Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

CPU usage 100% system 32 host crashing

Started by morrisw7 , Sep 03 2011 03:47 PM

  • This topic is locked This topic is locked

#16
Render
Posted 08 September 2011 - 05:41 AM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
OK. That's looking good. Now tell me how is your computer running and what problems remains.
  • 0

Advertisements

#17
morrisw7
Posted 08 September 2011 - 05:47 AM

morrisw7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
so far so good no more host errors, will keep you updated if it changes.
I can not thank you enough. I really appreciate it
  • 0

#18
morrisw7
Posted 08 September 2011 - 05:48 AM

morrisw7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
oh please don't close thread yet I will be heading to work and wont be able to really look at it until tonight
  • 0

#19
Render
Posted 08 September 2011 - 05:51 AM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Don't worry. I will be here. :)
  • 0

#20
morrisw7
Posted 08 September 2011 - 06:58 PM

morrisw7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Ok so things seem better but what is this? it keeps popping up it says F: but it is also C:

If its harmless i will live with it Im just asking

Attached Thumbnails

  • avirapopup.jpg

  • 0

#21
Render
Posted 09 September 2011 - 04:16 AM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Yes, this is very smart Avira's feature. It prevent any AutoRun file from running as malicious codes can modify the AutoRun file on these devices. For F: drive is OK, but for C: is probably not good. Is message for C: the same as for F:?
  • 0

#22
morrisw7
Posted 09 September 2011 - 05:45 AM

morrisw7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
yes it is the same for C drive just not caps
  • 0

#23
Render
Posted 09 September 2011 - 08:05 AM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
OK. We'll take a look into that.

Posted Image OTL Custom Scan

  • Double click on the Posted Image icon to run it.
  • Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top, make sure Stadard output is selected.
  • Select Scan all users
  • Check the boxes beside LOP Check and Purity Check.
  • Under the Custom Scans/Fixes box copy and paste this in:

    netsvcs
%SYSTEMDRIVE%\*.*
%SYSTEMDRIVE%\autorun.inf /S 
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
CREATERESTOREPOINT
  • Click the Posted Image button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open OTL.Txt in Notepad window.
  • Please copy (Edit->Select All, Edit->Copy) the content of this file and post it with your next reply.

  • 0

#24
morrisw7
Posted 10 September 2011 - 03:47 PM

morrisw7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Here it is

OTL logfile created on: 10/09/2011 4:22:36 PM - Run 3
OTL by OldTimer - Version 3.2.27.0 Folder = C:\Documents and Settings\Morris\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd/MM/yyyy

958.48 Mb Total Physical Memory | 180.48 Mb Available Physical Memory | 18.83% Memory free
2.26 Gb Paging File | 1.52 Gb Available in Paging File | 67.26% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 4.91 Gb Free Space | 6.59% Space Free | Partition Type: NTFS
Drive F: | 74.53 Gb Total Space | 6.54 Gb Free Space | 8.78% Space Free | Partition Type: NTFS

Computer Name: MORRIS1 | User Name: Morris | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/09/07 15:13:15 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/09/04 04:08:13 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Morris\Desktop\OTL.exe
PRC - [2011/07/27 23:41:08 | 000,397,992 | ---- | M] ({StringFileInfo_CompanyName}) -- C:\Program Files\Ask.com\Updater\Updater.exe
PRC - [2011/07/21 13:12:16 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/05/09 06:42:24 | 000,428,200 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe
PRC - [2011/04/21 08:54:05 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011/04/21 08:53:48 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/04/21 08:53:33 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011/03/31 14:50:31 | 000,273,544 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2010/11/27 01:55:42 | 000,648,032 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe
PRC - [2009/07/01 11:37:06 | 000,037,888 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe
PRC - [2008/04/14 07:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2011/09/07 15:13:15 | 001,000,920 | ---- | M] () -- C:\Program Files\Mozilla Firefox\js3250.dll
MOD - [2011/07/21 16:12:31 | 000,355,688 | ---- | M] () -- C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2009/11/03 15:51:42 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2009/07/01 11:37:06 | 000,037,888 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe
MOD - [2008/04/14 07:00:00 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2008/04/14 07:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2005/10/25 12:54:22 | 000,020,594 | ---- | M] () -- C:\WINDOWS\system32\Dels3LMK.DLL


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/07/21 13:12:16 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/05/09 06:42:24 | 000,428,200 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2011/04/21 08:53:48 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/11/27 01:55:42 | 000,398,176 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)


========== Driver Services (SafeList) ==========

DRV - [2011/07/21 13:15:21 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/07/21 13:15:19 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/06/17 16:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/06/17 16:27:12 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2010/03/10 11:28:40 | 000,602,912 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8192su.sys -- (RTL8192su)
DRV - [2009/02/24 18:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2008/10/01 16:45:52 | 000,057,440 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\jswscimd.sys -- (JSWSCIMD)
DRV - [2008/04/13 17:05:40 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2007/12/14 04:31:00 | 000,057,408 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wsimd.sys -- (WSIMD)
DRV - [2006/03/08 14:27:12 | 004,246,016 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/01/18 18:41:58 | 000,080,512 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2005/08/13 21:35:54 | 001,313,792 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1409082233-527237240-1177238915-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.netflix.com/MemberHome
IE - HKU\S-1-5-21-1409082233-527237240-1177238915-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1409082233-527237240-1177238915-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo....-8&fr=ytff-&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.geekstogo...l.satx.rr.com/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {1cff04ef-0c75-4621-ba2a-2efb77346996}:2.3
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}:6.0.27
FF - prefs.js..extensions.enabledItems: [email protected]:3.12.5.100006
FF - prefs.js..keyword.URL: "http://search.yahoo....type=937811&p="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.633: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.633: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.633: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.633: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@rim.com/npappworld: C:\Program Files\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Morris\Local Settings\Application Data\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Morris\Local Settings\Application Data\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/03/31 14:51:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.22\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/07 15:13:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.22\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/07 15:13:19 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{EB132DB0-A4CA-11DF-9732-0E29E0D72085}: C:\Program Files\Object\facetheme

[2010/05/19 09:20:41 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Morris\Application Data\Mozilla\Extensions
[2011/09/10 08:12:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Morris\Application Data\Mozilla\Firefox\Profiles\vauejyz6.default\extensions
[2011/01/18 16:24:13 | 000,000,000 | ---D | M] ("ChromaTabs Plus") -- C:\Documents and Settings\Morris\Application Data\Mozilla\Firefox\Profiles\vauejyz6.default\extensions\{1cff04ef-0c75-4621-ba2a-2efb77346996}
[2011/08/20 13:34:03 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Morris\Application Data\Mozilla\Firefox\Profiles\vauejyz6.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/09/08 19:52:08 | 000,000,000 | ---D | M] ("Avira SearchFree Toolbar plus Web Protection") -- C:\Documents and Settings\Morris\Application Data\Mozilla\Firefox\Profiles\vauejyz6.default\extensions\[email protected]
[2011/09/10 08:12:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/09/07 18:12:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/09/22 18:00:16 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/11/07 23:16:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/09/02 07:41:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
[2011/03/31 14:51:04 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2010/09/07 18:11:59 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/07/19 05:05:25 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2011/09/02 07:04:38 | 000,001,719 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 3dns.adobe.com 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com activate.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.wip.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip1.adobe.com activate.wip2.adobe.com activate.wip3.adobe.com activate.wip4.adobe.com adobe-dns.adobe.com adobe-dns-1.adobe.com adobe-dns-2.adobe.com adobe-dns-3.adobe.com adobe-dns-4.adobe.com
O1 - Hosts: 127.0.0.1 adobeereg.com practivate.adobe practivate.adobe.com practivate.adobe.newoa practivate.adobe.ntp practivate.adobe.ipp ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com
O1 - Hosts: 127.0.0.1 www.adobeereg.com wwis-dubc1-vip60.adobe.com www.wip.adobe.com www.wip1.adobe.com
O1 - Hosts: 127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com wwis-dubc1-vip60.adobe.com crl.verisign.net CRL.VERISIGN.NET ood.opsource.net
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe ({StringFileInfo_CompanyName})
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1409082233-527237240-1177238915-1004..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil10t_Plugin.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1409082233-527237240-1177238915-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2....re/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.h...tDetection2.cab (GMNRev Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1E0C60E1-35FD-4B7C-80E9-A59B35CFB133}: DhcpNameServer = 192.168.2.1 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5800F597-3DBD-4A54-AE77-825F225B9440}: DhcpNameServer = 10.0.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/10/03 22:44:37 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - Unable to obtain root file information for disk C:\
O32 - Unable to obtain root file information for disk F:\
O33 - MountPoints2\{aea44140-bb8b-11de-adf7-0017311159ee}\Shell\AutoRun\command - "" = F:\slacker.synclauncher.exe
O33 - MountPoints2\{aea44140-bb8b-11de-adf7-0017311159ee}\Shell\slacker\command - "" = F:\slacker.synclauncher.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/09/09 10:32:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\VideoLAN
[2011/09/09 08:20:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Morris\Application Data\vlc
[2011/09/07 19:15:03 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Morris\Desktop\TFC.exe
[2011/09/07 15:06:09 | 001,402,672 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Morris\Desktop\TDSSKiller.exe
[2011/09/04 04:23:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Sun
[2011/09/04 04:08:13 | 000,581,120 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Morris\Desktop\OTL.exe
[2011/09/04 03:59:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Morris\Start Menu\Programs\HiJackThis
[2011/09/04 03:59:13 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/09/04 03:15:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Real
[2011/09/02 10:33:23 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Morris\Recent
[2011/09/02 10:32:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
[2011/09/02 07:41:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/09/02 07:41:27 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/09/02 07:41:27 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/09/02 07:41:26 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/09/02 06:05:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2011/09/01 17:07:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2011/09/01 17:07:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2011/09/01 16:14:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2011/09/01 16:14:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/09/01 16:14:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/09/01 07:41:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Morris\Desktop\brandon PS
[2011/08/31 17:47:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2011/08/25 15:30:27 | 000,000,000 | ---D | C] -- C:\Sierra
[2011/08/24 18:24:33 | 000,000,000 | ---D | C] -- C:\Program Files\Digital Loggers Inc
[2011/08/20 22:13:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Morris\Desktop\New Folder (4)
[2011/08/20 22:06:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Morris\Desktop\sweet 16
[2011/08/19 11:42:07 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Morris\My Documents\My Web Sites
[2011/08/19 09:49:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office
[2011/08/19 09:48:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2011/08/19 09:47:29 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2011/08/19 09:47:28 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2011/08/19 09:44:44 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2011/08/16 07:17:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Morris\Desktop\frio trip

========== Files - Modified Within 30 Days ==========

[2011/09/10 16:22:56 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1409082233-527237240-1177238915-1004.job
[2011/09/10 16:22:56 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1409082233-527237240-1177238915-1004.job
[2011/09/10 16:05:00 | 000,000,982 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1409082233-527237240-1177238915-1004UA.job
[2011/09/10 16:01:00 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2011/09/10 11:05:00 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1409082233-527237240-1177238915-1004Core.job
[2011/09/09 14:28:15 | 000,022,008 | ---- | M] () -- C:\Documents and Settings\Morris\Desktop\Rv Dist..odt
[2011/09/09 10:32:53 | 000,000,719 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2011/09/09 10:30:47 | 021,073,936 | ---- | M] () -- C:\Documents and Settings\Morris\My Documents\vlc-1.1.11-win32.exe
[2011/09/09 08:24:05 | 000,037,449 | ---- | M] () -- C:\Documents and Settings\Morris\Desktop\41-1495-color.jpg
[2011/09/09 02:00:04 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-MORRIS1-Morris.job
[2011/09/08 19:51:43 | 000,082,429 | ---- | M] () -- C:\Documents and Settings\Morris\Desktop\avirapopup.jpg
[2011/09/08 17:55:18 | 000,047,333 | ---- | M] () -- C:\Documents and Settings\Morris\Desktop\2011calendar-4.jpg
[2011/09/07 22:13:22 | 000,020,720 | ---- | M] () -- C:\Documents and Settings\Morris\Desktop\avptool_sysinfo.zip
[2011/09/07 20:00:09 | 000,000,022 | ---- | M] () -- C:\Documents and Settings\Morris\Desktop\MBR.zip
[2011/09/07 19:15:03 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Morris\Desktop\TFC.exe
[2011/09/07 17:14:40 | 000,379,133 | ---- | M] () -- C:\Documents and Settings\Morris\Desktop\otljpg.jpg
[2011/09/07 17:03:32 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Morris\Desktop\MBR.dat
[2011/09/06 19:25:42 | 001,402,672 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Morris\Desktop\TDSSKiller.exe
[2011/09/06 17:58:18 | 000,028,946 | ---- | M] () -- C:\Documents and Settings\Morris\Desktop\rootkitReport
[2011/09/06 17:53:28 | 000,139,264 | ---- | M] () -- C:\Documents and Settings\Morris\Desktop\RKUnhookerLE.EXE
[2011/09/05 12:09:53 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/09/04 04:08:13 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Morris\Desktop\OTL.exe
[2011/09/04 03:59:14 | 000,001,986 | ---- | M] () -- C:\Documents and Settings\Morris\Desktop\HiJackThis.lnk
[2011/09/03 17:09:26 | 000,002,271 | ---- | M] () -- C:\Documents and Settings\Morris\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/09/03 17:09:25 | 000,002,293 | ---- | M] () -- C:\Documents and Settings\Morris\Desktop\Google Chrome.lnk
[2011/09/03 16:48:36 | 000,041,425 | ---- | M] () -- C:\Documents and Settings\Morris\Desktop\wesavatar.jpg
[2011/09/03 05:17:37 | 000,599,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\crypt32.dll
[2011/09/02 21:54:55 | 000,547,870 | ---- | M] () -- C:\Documents and Settings\Morris\Desktop\anchorman-the-legend-of-ron-burgundy-original.jpg
[2011/09/02 10:32:54 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/09/02 07:04:38 | 000,001,719 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/09/01 23:58:20 | 001,008,092 | ---- | M] () -- C:\Documents and Settings\Morris\Desktop\rkill(2).exe
[2011/09/01 22:51:23 | 000,053,569 | ---- | M] () -- C:\Documents and Settings\Morris\Desktop\gay-[bleep]-2.jpg
[2011/09/01 22:43:44 | 000,151,293 | ---- | M] () -- C:\Documents and Settings\Morris\Desktop\aaaa.jpg
[2011/09/01 22:40:27 | 000,050,844 | ---- | M] () -- C:\Documents and Settings\Morris\Desktop\[bleep]youhaimgaycell8is.jpg
[2011/09/01 16:45:49 | 000,691,491 | ---- | M] () -- C:\Documents and Settings\Morris\Desktop\Funny-Comic-avatar-the-last-airbender-14238812-600-1572.jpg
[2011/09/01 16:12:12 | 000,047,168 | ---- | M] () -- C:\Documents and Settings\Morris\Desktop\fat-guy-in-a-sailor-moon-costume-What the....jpg
[2011/09/01 16:10:07 | 000,063,421 | ---- | M] () -- C:\Documents and Settings\Morris\Desktop\622_superman-plays-doctor.gif
[2011/09/01 07:35:48 | 003,434,088 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/08/31 18:42:39 | 000,096,051 | ---- | M] () -- C:\Documents and Settings\Morris\Desktop\article-0-0D7DB95800000578-965_634x830.jpg
[2011/08/31 17:24:02 | 000,000,089 | ---- | M] () -- C:\Documents and Settings\Morris\Desktop\Newegg.com - COMPAQ 100B (XZ846UT#ABA) Desktop PC AMD Dual-Core Processor E-350(1.6GHz) 2GB DDR3 500GB HDD Capacity AMD Rade.URL
[2011/08/31 12:14:04 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/08/31 11:11:16 | 000,074,195 | ---- | M] () -- C:\Documents and Settings\Morris\Desktop\transformers-3-ratchet-dual-mode.jpg
[2011/08/31 10:22:32 | 000,017,865 | ---- | M] () -- C:\Documents and Settings\Morris\Desktop\thumbnail.aspx
[2011/08/31 09:40:56 | 000,052,518 | ---- | M] () -- C:\Documents and Settings\Morris\Desktop\chad_ochocinco_sleeps_underneath_a_whole_bunch_of_fish2.jpg
[2011/08/31 09:40:19 | 000,063,025 | ---- | M] () -- C:\Documents and Settings\Morris\Desktop\chad_ochocinco_sleeps_underneath_a_whole_bunch_of_fish.jpg
[2011/08/27 18:37:39 | 000,008,258 | ---- | M] () -- C:\Documents and Settings\Morris\Desktop\3n73m93p25Y55R65S3b8m731e799e45991548.jpg
[2011/08/27 18:37:35 | 000,006,921 | ---- | M] () -- C:\Documents and Settings\Morris\Desktop\3n73o53lc5O15T35S4b8mc9afb2f920691ad8.jpg
[2011/08/27 18:37:10 | 000,007,166 | ---- | M] () -- C:\Documents and Settings\Morris\Desktop\3k83oc3p85Q35U65R0b8mf1836c4c069315d1.jpg
[2011/08/27 14:54:46 | 000,188,418 | ---- | M] () -- C:\Documents and Settings\Morris\Desktop\IMG-20110821-00739.jpg
[2011/08/27 14:54:46 | 000,178,740 | ---- | M] () -- C:\Documents and Settings\Morris\Desktop\IMG-20110821-00740.jpg
[2011/08/26 22:06:57 | 000,171,013 | ---- | M] () -- C:\Documents and Settings\Morris\Desktop\4seasonsrambler.jpg
[2011/08/26 16:33:38 | 000,278,647 | ---- | M] () -- C:\Documents and Settings\Morris\Desktop\mr1-honda-cb750-1976.jpg
[2011/08/26 16:31:16 | 001,258,177 | ---- | M] () -- C:\Documents and Settings\Morris\Desktop\Ryan-CB750-21.jpg
[2011/08/26 16:30:36 | 001,193,986 | ---- | M] () -- C:\Documents and Settings\Morris\Desktop\Ryan-CB750.jpg
[2011/08/24 21:55:32 | 000,058,534 | ---- | M] () -- C:\Documents and Settings\Morris\Desktop\chopper frame (2).jpg
[2011/08/24 21:39:40 | 000,229,358 | ---- | M] () -- C:\Documents and Settings\Morris\Desktop\R1- 2A.jpg
[2011/08/24 18:31:14 | 000,000,103 | ---- | M] () -- C:\WINDOWS\logger.res
[2011/08/24 18:24:48 | 000,000,103 | ---- | M] () -- C:\WINDOWS\logger.ini
[2011/08/19 18:12:54 | 000,001,306 | ---- | M] () -- C:\Documents and Settings\Morris\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to Downloads.lnk
[2011/08/19 18:11:40 | 000,000,408 | ---- | M] () -- C:\Documents and Settings\Morris\My Documents\Shortcut to Downloads.lnk
[2011/08/19 15:55:43 | 000,000,471 | ---- | M] () -- C:\Documents and Settings\Morris\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to entertainment.lnk
[2011/08/19 09:50:20 | 000,000,376 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2011/08/18 07:16:59 | 000,000,300 | ---- | M] () -- C:\WINDOWS\tasks\expressburnShakeIcon.job
[2011/08/15 07:40:47 | 000,025,691 | ---- | M] () -- C:\Documents and Settings\Morris\Desktop\2011.gif
[2011/08/15 07:36:59 | 000,520,282 | ---- | M] () -- C:\Documents and Settings\Morris\Desktop\2010_Calendar_template_by_SauliusN.jpg
[2011/08/13 14:08:53 | 000,017,011 | ---- | M] () -- C:\Documents and Settings\Morris\Desktop\Untitled 1.odt

========== Files Created - No Company Name ==========

[2011/09/09 10:32:53 | 000,000,719 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2011/09/09 10:29:57 | 021,073,936 | ---- | C] () -- C:\Documents and Settings\Morris\My Documents\vlc-1.1.11-win32.exe
[2011/09/09 08:24:04 | 000,037,449 | ---- | C] () -- C:\Documents and Settings\Morris\Desktop\41-1495-color.jpg
[2011/09/08 19:51:41 | 000,082,429 | ---- | C] () -- C:\Documents and Settings\Morris\Desktop\avirapopup.jpg
[2011/09/08 17:55:14 | 000,047,333 | ---- | C] () -- C:\Documents and Settings\Morris\Desktop\2011calendar-4.jpg
[2011/09/07 22:25:35 | 000,020,720 | ---- | C] () -- C:\Documents and Settings\Morris\Desktop\avptool_sysinfo.zip
[2011/09/07 17:14:36 | 000,379,133 | ---- | C] () -- C:\Documents and Settings\Morris\Desktop\otljpg.jpg
[2011/09/06 17:58:18 | 000,028,946 | ---- | C] () -- C:\Documents and Settings\Morris\Desktop\rootkitReport
[2011/09/06 17:53:28 | 000,139,264 | ---- | C] () -- C:\Documents and Settings\Morris\Desktop\RKUnhookerLE.EXE
[2011/09/06 17:52:46 | 000,000,022 | ---- | C] () -- C:\Documents and Settings\Morris\Desktop\MBR.zip
[2011/09/05 21:58:34 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Morris\Desktop\MBR.dat
[2011/09/04 03:59:14 | 000,001,986 | ---- | C] () -- C:\Documents and Settings\Morris\Desktop\HiJackThis.lnk
[2011/09/03 16:48:34 | 000,041,425 | ---- | C] () -- C:\Documents and Settings\Morris\Desktop\wesavatar.jpg
[2011/09/02 21:54:54 | 000,547,870 | ---- | C] () -- C:\Documents and Settings\Morris\Desktop\anchorman-the-legend-of-ron-burgundy-original.jpg
[2011/09/02 10:32:54 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/09/01 23:57:57 | 001,008,092 | ---- | C] () -- C:\Documents and Settings\Morris\Desktop\rkill(2).exe
[2011/09/01 22:55:40 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-MORRIS1-Morris.job
[2011/09/01 22:51:22 | 000,053,569 | ---- | C] () -- C:\Documents and Settings\Morris\Desktop\gay-[bleep]-2.jpg
[2011/09/01 22:43:18 | 000,151,293 | ---- | C] () -- C:\Documents and Settings\Morris\Desktop\aaaa.jpg
[2011/09/01 22:40:23 | 000,050,844 | ---- | C] () -- C:\Documents and Settings\Morris\Desktop\[bleep]youhaimgaycell8is.jpg
[2011/09/01 17:05:22 | 000,000,280 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1409082233-527237240-1177238915-1004.job
[2011/09/01 16:45:02 | 000,691,491 | ---- | C] () -- C:\Documents and Settings\Morris\Desktop\Funny-Comic-avatar-the-last-airbender-14238812-600-1572.jpg
[2011/09/01 16:14:32 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/09/01 16:12:10 | 000,047,168 | ---- | C] () -- C:\Documents and Settings\Morris\Desktop\fat-guy-in-a-sailor-moon-costume-What the....jpg
[2011/09/01 16:10:04 | 000,063,421 | ---- | C] () -- C:\Documents and Settings\Morris\Desktop\622_superman-plays-doctor.gif
[2011/08/31 18:42:25 | 000,096,051 | ---- | C] () -- C:\Documents and Settings\Morris\Desktop\article-0-0D7DB95800000578-965_634x830.jpg
[2011/08/31 17:41:51 | 000,000,870 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Photoshop CS5.1.lnk
[2011/08/31 17:39:05 | 000,000,832 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Bridge CS5.1.lnk
[2011/08/31 17:38:17 | 000,000,925 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Device Central CS5.5.lnk
[2011/08/31 17:36:26 | 000,001,026 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Extension Manager CS5.5.lnk
[2011/08/31 17:36:10 | 000,001,176 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe ExtendScript Toolkit CS5.5.lnk
[2011/08/31 17:35:07 | 000,000,728 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Help.lnk
[2011/08/31 17:24:02 | 000,000,089 | ---- | C] () -- C:\Documents and Settings\Morris\Desktop\Newegg.com - COMPAQ 100B (XZ846UT#ABA) Desktop PC AMD Dual-Core Processor E-350(1.6GHz) 2GB DDR3 500GB HDD Capacity AMD Rade.URL
[2011/08/31 11:11:08 | 000,074,195 | ---- | C] () -- C:\Documents and Settings\Morris\Desktop\transformers-3-ratchet-dual-mode.jpg
[2011/08/31 10:22:30 | 000,017,865 | ---- | C] () -- C:\Documents and Settings\Morris\Desktop\thumbnail.aspx
[2011/08/31 09:40:54 | 000,052,518 | ---- | C] () -- C:\Documents and Settings\Morris\Desktop\chad_ochocinco_sleeps_underneath_a_whole_bunch_of_fish2.jpg
[2011/08/31 09:40:18 | 000,063,025 | ---- | C] () -- C:\Documents and Settings\Morris\Desktop\chad_ochocinco_sleeps_underneath_a_whole_bunch_of_fish.jpg
[2011/08/27 18:37:39 | 000,008,258 | ---- | C] () -- C:\Documents and Settings\Morris\Desktop\3n73m93p25Y55R65S3b8m731e799e45991548.jpg
[2011/08/27 18:37:34 | 000,006,921 | ---- | C] () -- C:\Documents and Settings\Morris\Desktop\3n73o53lc5O15T35S4b8mc9afb2f920691ad8.jpg
[2011/08/27 18:37:08 | 000,007,166 | ---- | C] () -- C:\Documents and Settings\Morris\Desktop\3k83oc3p85Q35U65R0b8mf1836c4c069315d1.jpg
[2011/08/27 16:54:52 | 000,188,418 | ---- | C] () -- C:\Documents and Settings\Morris\Desktop\IMG-20110821-00739.jpg
[2011/08/27 16:54:52 | 000,178,740 | ---- | C] () -- C:\Documents and Settings\Morris\Desktop\IMG-20110821-00740.jpg
[2011/08/26 22:06:56 | 000,171,013 | ---- | C] () -- C:\Documents and Settings\Morris\Desktop\4seasonsrambler.jpg
[2011/08/26 16:33:37 | 000,278,647 | ---- | C] () -- C:\Documents and Settings\Morris\Desktop\mr1-honda-cb750-1976.jpg
[2011/08/26 16:30:54 | 001,258,177 | ---- | C] () -- C:\Documents and Settings\Morris\Desktop\Ryan-CB750-21.jpg
[2011/08/26 16:30:33 | 001,193,986 | ---- | C] () -- C:\Documents and Settings\Morris\Desktop\Ryan-CB750.jpg
[2011/08/25 15:02:14 | 000,022,008 | ---- | C] () -- C:\Documents and Settings\Morris\Desktop\Rv Dist..odt
[2011/08/24 21:55:29 | 000,058,534 | ---- | C] () -- C:\Documents and Settings\Morris\Desktop\chopper frame (2).jpg
[2011/08/24 21:39:40 | 000,229,358 | ---- | C] () -- C:\Documents and Settings\Morris\Desktop\R1- 2A.jpg
[2011/08/24 18:26:59 | 000,000,103 | ---- | C] () -- C:\WINDOWS\logger.res
[2011/08/24 18:24:46 | 000,000,103 | ---- | C] () -- C:\WINDOWS\logger.ini
[2011/08/19 18:11:43 | 000,001,306 | ---- | C] () -- C:\Documents and Settings\Morris\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to Downloads.lnk
[2011/08/19 18:11:40 | 000,000,408 | ---- | C] () -- C:\Documents and Settings\Morris\My Documents\Shortcut to Downloads.lnk
[2011/08/19 15:55:43 | 000,000,471 | ---- | C] () -- C:\Documents and Settings\Morris\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to entertainment.lnk
[2011/08/19 09:50:20 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2011/08/15 07:40:46 | 000,025,691 | ---- | C] () -- C:\Documents and Settings\Morris\Desktop\2011.gif
[2011/08/15 07:36:57 | 000,520,282 | ---- | C] () -- C:\Documents and Settings\Morris\Desktop\2010_Calendar_template_by_SauliusN.jpg
[2011/08/13 14:08:50 | 000,017,011 | ---- | C] () -- C:\Documents and Settings\Morris\Desktop\Untitled 1.odt
[2011/02/17 04:50:55 | 000,438,384 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/10/14 17:50:55 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Morris\Application Data\$_hpcst$.hpc
[2010/09/11 09:44:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2010/08/30 21:57:13 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\SSCoInst.exe
[2010/08/30 21:57:13 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\SVSetup.Exe
[2010/08/30 21:57:13 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\SSCoInst.dll
[2010/08/30 21:57:13 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\SVSetup.dll
[2010/08/30 21:57:12 | 000,020,594 | ---- | C] () -- C:\WINDOWS\System32\Dels3LMK.DLL
[2010/05/19 09:20:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/12/06 10:58:30 | 000,000,067 | ---- | C] () -- C:\WINDOWS\Easy Video to DVD.INI
[2009/12/06 10:45:08 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/10/06 22:46:13 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2009/10/06 22:46:13 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2009/10/06 22:24:30 | 000,151,552 | ---- | C] () -- C:\Documents and Settings\Morris\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/06 22:14:25 | 000,516,096 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2009/10/03 22:47:04 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/10/03 22:41:45 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/10/03 17:29:53 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/10/03 17:28:10 | 003,434,088 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/04/14 07:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008/04/14 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/04/14 07:00:00 | 000,432,686 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008/04/14 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/04/14 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/04/14 07:00:00 | 000,067,516 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008/04/14 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/04/14 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/04/14 07:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/04/14 07:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008/04/14 07:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/04/14 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2005/07/19 08:25:16 | 000,104,361 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2004/04/18 16:43:46 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2004/04/18 16:43:44 | 000,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll

========== LOP Check ==========

[2011/01/20 09:12:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/09/13 20:28:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2009/10/06 22:57:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NETGEAR
[2011/09/01 23:30:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2010/08/30 20:54:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2011/08/05 21:33:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YouTube Downloader
[2010/12/26 12:49:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/03/15 00:17:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2011/04/06 08:58:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Softland
[2011/09/09 15:58:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Morris\Application Data\.purple
[2011/09/09 06:58:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Morris\Application Data\BitTorrent
[2009/10/07 12:52:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Morris\Application Data\Blitware
[2011/08/16 10:20:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Morris\Application Data\gtk-2.0
[2010/09/13 20:25:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Morris\Application Data\NCH Swift Sound
[2010/09/07 18:17:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Morris\Application Data\OpenOffice.org
[2011/04/06 08:58:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Morris\Application Data\Softland
[2011/01/20 12:27:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Morris\Application Data\TeamViewer
[2009/10/06 22:09:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Morris\Application Data\WinBatch
[2010/11/03 22:18:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Morris\Application Data\Xilisoft Corporation
[2010/04/11 10:11:01 | 000,000,306 | ---- | M] () -- C:\WINDOWS\Tasks\expressburnSevenDaysInit.job
[2011/08/18 07:16:59 | 000,000,300 | ---- | M] () -- C:\WINDOWS\Tasks\expressburnShakeIcon.job
[2010/09/16 20:29:02 | 000,000,280 | ---- | M] () -- C:\WINDOWS\Tasks\goldenShakeIcon.job
[2011/09/10 16:01:00 | 000,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
[2010/04/28 07:36:41 | 000,000,280 | ---- | M] () -- C:\WINDOWS\Tasks\switchShakeIcon.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2009/10/03 22:44:37 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2011/04/08 21:56:36 | 000,000,109 | ---- | M] () -- C:\autorun.inf
[2006/01/01 01:45:17 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2009/10/03 22:44:37 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2009/10/03 22:44:37 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/10/07 01:37:16 | 000,005,508 | ---- | M] () -- C:\KB888111_Readme.txt
[2009/10/07 01:37:16 | 070,619,374 | ---- | M] () -- C:\KB888111_Supported_OS_All_Languages.zip
[2009/10/03 22:44:37 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008/04/14 07:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/04/14 07:00:00 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2005/12/31 23:00:59 | 1509,949,440 | -HS- | M] () -- C:\pagefile.sys
[2009/10/06 22:46:18 | 000,000,291 | ---- | M] () -- C:\RHDSetup.log
[2011/09/05 12:15:37 | 000,000,393 | ---- | M] () -- C:\rkill.log
[2009/12/06 10:58:44 | 000,002,610 | ---- | M] () -- C:\StarBurn.log
[2011/09/07 15:09:21 | 000,037,930 | ---- | M] () -- C:\TDSSKiller.2.5.19.0_07.09.2011_15.06.57_log.txt

< %SYSTEMDRIVE%\autorun.inf /S >
[2011/04/08 21:56:36 | 000,000,109 | ---- | M] () -- C:\autorun.inf
[2009/10/02 06:35:34 | 000,000,047 | ---- | M] () -- C:\Documents and Settings\Morris\Desktop\desktop\thumb drive BACKUP\wlan\autorun.inf
[2007/04/05 02:23:46 | 000,000,184 | ---- | M] () -- C:\Documents and Settings\Morris\My Documents\Downloads\FrontPage Professional 2003 + cdkey\FrontPage Professional 2003 + cdkey\AUTORUN.INF
[2009/10/02 06:35:34 | 000,000,047 | ---- | M] () -- C:\Program Files\Bonjour\wlan\autorun.inf
[2011/02/09 12:57:12 | 000,000,048 | ---- | M] () -- C:\Program Files\Common Files\Adobe\Bridge CS5.1 Extensions\Adobe Output Module\mediagallery\resources\flashgallery\AUTORUN.inf
[2005/12/04 02:28:20 | 000,000,661 | ---- | M] () -- C:\Program Files\DELL\Dell Laser Printer 1110\Install\AUTORUN.INF
[2006/12/07 16:13:40 | 000,000,030 | ---- | M] () -- C:\Program Files\Nero\Nero8\Nero Burning Rom\SecurDisc\Autorun.inf
[2008/07/04 15:47:54 | 000,000,087 | ---- | M] () -- C:\Program Files\Sony\PMB\DiscMaker\DiscData\Autorun.inf

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/09/07 15:13:18 | 000,552,464 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/09/07 15:13:18 | 000,552,464 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/09/07 15:13:18 | 000,552,464 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/09/07 15:13:15 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/09/07 15:13:15 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/09/07 15:13:15 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Documents and Settings\Morris\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --show-icons [2011/09/03 07:28:25 | 001,017,912 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Documents and Settings\Morris\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --hide-icons [2011/09/03 07:28:25 | 001,017,912 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Documents and Settings\Morris\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/09/03 07:28:25 | 001,017,912 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Documents and Settings\Morris\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2011/09/03 07:28:25 | 001,017,912 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: %systemroot%\system32\shmgrate.exe OCInstallReinstallIE [2008/04/14 07:00:00 | 000,045,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: %systemroot%\system32\shmgrate.exe OCInstallHideIE [2008/04/14 07:00:00 | 000,045,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: %systemroot%\system32\shmgrate.exe OCInstallShowIE [2008/04/14 07:00:00 | 000,045,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2008/04/14 07:00:00 | 000,093,184 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/09/07 15:13:18 | 000,552,464 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/09/07 15:13:18 | 000,552,464 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/09/07 15:13:18 | 000,552,464 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/09/07 15:13:15 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/09/07 15:13:15 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/09/07 15:13:15 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Documents and Settings\Morris\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --show-icons [2011/09/03 07:28:25 | 001,017,912 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Documents and Settings\Morris\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --hide-icons [2011/09/03 07:28:25 | 001,017,912 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Documents and Settings\Morris\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/09/03 07:28:25 | 001,017,912 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Documents and Settings\Morris\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2011/09/03 07:28:25 | 001,017,912 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: %systemroot%\system32\shmgrate.exe OCInstallReinstallIE [2008/04/14 07:00:00 | 000,045,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: %systemroot%\system32\shmgrate.exe OCInstallHideIE [2008/04/14 07:00:00 | 000,045,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: %systemroot%\system32\shmgrate.exe OCInstallShowIE [2008/04/14 07:00:00 | 000,045,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2008/04/14 07:00:00 | 000,093,184 | ---- | M] (Microsoft Corporation)

< End of report >

Attached Files


  • 0

#25
Render
Posted 10 September 2011 - 04:11 PM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Hi,

We need to run an OTL Fix

Warning This fix is only relevant for this system and no other, using on another computer may cause problems.

  • Please double click on Posted Image on your desktop.
  • Under the Custom Scans/Fixes box copy and paste this in:

    :OTL
O33 - MountPoints2\{aea44140-bb8b-11de-adf7-0017311159ee}\Shell\AutoRun\command - "" = F:\slacker.synclauncher.exe
O33 - MountPoints2\{aea44140-bb8b-11de-adf7-0017311159ee}\Shell\slacker\command - "" = F:\slacker.synclauncher.exe
  	
:Files
C:\autorun.inf
ipconfig /flushdns /c

:Reg

:Commands
[purity]
[emptytemp]
[emptyflash]
[createrestorepoint]
[reboot]
  • Click on Posted Image button.
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click on Posted Image button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0

Advertisements

#26
morrisw7
Posted 10 September 2011 - 05:23 PM

morrisw7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
OTL logfile created on: 10/09/2011 6:00:01 PM - Run 4
OTL by OldTimer - Version 3.2.27.0 Folder = C:\Documents and Settings\Morris\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd/MM/yyyy

958.48 Mb Total Physical Memory | 487.88 Mb Available Physical Memory | 50.90% Memory free
2.26 Gb Paging File | 1.80 Gb Available in Paging File | 79.63% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 4.89 Gb Free Space | 6.56% Space Free | Partition Type: NTFS
Drive F: | 74.53 Gb Total Space | 6.54 Gb Free Space | 8.78% Space Free | Partition Type: NTFS

Computer Name: MORRIS1 | User Name: Morris | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/09/07 15:13:15 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/09/04 04:08:13 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Morris\Desktop\OTL.exe
PRC - [2011/07/27 23:41:08 | 000,397,992 | ---- | M] ({StringFileInfo_CompanyName}) -- C:\Program Files\Ask.com\Updater\Updater.exe
PRC - [2011/07/21 13:12:16 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/05/09 06:42:24 | 000,428,200 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe
PRC - [2011/04/21 08:54:05 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011/04/21 08:53:48 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/04/21 08:53:33 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011/03/31 14:50:31 | 000,273,544 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2010/11/27 01:55:42 | 000,648,032 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe
PRC - [2009/07/01 11:37:06 | 000,037,888 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe
PRC - [2008/04/14 07:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2011/09/07 15:13:15 | 001,000,920 | ---- | M] () -- C:\Program Files\Mozilla Firefox\js3250.dll
MOD - [2011/07/21 16:12:31 | 000,355,688 | ---- | M] () -- C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2011/07/20 07:40:04 | 006,271,136 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2009/11/03 15:51:42 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2009/07/01 11:37:06 | 000,037,888 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe
MOD - [2008/04/14 07:00:00 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2008/04/14 07:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2005/10/25 12:54:22 | 000,020,594 | ---- | M] () -- C:\WINDOWS\system32\Dels3LMK.DLL


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/07/21 13:12:16 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/05/09 06:42:24 | 000,428,200 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2011/04/21 08:53:48 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/11/27 01:55:42 | 000,398,176 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)


========== Driver Services (SafeList) ==========

DRV - [2011/07/21 13:15:21 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/07/21 13:15:19 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/06/17 16:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/06/17 16:27:12 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2010/03/10 11:28:40 | 000,602,912 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8192su.sys -- (RTL8192su)
DRV - [2009/02/24 18:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2008/10/01 16:45:52 | 000,057,440 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\jswscimd.sys -- (JSWSCIMD)
DRV - [2008/04/13 17:05:40 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2007/12/14 04:31:00 | 000,057,408 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wsimd.sys -- (WSIMD)
DRV - [2006/03/08 14:27:12 | 004,246,016 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/01/18 18:41:58 | 000,080,512 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2005/08/13 21:35:54 | 001,313,792 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.netflix.com/MemberHome
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo....-8&fr=ytff-&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.geekstogo...l.satx.rr.com/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {1cff04ef-0c75-4621-ba2a-2efb77346996}:2.3
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}:6.0.27
FF - prefs.js..extensions.enabledItems: [email protected]:3.12.5.100006
FF - prefs.js..keyword.URL: "http://search.yahoo....type=937811&p="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.633: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.633: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.633: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.633: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@rim.com/npappworld: C:\Program Files\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Morris\Local Settings\Application Data\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Morris\Local Settings\Application Data\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/03/31 14:51:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.22\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/07 15:13:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.22\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/07 15:13:19 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{EB132DB0-A4CA-11DF-9732-0E29E0D72085}: C:\Program Files\Object\facetheme

[2010/05/19 09:20:41 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Morris\Application Data\Mozilla\Extensions
[2011/09/10 08:12:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Morris\Application Data\Mozilla\Firefox\Profiles\vauejyz6.default\extensions
[2011/01/18 16:24:13 | 000,000,000 | ---D | M] ("ChromaTabs Plus") -- C:\Documents and Settings\Morris\Application Data\Mozilla\Firefox\Profiles\vauejyz6.default\extensions\{1cff04ef-0c75-4621-ba2a-2efb77346996}
[2011/08/20 13:34:03 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Morris\Application Data\Mozilla\Firefox\Profiles\vauejyz6.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/09/08 19:52:08 | 000,000,000 | ---D | M] ("Avira SearchFree Toolbar plus Web Protection") -- C:\Documents and Settings\Morris\Application Data\Mozilla\Firefox\Profiles\vauejyz6.default\extensions\[email protected]
[2011/09/10 08:12:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/09/07 18:12:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/09/22 18:00:16 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/11/07 23:16:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/09/02 07:41:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
[2011/03/31 14:51:04 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2010/09/07 18:11:59 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/07/19 05:05:25 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2011/09/02 07:04:38 | 000,001,719 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 3dns.adobe.com 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com activate.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.wip.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip1.adobe.com activate.wip2.adobe.com activate.wip3.adobe.com activate.wip4.adobe.com adobe-dns.adobe.com adobe-dns-1.adobe.com adobe-dns-2.adobe.com adobe-dns-3.adobe.com adobe-dns-4.adobe.com
O1 - Hosts: 127.0.0.1 adobeereg.com practivate.adobe practivate.adobe.com practivate.adobe.newoa practivate.adobe.ntp practivate.adobe.ipp ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com
O1 - Hosts: 127.0.0.1 www.adobeereg.com wwis-dubc1-vip60.adobe.com www.wip.adobe.com www.wip1.adobe.com
O1 - Hosts: 127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com wwis-dubc1-vip60.adobe.com crl.verisign.net CRL.VERISIGN.NET ood.opsource.net
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe ({StringFileInfo_CompanyName})
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil10t_Plugin.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2....re/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.h...tDetection2.cab (GMNRev Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1E0C60E1-35FD-4B7C-80E9-A59B35CFB133}: DhcpNameServer = 192.168.2.1 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5800F597-3DBD-4A54-AE77-825F225B9440}: DhcpNameServer = 10.0.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/10/03 22:44:37 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - Unable to obtain root file information for disk C:\
O32 - Unable to obtain root file information for disk F:\
O33 - MountPoints2\{aea44140-bb8b-11de-adf7-0017311159ee}\Shell\AutoRun\command - "" = F:\slacker.synclauncher.exe
O33 - MountPoints2\{aea44140-bb8b-11de-adf7-0017311159ee}\Shell\slacker\command - "" = F:\slacker.synclauncher.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

[CREATERESTOREPOINT]
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/09/09 10:32:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\VideoLAN
[2011/09/09 08:20:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Morris\Application Data\vlc
[2011/09/07 19:15:03 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Morris\Desktop\TFC.exe
[2011/09/07 15:06:09 | 001,402,672 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Morris\Desktop\TDSSKiller.exe
[2011/09/04 04:23:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Sun
[2011/09/04 04:08:13 | 000,581,120 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Morris\Desktop\OTL.exe
[2011/09/04 03:59:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Morris\Start Menu\Programs\HiJackThis
[2011/09/04 03:59:13 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/09/04 03:15:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Real
[2011/09/02 10:33:23 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Morris\Recent
[2011/09/02 10:32:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
[2011/09/02 07:41:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/09/02 07:41:27 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/09/02 07:41:27 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/09/02 07:41:26 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/09/02 06:05:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2011/09/01 17:07:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2011/09/01 17:07:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2011/09/01 16:14:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2011/09/01 16:14:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/09/01 16:14:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/09/01 07:41:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Morris\Desktop\brandon PS
[2011/08/31 17:47:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2011/08/25 15:30:27 | 000,000,000 | ---D | C] -- C:\Sierra
[2011/08/24 18:24:33 | 000,000,000 | ---D | C] -- C:\Program Files\Digital Loggers Inc
[2011/08/20 22:13:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Morris\Desktop\New Folder (4)
[2011/08/20 22:06:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Morris\Desktop\sweet 16
[2011/08/19 11:42:07 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Morris\My Documents\My Web Sites
[2011/08/19 09:49:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office
[2011/08/19 09:48:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2011/08/19 09:47:29 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2011/08/19 09:47:28 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2011/08/19 09:44:44 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2011/08/16 07:17:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Morris\Desktop\frio trip

========== Files - Modified Within 30 Days ==========

[2011/09/10 18:05:05 | 000,000,982 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1409082233-527237240-1177238915-1004UA.job
[2011/09/10 18:01:01 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2011/09/10 18:00:09 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1409082233-527237240-1177238915-1004.job
[2011/09/10 18:00:09 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1409082233-527237240-1177238915-1004.job
[2011/09/10 16:53:12 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/09/10 16:52:22 | 000,155,136 | ---- | M] () -- C:\Documents and Settings\Morris\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/09/10 11:05:00 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1409082233-527237240-1177238915-1004Core.job
[2011/09/09 14:28:15 | 000,022,008 | ---- | M] () -- C:\Documents and Settings\Morris\Desktop\Rv Dist..odt
[2011/09/09 10:32:53 | 000,000,719 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2011/09/09 10:30:47 | 021,073,936 | ---- | M] () -- C:\Documents and Settings\Morris\My Documents\vlc-1.1.11-win32.exe
[2011/09/09 08:24:05 | 000,037,449 | ---- | M] () -- C:\Documents and Settings\Morris\Desktop\41-1495-color.jpg
[2011/09/09 02:00:04 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-MORRIS1-Morris.job
[2011/09/08 19:51:43 | 000,082,429 | ---- | M] () -- C:\Documents and Settings\Morris\Desktop\avirapopup.jpg
[2011/09/08 17:55:18 | 000,047,333 | ---- | M] () -- C:\Documents and Settings\Morris\Desktop\2011calendar-4.jpg
[2011/09/07 22:13:22 | 000,020,720 | ---- | M] () -- C:\Documents and Settings\Morris\Desktop\avptool_sysinfo.zip
[2011/09/07 20:00:09 | 000,000,022 | ---- | M] () -- C:\Documents and Settings\Morris\Desktop\MBR.zip
[2011/09/07 19:15:03 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Morris\Desktop\TFC.exe
[2011/09/07 17:14:40 | 000,379,133 | ---- | M] () -- C:\Documents and Settings\Morris\Desktop\otljpg.jpg
[2011/09/07 17:03:32 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Morris\Desktop\MBR.dat
[2011/09/06 19:25:42 | 001,402,672 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Morris\Desktop\TDSSKiller.exe
[2011/09/06 17:58:18 | 000,028,946 | ---- | M] () -- C:\Documents and Settings\Morris\Desktop\rootkitReport
[2011/09/06 17:53:28 | 000,139,264 | ---- | M] () -- C:\Documents and Settings\Morris\Desktop\RKUnhookerLE.EXE
[2011/09/05 12:09:53 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/09/04 04:08:13 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Morris\Desktop\OTL.exe
[2011/09/04 03:59:14 | 000,001,986 | ---- | M] () -- C:\Documents and Settings\Morris\Desktop\HiJackThis.lnk
[2011/09/03 17:09:26 | 000,002,271 | ---- | M] () -- C:\Documents and Settings\Morris\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/09/03 17:09:25 | 000,002,293 | ---- | M] () -- C:\Documents and Settings\Morris\Desktop\Google Chrome.lnk
[2011/09/03 16:48:36 | 000,041,425 | ---- | M] () -- C:\Documents and Settings\Morris\Desktop\wesavatar.jpg
[2011/09/03 05:17:37 | 000,599,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\crypt32.dll
[2011/09/02 21:54:55 | 000,547,870 | ---- | M] () -- C:\Documents and Settings\Morris\Desktop\anchorman-the-legend-of-ron-burgundy-original.jpg
[2011/09/02 10:32:54 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/09/02 07:04:38 | 000,001,719 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/09/01 23:58:20 | 001,008,092 | ---- | M] () -- C:\Documents and Settings\Morris\Desktop\rkill(2).exe
[2011/09/01 22:51:23 | 000,053,569 | ---- | M] () -- C:\Documents and Settings\Morris\Desktop\gay-[bleep]-2.jpg
[2011/09/01 22:43:44 | 000,151,293 | ---- | M] () -- C:\Documents and Settings\Morris\Desktop\aaaa.jpg
[2011/09/01 22:40:27 | 000,050,844 | ---- | M] () -- C:\Documents and Settings\Morris\Desktop\[bleep]youhaimgaycell8is.jpg
[2011/09/01 16:45:49 | 000,691,491 | ---- | M] () -- C:\Documents and Settings\Morris\Desktop\Funny-Comic-avatar-the-last-airbender-14238812-600-1572.jpg
[2011/09/01 16:12:12 | 000,047,168 | ---- | M] () -- C:\Documents and Settings\Morris\Desktop\fat-guy-in-a-sailor-moon-costume-What the....jpg
[2011/09/01 16:10:07 | 000,063,421 | ---- | M] () -- C:\Documents and Settings\Morris\Desktop\622_superman-plays-doctor.gif
[2011/09/01 07:35:48 | 003,434,088 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/08/31 18:42:39 | 000,096,051 | ---- | M] () -- C:\Documents and Settings\Morris\Desktop\article-0-0D7DB95800000578-965_634x830.jpg
[2011/08/31 17:24:02 | 000,000,089 | ---- | M] () -- C:\Documents and Settings\Morris\Desktop\Newegg.com - COMPAQ 100B (XZ846UT#ABA) Desktop PC AMD Dual-Core Processor E-350(1.6GHz) 2GB DDR3 500GB HDD Capacity AMD Rade.URL
[2011/08/31 12:14:04 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/08/31 11:11:16 | 000,074,195 | ---- | M] () -- C:\Documents and Settings\Morris\Desktop\transformers-3-ratchet-dual-mode.jpg
[2011/08/31 10:22:32 | 000,017,865 | ---- | M] () -- C:\Documents and Settings\Morris\Desktop\thumbnail.aspx
[2011/08/31 09:40:56 | 000,052,518 | ---- | M] () -- C:\Documents and Settings\Morris\Desktop\chad_ochocinco_sleeps_underneath_a_whole_bunch_of_fish2.jpg
[2011/08/31 09:40:19 | 000,063,025 | ---- | M] () -- C:\Documents and Settings\Morris\Desktop\chad_ochocinco_sleeps_underneath_a_whole_bunch_of_fish.jpg
[2011/08/27 18:37:39 | 000,008,258 | ---- | M] () -- C:\Documents and Settings\Morris\Desktop\3n73m93p25Y55R65S3b8m731e799e45991548.jpg
[2011/08/27 18:37:35 | 000,006,921 | ---- | M] () -- C:\Documents and Settings\Morris\Desktop\3n73o53lc5O15T35S4b8mc9afb2f920691ad8.jpg
[2011/08/27 18:37:10 | 000,007,166 | ---- | M] () -- C:\Documents and Settings\Morris\Desktop\3k83oc3p85Q35U65R0b8mf1836c4c069315d1.jpg
[2011/08/27 14:54:46 | 000,188,418 | ---- | M] () -- C:\Documents and Settings\Morris\Desktop\IMG-20110821-00739.jpg
[2011/08/27 14:54:46 | 000,178,740 | ---- | M] () -- C:\Documents and Settings\Morris\Desktop\IMG-20110821-00740.jpg
[2011/08/26 22:06:57 | 000,171,013 | ---- | M] () -- C:\Documents and Settings\Morris\Desktop\4seasonsrambler.jpg
[2011/08/26 16:33:38 | 000,278,647 | ---- | M] () -- C:\Documents and Settings\Morris\Desktop\mr1-honda-cb750-1976.jpg
[2011/08/26 16:31:16 | 001,258,177 | ---- | M] () -- C:\Documents and Settings\Morris\Desktop\Ryan-CB750-21.jpg
[2011/08/26 16:30:36 | 001,193,986 | ---- | M] () -- C:\Documents and Settings\Morris\Desktop\Ryan-CB750.jpg
[2011/08/24 21:55:32 | 000,058,534 | ---- | M] () -- C:\Documents and Settings\Morris\Desktop\chopper frame (2).jpg
[2011/08/24 21:39:40 | 000,229,358 | ---- | M] () -- C:\Documents and Settings\Morris\Desktop\R1- 2A.jpg
[2011/08/24 18:31:14 | 000,000,103 | ---- | M] () -- C:\WINDOWS\logger.res
[2011/08/24 18:24:48 | 000,000,103 | ---- | M] () -- C:\WINDOWS\logger.ini
[2011/08/19 18:12:54 | 000,001,306 | ---- | M] () -- C:\Documents and Settings\Morris\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to Downloads.lnk
[2011/08/19 18:11:40 | 000,000,408 | ---- | M] () -- C:\Documents and Settings\Morris\My Documents\Shortcut to Downloads.lnk
[2011/08/19 15:55:43 | 000,000,471 | ---- | M] () -- C:\Documents and Settings\Morris\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to entertainment.lnk
[2011/08/19 09:50:20 | 000,000,376 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2011/08/18 07:16:59 | 000,000,300 | ---- | M] () -- C:\WINDOWS\tasks\expressburnShakeIcon.job
[2011/08/15 07:40:47 | 000,025,691 | ---- | M] () -- C:\Documents and Settings\Morris\Desktop\2011.gif
[2011/08/15 07:36:59 | 000,520,282 | ---- | M] () -- C:\Documents and Settings\Morris\Desktop\2010_Calendar_template_by_SauliusN.jpg
[2011/08/13 14:08:53 | 000,017,011 | ---- | M] () -- C:\Documents and Settings\Morris\Desktop\Untitled 1.odt

========== Files Created - No Company Name ==========

[2011/09/09 10:32:53 | 000,000,719 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2011/09/09 10:29:57 | 021,073,936 | ---- | C] () -- C:\Documents and Settings\Morris\My Documents\vlc-1.1.11-win32.exe
[2011/09/09 08:24:04 | 000,037,449 | ---- | C] () -- C:\Documents and Settings\Morris\Desktop\41-1495-color.jpg
[2011/09/08 19:51:41 | 000,082,429 | ---- | C] () -- C:\Documents and Settings\Morris\Desktop\avirapopup.jpg
[2011/09/08 17:55:14 | 000,047,333 | ---- | C] () -- C:\Documents and Settings\Morris\Desktop\2011calendar-4.jpg
[2011/09/07 22:25:35 | 000,020,720 | ---- | C] () -- C:\Documents and Settings\Morris\Desktop\avptool_sysinfo.zip
[2011/09/07 17:14:36 | 000,379,133 | ---- | C] () -- C:\Documents and Settings\Morris\Desktop\otljpg.jpg
[2011/09/06 17:58:18 | 000,028,946 | ---- | C] () -- C:\Documents and Settings\Morris\Desktop\rootkitReport
[2011/09/06 17:53:28 | 000,139,264 | ---- | C] () -- C:\Documents and Settings\Morris\Desktop\RKUnhookerLE.EXE
[2011/09/06 17:52:46 | 000,000,022 | ---- | C] () -- C:\Documents and Settings\Morris\Desktop\MBR.zip
[2011/09/05 21:58:34 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Morris\Desktop\MBR.dat
[2011/09/04 03:59:14 | 000,001,986 | ---- | C] () -- C:\Documents and Settings\Morris\Desktop\HiJackThis.lnk
[2011/09/03 16:48:34 | 000,041,425 | ---- | C] () -- C:\Documents and Settings\Morris\Desktop\wesavatar.jpg
[2011/09/02 21:54:54 | 000,547,870 | ---- | C] () -- C:\Documents and Settings\Morris\Desktop\anchorman-the-legend-of-ron-burgundy-original.jpg
[2011/09/02 10:32:54 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/09/01 23:57:57 | 001,008,092 | ---- | C] () -- C:\Documents and Settings\Morris\Desktop\rkill(2).exe
[2011/09/01 22:55:40 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-MORRIS1-Morris.job
[2011/09/01 22:51:22 | 000,053,569 | ---- | C] () -- C:\Documents and Settings\Morris\Desktop\gay-[bleep]-2.jpg
[2011/09/01 22:43:18 | 000,151,293 | ---- | C] () -- C:\Documents and Settings\Morris\Desktop\aaaa.jpg
[2011/09/01 22:40:23 | 000,050,844 | ---- | C] () -- C:\Documents and Settings\Morris\Desktop\[bleep]youhaimgaycell8is.jpg
[2011/09/01 17:05:22 | 000,000,280 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1409082233-527237240-1177238915-1004.job
[2011/09/01 16:45:02 | 000,691,491 | ---- | C] () -- C:\Documents and Settings\Morris\Desktop\Funny-Comic-avatar-the-last-airbender-14238812-600-1572.jpg
[2011/09/01 16:14:32 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/09/01 16:12:10 | 000,047,168 | ---- | C] () -- C:\Documents and Settings\Morris\Desktop\fat-guy-in-a-sailor-moon-costume-What the....jpg
[2011/09/01 16:10:04 | 000,063,421 | ---- | C] () -- C:\Documents and Settings\Morris\Desktop\622_superman-plays-doctor.gif
[2011/08/31 18:42:25 | 000,096,051 | ---- | C] () -- C:\Documents and Settings\Morris\Desktop\article-0-0D7DB95800000578-965_634x830.jpg
[2011/08/31 17:41:51 | 000,000,870 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Photoshop CS5.1.lnk
[2011/08/31 17:39:05 | 000,000,832 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Bridge CS5.1.lnk
[2011/08/31 17:38:17 | 000,000,925 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Device Central CS5.5.lnk
[2011/08/31 17:36:26 | 000,001,026 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Extension Manager CS5.5.lnk
[2011/08/31 17:36:10 | 000,001,176 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe ExtendScript Toolkit CS5.5.lnk
[2011/08/31 17:35:07 | 000,000,728 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Help.lnk
[2011/08/31 17:24:02 | 000,000,089 | ---- | C] () -- C:\Documents and Settings\Morris\Desktop\Newegg.com - COMPAQ 100B (XZ846UT#ABA) Desktop PC AMD Dual-Core Processor E-350(1.6GHz) 2GB DDR3 500GB HDD Capacity AMD Rade.URL
[2011/08/31 11:11:08 | 000,074,195 | ---- | C] () -- C:\Documents and Settings\Morris\Desktop\transformers-3-ratchet-dual-mode.jpg
[2011/08/31 10:22:30 | 000,017,865 | ---- | C] () -- C:\Documents and Settings\Morris\Desktop\thumbnail.aspx
[2011/08/31 09:40:54 | 000,052,518 | ---- | C] () -- C:\Documents and Settings\Morris\Desktop\chad_ochocinco_sleeps_underneath_a_whole_bunch_of_fish2.jpg
[2011/08/31 09:40:18 | 000,063,025 | ---- | C] () -- C:\Documents and Settings\Morris\Desktop\chad_ochocinco_sleeps_underneath_a_whole_bunch_of_fish.jpg
[2011/08/27 18:37:39 | 000,008,258 | ---- | C] () -- C:\Documents and Settings\Morris\Desktop\3n73m93p25Y55R65S3b8m731e799e45991548.jpg
[2011/08/27 18:37:34 | 000,006,921 | ---- | C] () -- C:\Documents and Settings\Morris\Desktop\3n73o53lc5O15T35S4b8mc9afb2f920691ad8.jpg
[2011/08/27 18:37:08 | 000,007,166 | ---- | C] () -- C:\Documents and Settings\Morris\Desktop\3k83oc3p85Q35U65R0b8mf1836c4c069315d1.jpg
[2011/08/27 16:54:52 | 000,188,418 | ---- | C] () -- C:\Documents and Settings\Morris\Desktop\IMG-20110821-00739.jpg
[2011/08/27 16:54:52 | 000,178,740 | ---- | C] () -- C:\Documents and Settings\Morris\Desktop\IMG-20110821-00740.jpg
[2011/08/26 22:06:56 | 000,171,013 | ---- | C] () -- C:\Documents and Settings\Morris\Desktop\4seasonsrambler.jpg
[2011/08/26 16:33:37 | 000,278,647 | ---- | C] () -- C:\Documents and Settings\Morris\Desktop\mr1-honda-cb750-1976.jpg
[2011/08/26 16:30:54 | 001,258,177 | ---- | C] () -- C:\Documents and Settings\Morris\Desktop\Ryan-CB750-21.jpg
[2011/08/26 16:30:33 | 001,193,986 | ---- | C] () -- C:\Documents and Settings\Morris\Desktop\Ryan-CB750.jpg
[2011/08/25 15:02:14 | 000,022,008 | ---- | C] () -- C:\Documents and Settings\Morris\Desktop\Rv Dist..odt
[2011/08/24 21:55:29 | 000,058,534 | ---- | C] () -- C:\Documents and Settings\Morris\Desktop\chopper frame (2).jpg
[2011/08/24 21:39:40 | 000,229,358 | ---- | C] () -- C:\Documents and Settings\Morris\Desktop\R1- 2A.jpg
[2011/08/24 18:26:59 | 000,000,103 | ---- | C] () -- C:\WINDOWS\logger.res
[2011/08/24 18:24:46 | 000,000,103 | ---- | C] () -- C:\WINDOWS\logger.ini
[2011/08/19 18:11:43 | 000,001,306 | ---- | C] () -- C:\Documents and Settings\Morris\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to Downloads.lnk
[2011/08/19 18:11:40 | 000,000,408 | ---- | C] () -- C:\Documents and Settings\Morris\My Documents\Shortcut to Downloads.lnk
[2011/08/19 15:55:43 | 000,000,471 | ---- | C] () -- C:\Documents and Settings\Morris\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to entertainment.lnk
[2011/08/19 09:50:20 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2011/08/15 07:40:46 | 000,025,691 | ---- | C] () -- C:\Documents and Settings\Morris\Desktop\2011.gif
[2011/08/15 07:36:57 | 000,520,282 | ---- | C] () -- C:\Documents and Settings\Morris\Desktop\2010_Calendar_template_by_SauliusN.jpg
[2011/08/13 14:08:50 | 000,017,011 | ---- | C] () -- C:\Documents and Settings\Morris\Desktop\Untitled 1.odt
[2011/02/17 04:50:55 | 000,438,384 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/10/14 17:50:55 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Morris\Application Data\$_hpcst$.hpc
[2010/09/11 09:44:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2010/08/30 21:57:13 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\SSCoInst.exe
[2010/08/30 21:57:13 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\SVSetup.Exe
[2010/08/30 21:57:13 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\SSCoInst.dll
[2010/08/30 21:57:13 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\SVSetup.dll
[2010/08/30 21:57:12 | 000,020,594 | ---- | C] () -- C:\WINDOWS\System32\Dels3LMK.DLL
[2010/05/19 09:20:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/12/06 10:58:30 | 000,000,067 | ---- | C] () -- C:\WINDOWS\Easy Video to DVD.INI
[2009/12/06 10:45:08 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/10/06 22:46:13 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2009/10/06 22:46:13 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2009/10/06 22:24:30 | 000,155,136 | ---- | C] () -- C:\Documents and Settings\Morris\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/06 22:14:25 | 000,516,096 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2009/10/03 22:47:04 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/10/03 22:41:45 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/10/03 17:29:53 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/10/03 17:28:10 | 003,434,088 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/04/14 07:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008/04/14 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/04/14 07:00:00 | 000,432,686 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008/04/14 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/04/14 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/04/14 07:00:00 | 000,067,516 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008/04/14 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/04/14 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/04/14 07:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/04/14 07:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008/04/14 07:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/04/14 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2005/07/19 08:25:16 | 000,104,361 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2004/04/18 16:43:46 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2004/04/18 16:43:44 | 000,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll

========== Custom Scans ==========


< :OTL >

< O33 - MountPoints2\{aea44140-bb8b-11de-adf7-0017311159ee}\Shell\AutoRun\command - "" = F:\slacker.synclauncher.exe >

< O33 - MountPoints2\{aea44140-bb8b-11de-adf7-0017311159ee}\Shell\slacker\command - "" = F:\slacker.synclauncher.exe >

< >

< :Files >

< C:\autorun.inf >
[2011/04/08 21:56:36 | 000,000,109 | ---- | M] () -- C:\autorun.inf

< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.

< >

< :Reg >

< >

< :Commands >

< [purity] >

< [emptytemp] >

< [emptyflash] >

< [reboot] >

< End of report >

Attached Files


  • 0

#27
Render
Posted 10 September 2011 - 05:28 PM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
You have to click on Run Fix button so please repeat that fix and then scan from my previous post.
  • 0

#28
morrisw7
Posted 10 September 2011 - 09:12 PM

morrisw7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
I apologize for not reading it all the way, wont happen again

All processes killed
========== OTL ==========
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{aea44140-bb8b-11de-adf7-0017311159ee}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{aea44140-bb8b-11de-adf7-0017311159ee}\ not found.
File F:\slacker.synclauncher.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{aea44140-bb8b-11de-adf7-0017311159ee}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{aea44140-bb8b-11de-adf7-0017311159ee}\ not found.
File F:\slacker.synclauncher.exe not found.
========== FILES ==========
C:\autorun.inf moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Morris\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Morris\Desktop\cmd.txt deleted successfully.
========== REGISTRY ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Morris
->Temp folder emptied: 765560 bytes
->Temporary Internet Files folder emptied: 183450 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 103721216 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 2188 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 2149999084 bytes

Total Files Cleaned = 2,150.00 mb


[EMPTYFLASH]

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService
->Flash cache emptied: 0 bytes

User: Morris
->Flash cache emptied: 0 bytes

User: NetworkService
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point (0)

OTL by OldTimer - Version 3.2.27.0 log created on 09102011_214733

Files\Folders moved on Reboot...
C:\Documents and Settings\Morris\Local Settings\Temp\WCESLog.log moved successfully.

Registry entries deleted on Reboot...


OTL logfile created on: 10/09/2011 9:53:46 PM - Run 5
OTL by OldTimer - Version 3.2.27.0 Folder = C:\Documents and Settings\Morris\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd/MM/yyyy

958.48 Mb Total Physical Memory | 399.21 Mb Available Physical Memory | 41.65% Memory free
2.26 Gb Paging File | 1.79 Gb Available in Paging File | 79.35% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 4.93 Gb Free Space | 6.62% Space Free | Partition Type: NTFS
Drive F: | 74.53 Gb Total Space | 8.54 Gb Free Space | 11.46% Space Free | Partition Type: NTFS

Computer Name: MORRIS1 | User Name: Morris | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/09/07 15:13:15 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/09/04 04:08:13 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Morris\Desktop\OTL.exe
PRC - [2011/07/27 23:41:08 | 000,397,992 | ---- | M] ({StringFileInfo_CompanyName}) -- C:\Program Files\Ask.com\Updater\Updater.exe
PRC - [2011/07/21 13:12:16 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/05/09 06:42:24 | 000,428,200 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe
PRC - [2011/04/21 08:54:05 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011/04/21 08:53:48 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/04/21 08:53:33 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011/03/31 14:50:31 | 000,273,544 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2010/11/27 01:55:42 | 000,648,032 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe
PRC - [2009/07/01 11:37:06 | 000,037,888 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe
PRC - [2008/04/14 07:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2011/09/07 15:13:15 | 001,000,920 | ---- | M] () -- C:\Program Files\Mozilla Firefox\js3250.dll
MOD - [2011/07/21 16:12:31 | 000,355,688 | ---- | M] () -- C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2011/07/20 07:40:04 | 006,271,136 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2009/11/03 15:51:42 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2009/07/01 11:37:06 | 000,037,888 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe
MOD - [2008/04/14 07:00:00 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2008/04/14 07:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2005/10/25 12:54:22 | 000,020,594 | ---- | M] () -- C:\WINDOWS\system32\Dels3LMK.DLL


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/07/21 13:12:16 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/05/09 06:42:24 | 000,428,200 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2011/04/21 08:53:48 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/11/27 01:55:42 | 000,398,176 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)


========== Driver Services (SafeList) ==========

DRV - [2011/07/21 13:15:21 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/07/21 13:15:19 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/06/17 16:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/06/17 16:27:12 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2010/03/10 11:28:40 | 000,602,912 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8192su.sys -- (RTL8192su)
DRV - [2009/02/24 18:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2008/10/01 16:45:52 | 000,057,440 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\jswscimd.sys -- (JSWSCIMD)
DRV - [2008/04/13 17:05:40 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2007/12/14 04:31:00 | 000,057,408 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wsimd.sys -- (WSIMD)
DRV - [2006/03/08 14:27:12 | 004,246,016 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/01/18 18:41:58 | 000,080,512 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2005/08/13 21:35:54 | 001,313,792 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.netflix.com/MemberHome
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo....-8&fr=ytff-&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.geekstogo...l.satx.rr.com/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {1cff04ef-0c75-4621-ba2a-2efb77346996}:2.3
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}:6.0.27
FF - prefs.js..extensions.enabledItems: [email protected]:3.12.5.100006
FF - prefs.js..keyword.URL: "http://search.yahoo....type=937811&p="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.633: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.633: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.633: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.633: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@rim.com/npappworld: C:\Program Files\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Morris\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Morris\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/03/31 14:51:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.22\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/07 15:13:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.22\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/07 15:13:19 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{EB132DB0-A4CA-11DF-9732-0E29E0D72085}: C:\Program Files\Object\facetheme

[2010/05/19 09:20:41 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Morris\Application Data\Mozilla\Extensions
[2011/09/10 08:12:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Morris\Application Data\Mozilla\Firefox\Profiles\vauejyz6.default\extensions
[2011/01/18 16:24:13 | 000,000,000 | ---D | M] ("ChromaTabs Plus") -- C:\Documents and Settings\Morris\Application Data\Mozilla\Firefox\Profiles\vauejyz6.default\extensions\{1cff04ef-0c75-4621-ba2a-2efb77346996}
[2011/08/20 13:34:03 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Morris\Application Data\Mozilla\Firefox\Profiles\vauejyz6.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/09/08 19:52:08 | 000,000,000 | ---D | M] ("Avira SearchFree Toolbar plus Web Protection") -- C:\Documents and Settings\Morris\Application Data\Mozilla\Firefox\Profiles\vauejyz6.default\extensions\[email protected]
[2011/09/10 08:12:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/09/07 18:12:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/09/22 18:00:16 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/11/07 23:16:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/09/02 07:41:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
[2011/03/31 14:51:04 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2010/09/07 18:11:59 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/07/19 05:05:25 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2011/09/02 07:04:38 | 000,001,719 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 3dns.adobe.com 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com activate.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.wip.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip1.adobe.com activate.wip2.adobe.com activate.wip3.adobe.com activate.wip4.adobe.com adobe-dns.adobe.com adobe-dns-1.adobe.com adobe-dns-2.adobe.com adobe-dns-3.adobe.com adobe-dns-4.adobe.com
O1 - Hosts: 127.0.0.1 adobeereg.com practivate.adobe practivate.adobe.com practivate.adobe.newoa practivate.adobe.ntp practivate.adobe.ipp ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com
O1 - Hosts: 127.0.0.1 www.adobeereg.com wwis-dubc1-vip60.adobe.com www.wip.adobe.com www.wip1.adobe.com
O1 - Hosts: 127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com wwis-dubc1-vip60.adobe.com crl.verisign.net CRL.VERISIGN.NET ood.opsource.net
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe ({StringFileInfo_CompanyName})
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2....re/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.h...tDetection2.cab (GMNRev Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1E0C60E1-35FD-4B7C-80E9-A59B35CFB133}: DhcpNameServer = 192.168.2.1 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5800F597-3DBD-4A54-AE77-825F225B9440}: DhcpNameServer = 10.0.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/10/03 22:44:37 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - Unable to obtain root file information for disk F:\
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/09/10 21:47:33 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/09/09 10:32:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\VideoLAN
[2011/09/09 08:20:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Morris\Application Data\vlc
[2011/09/07 19:15:03 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Morris\Desktop\TFC.exe
[2011/09/07 15:06:09 | 001,402,672 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Morris\Desktop\TDSSKiller.exe
[2011/09/04 04:23:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Sun
[2011/09/04 04:08:13 | 000,581,120 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Morris\Desktop\OTL.exe
[2011/09/04 03:59:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Morris\Start Menu\Programs\HiJackThis
[2011/09/04 03:59:13 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/09/04 03:15:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Real
[2011/09/02 10:33:23 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Morris\Recent
[2011/09/02 10:32:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
[2011/09/02 07:41:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/09/02 06:05:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2011/09/01 17:07:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2011/09/01 17:07:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2011/09/01 16:14:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2011/09/01 16:14:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/09/01 16:14:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/09/01 07:41:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Morris\Desktop\brandon PS
[2011/08/31 17:47:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2011/08/25 15:30:27 | 000,000,000 | ---D | C] -- C:\Sierra
[2011/08/24 18:24:33 | 000,000,000 | ---D | C] -- C:\Program Files\Digital Loggers Inc
[2011/08/20 22:13:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Morris\Desktop\New Folder (4)
[2011/08/20 22:06:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Morris\Desktop\sweet 16
[2011/08/19 11:42:07 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Morris\My Documents\My Web Sites
[2011/08/19 09:49:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office
[2011/08/19 09:48:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2011/08/19 09:47:29 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2011/08/19 09:47:28 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2011/08/19 09:44:44 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2011/08/16 07:17:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Morris\Desktop\frio trip

========== Files - Modified Within 30 Days ==========

[2011/09/10 22:01:05 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2011/09/10 21:58:38 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1409082233-527237240-1177238915-1004.job
[2011/09/10 21:58:38 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1409082233-527237240-1177238915-1004.job
[2011/09/10 21:52:12 | 000,432,686 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/09/10 21:52:12 | 000,067,516 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/09/10 21:49:50 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/09/10 21:10:00 | 000,000,982 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1409082233-527237240-1177238915-1004UA.job
[2011/09/10 19:10:00 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1409082233-527237240-1177238915-1004Core.job
[2011/09/10 18:10:11 | 000,013,702 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/09/10 16:53:12 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/09/10 16:52:22 | 000,155,136 | ---- | M] () -- C:\Documents and Settings\Morris\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/09/09 14:28:15 | 000,022,008 | ---- | M] () -- C:\Documents and Settings\Morris\Desktop\Rv Dist..odt
[2011/09/09 10:32:53 | 000,000,719 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2011/09/09 10:30:47 | 021,073,936 | ---- | M] () -- C:\Documents and Settings\Morris\My Documents\vlc-1.1.11-win32.exe
[2011/09/09 08:24:05 | 000,037,449 | ---- | M] () -- C:\Documents and Settings\Morris\Desktop\41-1495-color.jpg
[2011/09/09 02:00:04 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-MORRIS1-Morris.job
[2011/09/08 19:51:43 | 000,082,429 | ---- | M] () -- C:\Documents and Settings\Morris\Desktop\avirapopup.jpg
[2011/09/08 17:55:18 | 000,047,333 | ---- | M] () -- C:\Documents and Settings\Morris\Desktop\2011calendar-4.jpg
[2011/09/07 22:13:22 | 000,020,720 | ---- | M] () -- C:\Documents and Settings\Morris\Desktop\avptool_sysinfo.zip
[2011/09/07 20:00:09 | 000,000,022 | ---- | M] () -- C:\Documents and Settings\Morris\Desktop\MBR.zip
[2011/09/07 19:15:03 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Morris\Desktop\TFC.exe
[2011/09/07 17:14:40 | 000,379,133 | ---- | M] () -- C:\Documents and Settings\Morris\Desktop\otljpg.jpg
[2011/09/07 17:03:32 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Morris\Desktop\MBR.dat
[2011/09/06 19:25:42 | 001,402,672 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Morris\Desktop\TDSSKiller.exe
[2011/09/06 17:58:18 | 000,028,946 | ---- | M] () -- C:\Documents and Settings\Morris\Desktop\rootkitReport
[2011/09/06 17:53:28 | 000,139,264 | ---- | M] () -- C:\Documents and Settings\Morris\Desktop\RKUnhookerLE.EXE
[2011/09/05 12:09:53 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/09/04 04:08:13 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Morris\Desktop\OTL.exe
[2011/09/04 03:59:14 | 000,001,986 | ---- | M] () -- C:\Documents and Settings\Morris\Desktop\HiJackThis.lnk
[2011/09/03 17:09:26 | 000,002,271 | ---- | M] () -- C:\Documents and Settings\Morris\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/09/03 17:09:25 | 000,002,293 | ---- | M] () -- C:\Documents and Settings\Morris\Desktop\Google Chrome.lnk
[2011/09/03 16:48:36 | 000,041,425 | ---- | M] () -- C:\Documents and Settings\Morris\Desktop\wesavatar.jpg
[2011/09/02 21:54:55 | 000,547,870 | ---- | M] () -- C:\Documents and Settings\Morris\Desktop\anchorman-the-legend-of-ron-burgundy-original.jpg
[2011/09/02 10:32:54 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/09/02 07:04:38 | 000,001,719 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/09/01 23:58:20 | 001,008,092 | ---- | M] () -- C:\Documents and Settings\Morris\Desktop\rkill(2).exe
[2011/09/01 22:51:23 | 000,053,569 | ---- | M] () -- C:\Documents and Settings\Morris\Desktop\gay-[bleep]-2.jpg
[2011/09/01 22:43:44 | 000,151,293 | ---- | M] () -- C:\Documents and Settings\Morris\Desktop\aaaa.jpg
[2011/09/01 22:40:27 | 000,050,844 | ---- | M] () -- C:\Documents and Settings\Morris\Desktop\[bleep]youhaimgaycell8is.jpg
[2011/09/01 16:45:49 | 000,691,491 | ---- | M] () -- C:\Documents and Settings\Morris\Desktop\Funny-Comic-avatar-the-last-airbender-14238812-600-1572.jpg
[2011/09/01 16:12:12 | 000,047,168 | ---- | M] () -- C:\Documents and Settings\Morris\Desktop\fat-guy-in-a-sailor-moon-costume-What the....jpg
[2011/09/01 16:10:07 | 000,063,421 | ---- | M] () -- C:\Documents and Settings\Morris\Desktop\622_superman-plays-doctor.gif
[2011/09/01 07:35:48 | 003,434,088 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/08/31 18:42:39 | 000,096,051 | ---- | M] () -- C:\Documents and Settings\Morris\Desktop\article-0-0D7DB95800000578-965_634x830.jpg
[2011/08/31 17:24:02 | 000,000,089 | ---- | M] () -- C:\Documents and Settings\Morris\Desktop\Newegg.com - COMPAQ 100B (XZ846UT#ABA) Desktop PC AMD Dual-Core Processor E-350(1.6GHz) 2GB DDR3 500GB HDD Capacity AMD Rade.URL
[2011/08/31 12:14:04 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/08/31 11:11:16 | 000,074,195 | ---- | M] () -- C:\Documents and Settings\Morris\Desktop\transformers-3-ratchet-dual-mode.jpg
[2011/08/31 10:22:32 | 000,017,865 | ---- | M] () -- C:\Documents and Settings\Morris\Desktop\thumbnail.aspx
[2011/08/31 09:40:56 | 000,052,518 | ---- | M] () -- C:\Documents and Settings\Morris\Desktop\chad_ochocinco_sleeps_underneath_a_whole_bunch_of_fish2.jpg
[2011/08/31 09:40:19 | 000,063,025 | ---- | M] () -- C:\Documents and Settings\Morris\Desktop\chad_ochocinco_sleeps_underneath_a_whole_bunch_of_fish.jpg
[2011/08/27 18:37:39 | 000,008,258 | ---- | M] () -- C:\Documents and Settings\Morris\Desktop\3n73m93p25Y55R65S3b8m731e799e45991548.jpg
[2011/08/27 18:37:35 | 000,006,921 | ---- | M] () -- C:\Documents and Settings\Morris\Desktop\3n73o53lc5O15T35S4b8mc9afb2f920691ad8.jpg
[2011/08/27 18:37:10 | 000,007,166 | ---- | M] () -- C:\Documents and Settings\Morris\Desktop\3k83oc3p85Q35U65R0b8mf1836c4c069315d1.jpg
[2011/08/27 14:54:46 | 000,188,418 | ---- | M] () -- C:\Documents and Settings\Morris\Desktop\IMG-20110821-00739.jpg
[2011/08/27 14:54:46 | 000,178,740 | ---- | M] () -- C:\Documents and Settings\Morris\Desktop\IMG-20110821-00740.jpg
[2011/08/26 22:06:57 | 000,171,013 | ---- | M] () -- C:\Documents and Settings\Morris\Desktop\4seasonsrambler.jpg
[2011/08/26 16:33:38 | 000,278,647 | ---- | M] () -- C:\Documents and Settings\Morris\Desktop\mr1-honda-cb750-1976.jpg
[2011/08/26 16:31:16 | 001,258,177 | ---- | M] () -- C:\Documents and Settings\Morris\Desktop\Ryan-CB750-21.jpg
[2011/08/26 16:30:36 | 001,193,986 | ---- | M] () -- C:\Documents and Settings\Morris\Desktop\Ryan-CB750.jpg
[2011/08/24 21:55:32 | 000,058,534 | ---- | M] () -- C:\Documents and Settings\Morris\Desktop\chopper frame (2).jpg
[2011/08/24 21:39:40 | 000,229,358 | ---- | M] () -- C:\Documents and Settings\Morris\Desktop\R1- 2A.jpg
[2011/08/24 18:31:14 | 000,000,103 | ---- | M] () -- C:\WINDOWS\logger.res
[2011/08/24 18:24:48 | 000,000,103 | ---- | M] () -- C:\WINDOWS\logger.ini
[2011/08/19 18:12:54 | 000,001,306 | ---- | M] () -- C:\Documents and Settings\Morris\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to Downloads.lnk
[2011/08/19 18:11:40 | 000,000,408 | ---- | M] () -- C:\Documents and Settings\Morris\My Documents\Shortcut to Downloads.lnk
[2011/08/19 15:55:43 | 000,000,471 | ---- | M] () -- C:\Documents and Settings\Morris\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to entertainment.lnk
[2011/08/19 09:50:20 | 000,000,376 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2011/08/18 07:16:59 | 000,000,300 | ---- | M] () -- C:\WINDOWS\tasks\expressburnShakeIcon.job
[2011/08/15 07:40:47 | 000,025,691 | ---- | M] () -- C:\Documents and Settings\Morris\Desktop\2011.gif
[2011/08/15 07:36:59 | 000,520,282 | ---- | M] () -- C:\Documents and Settings\Morris\Desktop\2010_Calendar_template_by_SauliusN.jpg
[2011/08/13 14:08:53 | 000,017,011 | ---- | M] () -- C:\Documents and Settings\Morris\Desktop\Untitled 1.odt

========== Files Created - No Company Name ==========

[2011/09/09 10:32:53 | 000,000,719 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2011/09/09 10:29:57 | 021,073,936 | ---- | C] () -- C:\Documents and Settings\Morris\My Documents\vlc-1.1.11-win32.exe
[2011/09/09 08:24:04 | 000,037,449 | ---- | C] () -- C:\Documents and Settings\Morris\Desktop\41-1495-color.jpg
[2011/09/08 19:51:41 | 000,082,429 | ---- | C] () -- C:\Documents and Settings\Morris\Desktop\avirapopup.jpg
[2011/09/08 17:55:14 | 000,047,333 | ---- | C] () -- C:\Documents and Settings\Morris\Desktop\2011calendar-4.jpg
[2011/09/07 22:25:35 | 000,020,720 | ---- | C] () -- C:\Documents and Settings\Morris\Desktop\avptool_sysinfo.zip
[2011/09/07 17:14:36 | 000,379,133 | ---- | C] () -- C:\Documents and Settings\Morris\Desktop\otljpg.jpg
[2011/09/06 17:58:18 | 000,028,946 | ---- | C] () -- C:\Documents and Settings\Morris\Desktop\rootkitReport
[2011/09/06 17:53:28 | 000,139,264 | ---- | C] () -- C:\Documents and Settings\Morris\Desktop\RKUnhookerLE.EXE
[2011/09/06 17:52:46 | 000,000,022 | ---- | C] () -- C:\Documents and Settings\Morris\Desktop\MBR.zip
[2011/09/05 21:58:34 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Morris\Desktop\MBR.dat
[2011/09/04 03:59:14 | 000,001,986 | ---- | C] () -- C:\Documents and Settings\Morris\Desktop\HiJackThis.lnk
[2011/09/03 16:48:34 | 000,041,425 | ---- | C] () -- C:\Documents and Settings\Morris\Desktop\wesavatar.jpg
[2011/09/02 21:54:54 | 000,547,870 | ---- | C] () -- C:\Documents and Settings\Morris\Desktop\anchorman-the-legend-of-ron-burgundy-original.jpg
[2011/09/02 10:32:54 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/09/01 23:57:57 | 001,008,092 | ---- | C] () -- C:\Documents and Settings\Morris\Desktop\rkill(2).exe
[2011/09/01 22:55:40 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-MORRIS1-Morris.job
[2011/09/01 22:51:22 | 000,053,569 | ---- | C] () -- C:\Documents and Settings\Morris\Desktop\gay-[bleep]-2.jpg
[2011/09/01 22:43:18 | 000,151,293 | ---- | C] () -- C:\Documents and Settings\Morris\Desktop\aaaa.jpg
[2011/09/01 22:40:23 | 000,050,844 | ---- | C] () -- C:\Documents and Settings\Morris\Desktop\[bleep]youhaimgaycell8is.jpg
[2011/09/01 17:05:22 | 000,000,280 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1409082233-527237240-1177238915-1004.job
[2011/09/01 16:45:02 | 000,691,491 | ---- | C] () -- C:\Documents and Settings\Morris\Desktop\Funny-Comic-avatar-the-last-airbender-14238812-600-1572.jpg
[2011/09/01 16:14:32 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/09/01 16:12:10 | 000,047,168 | ---- | C] () -- C:\Documents and Settings\Morris\Desktop\fat-guy-in-a-sailor-moon-costume-What the....jpg
[2011/09/01 16:10:04 | 000,063,421 | ---- | C] () -- C:\Documents and Settings\Morris\Desktop\622_superman-plays-doctor.gif
[2011/08/31 18:42:25 | 000,096,051 | ---- | C] () -- C:\Documents and Settings\Morris\Desktop\article-0-0D7DB95800000578-965_634x830.jpg
[2011/08/31 17:41:51 | 000,000,870 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Photoshop CS5.1.lnk
[2011/08/31 17:39:05 | 000,000,832 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Bridge CS5.1.lnk
[2011/08/31 17:38:17 | 000,000,925 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Device Central CS5.5.lnk
[2011/08/31 17:36:26 | 000,001,026 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Extension Manager CS5.5.lnk
[2011/08/31 17:36:10 | 000,001,176 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe ExtendScript Toolkit CS5.5.lnk
[2011/08/31 17:35:07 | 000,000,728 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Help.lnk
[2011/08/31 17:24:02 | 000,000,089 | ---- | C] () -- C:\Documents and Settings\Morris\Desktop\Newegg.com - COMPAQ 100B (XZ846UT#ABA) Desktop PC AMD Dual-Core Processor E-350(1.6GHz) 2GB DDR3 500GB HDD Capacity AMD Rade.URL
[2011/08/31 11:11:08 | 000,074,195 | ---- | C] () -- C:\Documents and Settings\Morris\Desktop\transformers-3-ratchet-dual-mode.jpg
[2011/08/31 10:22:30 | 000,017,865 | ---- | C] () -- C:\Documents and Settings\Morris\Desktop\thumbnail.aspx
[2011/08/31 09:40:54 | 000,052,518 | ---- | C] () -- C:\Documents and Settings\Morris\Desktop\chad_ochocinco_sleeps_underneath_a_whole_bunch_of_fish2.jpg
[2011/08/31 09:40:18 | 000,063,025 | ---- | C] () -- C:\Documents and Settings\Morris\Desktop\chad_ochocinco_sleeps_underneath_a_whole_bunch_of_fish.jpg
[2011/08/27 18:37:39 | 000,008,258 | ---- | C] () -- C:\Documents and Settings\Morris\Desktop\3n73m93p25Y55R65S3b8m731e799e45991548.jpg
[2011/08/27 18:37:34 | 000,006,921 | ---- | C] () -- C:\Documents and Settings\Morris\Desktop\3n73o53lc5O15T35S4b8mc9afb2f920691ad8.jpg
[2011/08/27 18:37:08 | 000,007,166 | ---- | C] () -- C:\Documents and Settings\Morris\Desktop\3k83oc3p85Q35U65R0b8mf1836c4c069315d1.jpg
[2011/08/27 16:54:52 | 000,188,418 | ---- | C] () -- C:\Documents and Settings\Morris\Desktop\IMG-20110821-00739.jpg
[2011/08/27 16:54:52 | 000,178,740 | ---- | C] () -- C:\Documents and Settings\Morris\Desktop\IMG-20110821-00740.jpg
[2011/08/26 22:06:56 | 000,171,013 | ---- | C] () -- C:\Documents and Settings\Morris\Desktop\4seasonsrambler.jpg
[2011/08/26 16:33:37 | 000,278,647 | ---- | C] () -- C:\Documents and Settings\Morris\Desktop\mr1-honda-cb750-1976.jpg
[2011/08/26 16:30:54 | 001,258,177 | ---- | C] () -- C:\Documents and Settings\Morris\Desktop\Ryan-CB750-21.jpg
[2011/08/26 16:30:33 | 001,193,986 | ---- | C] () -- C:\Documents and Settings\Morris\Desktop\Ryan-CB750.jpg
[2011/08/25 15:02:14 | 000,022,008 | ---- | C] () -- C:\Documents and Settings\Morris\Desktop\Rv Dist..odt
[2011/08/24 21:55:29 | 000,058,534 | ---- | C] () -- C:\Documents and Settings\Morris\Desktop\chopper frame (2).jpg
[2011/08/24 21:39:40 | 000,229,358 | ---- | C] () -- C:\Documents and Settings\Morris\Desktop\R1- 2A.jpg
[2011/08/24 18:26:59 | 000,000,103 | ---- | C] () -- C:\WINDOWS\logger.res
[2011/08/24 18:24:46 | 000,000,103 | ---- | C] () -- C:\WINDOWS\logger.ini
[2011/08/19 18:11:43 | 000,001,306 | ---- | C] () -- C:\Documents and Settings\Morris\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to Downloads.lnk
[2011/08/19 18:11:40 | 000,000,408 | ---- | C] () -- C:\Documents and Settings\Morris\My Documents\Shortcut to Downloads.lnk
[2011/08/19 15:55:43 | 000,000,471 | ---- | C] () -- C:\Documents and Settings\Morris\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to entertainment.lnk
[2011/08/19 09:50:20 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2011/08/15 07:40:46 | 000,025,691 | ---- | C] () -- C:\Documents and Settings\Morris\Desktop\2011.gif
[2011/08/15 07:36:57 | 000,520,282 | ---- | C] () -- C:\Documents and Settings\Morris\Desktop\2010_Calendar_template_by_SauliusN.jpg
[2011/08/13 14:08:50 | 000,017,011 | ---- | C] () -- C:\Documents and Settings\Morris\Desktop\Untitled 1.odt
[2011/02/17 04:50:55 | 000,438,384 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/10/14 17:50:55 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Morris\Application Data\$_hpcst$.hpc
[2010/09/11 09:44:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2010/08/30 21:57:13 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\SSCoInst.exe
[2010/08/30 21:57:13 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\SVSetup.Exe
[2010/08/30 21:57:13 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\SSCoInst.dll
[2010/08/30 21:57:13 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\SVSetup.dll
[2010/08/30 21:57:12 | 000,020,594 | ---- | C] () -- C:\WINDOWS\System32\Dels3LMK.DLL
[2010/05/19 09:20:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/12/06 10:58:30 | 000,000,067 | ---- | C] () -- C:\WINDOWS\Easy Video to DVD.INI
[2009/12/06 10:45:08 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/10/06 22:46:13 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2009/10/06 22:46:13 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2009/10/06 22:24:30 | 000,155,136 | ---- | C] () -- C:\Documents and Settings\Morris\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/06 22:14:25 | 000,516,096 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2009/10/03 22:47:04 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/10/03 22:41:45 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/10/03 17:29:53 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/10/03 17:28:10 | 003,434,088 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/04/14 07:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008/04/14 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/04/14 07:00:00 | 000,432,686 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008/04/14 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/04/14 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/04/14 07:00:00 | 000,067,516 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008/04/14 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/04/14 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/04/14 07:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/04/14 07:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008/04/14 07:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/04/14 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2005/07/19 08:25:16 | 000,104,361 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2004/04/18 16:43:46 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2004/04/18 16:43:44 | 000,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll

========== LOP Check ==========

[2011/01/20 09:12:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/09/13 20:28:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2009/10/06 22:57:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NETGEAR
[2011/09/01 23:30:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2010/08/30 20:54:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2011/08/05 21:33:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YouTube Downloader
[2010/12/26 12:49:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/03/15 00:17:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2011/09/09 15:58:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Morris\Application Data\.purple
[2011/09/09 06:58:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Morris\Application Data\BitTorrent
[2009/10/07 12:52:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Morris\Application Data\Blitware
[2011/08/16 10:20:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Morris\Application Data\gtk-2.0
[2010/09/13 20:25:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Morris\Application Data\NCH Swift Sound
[2010/09/07 18:17:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Morris\Application Data\OpenOffice.org
[2011/04/06 08:58:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Morris\Application Data\Softland
[2011/01/20 12:27:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Morris\Application Data\TeamViewer
[2009/10/06 22:09:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Morris\Application Data\WinBatch
[2010/11/03 22:18:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Morris\Application Data\Xilisoft Corporation
[2010/04/11 10:11:01 | 000,000,306 | ---- | M] () -- C:\WINDOWS\Tasks\expressburnSevenDaysInit.job
[2011/08/18 07:16:59 | 000,000,300 | ---- | M] () -- C:\WINDOWS\Tasks\expressburnShakeIcon.job
[2010/09/16 20:29:02 | 000,000,280 | ---- | M] () -- C:\WINDOWS\Tasks\goldenShakeIcon.job
[2011/09/10 22:01:05 | 000,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
[2010/04/28 07:36:41 | 000,000,280 | ---- | M] () -- C:\WINDOWS\Tasks\switchShakeIcon.job

========== Purity Check ==========



< End of report >

Attached Files


  • 0

#29
Render
Posted 11 September 2011 - 04:25 AM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Can you please give me an update on how your computer's running. Problem solved now then?
  • 0

#30
morrisw7
Posted 14 September 2011 - 09:09 PM

morrisw7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
I'm sorry I haven't had a chance to get back on the this computer for awhile. However I still have the autorun.inf pop up.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP