Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Win32.Sality.1

Started by NatPortmanYUM , Sep 30 2011 11:40 PM

  • Please log in to reply

#1
NatPortmanYUM
Posted 30 September 2011 - 11:40 PM

NatPortmanYUM

    Member

  • Member
  • PipPip
  • 25 posts
EDIT:I just ran a custom scan with Bitdefender(Agressive mode) and it looks to have resolved most of the exe files infected with Sality(Pic below). But there is still 1 detected threat affecting 3 objects(pic below)
Posted Image
Posted Image




I guess I should really scan things before downloading :) I guess at the time, I had no clue I had a virus until my internet was turned turned off by my internet supplier. When I phoned, they told me that one of the computers in my network had been infected and the virus itself could effect other customers. So before I could get my modem un-suspended, I was to get rid of the viruses. The first program I used was malwarebytes and it had found 13 infected files(one of them was a keylogger), I deleted them and thought everything was alright. I guessed wrong, about a day after I had my internet running again, I had another call from my internet supplier that they were going to have to suspend my modem again because of another virus found in my network. Malwarebytes couldn't find anything this time, so I tried bitdefender. It found like 2000+ infected files, I cured and deleted the ones that couldn't be cured. I still wasn't 100% sure everything was gone. I then decided to try Dr.Web's Cureit, I noticed it found of of exe's from the "System Volume Information" folder on my slave drive infected with something called "Win.sector.18", at least 700 of them had this. I cured all the ones I could and deleted the ones it could not.

Now I'm not sure if I got everything and want to make sure I get it all so I can feel safe again.

This is the latest OTL scan since I've edited my post and added those pictures(Not done in safe mode this time either)


OTL logfile created on: 10/1/2011 10:32:36 AM - Run 2
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Documents and Settings\Customer\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.75 Gb Total Physical Memory | 2.01 Gb Available Physical Memory | 73.16% Memory free
4.64 Gb Paging File | 4.11 Gb Available in Paging File | 88.62% Paging File free
Paging file location(s): C:\pagefile.sys 2096 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 58.59 Gb Total Space | 24.23 Gb Free Space | 41.35% Space Free | Partition Type: NTFS
Drive D: | 227.94 Gb Total Space | 28.93 Gb Free Space | 12.69% Space Free | Partition Type: NTFS
Drive F: | 4.88 Gb Total Space | 1.48 Gb Free Space | 30.30% Space Free | Partition Type: FAT32
Drive G: | 54.68 Mb Total Space | 54.67 Mb Free Space | 99.98% Space Free | Partition Type: FAT
Drive H: | 174.28 Gb Total Space | 174.16 Gb Free Space | 99.93% Space Free | Partition Type: NTFS

Computer Name: CUSTOMER2007 | User Name: Customer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/01 23:45:28 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Customer\Desktop\OTL.exe
PRC - [2011/09/21 15:25:10 | 001,067,720 | ---- | M] (Bitdefender) -- C:\Program Files\Bitdefender\Bitdefender 2012\seccenter.exe
PRC - [2011/09/20 12:47:06 | 001,538,472 | ---- | M] (Bitdefender) -- C:\Program Files\Bitdefender\Bitdefender 2012\vsserv.exe
PRC - [2011/09/19 19:01:22 | 001,147,048 | ---- | M] (Bitdefender) -- C:\Program Files\Bitdefender\Bitdefender 2012\bdagent.exe
PRC - [2011/09/19 19:00:34 | 000,093,912 | ---- | M] (Bitdefender) -- C:\Program Files\Bitdefender\Bitdefender 2012\pchooklaunch32.exe
PRC - [2011/09/15 08:47:30 | 000,626,416 | ---- | M] (Bitdefender) -- C:\Program Files\Bitdefender\Bitdefender 2012\odscanui.exe
PRC - [2011/09/13 18:46:48 | 000,050,128 | ---- | M] (Bitdefender) -- C:\Program Files\Bitdefender\Bitdefender 2012\updatesrv.exe
PRC - [2011/09/01 07:27:08 | 000,671,552 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
PRC - [2011/09/01 07:23:52 | 001,526,080 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
PRC - [2011/08/08 13:09:18 | 000,066,608 | ---- | M] (BitDefender) -- C:\Program Files\Bitdefender\Bitdefender Safebox\safeboxservice.exe
PRC - [2009/06/07 08:20:20 | 000,061,440 | ---- | M] (Nalpeiron Ltd.) -- C:\WINDOWS\system32\nlssrv32.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/11/26 15:47:40 | 000,598,856 | ---- | M] (Webroot Software, Inc.) -- C:\Program Files\Webroot\Washer\WasherSvc.exe
PRC - [2007/11/20 16:53:36 | 000,147,456 | ---- | M] (Razer USA Ltd.) -- C:\Program Files\Razer\Lycosa\razerhid.exe


========== Modules (No Company Name) ==========

MOD - [2011/09/29 12:13:33 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\10154dcad2d62f226af2fd4211460a4b\System.Xml.ni.dll
MOD - [2011/09/29 12:13:29 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\77df2cd21a5b85a1605b335aa9ad9d44\System.Configuration.ni.dll
MOD - [2011/09/29 12:13:23 | 007,950,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e6c79e1d71b0c9000afd7e5e439b5c54\System.ni.dll
MOD - [2011/09/29 12:13:16 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll
MOD - [2011/09/29 03:16:33 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2011/09/19 18:58:32 | 000,154,152 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\framework.dll
MOD - [2011/09/15 08:51:42 | 000,115,712 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\UI\bdidntconp.ui
MOD - [2011/09/15 08:47:42 | 000,324,096 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\bdidntconp.dll
MOD - [2011/09/14 17:28:00 | 000,107,008 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\UI\popup.ui
MOD - [2011/09/14 17:28:00 | 000,004,608 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\UI\imsecurityal.ui
MOD - [2011/09/14 17:27:58 | 000,003,072 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\UI\accessl.ui
MOD - [2011/09/13 18:51:46 | 000,035,208 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\procinfo.dll
MOD - [2011/09/13 18:44:04 | 000,132,016 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\popup.dll
MOD - [2011/09/13 18:37:28 | 000,109,856 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\connector.dll
MOD - [2011/09/13 18:37:16 | 000,243,768 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\avc3al.dll
MOD - [2011/09/13 18:37:14 | 000,061,440 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\excludemgr.dll
MOD - [2011/09/13 18:35:50 | 000,059,392 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\bdmltusrsrv.dll
MOD - [2011/09/13 18:35:26 | 000,202,032 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\txmlutil.dll
MOD - [2011/09/13 18:35:16 | 000,035,720 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\strdecoder.dll
MOD - [2011/09/13 18:08:25 | 000,337,992 | ---- | M] () -- \\?\C:\Program Files\Common Files\Bitdefender\Bitdefender Threat Scanner\trufos.dll
MOD - [2011/08/29 14:55:58 | 000,574,904 | ---- | M] () -- C:\Program Files\Common Files\Bitdefender\Bitdefender Threat Scanner\bdsmartdb.dll
MOD - [2011/08/09 12:16:10 | 000,112,952 | ---- | M] () -- \\?\C:\Program Files\Bitdefender\Bitdefender 2012\bdnimbus.dll
MOD - [2011/07/29 11:29:08 | 001,236,176 | ---- | M] () -- \\?\C:\Program Files\Bitdefender\Bitdefender 2012\wslib.dll
MOD - [2011/07/14 17:59:24 | 000,074,336 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\bdmetrics.dll
MOD - [2011/05/19 19:34:22 | 000,056,224 | ---- | M] () -- \\?\C:\Program Files\Common Files\Bitdefender\Bitdefender Threat Scanner\Antivirus_06040_002\avxdisk.dll
MOD - [2011/03/01 17:46:16 | 000,132,176 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\bdfwcore.dll
MOD - [2009/08/16 17:06:02 | 000,141,312 | ---- | M] () -- D:\Program Files\WinRAR\RarExt.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (UPS)
SRV - File not found [Disabled | Stopped] -- -- (NMIndexingService)
SRV - [2011/09/28 19:52:20 | 000,649,216 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/09/20 12:47:06 | 001,538,472 | ---- | M] (Bitdefender) [Auto | Running] -- C:\Program Files\Bitdefender\Bitdefender 2012\vsserv.exe -- (VSSERV)
SRV - [2011/09/13 18:46:48 | 000,050,128 | ---- | M] (Bitdefender) [Auto | Running] -- C:\Program Files\Bitdefender\Bitdefender 2012\updatesrv.exe -- (UPDATESRV)
SRV - [2011/09/13 18:08:26 | 000,307,544 | ---- | M] (BitDefender) [On_Demand | Stopped] -- C:\Program Files\Common Files\Bitdefender\Bitdefender Arrakis Server\bin\arrakis3.exe -- (Update Server)
SRV - [2011/09/01 07:23:52 | 001,526,080 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2011/09/01 07:18:56 | 000,029,504 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp)
SRV - [2011/08/08 13:09:18 | 000,066,608 | ---- | M] (BitDefender) [Auto | Running] -- C:\Program Files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe -- (SafeBox)
SRV - [2009/07/15 00:32:20 | 000,387,616 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)) ForceWare Intelligent Application Manager (IAM)
SRV - [2009/07/15 00:32:20 | 000,178,720 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe -- (nSvcIp)
SRV - [2009/06/07 08:20:20 | 000,061,440 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\WINDOWS\system32\nlssrv32.exe -- (nlsX86cc)
SRV - [2009/05/15 08:35:52 | 000,935,208 | ---- | M] (Nero AG) [Disabled | Stopped] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2007/11/26 15:47:40 | 000,598,856 | ---- | M] (Webroot Software, Inc.) [Auto | Running] -- C:\Program Files\Webroot\Washer\WasherSvc.exe -- (wwEngineSvc)


========== Driver Services (SafeList) ==========

DRV - [2011/09/29 12:40:30 | 000,232,512 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2011/09/29 12:27:21 | 000,443,448 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2011/09/13 18:08:25 | 000,311,248 | ---- | M] (BitDefender S.R.L.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\trufos.sys -- (trufos)
DRV - [2011/09/01 15:29:12 | 000,062,544 | ---- | M] (BitDefender SRL) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bdsandbox.sys -- (bdsandbox)
DRV - [2011/09/01 11:15:08 | 000,454,960 | ---- | M] (BitDefender) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avckf.sys -- (avckf)
DRV - [2011/09/01 11:12:42 | 000,596,600 | ---- | M] (BitDefender) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avc3.sys -- (avc3)
DRV - [2011/07/19 16:20:36 | 000,127,056 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys -- (bdselfpr)
DRV - [2011/07/15 16:11:46 | 000,240,184 | ---- | M] (BitDefender) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avchv.sys -- (avchv)
DRV - [2011/03/24 15:36:18 | 000,353,096 | ---- | M] (BitDefender) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\bdfsfltr.sys -- (bdfsfltr)
DRV - [2011/03/01 17:45:34 | 000,113,232 | ---- | M] (BitDefender LLC) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf.sys -- (Bdfndisf)
DRV - [2011/03/01 17:45:32 | 000,130,640 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdftdif.sys -- (bdftdif)
DRV - [2011/02/10 11:22:58 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2010/11/02 20:36:26 | 006,188,648 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2010/01/19 19:32:40 | 000,085,128 | ---- | M] (BitDefender) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\bdvedisk.sys -- (BDVEDISK)
DRV - [2009/11/18 08:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2009/11/18 08:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2009/08/24 07:09:48 | 000,025,280 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2009/08/05 23:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2009/07/01 11:52:02 | 000,015,872 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2009/07/01 11:52:00 | 000,067,328 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2009/06/30 17:31:00 | 000,164,896 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvgts.sys -- (nvgts)
DRV - [2009/02/24 19:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2008/01/24 18:09:34 | 000,048,904 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmXlCore.sys -- (WmXlCore)
DRV - [2008/01/24 18:09:24 | 000,014,728 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmVirHid.sys -- (WmVirHid)
DRV - [2008/01/24 18:09:04 | 000,028,168 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmFilter.sys -- (WmFilter)
DRV - [2008/01/24 18:08:54 | 000,019,336 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmBEnum.sys -- (WmBEnum)
DRV - [2008/01/18 14:43:16 | 000,016,128 | ---- | M] (Razer USA Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Lycosa.sys -- (LycoFltr)
DRV - [2006/11/10 09:08:50 | 000,024,064 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\ATITool.sys -- (ATITool)
DRV - [2006/10/26 04:48:38 | 000,027,136 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tapvpn.sys -- (tapvpn)
DRV - [2006/09/21 16:39:16 | 000,105,344 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/iat/us_ca.aspx
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A2 BA 9D 92 87 65 CA 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/...?FORM=IEFM1&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://ca.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: [email protected]:1.01
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.81
FF - prefs.js..extensions.enabledItems: [email protected]:1.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}:4.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "http://www.bing.com/...?FORM=IEFM1&q="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=0.9.6: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Customer\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Customer\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011/05/14 00:30:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011/05/14 00:30:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/28 17:53:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/18 11:46:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\Bitdefender\Bitdefender 2012\bdtbext\ [2011/09/28 23:06:57 | 000,000,000 | ---D | M]

[2009/03/06 02:05:50 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Customer\Application Data\Mozilla\Extensions
[2009/03/06 02:05:50 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Customer\Application Data\Mozilla\Extensions\[email protected]
[2011/09/28 17:44:38 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Customer\Application Data\Mozilla\Firefox\Profiles\y5l1lej6.default\extensions
[2009/07/03 14:37:12 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Customer\Application Data\Mozilla\Firefox\Profiles\y5l1lej6.default\extensions\[email protected](2).com
[2009/10/20 12:25:56 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Customer\Application Data\Mozilla\Firefox\Profiles\y5l1lej6.default\extensions\[email protected]
[2011/02/16 22:51:04 | 000,000,000 | ---D | M] (TinEye Reverse Image Search) -- C:\Documents and Settings\Customer\Application Data\Mozilla\Firefox\Profiles\y5l1lej6.default\extensions\[email protected]
[2009/11/12 22:57:13 | 000,002,171 | ---- | M] () -- C:\Documents and Settings\Customer\Application Data\Mozilla\Firefox\Profiles\y5l1lej6.default\searchplugins\bing.xml
[2011/09/28 17:53:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/16 00:25:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/24 19:08:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/11/01 16:23:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/12/24 04:53:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/03/06 19:39:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/06/08 17:48:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
() (No name found) -- C:\DOCUMENTS AND SETTINGS\CUSTOMER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\Y5L1LEJ6.DEFAULT\EXTENSIONS\{AE93811A-5C9A-4D34-8462-F7B864FC4696}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\CUSTOMER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\Y5L1LEJ6.DEFAULT\EXTENSIONS\{C0C9A2C7-2E5C-4447-BC53-97718BC91E1B}.XPI
[2009/03/17 11:42:05 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2009/09/02 17:03:42 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/09/23 00:28:29 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2009/04/28 04:27:58 | 000,239,432 | ---- | M] (Pando Networks) -- C:\Program Files\mozilla firefox\plugins\npPandoWebInst.dll
[2011/09/22 21:16:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Customer\Local Settings\Application Data\Google\Chrome\Application\11.0.696.68\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Documents and Settings\Customer\Local Settings\Application Data\Google\Chrome\Application\11.0.696.68\gears.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Customer\Local Settings\Application Data\Google\Chrome\Application\11.0.696.68\gcswf32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.230.5 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U23 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Windows Genuine Advantage (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Pando Web Installer (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npPandoWebInst.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Nexon Game Controller (Enabled) = C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Customer\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.50917.0\npctrl.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: iTunes Application Detector (Enabled) = D:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: DivX HiQ = C:\Documents and Settings\Customer\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.1.94_0\
CHR - Extension: AdBlock = C:\Documents and Settings\Customer\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.0.9\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Documents and Settings\Customer\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.1.94_0\

O1 HOSTS File: ([2011/09/28 19:53:01 | 000,000,355 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O2 - BHO: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {D0943516-5076-4020-A3B5-AEFAF26AB263} - No CLSID value found.
O3 - HKLM\..\Toolbar: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O4 - HKLM..\Run: [BDAgent] C:\Program Files\Bitdefender\Bitdefender 2012\bdagent.exe (Bitdefender)
O4 - HKLM..\Run: [EVGAPrecision] D:\Program Files\EVGA Precision\EVGAPrecision.exe ()
O4 - HKLM..\Run: [Lycosa] C:\Program Files\Razer\Lycosa\razerhid.exe (Razer USA Ltd.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O8 - Extra context menu item: &Search - Reg Error: Value error. File not found
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra 'Tools' menuitem : Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.hotmail....es/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitd...can8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.co...iaSmartScan.cab (NVIDIA Smart Scan)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Customer\Application Data\Mozilla\Firefox\Desktop Background.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Customer\Application Data\Mozilla\Firefox\Desktop Background.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/09/27 00:22:06 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2004/09/11 20:49:34 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{e89f80a8-8c1f-11dd-bd0e-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{e89f80a8-8c1f-11dd-bd0e-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e89f80a8-8c1f-11dd-bd0e-806d6172696f}\Shell\AutoRun\command - "" = L:\ONSPCLCK.exe
O33 - MountPoints2\{e89f80aa-8c1f-11dd-bd0e-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{e89f80aa-8c1f-11dd-bd0e-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e89f80aa-8c1f-11dd-bd0e-806d6172696f}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL ntldr.exe
O33 - MountPoints2\{e89f80aa-8c1f-11dd-bd0e-806d6172696f}\Shell\´̣¿ª(&O)\command - "" = M:\ntldr.exe
O33 - MountPoints2\{e89f80ac-8c1f-11dd-bd0e-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{e89f80ac-8c1f-11dd-bd0e-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e89f80ac-8c1f-11dd-bd0e-806d6172696f}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL ntldr.exe
O33 - MountPoints2\{e89f80ac-8c1f-11dd-bd0e-806d6172696f}\Shell\´̣¿ª(&O)\command - "" = D:\ntldr.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/10/01 00:53:50 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Customer\Desktop\OTL.exe
[2011/09/29 12:46:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Customer\DoctorWeb
[2011/09/29 12:40:30 | 000,232,512 | ---- | C] (DT Soft Ltd) -- C:\WINDOWS\System32\drivers\dtsoftbus01.sys
[2011/09/29 12:27:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\DAEMON Tools Lite
[2011/09/29 12:27:13 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite
[2011/09/29 12:26:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Customer\Application Data\DAEMON Tools Lite
[2011/09/29 12:26:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2011/09/28 23:09:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\QuickScan
[2011/09/28 23:07:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Bitdefender 2012
[2011/09/28 23:07:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Customer\Application Data\Bitdefender
[2011/09/28 23:06:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Bitdefender
[2011/09/28 22:49:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Customer\Application Data\QuickScan
[2011/09/28 22:49:00 | 000,000,000 | ---D | C] -- C:\Program Files\Bitdefender
[2011/09/28 22:48:55 | 000,311,248 | ---- | C] (BitDefender S.R.L.) -- C:\WINDOWS\System32\drivers\trufos.sys
[2011/09/28 22:48:53 | 000,353,096 | ---- | C] (BitDefender) -- C:\WINDOWS\System32\drivers\bdfsfltr.sys
[2011/09/28 22:48:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Bitdefender
[2011/09/28 18:09:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Customer\Application Data\f-secure
[2011/09/28 18:09:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\F-Secure
[2011/09/19 16:34:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Customer\Application Data\Systweak
[2011/09/19 16:33:56 | 000,000,000 | ---D | C] -- C:\Program Files\RegClean Pro
[2011/09/19 12:44:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Customer\Application Data\edxLabs
[2011/09/16 10:47:29 | 000,015,592 | ---- | C] (Dll-Files.com) -- C:\WINDOWS\System32\roboot.exe
[2011/09/01 15:29:12 | 000,062,544 | ---- | C] (BitDefender SRL) -- C:\WINDOWS\System32\drivers\bdsandbox.sys
[2011/09/01 11:15:08 | 000,454,960 | ---- | C] (BitDefender) -- C:\WINDOWS\System32\drivers\avckf.sys
[2011/09/01 11:12:42 | 000,596,600 | ---- | C] (BitDefender) -- C:\WINDOWS\System32\drivers\avc3.sys
[2010/02/28 02:30:07 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Customer\Application Data\pcouffin.sys
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\Documents and Settings\Customer\*.tmp files -> C:\Documents and Settings\Customer\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/10/01 23:45:28 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Customer\Desktop\OTL.exe
[2011/10/01 04:08:06 | 000,000,890 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/10/01 03:53:15 | 000,000,428 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{9672B797-AC82-4285-B51B-B058B11436CC}.job
[2011/10/01 02:31:00 | 000,459,940 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/10/01 02:30:59 | 000,077,424 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/10/01 02:27:26 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/10/01 02:25:45 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/10/01 02:25:32 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/10/01 02:15:38 | 000,000,240 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2011/10/01 02:15:00 | 000,000,990 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-839522115-1897051121-725345543-1001UA.job
[2011/10/01 02:15:00 | 000,000,938 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-839522115-1897051121-725345543-1001Core.job
[2011/09/30 15:41:03 | 000,000,179 | ---- | M] () -- C:\Documents and Settings\Customer\Application Data\default.rss
[2011/09/30 15:40:59 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/09/30 12:42:56 | 078,079,568 | ---- | M] () -- C:\Documents and Settings\Customer\Desktop\7d4yz45c.exe
[2011/09/30 11:59:46 | 016,264,400 | ---- | M] () -- C:\Documents and Settings\Customer\Desktop\drweb-livecd-600.iso
[2011/09/29 12:40:30 | 000,232,512 | ---- | M] (DT Soft Ltd) -- C:\WINDOWS\System32\drivers\dtsoftbus01.sys
[2011/09/29 12:11:12 | 000,000,385 | ---- | M] () -- C:\WINDOWS\System32\user_gensett.xml
[2011/09/29 11:38:06 | 001,566,808 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/09/28 23:22:59 | 000,000,303 | ---- | M] () -- C:\WINDOWS\System32\checkdnsid.xml
[2011/09/28 23:08:27 | 000,214,009 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\1317265280.bdinstall.bin
[2011/09/28 23:07:24 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_avchv_01009.Wdf
[2011/09/28 23:07:23 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2011/09/28 23:07:02 | 000,001,863 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Bitdefender Total Security 2012.lnk
[2011/09/28 22:59:20 | 000,015,778 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\1317265157.bdinstall.bin
[2011/09/28 22:51:20 | 000,043,320 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\1317264528.4896.bin
[2011/09/28 22:51:20 | 000,036,670 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\1317264528.5108.bin
[2011/09/28 22:51:20 | 000,008,103 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\1317264528.5180.bin
[2011/09/28 22:51:17 | 000,034,740 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\1317264528.4208.bin
[2011/09/28 22:51:17 | 000,010,639 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\1317264528.5168.bin
[2011/09/28 22:49:35 | 000,003,260 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\1317264528.1276.bin
[2011/09/28 22:49:04 | 000,001,840 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\1317264528.1596.bin
[2011/09/28 22:48:59 | 000,001,850 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\1317264528.1916.bin
[2011/09/28 22:48:57 | 000,009,368 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\1317264528.5648.bin
[2011/09/28 19:53:01 | 000,000,355 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/09/28 19:51:12 | 000,502,784 | ---- | M] () -- C:\WINDOWS\x2.64.exe
[2011/09/28 19:51:10 | 000,299,520 | ---- | M] (InstallShield Corporation, Inc.) -- C:\WINDOWS\uninst.exe
[2011/09/28 19:51:09 | 000,066,560 | ---- | M] () -- C:\WINDOWS\MOTA113.exe
[2011/09/27 18:45:25 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Customer\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/09/13 18:08:25 | 000,311,248 | ---- | M] (BitDefender S.R.L.) -- C:\WINDOWS\System32\drivers\trufos.sys
[2011/09/12 00:13:01 | 000,000,105 | ---- | M] () -- C:\Documents and Settings\Customer\Application Data\iLoader.ini
[2011/09/01 15:29:12 | 000,062,544 | ---- | M] (BitDefender SRL) -- C:\WINDOWS\System32\drivers\bdsandbox.sys
[2011/09/01 11:15:08 | 000,454,960 | ---- | M] (BitDefender) -- C:\WINDOWS\System32\drivers\avckf.sys
[2011/09/01 11:12:42 | 000,596,600 | ---- | M] (BitDefender) -- C:\WINDOWS\System32\drivers\avc3.sys
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\Documents and Settings\Customer\*.tmp files -> C:\Documents and Settings\Customer\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/09/29 12:45:02 | 078,079,568 | ---- | C] () -- C:\Documents and Settings\Customer\Desktop\7d4yz45c.exe
[2011/09/29 12:15:16 | 016,264,400 | ---- | C] () -- C:\Documents and Settings\Customer\Desktop\drweb-livecd-600.iso
[2011/09/29 12:11:12 | 000,000,385 | ---- | C] () -- C:\WINDOWS\System32\user_gensett.xml
[2011/09/28 23:22:58 | 000,000,303 | ---- | C] () -- C:\WINDOWS\System32\checkdnsid.xml
[2011/09/28 23:08:26 | 000,214,009 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1317265280.bdinstall.bin
[2011/09/28 23:07:24 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_avchv_01009.Wdf
[2011/09/28 23:07:23 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2011/09/28 23:07:02 | 000,001,863 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Bitdefender Total Security 2012.lnk
[2011/09/28 22:59:20 | 000,015,778 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1317265157.bdinstall.bin
[2011/09/28 22:49:36 | 000,034,740 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1317264528.4208.bin
[2011/09/28 22:49:30 | 000,003,260 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1317264528.1276.bin
[2011/09/28 22:48:59 | 000,001,840 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1317264528.1596.bin
[2011/09/28 22:48:56 | 000,001,850 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1317264528.1916.bin
[2011/09/28 22:48:50 | 000,010,639 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1317264528.5168.bin
[2011/09/28 22:48:50 | 000,009,368 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1317264528.5648.bin
[2011/09/28 22:48:48 | 000,043,320 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1317264528.4896.bin
[2011/09/28 22:48:48 | 000,036,670 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1317264528.5108.bin
[2011/09/28 22:48:48 | 000,008,103 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1317264528.5180.bin
[2011/09/12 00:13:01 | 000,000,105 | ---- | C] () -- C:\Documents and Settings\Customer\Application Data\iLoader.ini
[2011/08/01 21:12:31 | 002,123,582 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2011/05/28 11:18:32 | 000,000,287 | ---- | C] () -- C:\WINDOWS\game.ini
[2011/04/16 12:51:16 | 000,041,872 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll
[2011/04/13 13:57:28 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Customer\Application Data\winscp.rnd
[2011/01/31 18:24:48 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2011/01/20 20:24:55 | 000,006,688 | ---- | C] () -- C:\WINDOWS\movexe.exe
[2010/12/28 11:19:14 | 000,815,104 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/12/28 11:19:14 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010/12/01 00:10:41 | 002,293,194 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2010/11/09 08:54:28 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\Customer\Application Data\steam_md4.dat
[2010/10/07 22:01:24 | 000,240,592 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2010/10/07 22:01:21 | 000,240,592 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2010/10/07 22:01:21 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2010/08/21 19:20:21 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\Customer\Application Data\steam_md2.dat
[2010/05/10 20:49:27 | 000,005,876 | ---- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin
[2010/04/20 00:08:18 | 000,000,179 | ---- | C] () -- C:\Documents and Settings\Customer\Application Data\default.rss
[2010/04/02 17:17:34 | 000,179,091 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2010/03/01 18:20:32 | 000,004,767 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2010/02/28 02:30:24 | 000,001,041 | ---- | C] () -- C:\Documents and Settings\Customer\Application Data\vso_ts_preview.xml
[2010/02/28 02:30:07 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\Customer\Application Data\inst.exe
[2010/02/28 02:30:07 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Customer\Application Data\pcouffin.cat
[2010/02/28 02:30:07 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Customer\Application Data\pcouffin.inf
[2009/11/01 14:58:06 | 000,058,752 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/10/18 18:10:59 | 000,000,412 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2009/08/01 17:48:45 | 000,000,153 | ---- | C] () -- C:\WINDOWS\cavscan.INI
[2009/07/05 19:31:48 | 000,000,130 | ---- | C] () -- C:\WINDOWS\cfplogvw.INI
[2009/07/05 18:56:16 | 000,027,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sfi.dat
[2009/04/30 17:11:21 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/04/24 05:49:30 | 000,000,365 | ---- | C] () -- C:\WINDOWS\ULEAD32.INI
[2009/01/05 15:44:10 | 000,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2008/12/23 06:43:56 | 000,000,066 | ---- | C] () -- C:\WINDOWS\SpeederXP.INI
[2008/12/04 20:54:54 | 000,502,784 | ---- | C] () -- C:\WINDOWS\x2.64.exe
[2008/12/04 20:54:54 | 000,240,128 | ---- | C] () -- C:\WINDOWS\System32\x.264.exe
[2008/12/04 20:54:54 | 000,217,073 | ---- | C] () -- C:\WINDOWS\meta4.exe
[2008/12/04 20:54:54 | 000,066,560 | ---- | C] () -- C:\WINDOWS\MOTA113.exe
[2008/12/04 20:54:54 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2008/12/01 08:43:19 | 000,003,972 | ---- | C] () -- C:\WINDOWS\System32\drivers\PciBus.sys
[2008/11/06 07:34:27 | 000,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini
[2008/11/04 14:05:24 | 000,138,160 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2008/11/04 14:05:24 | 000,022,328 | ---- | C] () -- C:\Documents and Settings\Customer\Application Data\PnkBstrK.sys
[2008/11/04 14:05:07 | 000,271,200 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2008/11/04 14:05:05 | 000,794,408 | ---- | C] () -- C:\WINDOWS\System32\pbsvc.exe
[2008/11/04 14:05:05 | 000,075,136 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe
[2008/11/03 17:18:06 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2008/10/13 03:08:00 | 000,065,536 | ---- | C] () -- C:\Documents and Settings\Customer\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/10/02 21:27:55 | 000,000,261 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2008/09/29 23:27:41 | 000,000,125 | ---- | C] () -- C:\WINDOWS\REDEMUNINS.INI
[2008/09/27 20:38:47 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/09/27 00:25:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/09/27 00:24:00 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/09/27 00:19:59 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/09/26 23:47:52 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2008/09/26 23:39:10 | 000,001,169 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2008/09/26 23:38:09 | 000,001,984 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2008/09/26 23:38:08 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2008/09/26 23:30:06 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2008/09/26 19:15:05 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/09/26 19:13:58 | 001,566,808 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/02/04 19:23:10 | 000,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2006/11/10 09:08:50 | 000,024,064 | ---- | C] () -- C:\WINDOWS\System32\drivers\ATITool.sys
[2004/08/12 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/12 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/12 08:00:00 | 000,459,940 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/12 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/12 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/12 08:00:00 | 000,077,424 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/12 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/12 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/12 08:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/12 08:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/12 08:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin

========== LOP Check ==========

[2011/05/21 14:46:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
[2010/11/30 23:21:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BioWare
[2011/09/28 23:07:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Bitdefender
[2009/11/12 20:53:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canneverbe Limited
[2009/10/18 18:06:27 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2011/09/29 12:41:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2011/06/21 21:37:36 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\DSS
[2010/02/28 02:24:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DVDneXtCOPY
[2009/06/16 00:48:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
[2009/07/03 15:07:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2011/09/28 18:09:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\F-Secure
[2010/05/08 11:04:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Geek Squad
[2008/12/08 22:32:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grid
[2010/11/18 21:30:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2010/03/02 13:08:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2008/11/03 23:10:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MailFrontier
[2010/07/23 11:03:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nexon
[2009/04/28 04:59:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NexonUS
[2009/04/28 04:28:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2011/04/16 17:43:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PWD
[2011/06/04 00:16:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Razer
[2009/10/18 18:10:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2008/11/28 06:21:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony
[2010/08/23 23:47:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/04/27 01:53:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tiger Install
[2011/05/29 00:20:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2009/06/03 01:21:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2010/02/25 20:56:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WindSolutions
[2011/05/29 00:19:19 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
[2010/06/03 00:08:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/11/01 14:28:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2008/09/27 21:21:20 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{DE097E60-7F86-4350-B083-1F09B6906C92}
[2009/06/03 01:16:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Customer\Application Data\Any DVD Converter Professional
[2009/04/28 06:33:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Customer\Application Data\Any Video Converter
[2010/08/11 03:15:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Customer\Application Data\Autodesk
[2011/09/28 23:10:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Customer\Application Data\Bitdefender
[2008/12/22 08:28:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Customer\Application Data\Canneverbe_Limited
[2010/07/26 16:38:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Customer\Application Data\Canon
[2008/11/23 03:06:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Customer\Application Data\DAEMON Tools
[2011/09/29 12:41:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Customer\Application Data\DAEMON Tools Lite
[2011/09/19 12:44:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Customer\Application Data\edxLabs
[2011/09/28 18:09:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Customer\Application Data\f-secure
[2009/05/03 19:28:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Customer\Application Data\FMZilla
[2011/09/25 20:54:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Customer\Application Data\FrostWire
[2010/12/20 19:19:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Customer\Application Data\gtk-2.0
[2010/11/18 21:30:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Customer\Application Data\IObit
[2010/10/20 14:09:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Customer\Application Data\Jasc
[2008/11/02 12:58:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Customer\Application Data\Leadertech
[2011/06/21 21:36:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Customer\Application Data\Lionhead Studios
[2010/12/01 04:53:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Customer\Application Data\Mumble(PR Edition)
[2010/07/18 04:44:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Customer\Application Data\Publish Providers
[2011/09/28 22:49:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Customer\Application Data\QuickScan
[2008/10/02 21:40:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Customer\Application Data\Redemption
[2009/10/18 18:10:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Customer\Application Data\ScanSoft
[2010/10/04 00:27:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Customer\Application Data\SecondLife
[2008/11/28 06:26:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Customer\Application Data\Sony
[2008/11/28 06:08:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Customer\Application Data\Sony Setup
[2009/05/03 23:43:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Customer\Application Data\SystemRequirementsLab
[2011/09/19 16:37:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Customer\Application Data\Systweak
[2011/08/01 23:48:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Customer\Application Data\TuneUp Software
[2009/04/24 06:57:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Customer\Application Data\Ulead Systems
[2011/10/01 01:50:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Customer\Application Data\uTorrent
[2010/08/23 14:22:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Customer\Application Data\VirtualStore
[2010/03/01 18:39:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Customer\Application Data\Vso
[2011/03/16 18:43:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Customer\Application Data\WindSolutions
[2008/12/09 00:17:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Customer\Application Data\WNR
[2011/10/01 02:15:38 | 000,000,240 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
[2011/10/01 03:53:15 | 000,000,428 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{9672B797-AC82-4285-B51B-B058B11436CC}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FB1B13D8
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:888AFB86

< End of report >

Edited by NatPortmanYUM, 01 October 2011 - 08:39 AM.

  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Forum
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP