000,716 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Secunia PSI.lnk
[2011/08/02 19:51:31 | 000,000,307 | ---- | C] () -- C:\Documents and Settings\John.JOHN-1E5571CE01\Desktop\MajorGeeks Support Forums.url
[2011/07/31 11:47:42 | 000,000,920 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Bejeweled 2 Deluxe.lnk
[2011/07/31 11:47:39 | 000,000,016 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2011/07/31 11:46:00 | 000,000,614 | ---- | C] () -- C:\Documents and Settings\John.JOHN-1E5571CE01\Desktop\Lotus Word Pro.lnk
[2011/07/31 11:39:53 | 000,000,575 | ---- | C] () -- C:\Documents and Settings\John.JOHN-1E5571CE01\Start Menu\Programs\Startup\Lotus QuickStart.lnk
[2011/07/30 16:44:05 | 000,000,698 | ---- | C] () -- C:\Documents and Settings\John.JOHN-1E5571CE01\Desktop\Shortcut (2) to autoruns.lnk
[2011/07/30 16:29:47 | 000,620,972 | ---- | C] () -- C:\Documents and Settings\John.JOHN-1E5571CE01\My Documents\Autoruns.zip
[2011/07/30 13:23:15 | 000,001,724 | ---- | C] () -- C:\Documents and Settings\John.JOHN-1E5571CE01\Desktop\500 From Special K.lnk
[2011/07/30 13:22:24 | 003,503,914 | ---- | C] () -- C:\Documents and Settings\John.JOHN-1E5571CE01\My Documents\500_95.zip
[2011/07/29 10:23:06 | 000,000,227 | ---- | C] () -- C:\Documents and Settings\John.JOHN-1E5571CE01\Desktop\SystemLookup.url
[2011/07/27 22:50:12 | 000,000,368 | ---- | C] () -- C:\Documents and Settings\John.JOHN-1E5571CE01\Application Data\burnaware.ini
[2011/07/27 22:29:36 | 000,000,729 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\BurnAware Free.lnk
[2011/07/27 21:54:06 | 000,001,803 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Windows Search.lnk
[2011/07/27 21:54:06 | 000,001,787 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Windows Search.lnk
[2011/07/27 21:52:09 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2011/07/27 21:50:01 | 000,225,262 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msimain.sdb
[2011/07/26 18:46:12 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\PowerISO.lnk
[2011/07/26 18:45:39 | 001,878,829 | ---- | C] () -- C:\Documents and Settings\John.JOHN-1E5571CE01\My Documents\PowerISO48.exe
[2011/07/26 17:41:03 | 000,001,915 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Google Earth.lnk
[2011/07/26 17:38:31 | 000,000,882 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/07/26 17:38:30 | 000,000,878 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/07/26 17:06:56 | 000,000,800 | ---- | C] () -- C:\Documents and Settings\John.JOHN-1E5571CE01\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/07/26 16:44:15 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\CDBurnerXP.lnk
[2011/07/26 16:44:15 | 000,001,556 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\CDBurnerXP.lnk
[2011/07/26 16:44:14 | 000,005,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2011/07/25 17:21:11 | 000,000,333 | ---- | C] () -- C:\Documents and Settings\John.JOHN-1E5571CE01\Desktop\BleepingComputer.url
[2011/07/25 17:20:56 | 000,000,369 | ---- | C] () -- C:\Documents and Settings\John.JOHN-1E5571CE01\Desktop\Forums - Geeks to Go! –.url
[2011/07/25 17:20:43 | 000,000,235 | ---- | C] () -- C:\Documents and Settings\John.JOHN-1E5571CE01\Desktop\MBAM Forums.url
[2011/07/24 19:35:22 | 000,001,503 | ---- | C] () -- C:\Documents and Settings\John.JOHN-1E5571CE01\Desktop\Paint.lnk
[2011/07/24 17:58:34 | 000,000,513 | ---- | C] () -- C:\Documents and Settings\John.JOHN-1E5571CE01\W32.IRCBot
[2011/07/21 18:48:41 | 000,000,361 | ---- | C] () -- C:\Documents and Settings\John.JOHN-1E5571CE01\Desktop\Yahoo!7 Mail - Free Email with Unlimited Storage for Australia.url
[2011/07/21 17:00:12 | 000,000,558 | ---- | C] () -- C:\Documents and Settings\John.JOHN-1E5571CE01\Desktop\Shortcut to TFC.lnk
[2011/07/21 13:27:31 | 000,001,498 | ---- | C] () -- C:\Documents and Settings\John.JOHN-1E5571CE01\Desktop\Calculator.lnk
[2011/07/21 13:24:07 | 000,002,477 | ---- | C] () -- C:\Documents and Settings\John.JOHN-1E5571CE01\Desktop\HiJackThis.lnk
[2011/07/21 13:23:29 | 001,402,880 | ---- | C] () -- C:\Documents and Settings\John.JOHN-1E5571CE01\My Documents\HiJackThis.msi
[2011/07/21 11:25:35 | 000,002,054 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Launch Reel Deal Slots - Nickels And More.lnk
[2011/07/21 11:18:26 | 000,001,519 | ---- | C] () -- C:\Documents and Settings\John.JOHN-1E5571CE01\Desktop\Notepad.lnk
[2011/07/21 11:14:35 | 002,091,426 | ---- | C] () -- C:\Documents and Settings\John.JOHN-1E5571CE01\My Documents\ieSpellSetup264573.exe
[2011/07/21 10:48:44 | 000,000,673 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Blueline.lnk
[2011/07/21 09:49:05 | 000,970,882 | ---- | C] () -- C:\Documents and Settings\John.JOHN-1E5571CE01\My Documents\hosts.zip
[2011/07/21 09:42:12 | 000,000,704 | ---- | C] () -- C:\Documents and Settings\John.JOHN-1E5571CE01\Application Data\Microsoft\Internet Explorer\Quick Launch\Orca Browser.lnk
[2011/07/21 09:42:12 | 000,000,686 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Orca Browser.lnk
[2011/07/21 09:41:36 | 010,044,049 | ---- | C] () -- C:\Documents and Settings\John.JOHN-1E5571CE01\My Documents\osetup.exe
[2011/07/20 20:51:18 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\CCleaner.lnk
[2011/07/20 20:18:13 | 000,000,565 | ---- | C] () -- C:\Documents and Settings\John.JOHN-1E5571CE01\Desktop\Shortcut to Magical Jelly Bean.lnk
[2011/07/20 20:10:37 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/07/20 19:33:09 | 000,000,167 | ---- | C] () -- C:\Documents and Settings\John.JOHN-1E5571CE01\Desktop\Go to Facebook Home.url
[2011/07/20 19:11:56 | 000,000,604 | ---- | C] () -- C:\Documents and Settings\John.JOHN-1E5571CE01\Desktop\Shortcut to ATF-Cleaner.lnk
[2011/07/20 17:49:49 | 000,001,751 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\CueClub.lnk
[2011/07/20 17:49:19 | 000,000,669 | ---- | C] () -- C:\Documents and Settings\John.JOHN-1E5571CE01\My Documents\Shortcut to (PC Game) -POOL GAME - Cue Club (full version).lnk
[2011/07/20 17:32:05 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\John.JOHN-1E5571CE01\Desktop\Outlook Express.lnk
[2011/07/20 16:54:29 | 000,280,276 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/07/20 16:54:29 | 000,280,276 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/07/20 16:54:29 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/07/20 16:54:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\nvdrswr.lk
[2011/07/20 16:48:32 | 000,001,680 | ---- | C] () -- C:\Documents and Settings\John.JOHN-1E5571CE01\Desktop\Microsoft Security Essentials.lnk
[2011/07/20 16:45:28 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/20 15:59:01 | 000,001,490 | ---- | C] () -- C:\Documents and Settings\John.JOHN-1E5571CE01\Desktop\Spider Solitaire.lnk
[2011/07/20 15:58:54 | 000,001,491 | ---- | C] () -- C:\Documents and Settings\John.JOHN-1E5571CE01\Desktop\Solitaire.lnk
[2011/07/20 15:58:43 | 000,001,520 | ---- | C] () -- C:\Documents and Settings\John.JOHN-1E5571CE01\Desktop\Hearts.lnk
[2011/07/20 15:58:36 | 000,001,522 | ---- | C] () -- C:\Documents and Settings\John.JOHN-1E5571CE01\Desktop\Freecell.lnk
[2011/07/20 15:48:20 | 000,000,424 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/07/20 15:43:11 | 000,001,680 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011/07/20 15:41:59 | 000,001,945 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2011/07/20 15:38:56 | 000,613,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.chm
[2011/07/20 15:38:56 | 000,354,468 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud1.wav
[2011/07/20 15:38:56 | 000,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud7.wav
[2011/07/20 15:38:56 | 000,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud6.wav
[2011/07/20 15:38:56 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud9.wav
[2011/07/20 15:38:56 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud8.wav
[2011/07/20 15:38:56 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud3.wav
[2011/07/20 15:38:56 | 000,086,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud5.wav
[2011/07/20 15:38:56 | 000,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud4.wav
[2011/07/20 15:38:56 | 000,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud2.wav
[2011/07/20 15:38:56 | 000,069,612 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.adm
[2011/07/20 15:38:56 | 000,023,195 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplay.chm
[2011/07/20 15:38:56 | 000,017,272 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmdm.inf
[2011/07/20 15:38:56 | 000,010,457 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.hta
[2011/07/20 15:38:56 | 000,008,677 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm7.gif
[2011/07/20 15:38:56 | 000,007,892 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm9.gif
[2011/07/20 15:38:56 | 000,007,636 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm2.gif
[2011/07/20 15:38:56 | 000,007,369 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm4.gif
[2011/07/20 15:38:56 | 000,006,769 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmfsdk.inf
[2011/07/20 15:38:56 | 000,006,241 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm3.gif
[2011/07/20 15:38:56 | 000,006,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm6.gif
[2011/07/20 15:38:56 | 000,005,789 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm1.gif
[2011/07/20 15:38:56 | 000,004,193 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm8.gif
[2011/07/20 15:38:56 | 000,002,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm5.gif
[2011/07/20 15:38:56 | 000,001,771 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.css
[2011/07/20 15:38:56 | 000,000,855 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpocm.inf
[2011/07/20 15:38:56 | 000,000,420 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmploc.js
[2011/07/20 15:38:55 | 000,300,969 | ---- | C] () -- C:\WINDOWS\System32\dllcache\viz.wmv
[2011/07/20 15:38:55 | 000,017,489 | ---- | C] () -- C:\WINDOWS\System32\dllcache\videobg.gif
[2011/07/20 15:38:55 | 000,005,290 | ---- | C] () -- C:\WINDOWS\System32\dllcache\vidsamp.gif
[2011/07/20 15:38:54 | 000,023,829 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tourbg.gif
[2011/07/20 15:38:54 | 000,003,187 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tour.js
[2011/07/20 15:38:54 | 000,002,469 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplay.gif
[2011/07/20 15:38:54 | 000,002,450 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpause.gif
[2011/07/20 15:38:54 | 000,002,375 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplayh.gif
[2011/07/20 15:38:54 | 000,002,371 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpauseh.gif
[2011/07/20 15:38:54 | 000,001,398 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taon.gif
[2011/07/20 15:38:54 | 000,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taonh.gif
[2011/07/20 15:38:54 | 000,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoff.gif
[2011/07/20 15:38:54 | 000,001,367 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoffh.gif
[2011/07/20 15:38:53 | 000,572,557 | ---- | C] () -- C:\WINDOWS\System32\dllcache\rtuner.wmv
[2011/07/20 15:38:53 | 000,001,148 | ---- | C] () -- C:\WINDOWS\System32\dllcache\snd.htm
[2011/07/20 15:38:53 | 000,000,908 | ---- | C] () -- C:\WINDOWS\System32\dllcache\skins.inf
[2011/07/20 15:38:52 | 000,077,307 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plyr_err.chm
[2011/07/20 15:38:51 | 000,375,519 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nuskin.wmv
[2011/07/20 15:38:51 | 000,067,866 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwlan5.img
[2011/07/20 15:38:51 | 000,022,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npds.zip
[2011/07/20 15:38:51 | 000,000,403 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npdrmv2.zip
[2011/07/20 15:38:50 | 000,018,286 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.inf
[2011/07/20 15:38:50 | 000,002,778 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogoh.gif
[2011/07/20 15:38:50 | 000,002,545 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogo.gif
[2011/07/20 15:38:49 | 000,457,607 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mdlib.wmv
[2011/07/20 15:38:47 | 000,005,971 | ---- | C] () -- C:\WINDOWS\System32\dllcache\events.js
[2011/07/20 15:38:44 | 000,381,425 | ---- | C] () -- C:\WINDOWS\System32\dllcache\copycd.wmv
[2011/07/20 15:38:44 | 000,129,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\cxthsfs2.cty
[2011/07/20 15:38:44 | 000,009,585 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.css
[2011/07/20 15:38:44 | 000,008,298 | ---- | C] () -- C:\WINDOWS\System32\dllcache\contents.htm
[2011/07/20 15:38:44 | 000,006,878 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.js
[2011/07/20 15:38:44 | 000,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnth.gif
[2011/07/20 15:38:44 | 000,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnt.gif
[2011/07/20 15:38:44 | 000,000,772 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cntd.gif
[2011/07/20 15:38:44 | 000,000,760 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapph.gif
[2011/07/20 15:38:44 | 000,000,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapp.gif
[2011/07/20 15:38:43 | 000,000,999 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bktrh.gif
[2011/07/20 15:38:10 | 000,064,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmc20.cod
[2011/07/20 15:13:15 | 000,013,646 | ---- | C] () -- C:\WINDOWS\System32\wpa.bak
[2011/07/20 13:50:45 | 000,000,051 | ---- | C] () -- C:\delnis.bat
[2011/07/20 13:49:47 | 000,000,670 | ---- | C] () -- C:\WINDOWS\setup.iss
[2011/07/20 13:25:30 | 000,024,576 | R--- | C] () -- C:\WINDOWS\System32\AsIO.dll
[2011/07/20 13:25:30 | 000,005,685 | R--- | C] () -- C:\WINDOWS\System32\drivers\AsIO.sys
[2011/07/20 13:25:28 | 000,005,120 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp64.sys
[2011/07/20 13:25:28 | 000,003,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp32.sys
[2011/07/20 13:06:36 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\INF\oem0.PNF
[2011/07/20 13:06:36 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\INF\oem0.inf
[2011/07/20 13:04:42 | 000,019,512 | ---- | C] () -- C:\WINDOWS\Ascd_log.ini
[2011/07/20 13:04:16 | 000,019,134 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2011/07/20 13:04:11 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2011/07/20 13:04:03 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2011/07/19 23:02:25 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2011/07/19 23:02:21 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/07/19 23:02:02 | 000,001,688 | ---- | C] () -- C:\WINDOWS\System32\AUTOEXEC.NT
[2011/07/19 23:01:51 | 001,042,903 | ---- | C] () -- C:\WINDOWS\System32\dllcache\SP2.CAT
[2011/07/19 23:01:51 | 000,797,189 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2011/07/19 23:01:51 | 000,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2011/07/19 23:01:51 | 000,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
[2011/07/19 23:01:51 | 000,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT
[2011/07/19 23:01:51 | 000,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2011/07/19 23:01:51 | 000,007,382 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2011/07/19 23:01:51 | 000,007,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmerrenu.cat
[2011/07/19 23:01:07 | 000,142,832 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/07/19 23:00:00 | 000,000,560 | ---- | C] () -- C:\WINDOWS\System32\$winnt$.inf
[2011/07/19 13:33:39 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\John.JOHN-1E5571CE01\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2011/07/19 13:33:34 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\John.JOHN-1E5571CE01\Start Menu\Programs\Outlook Express.lnk
[2011/07/19 13:33:33 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\John.JOHN-1E5571CE01\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/07/19 13:33:33 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\John.JOHN-1E5571CE01\Start Menu\Programs\Internet Explorer.lnk
[2011/07/19 13:33:28 | 000,001,599 | ---- | C] () -- C:\Documents and Settings\John.JOHN-1E5571CE01\Start Menu\Programs\Remote Assistance.lnk
[2011/07/19 13:33:28 | 000,000,788 | ---- | C] () -- C:\Documents and Settings\John.JOHN-1E5571CE01\Start Menu\Programs\Windows Media Player.lnk
[2011/07/19 13:31:54 | 000,008,192 | ---- | C] () -- C:\WINDOWS\REGLOCS.OLD
[2011/07/19 13:15:33 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/07/19 13:15:02 | 000,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll
[2011/07/19 13:14:49 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2011/07/19 13:14:44 | 000,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2011/07/19 13:14:43 | 000,196,665 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe
[2011/07/19 13:14:41 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2011/07/19 13:14:35 | 013,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
[2011/07/19 13:14:32 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2011/07/19 13:14:20 | 000,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2011/07/19 13:13:34 | 000,002,577 | ---- | C] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/07/19 13:13:31 | 000,023,392 | ---- | C] () -- C:\WINDOWS\System32\nscompat.tlb
[2011/07/19 13:13:31 | 000,016,832 | ---- | C] () -- C:\WINDOWS\System32\amcompat.tlb
[2011/07/19 13:13:30 | 000,316,640 | ---- | C] () -- C:\WINDOWS\WMSysPr9.prx
[2011/07/19 13:12:30 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Windows Movie Maker.lnk
[2011/07/19 13:12:17 | 004,399,505 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nls302en.lex
[2011/07/19 13:11:41 | 000,048,680 | -HS- | C] () -- C:\WINDOWS\winnt256.bmp
[2011/07/19 13:11:41 | 000,048,680 | -HS- | C] () -- C:\WINDOWS\winnt.bmp
[2011/07/19 13:11:34 | 000,000,984 | ---- | C] () -- C:\WINDOWS\System32\dllcache\srframe.mmf
[2011/07/19 13:10:52 | 000,000,609 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Windows Messenger.lnk
[2011/07/19 13:10:51 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/07/19 13:10:23 | 000,001,986 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\MSN.lnk
[2011/07/19 13:10:00 | 000,065,954 | ---- | C] () -- C:\WINDOWS\Prairie Wind.bmp
[2011/07/19 13:10:00 | 000,065,832 | ---- | C] () -- C:\WINDOWS\Santa Fe Stucco.bmp
[2011/07/19 13:10:00 | 000,026,680 | ---- | C] () -- C:\WINDOWS\River Sumida.bmp
[2011/07/19 13:10:00 | 000,017,362 | ---- | C] () -- C:\WINDOWS\Rhododendron.bmp
[2011/07/19 13:10:00 | 000,009,522 | ---- | C] () -- C:\WINDOWS\Zapotec.bmp
[2011/07/19 13:09:59 | 000,065,978 | ---- | C] () -- C:\WINDOWS\Soap Bubbles.bmp
[2011/07/19 13:09:59 | 000,026,582 | ---- | C] () -- C:\WINDOWS\Greenstone.bmp
[2011/07/19 13:09:59 | 000,017,336 | ---- | C] () -- C:\WINDOWS\Gone Fishing.bmp
[2011/07/19 13:09:59 | 000,017,062 | ---- | C] () -- C:\WINDOWS\Coffee Bean.bmp
[2011/07/19 13:09:59 | 000,016,730 | ---- | C] () -- C:\WINDOWS\FeatherTexture.bmp
[2011/07/19 13:09:59 | 000,001,272 | ---- | C] () -- C:\WINDOWS\Blue Lace 16.bmp
[2011/07/19 13:09:55 | 000,003,286 | ---- | C] () -- C:\WINDOWS\System32\tslabels.h
[2011/07/19 13:09:55 | 000,001,161 | ---- | C] () -- C:\WINDOWS\System32\usrlogon.cmd
[2011/07/19 13:09:54 | 000,000,768 | ---- | C] () -- C:\WINDOWS\System32\msdtcprf.h
[2011/07/19 13:09:46 | 000,063,488 | ---- | C] () -- C:\WINDOWS\System32\wmimgmt.msc
[2011/05/21 06:01:00 | 002,128,778 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2010/01/12 05:35:44 | 000,080,416 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2008/05/26 21:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 21:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2006/02/28 22:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006/02/28 22:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/02/28 22:00:00 | 000,522,316 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/02/28 22:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/02/28 22:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/02/28 22:00:00 | 000,094,210 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/02/28 22:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/02/28 22:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/02/28 22:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/02/28 22:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006/02/28 22:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006/02/28 22:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[1996/04/04 05:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

========== LOP Check ==========

[2011/08/04 17:06:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\!SASCORE
[2011/07/26 16:44:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Canneverbe Limited
[2011/07/31 11:24:55 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\CanonBJ
[2011/07/26 16:44:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John.JOHN-1E5571CE01\Application Data\Canneverbe Limited
[2011/07/26 15:44:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John.JOHN-1E5571CE01\Application Data\ieSpell
[2011/08/09 11:35:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John.JOHN-1E5571CE01\Application Data\OpenCandy
[2011/07/21 09:42:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John.JOHN-1E5571CE01\Application Data\Orca Profiles
[2011/07/30 13:23:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John.JOHN-1E5571CE01\Application Data\Special K Software
[2011/07/27 21:54:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John.JOHN-1E5571CE01\Application Data\Windows Desktop Search
[2011/08/03 18:00:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John.JOHN-1E5571CE01\Application Data\Windows Search
[2011/08/16 08:41:26 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\John.JOHN-1E5571CE01\My Documents\dxwebsetup.exe:SummaryInformation

< End of report >

OTL Extras logfile created on: 16/08/2011 9:03:56 AM - Run 1
OTL by OldTimer - Version 3.2.26.4 Folder = C:\Documents and Settings\John.JOHN-1E5571CE01\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

2.00 Gb Total Physical Memory | 1.52 Gb Available Physical Memory | 76.04% Memory free
3.85 Gb Paging File | 3.43 Gb Available in Paging File | 89.17% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.76 Gb Total Space | 451.48 Gb Free Space | 96.93% Space Free | Partition Type: NTFS

Computer Name: JOHN-1E5571CE01 | User Name: John | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
"5985:TCP" = 5985:TCP:*:Disabled:Windows Remote Management
"80:TCP" = 80:TCP:*:Disabled:Windows Remote Management - Compatibility Mode (HTTP-In)

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Google\Google Earth\client\googleearth.exe" = C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)
"C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe" = C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe:*:Disabled:Daemonu.exe -- (NVIDIA Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java™ 6 Update 26
"{310BC5E2-31AF-49BB-904D-E71EB93645DC}" = AI Suite
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{39D7BD4A-5BE7-11D4-9D68-0020781864F1}" = CueClub
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JRAID
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = AsusUpdate
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A236B4D3-BA07-4864-991E-D58B77A44A08}" = Reel Deal Slots - Nickels and More
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.0)
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 280.26
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 280.26
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 135.94
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.4.28
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F7338FA3-DAB5-49B2-900D-0AFB5760C166}" = PC Probe II
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Bejeweled 2 Deluxe 1.0" = Bejeweled 2 Deluxe 1.0
"Blueline_is1" = Blueline 1.1.1
"BurnAware Free_is1" = BurnAware Free 3.4
"CCleaner" = CCleaner
"ESET Online Scanner" = ESET Online Scanner v3
"ie8" = Windows Internet Explorer 8
"ieSpell" = ieSpell
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800
"Masque Casino Game Pak II" = Masque Casino Game Pak II
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"OrcaBrowser" = Orca Browser
"PowerISO" = PowerISO
"Secunia PSI" = Secunia PSI (2.0.0.3003)
"SmartSuite V98.0" = Lotus SmartSuite Release 9
"Speccy" = Speccy
"SpeedFan" = SpeedFan (remove only)
"ST6UNST #1" = 500 From Special K Software
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/08/2011 3:52:13 AM | Computer Name = JOHN-1E5571CE01 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....authrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 6/08/2011 7:48:00 AM | Computer Name = JOHN-1E5571CE01 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 6/08/2011 7:48:03 AM | Computer Name = JOHN-1E5571CE01 | Source = Application Hang | ID = 1001
Description = Fault bucket 1180947459.

Error - 8/08/2011 6:12:44 AM | Computer Name = JOHN-1E5571CE01 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....authrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 8/08/2011 6:13:43 AM | Computer Name = JOHN-1E5571CE01 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....authrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 8/08/2011 6:13:43 AM | Computer Name = JOHN-1E5571CE01 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....authrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 8/08/2011 6:13:45 AM | Computer Name = JOHN-1E5571CE01 | Source = Application Hang | ID = 1002
Description = Hanging application speedfan.exe, version 4.44.0.335, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 8/08/2011 6:13:48 AM | Computer Name = JOHN-1E5571CE01 | Source = Application Hang | ID = 1001
Description = Fault bucket -1769855144.

Error - 8/08/2011 6:15:21 AM | Computer Name = JOHN-1E5571CE01 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....authrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 8/08/2011 6:15:21 AM | Computer Name = JOHN-1E5571CE01 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....authrootseq.txt>
with error: The specified server cannot perform the requested operation.

[ System Events ]
Error - 31/07/2011 10:06:24 PM | Computer Name = JOHN-1E5571CE01 | Source = Service Control Manager | ID = 7034
Description = The NVIDIA Driver Helper Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 31/07/2011 10:06:24 PM | Computer Name = JOHN-1E5571CE01 | Source = Service Control Manager | ID = 7034
Description = The NMSAccess service terminated unexpectedly. It has done this 1
time(s).

Error - 31/07/2011 10:06:24 PM | Computer Name = JOHN-1E5571CE01 | Source = Service Control Manager | ID = 7031
Description = The Microsoft Antimalware Service service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in
15000 milliseconds: Restart the service.

Error - 31/07/2011 10:06:24 PM | Computer Name = JOHN-1E5571CE01 | Source = Service Control Manager | ID = 7034
Description = The Java Quick Starter service terminated unexpectedly. It has done
this 1 time(s).

Error - 1/08/2011 1:48:16 AM | Computer Name = JOHN-1E5571CE01 | Source = Service Control Manager | ID = 7031
Description = The Microsoft Antimalware Service service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in
15000 milliseconds: Restart the service.

Error - 1/08/2011 1:48:16 AM | Computer Name = JOHN-1E5571CE01 | Source = Service Control Manager | ID = 7034
Description = The Java Quick Starter service terminated unexpectedly. It has done
this 1 time(s).

Error - 1/08/2011 1:48:16 AM | Computer Name = JOHN-1E5571CE01 | Source = Service Control Manager | ID = 7034
Description = The NVIDIA Driver Helper Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 1/08/2011 1:48:16 AM | Computer Name = JOHN-1E5571CE01 | Source = Service Control Manager | ID = 7034
Description = The NMSAccess service terminated unexpectedly. It has done this 1
time(s).


< End of report >
  • 0

Advertisements

#2
Essexboy
Posted 21 August 2011 - 05:11 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi and sorry for the delay - as it has been a while I would like a fresh look at your system plus what symptoms are you currently experiencing

Download aswMBR.exe ( 1.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply
Posted Image

THEN

  • Run OTL.
  • Select All Users
  • Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

  • 0

#3
noknojon
Posted 21 August 2011 - 06:18 AM

noknojon

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 533 posts
No problems on the wait -
Thanks for looking -

First log - - -

aswMBR version 0.9.8.978 Copyright© 2011 AVAST Software
Run date: 2011-08-21 22:09:22
-----------------------------
22:09:22.765 OS Version: Windows 5.1.2600 Service Pack 3
22:09:22.765 Number of processors: 2 586 0xF06
22:09:22.765 ComputerName: JOHN-1E5571CE01 UserName: John
22:09:23.531 Initialize success
22:09:47.406 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
22:09:47.406 Disk 0 Vendor: WDC_WD5000AAKS-00V1A0 05.01D05 Size: 476940MB BusType: 3
22:09:49.406 Disk 0 MBR read successfully
22:09:49.406 Disk 0 MBR scan
22:09:49.406 Disk 0 Windows XP default MBR code
22:09:49.406 Disk 0 scanning sectors +976768065
22:09:49.453 Disk 0 scanning C:\WINDOWS\system32\drivers
22:09:54.562 Service scanning
22:09:54.765 Service MpKsl08b0a8cd c:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B80F8A5C-7748-4AAD-97A2-6216E612163E}\MpKsl08b0a8cd.sys **LOCKED** 32
22:09:55.390 Modules scanning
22:09:57.328 Disk 0 trace - called modules:
22:09:57.328 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
22:09:57.328 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x89de8ab8]
22:09:57.328 3 CLASSPNP.SYS[b80f8fd7] -> nt!IofCallDriver -> \Device\0000006a[0x89dc1f18]
22:09:57.328 5 ACPI.sys[b7f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x89dc0940]
22:09:57.328 Scan finished successfully
22:10:06.250 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\John.JOHN-1E5571CE01\Desktop\MBR.dat"
22:10:06.250 The log file has been saved successfully to "C:\Documents and Settings\John.JOHN-1E5571CE01\Desktop\aswMBR.txt"


OTL Fix log - - -

OTL logfile created on: 21/08/2011 10:12:02 PM - Run 2
OTL by OldTimer - Version 3.2.26.4 Folder = C:\Documents and Settings\John.JOHN-1E5571CE01\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

2.00 Gb Total Physical Memory | 1.38 Gb Available Physical Memory | 69.08% Memory free
3.85 Gb Paging File | 3.32 Gb Available in Paging File | 86.31% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.76 Gb Total Space | 454.50 Gb Free Space | 97.58% Space Free | Partition Type: NTFS

Computer Name: JOHN-1E5571CE01 | User Name: John | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/16 09:01:04 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\John.JOHN-1E5571CE01\Desktop\OTL.exe
PRC - [2011/08/12 17:47:21 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
PRC - [2011/08/03 21:49:00 | 002,255,464 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/06/15 16:19:14 | 000,307,200 | ---- | M] (PowerISO Computing, Inc.) -- C:\Program Files\PowerISO\PWRISOVM.EXE
PRC - [2011/06/15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2011/04/19 16:44:40 | 000,993,848 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psia.exe
PRC - [2011/04/19 16:44:40 | 000,399,416 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\sua.exe
PRC - [2011/04/19 16:44:40 | 000,291,896 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psi_tray.exe
PRC - [2010/03/04 23:38:00 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2006/08/31 16:01:32 | 001,422,848 | ---- | M] () -- C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe
PRC - [2006/08/03 19:25:48 | 000,591,360 | R--- | M] () -- C:\Program Files\ASUS\AASP\1.00.05\aaCenter.exe


========== Modules (No Company Name) ==========

MOD - [2011/07/05 10:08:34 | 000,355,432 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\nView\nvShell.dll
MOD - [2010/03/04 23:38:00 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
MOD - [2006/08/31 16:01:32 | 001,422,848 | ---- | M] () -- C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe
MOD - [2006/08/14 14:41:54 | 000,155,648 | ---- | M] () -- C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.dll
MOD - [2006/08/03 19:25:48 | 000,591,360 | R--- | M] () -- C:\Program Files\ASUS\AASP\1.00.05\aaCenter.exe
MOD - [2006/01/10 18:50:20 | 000,024,576 | R--- | M] () -- C:\WINDOWS\system32\AsIO.dll
MOD - [2005/06/22 19:39:56 | 000,204,851 | R--- | M] () -- C:\Program Files\ASUS\AASP\1.00.05\PowerDll.dll
MOD - [2003/10/21 16:31:30 | 000,102,400 | R--- | M] () -- C:\Program Files\ASUS\AASP\1.00.05\cpuutil.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/08/12 17:47:21 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011/08/03 21:49:00 | 002,255,464 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2011/04/19 16:44:40 | 000,993,848 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent)
SRV - [2011/04/19 16:44:40 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2010/03/04 23:38:00 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccess)


========== Driver Services (SafeList) ==========

DRV - [2011/08/21 17:18:10 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B80F8A5C-7748-4AAD-97A2-6216E612163E}\MpKsl08b0a8cd.sys -- (MpKsl08b0a8cd)
DRV - [2011/08/04 17:05:59 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2011/07/13 07:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/06/15 18:23:56 | 000,060,156 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2011/03/19 02:08:54 | 000,025,240 | ---- | M] (Almico Software) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)
DRV - [2010/09/01 18:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psi_mf.sys -- (PSI)
DRV - [2010/07/06 03:13:10 | 000,234,392 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2009/11/12 14:48:56 | 000,005,504 | ---- | M] () [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2006/08/04 18:29:24 | 000,043,904 | R--- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\jraid.sys -- (JRAID)
DRV - [2006/03/18 04:18:58 | 000,392,960 | R--- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (SenFiltService)
DRV - [2006/02/07 21:52:58 | 000,006,912 | R--- | M] (JMicron ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\JGOGO.sys -- (JGOGO)
DRV - [2005/12/22 12:22:18 | 000,005,685 | R--- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AsIO.sys -- (AsIO)
DRV - [2004/08/13 12:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [1996/04/04 05:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2025429265-117609710-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.netspace.net.au/ [binary data]
IE - HKU\S-1-5-21-2025429265-117609710-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.au/
IE - HKU\S-1-5-21-2025429265-117609710-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-au
IE - HKU\S-1-5-21-2025429265-117609710-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E4 09 67 7B D3 4C CC 01 [binary data]
IE - HKU\S-1-5-21-2025429265-117609710-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)



O1 HOSTS File: ([2011/08/07 18:19:15 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O3 - HKU\S-1-5-21-2025429265-117609710-725345543-1003\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKU\S-1-5-21-2025429265-117609710-725345543-1003\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O4 - HKLM..\Run: [Ai Nap] C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe ()
O4 - HKLM..\Run: [AsusServiceProvider] C:\Program Files\ASUS\AASP\1.00.05\aaCenter.exe ()
O4 - HKLM..\Run: [JMB36X Configure] C:\WINDOWS\System32\JMRaidTool.exe (JMicron Technology Corp.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Secunia PSI Tray.lnk = C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia)
O4 - Startup: C:\Documents and Settings\John.JOHN-1E5571CE01\Start Menu\Programs\Startup\AutorunsDisabled [2011/08/07 15:28:39 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Documents and Settings\John.JOHN-1E5571CE01\Start Menu\Programs\Startup\Lotus QuickStart.lnk = C:\lotus\wordpro\ltsstart.exe (Lotus Development Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2025429265-117609710-725345543-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2025429265-117609710-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-2025429265-117609710-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-2025429265-117609710-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-2025429265-117609710-725345543-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2025429265-117609710-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &ieSpell Options - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O8 - Extra context menu item: Check &Spelling - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll (Google Inc.)
O8 - Extra context menu item: Lookup on Merriam Webster - C:\Program Files\ieSpell\Merriam Webster.HTM ()
O8 - Extra context menu item: Lookup on Wikipedia - C:\Program Files\ieSpell\wikipedia.HTM ()
O9 - Extra Button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1311140735000 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/07/11 19:47:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/08/21 22:07:49 | 001,915,904 | ---- | C] (AVAST Software) -- C:\Documents and Settings\John.JOHN-1E5571CE01\Desktop\aswMBR.exe
[2011/08/18 16:45:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot2
[2011/08/17 17:32:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John.JOHN-1E5571CE01\Application Data\NVIDIA
[2011/08/16 09:00:56 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\John.JOHN-1E5571CE01\Desktop\OTL.exe
[2011/08/14 08:46:52 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2011/08/11 16:11:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Masque Casino Game Pak II
[2011/08/11 10:25:04 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2011/08/11 10:24:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Windows Live
[2011/08/11 10:23:51 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2011/08/11 09:49:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\WindowsPowerShell
[2011/08/11 09:49:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\winrm
[2011/08/11 09:49:06 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$968930Uinstall_KB968930$
[2011/08/10 19:31:07 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2011/08/08 20:13:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John.JOHN-1E5571CE01\Start Menu\Programs\SpeedFan
[2011/08/08 20:13:06 | 000,000,000 | ---D | C] -- C:\Program Files\SpeedFan
[2011/08/08 12:49:41 | 000,000,000 | ---D | C] -- C:\Program Files\Speccy
[2011/08/07 18:40:21 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/08/07 18:15:55 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/08/07 18:14:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/08/07 15:28:39 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\John.JOHN-1E5571CE01\Start Menu\Programs\Startup\AutorunsDisabled
[2011/08/04 17:06:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\!SASCORE
[2011/08/04 16:59:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John.JOHN-1E5571CE01\Local Settings\Application Data\Temp
[2011/08/03 18:00:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John.JOHN-1E5571CE01\Application Data\Windows Search
[2011/08/03 09:05:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2011/08/03 09:03:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2011/08/03 09:00:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Google
[2011/08/03 08:23:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John.JOHN-1E5571CE01\Local Settings\Application Data\Secunia PSI
[2011/08/03 08:22:59 | 000,000,000 | ---D | C] -- C:\Program Files\Secunia
[2011/08/01 22:03:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John.JOHN-1E5571CE01\My Documents\New Folder
[2011/07/31 11:47:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\PopCap Games
[2011/07/31 11:47:39 | 000,000,000 | ---D | C] -- C:\Program Files\PopCap Games
[2011/07/31 11:39:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John.JOHN-1E5571CE01\Start Menu\Programs\Lotus SmartSuite
[2011/07/31 11:37:55 | 000,000,000 | ---D | C] -- C:\lotus
[2011/07/31 11:24:55 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\CanonBJ
[2011/07/30 16:30:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John.JOHN-1E5571CE01\My Documents\Autoruns
[2011/07/30 13:23:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John.JOHN-1E5571CE01\Application Data\Special K Software
[2011/07/30 13:23:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\500 From Special K
[2011/07/30 13:23:11 | 000,000,000 | ---D | C] -- C:\Program Files\500 From Special K
[2011/07/30 13:22:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John.JOHN-1E5571CE01\My Documents\500_95
[2011/07/28 08:39:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John.JOHN-1E5571CE01\Local Settings\Application Data\ApplicationHistory
[2011/07/27 22:29:32 | 000,000,000 | ---D | C] -- C:\Program Files\BurnAware Free
[2011/07/27 22:27:55 | 004,468,623 | ---- | C] (Burnaware Technologies ) -- C:\Documents and Settings\John.JOHN-1E5571CE01\My Documents\burnaware_free.exe
[2011/07/27 22:13:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Microsoft Silverlight
[2011/07/27 22:12:34 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2011/07/27 22:12:25 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2011/07/27 22:12:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Documents\microsoft
[2011/07/27 22:12:14 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live SkyDrive
[2011/07/27 22:00:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2011/07/27 21:57:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2011/07/27 21:56:59 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2011/07/27 21:56:53 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2011/07/27 21:56:26 | 000,000,000 | ---D | C] -- C:\ed3780a8a2b3cfed0eef580e0b1e
[2011/07/27 21:54:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John.JOHN-1E5571CE01\Application Data\Windows Desktop Search
[2011/07/27 21:54:01 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Desktop Search
[2011/07/27 21:52:59 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Connect 2
[2011/07/27 21:52:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF
[2011/07/26 22:07:56 | 000,000,000 | R--D | C] -- C:\Documents and Settings\John.JOHN-1E5571CE01\My Documents\My Videos
[2011/07/26 18:46:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\PowerISO
[2011/07/26 18:46:10 | 000,000,000 | ---D | C] -- C:\Program Files\PowerISO
[2011/07/26 17:41:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John.JOHN-1E5571CE01\Application Data\Google
[2011/07/26 17:41:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Google Earth
[2011/07/26 17:38:12 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2011/07/26 17:38:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John.JOHN-1E5571CE01\Local Settings\Application Data\Google
[2011/07/26 17:00:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Uniblue
[2011/07/26 16:44:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John.JOHN-1E5571CE01\Application Data\Canneverbe Limited
[2011/07/26 16:44:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Canneverbe Limited
[2011/07/26 16:44:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John.JOHN-1E5571CE01\Local Settings\Application Data\OpenCandy
[2011/07/26 16:44:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John.JOHN-1E5571CE01\Application Data\OpenCandy
[2011/07/26 16:44:12 | 000,000,000 | ---D | C] -- C:\Program Files\CDBurnerXP
[2011/07/26 16:29:53 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2011/07/26 16:20:56 | 005,015,880 | ---- | C] (Canneverbe Limited ) -- C:\Documents and Settings\John.JOHN-1E5571CE01\My Documents\cdbxp_setup_4.3.8.2568.exe
[2011/07/26 15:44:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John.JOHN-1E5571CE01\Application Data\ieSpell
[2011/07/25 08:51:53 | 000,000,000 | ---D | C] -- C:\Program Files\ESET

========== Files - Modified Within 30 Days ==========

[2011/08/21 22:10:06 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\John.JOHN-1E5571CE01\Desktop\MBR.dat
[2011/08/21 22:08:05 | 001,915,904 | ---- | M] (AVAST Software) -- C:\Documents and Settings\John.JOHN-1E5571CE01\Desktop\aswMBR.exe
[2011/08/21 21:49:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/08/21 18:49:12 | 000,000,016 | ---- | M] () -- C:\WINDOWS\popcinfo.dat
[2011/08/21 18:49:00 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/08/21 17:21:18 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/08/21 17:16:48 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/08/21 17:16:14 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/08/18 21:13:05 | 000,002,477 | ---- | M] () -- C:\Documents and Settings\John.JOHN-1E5571CE01\Desktop\HiJackThis.lnk
[2011/08/18 18:36:32 | 000,000,330 | ---- | M] () -- C:\Documents and Settings\John.JOHN-1E5571CE01\Desktop\BleepingComputer.url
[2011/08/17 17:52:10 | 000,000,235 | ---- | M] () -- C:\Documents and Settings\John.JOHN-1E5571CE01\Desktop\MBAM Forums.url
[2011/08/16 09:01:04 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\John.JOHN-1E5571CE01\Desktop\OTL.exe
[2011/08/14 09:23:41 | 000,142,832 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/08/11 09:59:33 | 000,522,316 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/08/11 09:59:33 | 000,094,210 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/08/11 09:49:27 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/08/10 19:32:09 | 000,280,276 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/08/10 19:32:09 | 000,000,001 | ---- | M] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/08/10 19:32:07 | 000,280,276 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/08/08 20:13:08 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\John.JOHN-1E5571CE01\Desktop\SpeedFan.lnk
[2011/08/08 20:13:06 | 000,000,045 | ---- | M] () -- C:\WINDOWS\System32\initdebug.nfo
[2011/08/08 12:49:44 | 000,000,654 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Speccy.lnk
[2011/08/07 18:19:15 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/08/07 18:15:58 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/08/06 20:20:50 | 000,000,307 | ---- | M] () -- C:\Documents and Settings\John.JOHN-1E5571CE01\Desktop\MajorGeeks Support Forums.url
[2011/08/03 21:49:00 | 002,128,778 | ---- | M] () -- C:\WINDOWS\System32\nvdata.data
[2011/08/03 21:49:00 | 000,061,440 | ---- | M] (Khronos Group) -- C:\WINDOWS\System32\OpenCL.dll
[2011/08/03 21:49:00 | 000,003,249 | ---- | M] () -- C:\WINDOWS\System32\nvinfo.pb
[2011/08/03 19:59:11 | 000,000,520 | ---- | M] () -- C:\Documents and Settings\John.JOHN-1E5571CE01\My Documents\spider.sav
[2011/08/03 08:23:02 | 000,000,753 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2011/07/31 11:47:42 | 000,000,920 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Bejeweled 2 Deluxe.lnk
[2011/07/31 11:46:00 | 000,000,614 | ---- | M] () -- C:\Documents and Settings\John.JOHN-1E5571CE01\Desktop\Lotus Word Pro.lnk
[2011/07/31 11:39:53 | 000,000,575 | ---- | M] () -- C:\Documents and Settings\John.JOHN-1E5571CE01\Start Menu\Programs\Startup\Lotus QuickStart.lnk
[2011/07/30 17:52:40 | 000,000,368 | ---- | M] () -- C:\Documents and Settings\John.JOHN-1E5571CE01\Application Data\burnaware.ini
[2011/07/30 17:32:11 | 000,000,800 | ---- | M] () -- C:\Documents and Settings\John.JOHN-1E5571CE01\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/07/30 16:44:05 | 000,000,698 | ---- | M] () -- C:\Documents and Settings\John.JOHN-1E5571CE01\Desktop\Shortcut (2) to autoruns.lnk
[2011/07/30 16:29:49 | 000,620,972 | ---- | M] () -- C:\Documents and Settings\John.JOHN-1E5571CE01\My Documents\Autoruns.zip
[2011/07/30 13:23:15 | 000,001,724 | ---- | M] () -- C:\Documents and Settings\John.JOHN-1E5571CE01\Desktop\500 From Special K.lnk
[2011/07/30 13:22:25 | 003,503,914 | ---- | M] () -- C:\Documents and Settings\John.JOHN-1E5571CE01\My Documents\500_95.zip
[2011/07/29 10:34:02 | 000,000,227 | ---- | M] () -- C:\Documents and Settings\John.JOHN-1E5571CE01\Desktop\SystemLookup.url
[2011/07/27 22:29:36 | 000,000,729 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\BurnAware Free.lnk
[2011/07/27 22:28:03 | 004,468,623 | ---- | M] (Burnaware Technologies ) -- C:\Documents and Settings\John.JOHN-1E5571CE01\My Documents\burnaware_free.exe
[2011/07/27 21:54:06 | 000,001,787 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Windows Search.lnk
[2011/07/27 21:53:08 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2011/07/27 21:53:08 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2011/07/27 21:52:09 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2011/07/26 18:46:12 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\PowerISO.lnk
[2011/07/26 18:45:55 | 001,878,829 | ---- | M] () -- C:\Documents and Settings\John.JOHN-1E5571CE01\My Documents\PowerISO48.exe
[2011/07/26 17:41:03 | 000,001,915 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Google Earth.lnk
[2011/07/26 16:44:15 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\CDBurnerXP.lnk
[2011/07/26 16:21:02 | 005,015,880 | ---- | M] (Canneverbe Limited ) -- C:\Documents and Settings\John.JOHN-1E5571CE01\My Documents\cdbxp_setup_4.3.8.2568.exe
[2011/07/25 17:20:56 | 000,000,369 | ---- | M] () -- C:\Documents and Settings\John.JOHN-1E5571CE01\Desktop\Forums - Geeks to Go! –.url
[2011/07/24 19:35:33 | 000,001,503 | ---- | M] () -- C:\Documents and Settings\John.JOHN-1E5571CE01\Desktop\Paint.lnk
[2011/07/24 18:00:53 | 000,000,513 | ---- | M] () -- C:\Documents and Settings\John.JOHN-1E5571CE01\W32.IRCBot

========== Files Created - No Company Name ==========

[2011/08/21 22:10:06 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\John.JOHN-1E5571CE01\Desktop\MBR.dat
[2011/08/08 20:13:08 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\John.JOHN-1E5571CE01\Desktop\SpeedFan.lnk
[2011/08/08 20:13:05 | 000,000,045 | ---- | C] () -- C:\WINDOWS\System32\initdebug.nfo
[2011/08/08 12:49:44 | 000,000,654 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Speccy.lnk
[2011/08/07 18:15:58 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/08/07 18:15:57 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/08/03 19:59:11 | 000,000,520 | ---- | C] () -- C:\Documents and Settings\John.JOHN-1E5571CE01\My Documents\spider.sav
[2011/08/03 09:05:59 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Adobe Reader X.lnk
[2011/08/03 08:23:02 | 000,000,753 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2011/08/03 08:23:02 | 000,000,716 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Secunia PSI.lnk
[2011/08/02 19:51:31 | 000,000,307 | ---- | C] () -- C:\Documents and Settings\John.JOHN-1E5571CE01\Desktop\MajorGeeks Support Forums.url
[2011/07/31 11:47:42 | 000,000,920 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Bejeweled 2 Deluxe.lnk
[2011/07/31 11:47:39 | 000,000,016 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2011/07/31 11:46:00 | 000,000,614 | ---- | C] () -- C:\Documents and Settings\John.JOHN-1E5571CE01\Desktop\Lotus Word Pro.lnk
[2011/07/31 11:39:53 | 000,000,575 | ---- | C] () -- C:\Documents and Settings\John.JOHN-1E5571CE01\Start Menu\Programs\Startup\Lotus QuickStart.lnk
[2011/07/30 16:44:05 | 000,000,698 | ---- | C] () -- C:\Documents and Settings\John.JOHN-1E5571CE01\Desktop\Shortcut (2) to autoruns.lnk
[2011/07/30 16:29:47 | 000,620,972 | ---- | C] () -- C:\Documents and Settings\John.JOHN-1E5571CE01\My Documents\Autoruns.zip
[2011/07/30 13:23:15 | 000,001,724 | ---- | C] () -- C:\Documents and Settings\John.JOHN-1E5571CE01\Desktop\500 From Special K.lnk
[2011/07/30 13:22:24 | 003,503,914 | ---- | C] () -- C:\Documents and Settings\John.JOHN-1E5571CE01\My Documents\500_95.zip
[2011/07/29 10:23:06 | 000,000,227 | ---- | C] () -- C:\Documents and Settings\John.JOHN-1E5571CE01\Desktop\SystemLookup.url
[2011/07/27 22:50:12 | 000,000,368 | ---- | C] () -- C:\Documents and Settings\John.JOHN-1E5571CE01\Application Data\burnaware.ini
[2011/07/27 22:29:36 | 000,000,729 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\BurnAware Free.lnk
[2011/07/27 21:54:06 | 000,001,803 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Windows Search.lnk
[2011/07/27 21:54:06 | 000,001,787 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Windows Search.lnk
[2011/07/27 21:52:09 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2011/07/27 21:50:01 | 000,225,262 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msimain.sdb
[2011/07/26 18:46:12 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\PowerISO.lnk
[2011/07/26 18:45:39 | 001,878,829 | ---- | C] () -- C:\Documents and Settings\John.JOHN-1E5571CE01\My Documents\PowerISO48.exe
[2011/07/26 17:41:03 | 000,001,915 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Google Earth.lnk
[2011/07/26 17:38:31 | 000,000,882 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/07/26 17:38:30 | 000,000,878 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/07/26 17:06:56 | 000,000,800 | ---- | C] () -- C:\Documents and Settings\John.JOHN-1E5571CE01\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/07/26 16:44:15 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\CDBurnerXP.lnk
[2011/07/26 16:44:15 | 000,001,556 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\CDBurnerXP.lnk
[2011/07/26 16:44:14 | 000,005,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2011/07/25 17:21:11 | 000,000,330 | ---- | C] () -- C:\Documents and Settings\John.JOHN-1E5571CE01\Desktop\BleepingComputer.url
[2011/07/25 17:20:56 | 000,000,369 | ---- | C] () -- C:\Documents and Settings\John.JOHN-1E5571CE01\Desktop\Forums - Geeks to Go! –.url
[2011/07/25 17:20:43 | 000,000,235 | ---- | C] () -- C:\Documents and Settings\John.JOHN-1E5571CE01\Desktop\MBAM Forums.url
[2011/07/24 19:35:22 | 000,001,503 | ---- | C] () -- C:\Documents and Settings\John.JOHN-1E5571CE01\Desktop\Paint.lnk
[2011/07/24 17:58:34 | 000,000,513 | ---- | C] () -- C:\Documents and Settings\John.JOHN-1E5571CE01\W32.IRCBot
[2011/07/20 16:54:29 | 000,280,276 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/07/20 16:54:29 | 000,280,276 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/07/20 16:54:29 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/07/20 13:25:30 | 000,024,576 | R--- | C] () -- C:\WINDOWS\System32\AsIO.dll
[2011/07/20 13:25:30 | 000,005,685 | R--- | C] () -- C:\WINDOWS\System32\drivers\AsIO.sys
[2011/07/20 13:25:28 | 000,005,120 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp64.sys
[2011/07/20 13:25:28 | 000,003,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp32.sys
[2011/07/20 13:04:42 | 000,019,512 | ---- | C] () -- C:\WINDOWS\Ascd_log.ini
[2011/07/20 13:04:16 | 000,019,134 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2011/07/20 13:04:11 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2011/07/20 13:04:03 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2011/07/19 23:02:21 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/07/19 23:01:07 | 000,142,832 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/07/19 13:15:33 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/07/19 13:10:51 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/05/21 06:01:00 | 002,128,778 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2010/01/12 05:35:44 | 000,080,416 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2008/05/26 21:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 21:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2006/02/28 22:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006/02/28 22:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/02/28 22:00:00 | 000,522,316 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/02/28 22:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/02/28 22:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/02/28 22:00:00 | 000,094,210 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/02/28 22:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/02/28 22:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/02/28 22:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/02/28 22:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006/02/28 22:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006/02/28 22:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[1996/04/04 05:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

========== LOP Check ==========

[2011/08/04 17:06:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\!SASCORE
[2011/07/26 16:44:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Canneverbe Limited
[2011/07/31 11:24:55 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\CanonBJ
[2011/07/26 16:44:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John.JOHN-1E5571CE01\Application Data\Canneverbe Limited
[2011/07/26 15:44:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John.JOHN-1E5571CE01\Application Data\ieSpell
[2011/08/09 11:35:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John.JOHN-1E5571CE01\Application Data\OpenCandy
[2011/07/21 09:42:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John.JOHN-1E5571CE01\Application Data\Orca Profiles
[2011/07/30 13:23:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John.JOHN-1E5571CE01\Application Data\Special K Software
[2011/07/27 21:54:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John.JOHN-1E5571CE01\Application Data\Windows Desktop Search
[2011/08/03 18:00:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John.JOHN-1E5571CE01\Application Data\Windows Search
[2011/08/21 17:21:18 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2008/04/14 10:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008/04/14 10:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/14 10:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2006/02/28 22:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/04/14 10:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ERDNT\cache\svchost.exe
[2008/04/14 10:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/14 10:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2006/02/28 22:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: USERINIT.EXE >
[2006/02/28 22:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/14 10:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008/04/14 10:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/14 10:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2006/02/28 22:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/14 10:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008/04/14 10:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/14 10:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\John.JOHN-1E5571CE01\My Documents\dxwebsetup.exe:SummaryInformation

< End of report >

EDIT -
ESET online and other checks were done when I got this computer a few weeks ago , not recently - - --

Edited by noknojon, 21 August 2011 - 06:22 AM.

  • 0

#4
Essexboy
Posted 21 August 2011 - 06:30 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Nothing jumps out at me from that, what are your current problems ?
  • 0

#5
noknojon
Posted 21 August 2011 - 06:43 AM

noknojon

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 533 posts
opencandy adware
[2011/07/24 18:00:53 | 000,000,513 | ---- | M] () -- C:\Documents and Settings\John.JOHN-1E5571CE01\W32.IRCBot

There seems to be no operating problems , but I noticed the 2 above items.
I just wanted to be sure that MSE removed the Trojan that it picked up.

Anything else you can see ? ?
  • 0

#6
noknojon
Posted 21 August 2011 - 06:48 AM

noknojon

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 533 posts
O3 - HKU\S-1-5-21-2025429265-117609710-725345543-1003\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKU\S-1-5-21-2025429265-117609710-725345543-1003\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.

The only other things I could see -
  • 0

#7
Essexboy
Posted 21 August 2011 - 06:51 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Open Candy is an either or type of thing - some people install it intentionally others get it as foistware but in and of itself it is not a security risk

[2011/07/24 18:00:53 | 000,000,513 | ---- | M] () -- C:\Documents and Settings\John.JOHN-1E5571CE01\W32.IRCBot

These sort of files do not name themselves so nicely, I worked on the assumption that it is something you are researching. The named file for this infection is '%SYSTEM%\RPC.exe' or a variant therof
The BHO's are just orphans if there was something else to remove I would have tidied them up
  • 0

#8
noknojon
Posted 21 August 2011 - 06:57 AM

noknojon

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 533 posts
OK - -
I think I was researching items for a P/Log when I got hit so that may be the cause of the Trojan.
The other bits I will remove if that is all (not sure where Open Candy is from but I can deal with that).

Thanks for the help :)

Edited for spelling only

Edited by noknojon, 21 August 2011 - 06:58 AM.

  • 0

#9
Essexboy
Posted 21 August 2011 - 07:11 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OPen candy goes quite nicely from add/remove

Subject to no further problems :yes:

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :)

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Commands
    [resethosts]
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [CLEARALLRESTOREPOINTS]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself. We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.


SPRING CLEAN

Download and run Puran Disc Defragmenter
For the first run I would recommend a boot defrag and disk check
Posted Image

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

Posted Image Malwarebytes.

Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit
To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?Keep safe :unsure:
  • 0

#10
noknojon
Posted 21 August 2011 - 07:34 AM

noknojon

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 533 posts
No problem -
I will run your cleanup and try Puran Defrag. No Open Candy in Add Remove so I am not sure where it is (may be old) .
I have updated SAS and MBAM , also done quick scans with both and removed 2 tracking cookies (nothing else there).
All M/soft updates are installed and set for weekly check and downloading. Secunia PSI is also set to notify me.

Thank You for your time - :)
  • 0

#11
Essexboy
Posted 21 August 2011 - 07:54 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
My pleasure - now back to school :)
  • 0

#12
Essexboy
Posted 23 August 2011 - 09:16 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP