Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Infected PC Switches Off when running any scans


  • Please log in to reply

#1
Spider-Man

Spider-Man

    Member

  • Member
  • PipPipPip
  • 167 posts
Hi

I'm running XP Pro.

I first noticed I had something dodgy doing on when my Google search results started to redirect all of which seem to redirect 2-3 times and eventually land on a product page of sorts, presumably an affiliate scheme.

I tried MalwareBytes which I have used since I've been a member here. No go, the computer freezes and doesn't ever complete the scans.

I have since tried GMer, which crashes as soon as it detects 2 hidden processes.

I have tried a combination of Combofix (as well as renamed), malwarebytes, GMer and rKill, none of which do anything in regular mode or in Safe Mode. All of them crash in Safe Mode, Combofix especially makes the computer switch off with no hint of doing so.

Please find attached my logs from OTL by Old Timer and a HiJackThis log.

Can anyone see any light at the end of the tunnel? This is driving me insane now.

Thanks in advance.

iOTL logfile created on: 16/03/2012 15:36:31 - Run 1
OTL by OldTimer - Version 3.2.37.1 Folder = C:\Documents and Settings\Bob\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.99 Gb Total Physical Memory | 2.21 Gb Available Physical Memory | 73.92% Memory free
4.83 Gb Paging File | 4.28 Gb Available in Paging File | 88.52% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 234.96 Gb Free Space | 50.45% Space Free | Partition Type: NTFS
Drive E: | 598.81 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: SPIDER-MAN | User Name: Bob | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/16 15:36:20 | 000,594,944 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bob\Desktop\1O1T1L1.exe
PRC - [2012/03/16 15:32:10 | 001,008,141 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\killer.scr
PRC - [2012/02/18 12:30:28 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) -- C:\Documents and Settings\Bob\Local Settings\temp\RarSFX2\nird\iexplore.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2012/03/16 15:32:10 | 001,008,141 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\killer.scr
MOD - [2012/02/27 04:13:34 | 008,527,008 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2012/02/18 12:30:28 | 001,911,768 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/11/03 15:28:36 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2009/02/12 04:30:02 | 000,190,976 | ---- | M] () -- C:\WINDOWS\system32\WgaLogon.dll
MOD - [2008/12/19 16:26:06 | 002,625,536 | ---- | M] () -- C:\WINDOWS\system32\ffdshow.ax
MOD - [2008/04/14 05:42:04 | 000,562,176 | ---- | M] () -- C:\WINDOWS\system32\qedit.dll
MOD - [2008/04/14 05:42:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/14 05:41:52 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2012/01/18 16:11:40 | 000,433,264 | ---- | M] (VMware, Inc.) [Disabled | Stopped] -- C:\WINDOWS\system32\vmnat.exe -- (VMware NAT Service)
SRV - [2012/01/18 16:11:32 | 000,354,416 | ---- | M] (VMware, Inc.) [Disabled | Stopped] -- C:\WINDOWS\system32\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2012/01/18 13:27:20 | 000,079,872 | ---- | M] (VMware, Inc.) [Disabled | Stopped] -- C:\Program Files\VMware\VMware Player\vmware-authd.exe -- (VMAuthdService)
SRV - [2011/10/05 11:12:58 | 000,675,976 | ---- | M] (Acunetix Ltd.) [Disabled | Stopped] -- C:\Program Files\Acunetix\Web Vulnerability Scanner 7\WVSScheduler7.exe -- (AcuWVSSchedulerv7)
SRV - [2011/09/02 04:13:49 | 000,292,136 | ---- | M] (CyberLink) [Disabled | Stopped] -- C:\Program Files\CyberLink\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe -- (CyberLink PowerDVD 11.0 Service)
SRV - [2011/09/02 04:13:47 | 000,075,048 | ---- | M] (CyberLink) [Disabled | Stopped] -- C:\Program Files\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe -- (CyberLink PowerDVD 11.0 Monitor Service)
SRV - [2011/08/29 22:11:00 | 000,665,200 | ---- | M] (VMware, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe -- (VMUSBArbService)
SRV - [2011/08/24 01:13:43 | 000,083,240 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe -- (CLHNServiceForPowerDVD)
SRV - [2011/06/26 06:45:56 | 000,256,000 | R--- | M] () [Auto | Stopped] -- C:\Combo2Fix\pev.3XE -- (PEVSystemStart)
SRV - [2011/06/12 11:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2011/04/22 11:13:36 | 000,655,624 | ---- | M] (Acresso Software Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/10/27 17:23:16 | 001,483,072 | ---- | M] (TuneUp Software) [Disabled | Stopped] -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2010/10/27 17:21:08 | 000,029,504 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp)
SRV - [2010/09/17 15:28:06 | 000,045,312 | ---- | M] (NewTech Infosystems, Inc.) [Disabled | Stopped] -- C:\Program Files\NewTech Infosystems\Backup Now EZ\BackupNowEZSvr.exe -- (NTI BackupNowEZSvr)
SRV - [2006/10/05 16:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Disabled | Stopped] -- C:\WINDOWS\system32\agrsmsvc.exe -- (AgereModemAudio)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Bob\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2012/01/18 16:11:48 | 000,055,664 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vmx86.sys -- (vmx86)
DRV - [2012/01/18 16:11:08 | 000,025,584 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VMkbd.sys -- (vmkbd)
DRV - [2012/01/18 16:10:42 | 000,033,776 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV - [2012/01/18 16:10:36 | 000,025,712 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV - [2012/01/18 13:06:02 | 000,016,624 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV - [2011/09/08 13:24:14 | 007,180,800 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2011/09/02 12:08:46 | 000,077,296 | ---- | M] (CyberLink Corp.) [2012/02/10 22:01:13] [Kernel | Auto | Running] -- C:\Program Files\CyberLink\PowerDVD11\Common\NavFilter\000.fcl -- ({329F96B6-DF1E-4328-BFDA-39EA953C1312})
DRV - [2011/08/29 22:11:00 | 000,032,496 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hcmon.sys -- (hcmon)
DRV - [2011/08/24 01:13:44 | 000,071,664 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD.sys -- (ntk_PowerDVD)
DRV - [2011/08/08 14:58:56 | 000,098,928 | ---- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\vmci.sys -- (vmci)
DRV - [2011/04/23 16:22:16 | 000,114,048 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\snapman.sys -- (snapman)
DRV - [2011/04/06 14:33:50 | 006,388,328 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2011/03/14 06:53:44 | 000,229,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\k57xp32.sys -- (k57w2k) Broadcom NetLink ™
DRV - [2010/12/18 11:03:56 | 000,021,696 | ---- | M] (Almico Software) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)
DRV - [2010/11/05 08:20:00 | 001,938,272 | R--- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\athw.sys -- (AR5416)
DRV - [2010/10/07 12:34:32 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Stopped] -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2010/07/28 23:25:42 | 000,025,112 | ---- | M] (Initio Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ivusb.sys -- (ivusb)
DRV - [2010/07/04 19:51:26 | 000,004,096 | ---- | M] () [Kernel | Unavailable | Unknown] -- C:\Program Files\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5)
DRV - [2009/11/18 06:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2009/11/18 06:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2009/09/17 11:54:14 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HECI.sys -- (HECI) Intel®
DRV - [2009/02/04 23:00:00 | 000,026,224 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavalys\EVEREST Corporate Edition\kerneld.wnt -- (EverestDriver)
DRV - [2007/07/20 17:40:10 | 000,084,992 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2006/11/28 19:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [1996/04/03 19:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKCU\..\SearchScopes\{37F5447F-735B-4D34-A1E5-45821C1C0A43}: "URL" = http://uk.search.yah...p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Bob\Local Settings\Application Data\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Bob\Local Settings\Application Data\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2011/04/19 14:29:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/02/10 21:21:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/18 12:30:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/03/12 18:44:08 | 000,000,000 | ---D | M]

[2011/04/16 00:09:13 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Bob\Application Data\Mozilla\Extensions
[2012/03/09 14:52:25 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\96dlx7oy.default\extensions
[2012/02/27 04:20:08 | 000,000,000 | ---D | M] (Wappalyzer) -- C:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\96dlx7oy.default\extensions\[email protected]
[2012/03/12 18:45:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/01/07 09:56:52 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
() (No name found) -- C:\DOCUMENTS AND SETTINGS\Bob\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\96DLX7OY.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\Bob\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\96DLX7OY.DEFAULT\EXTENSIONS\[email protected]
[2012/02/18 12:30:28 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/09/16 22:21:58 | 000,611,224 | ---- | M] (Oracle Corporation) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/10/02 18:47:14 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2011/10/02 18:47:14 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/10/02 18:47:14 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2011/10/02 18:47:14 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2011/10/02 18:47:14 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Bob\Local Settings\Application Data\Google\Chrome\Application\17.0.963.79\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Bob\Local Settings\Application Data\Google\Chrome\Application\17.0.963.79\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Bob\Local Settings\Application Data\Google\Chrome\Application\17.0.963.79\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Documents and Settings\Bob\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.8.0.8855_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 7.0.0.147 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 7 (Enabled) = C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Bob\Local Settings\Application Data\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Skype Click to Call = C:\Documents and Settings\Bob\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.8.0.8855_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Documents and Settings\Bob\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\

O1 HOSTS File: ([2012/02/07 16:00:38 | 000,007,847 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 31.3.246.157 canefurniture.org
O1 - Hosts: 31.3.246.157 www.canefurniture.org
O1 - Hosts: 127.0.0.1 doshare.com
O1 - Hosts: 127.0.0.1 www.doshare.com
O1 - Hosts: 127.0.0.1 www.123share.com
O1 - Hosts: 127.0.0.1 123share.com
O1 - Hosts: 127.0.0.1 sendblaster.com
O1 - Hosts: 127.0.0.1 www.sendblaster.com
O1 - Hosts: 127.0.0.1 toolshed.syndk8.net
O1 - Hosts: 127.0.0.1 axandra.com
O1 - Hosts: 127.0.0.1 www.axandra.com
O1 - Hosts: 127.0.0.1 keywordindex.com
O1 - Hosts: 127.0.0.1 www.keywordindex.com
O1 - Hosts: 127.0.0.1 link-assistant.com
O1 - Hosts: 127.0.0.1 www.link-assistant.com
O1 - Hosts: 127.0.0.1 traffictravis.com
O1 - Hosts: 127.0.0.1 www.traffictravis.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com #192.150.22.22
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com #192.150.14.21
O1 - Hosts: 127.0.0.1 3dns-4.adobe.com #192.150.18.247
O1 - Hosts: 127.0.0.1 3dns-5.adobe.com #192.150.22.46
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com #192.150.11.30
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com #192.150.11.247
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com #192.150.22.30
O1 - Hosts: 151 more lines...
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF FF [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 36
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O9 - Extra 'Tools' menuitem : Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\vsocklib.dll (VMware, Inc.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {CAFEEFAC-0015-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{84FA2C41-9FA7-479B-A24F-24B124F09FCE}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\WgaLogon: DllName - (WgaLogon.dll) - C:\WINDOWS\System32\WgaLogon.dll ()
O24 - Desktop WallPaper: C:\Documents and Settings\Bob\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Bob\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [2011/04/15 21:48:34 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2011/04/17 01:23:42 | 000,000,000 | R--D | M] - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2008/04/14 13:00:00 | 000,000,110 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/03/16 15:36:21 | 000,594,944 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Bob\Desktop\1O1T1L1.exe
[2012/03/16 15:35:32 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\Bob\Desktop\sspysbotssd162.exe
[2012/03/16 15:10:57 | 000,000,000 | --SD | C] -- C:\Combo2Fix
[2012/03/16 14:58:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bob\Desktop\Java6Ra-1.16-16-12-11
[2012/03/16 14:56:44 | 004,438,270 | R--- | C] (Swearware) -- C:\Documents and Settings\Bob\Desktop\Combo2Fix.exe
[2012/03/15 16:48:41 | 004,436,988 | R--- | C] (Swearware) -- C:\Documents and Settings\Bob\Desktop\Combo-Fix.exe
[2012/03/14 19:22:16 | 000,000,000 | ---D | C] -- C:\$WIN_NT$.~LS
[2012/03/14 19:22:07 | 000,000,000 | ---D | C] -- C:\$WIN_NT$.~BT
[2012/03/14 19:22:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\setup.pss
[2012/03/14 19:21:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\setupupd
[2012/03/14 18:59:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bob\Desktop\Microsoft.Windows.XP.Professional.SP3.Integrated.February.2011.SATA.By.Maher
[2012/03/13 04:04:08 | 000,000,000 | ---D | C] -- C:\Program Files\stinger
[2012/03/13 02:58:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2012/03/12 20:21:46 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/03/12 20:21:23 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Bob\Start Menu\Programs\Administrative Tools
[2012/03/12 20:19:25 | 000,000,000 | ---D | C] -- C:\Program Files\MozBackup
[2012/03/12 20:19:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\MozBackup
[2012/03/12 20:09:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bob\Desktop\Backups
[2012/03/12 20:02:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bob\Application Data\Malwarebytes
[2012/03/12 20:02:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/03/12 18:43:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bob\My Documents\Backlink Loophole Projects
[2012/03/12 18:30:34 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2012/03/12 18:30:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bob\Start Menu\Programs\HiJackThis
[2012/03/12 03:06:30 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/03/11 18:21:05 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Bob\Recent
[2012/03/06 03:43:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bob\Local Settings\Application Data\e-academy Inc
[2012/03/06 03:43:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bob\Application Data\e-academy Inc
[2012/02/29 01:05:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Seo Indexer Pro
[2012/02/29 01:05:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System64
[2012/02/29 01:05:21 | 000,000,000 | ---D | C] -- C:\Program Files (x64)
[2012/02/29 01:05:20 | 000,773,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcr100.dll
[2012/02/29 01:05:20 | 000,421,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcp100.dll
[2012/02/29 01:05:20 | 000,138,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\atl100.dll
[2012/02/29 01:05:20 | 000,081,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mfcm100u.dll
[2012/02/29 01:05:20 | 000,081,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mfcm100.dll
[2012/02/29 01:05:20 | 000,064,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc100fra.dll
[2012/02/29 01:05:20 | 000,064,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc100deu.dll
[2012/02/29 01:05:20 | 000,063,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc100esn.dll
[2012/02/29 01:05:20 | 000,062,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc100ita.dll
[2012/02/29 01:05:20 | 000,060,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc100rus.dll
[2012/02/29 01:05:20 | 000,055,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc100enu.dll
[2012/02/29 01:05:20 | 000,051,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vcomp100.dll
[2012/02/29 01:05:20 | 000,043,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc100jpn.dll
[2012/02/29 01:05:20 | 000,043,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc100kor.dll
[2012/02/29 01:05:20 | 000,036,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc100cht.dll
[2012/02/29 01:05:20 | 000,036,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc100chs.dll
[2012/02/29 01:05:19 | 004,422,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc100u.dll
[2012/02/29 01:05:19 | 004,397,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc100.dll
[2012/02/29 01:05:18 | 000,000,000 | ---D | C] -- C:\Program Files\stephenhawkins
[2012/02/29 01:05:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\InstallMate
[2012/02/28 15:47:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bob\My Documents\CGC
[2012/02/21 23:39:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\TweetAttacks
[2012/02/21 23:39:18 | 000,000,000 | ---D | C] -- C:\Program Files\Traffic Addict
[2012/02/21 23:19:48 | 000,000,000 | ---D | C] -- C:\ErrorLog
[2012/02/18 16:23:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bob\My Documents\My Virtual Machines
[2012/02/18 16:15:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bob\Local Settings\Application Data\VMware
[2012/02/18 16:14:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bob\Application Data\VMware
[2012/02/17 10:21:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\VMware

========== Files - Modified Within 30 Days ==========

[2012/03/16 15:36:20 | 000,594,944 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bob\Desktop\1O1T1L1.exe
[2012/03/16 15:35:54 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\Bob\Desktop\sspysbotssd162.exe
[2012/03/16 15:32:10 | 001,008,141 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\killer.scr
[2012/03/16 15:22:13 | 000,000,464 | ---- | M] () -- C:\WINDOWS\tasks\SDMsgUpdate (TE).job
[2012/03/16 15:21:30 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/03/16 14:57:35 | 000,160,639 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\Java6Ra-1.16-16-12-11.zip
[2012/03/16 14:56:44 | 004,438,270 | R--- | M] (Swearware) -- C:\Documents and Settings\Bob\Desktop\Combo2Fix.exe
[2012/03/16 14:16:02 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1757981266-682003330-1801674531-1003UA.job
[2012/03/16 12:16:02 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1757981266-682003330-1801674531-1003Core.job
[2012/03/16 03:07:47 | 000,023,957 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\gmer.PNG
[2012/03/15 17:31:56 | 000,110,080 | ---- | M] () -- C:\Documents and Settings\Bob\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/03/15 17:10:02 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\k9f7kvy69.exe
[2012/03/15 17:09:33 | 000,132,597 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\Flagh_Disinhector.exe
[2012/03/15 16:54:16 | 000,047,616 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\Win32kDiag.exe
[2012/03/15 16:49:03 | 004,436,988 | R--- | M] (Swearware) -- C:\Documents and Settings\Bob\Desktop\Combo-Fix.exe
[2012/03/15 16:32:10 | 000,000,384 | RHS- | M] () -- C:\boot.ini
[2012/03/14 19:18:49 | 002,215,784 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/03/14 19:18:43 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/03/14 11:26:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/03/14 04:57:26 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/03/12 20:20:24 | 028,004,238 | ---- | M] () -- C:\Documents and Settings\Bob\My Documents\Firefox 10.0.2 (en-GB) - 2012-03-12.pcv
[2012/03/12 20:01:44 | 000,000,327 | -HS- | M] () -- C:\Boot.bak
[2012/03/11 18:17:48 | 000,000,853 | ---- | M] () -- C:\Documents and Settings\Bob\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
[2012/03/07 19:25:43 | 000,499,158 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/03/07 19:25:43 | 000,086,982 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/03/07 18:54:26 | 000,000,600 | ---- | M] () -- C:\Documents and Settings\Bob\Local Settings\Application Data\PUTTY.RND
[2012/03/06 12:52:06 | 000,000,419 | ---- | M] () -- C:\WINDOWS\BRWMARK.INI
[2012/03/06 12:52:06 | 000,000,027 | ---- | M] () -- C:\WINDOWS\BRPP2KA.INI
[2012/03/01 19:18:45 | 000,001,881 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\.htaccess.hack
[2012/03/01 18:27:18 | 000,063,240 | ---- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2012/02/29 01:06:05 | 000,000,291 | ---- | M] () -- C:\Documents and Settings\Bob\My Documents\FASTINDEX.REG
[2012/02/29 01:05:22 | 000,000,862 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Seo Fast Indexer Guide.pdf.lnk
[2012/02/28 15:05:53 | 006,368,484 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\Desser 2012 Brochure.pdf
[2012/02/27 04:13:35 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/02/21 23:35:22 | 000,000,728 | ---- | M] () -- C:\defaults
[2012/02/21 23:35:22 | 000,000,000 | ---- | M] () -- C:\grid
[2012/02/21 19:11:54 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/02/18 15:20:04 | 000,050,331 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\ally-mccoist.jpg
[2012/02/16 17:34:42 | 000,015,727 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\gers.jpg
[2012/02/16 07:42:10 | 000,000,600 | ---- | M] () -- C:\Documents and Settings\Bob\Application Data\winscp.rnd

========== Files Created - No Company Name ==========

[2013/06/10 12:10:02 | 000,000,019 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\CTDChannels_Version.cd27244d.cdf
[2012/03/16 15:32:13 | 001,008,141 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\killer.scr
[2012/03/16 14:57:41 | 000,160,639 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\Java6Ra-1.16-16-12-11.zip
[2012/03/16 03:07:47 | 000,023,957 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\gmer.PNG
[2012/03/15 17:10:04 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\k9f7kvy69.exe
[2012/03/15 17:09:44 | 000,132,597 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\Flagh_Disinhector.exe
[2012/03/15 16:54:16 | 000,047,616 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\Win32kDiag.exe
[2012/03/14 19:24:27 | 000,513,436 | ---- | C] () -- C:\txtsetup.sif
[2012/03/14 19:24:27 | 000,260,288 | ---- | C] () -- C:\$LDR$
[2012/03/12 20:19:58 | 028,004,238 | ---- | C] () -- C:\Documents and Settings\Bob\My Documents\Firefox 10.0.2 (en-GB) - 2012-03-12.pcv
[2012/03/12 04:22:56 | 000,002,262 | ---- | C] () -- C:\Documents and Settings\Bob\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/03/12 04:22:56 | 000,001,132 | ---- | C] () -- C:\Documents and Settings\Bob\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickStores.lnk
[2012/03/12 04:22:56 | 000,000,862 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Seo Fast Indexer Guide.pdf.lnk
[2012/03/12 04:22:56 | 000,000,853 | ---- | C] () -- C:\Documents and Settings\Bob\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
[2012/03/12 04:22:56 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\Bob\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/03/12 04:22:56 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Movie Maker.lnk
[2012/03/12 04:22:56 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\Bob\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/03/12 04:22:56 | 000,000,609 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Messenger.lnk
[2012/03/12 04:22:56 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Bob\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2012/03/12 04:22:55 | 000,001,986 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\MSN.lnk
[2012/03/12 04:22:55 | 000,001,751 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\TuneUp Utilities 2011.lnk
[2012/03/12 04:22:55 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2012/03/12 04:22:55 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Market Samurai.lnk
[2012/03/01 19:18:45 | 000,001,881 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\.htaccess.hack
[2012/03/01 18:06:48 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/03/01 18:06:48 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll
[2012/02/29 01:06:04 | 000,000,291 | ---- | C] () -- C:\Documents and Settings\Bob\My Documents\FASTINDEX.REG
[2012/02/28 15:05:29 | 006,368,484 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\Desser 2012 Brochure.pdf
[2012/02/21 23:19:08 | 000,000,728 | ---- | C] () -- C:\defaults
[2012/02/21 23:19:08 | 000,000,000 | ---- | C] () -- C:\grid
[2012/02/18 15:20:03 | 000,050,331 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\ally-mccoist.jpg
[2012/02/16 17:34:41 | 000,015,727 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\gers.jpg
[2012/02/14 15:25:13 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Bob\Application Data\winscp.rnd
[2012/02/14 10:46:40 | 000,205,232 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2012/02/05 04:12:46 | 000,000,099 | ---- | C] () -- C:\WINDOWS\ANS2000.INI
[2012/02/05 04:12:46 | 000,000,020 | ---- | C] () -- C:\WINDOWS\akebook.ini
[2012/02/05 04:12:46 | 000,000,004 | ---- | C] () -- C:\WINDOWS\a3kebook.ini
[2011/11/13 23:10:44 | 000,000,016 | ---- | C] () -- C:\WINDOWS\System32\ptlx55.dat.{5728B11F-B697-47AA-9C1B-8ECB545B5193}
[2011/11/01 12:03:54 | 000,000,418 | ---- | C] () -- C:\WINDOWS\ABC_mru.ini
[2011/10/29 23:55:00 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2011/06/28 08:55:57 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Bob\Application Data\PUTTY.RND
[2011/06/11 22:11:36 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2011/05/12 09:31:17 | 000,063,240 | ---- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/04/26 09:19:05 | 000,000,419 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2011/04/26 09:19:05 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2011/04/25 16:06:44 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Bob\Local Settings\Application Data\PUTTY.RND
[2011/04/21 12:08:28 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/04/21 12:08:28 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/04/21 12:08:28 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/04/21 12:08:28 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/04/21 12:08:28 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/04/19 10:17:00 | 000,000,634 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2011/04/17 13:49:53 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI
[2011/04/17 01:27:58 | 000,110,080 | ---- | C] () -- C:\Documents and Settings\Bob\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/16 09:59:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2011/04/16 02:36:12 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/04/16 02:02:45 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2011/04/16 02:02:45 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2011/04/16 02:02:41 | 000,239,869 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2011/04/16 00:09:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/04/15 23:35:50 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2011/04/15 22:36:36 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/04/15 22:34:57 | 002,215,784 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/04/15 21:53:18 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/04/15 21:44:08 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/03/21 18:56:22 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\OVDecode.dll

< End of report >

Attached Files


  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP