Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

siszyd32.exe detected only by ComboFix

Started by Idefix12 , Jul 19 2012 10:55 AM

  • Please log in to reply

#1
Idefix12
Posted 19 July 2012 - 10:55 AM

Idefix12

    New Member

  • Member
  • Pip
  • 1 posts
Hello!
How can I remove siszyd32.exe, which appears only in Reg Loading Points from ComboFix?

The symptoms are: Firefox starts with multiple windows and tabs, any folder or file open in 2 windows, files (especially exe files) are open by single mouse click instead of 2 clicks, Word files appear in 2 windows with one blank "only read", I can't use "Rename" of files, can't select correctly the text in an email, Avast simply dissapears from startup, System File Checker does not run, no sound only in Facebook and YouTube sometimes, BSOD sometimes.

Since June I tried to detect the rootkit but without success.
I have run MBAM Pro, SAS Pro, Trojan Remover, Hitman Pro, Kaspersky Virus Removal Tool (in safe mode because in normal mode it is BSOD), Dr.Web Cureit, FreeFixer, TDSSKiller, SmitfraudFix (with temporary result), RKill (named iExplore.exe), RootRepeal, avz4, DDS, GMER and many anti-rootkit tools.
Only Emsisoft Emergency Kit found 1 file "trojan-spy.win32.winspy!IK" in C:\windows\svrfont.exe but the problems did not dissapear.

In HijackThis log I found 2 files "explorer.exe" and I deleted one but nothing suspicious at O4.
This period Norman Malware Cleaner finds always:
Modify registry value: HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{9C312060-C0EE-462D-9DDB-B5580F6FF6F9} --> NameServer from '193.231.252.221 213.154.124.221' to '8.8.8.8,8.8.4.4'

Finally I decided to run Combofix (named f33.exe to be sure).
After a few scans, now I still see the name siszyd32.exe only in Reg Loading Points:
[HKLM\~\startupfolder\C:^Documents and Settings^adi^Start Menu^Programs^StartUp^siszyd32.exe]
I intend to use ComboFix with CFScript.txt but I need help.
Thank you very much for your support!

OTL logfile created on: 7/19/2012 5:28:20 PM - Run 2
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Documents and Settings\adi\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1023.23 Mb Total Physical Memory | 642.03 Mb Available Physical Memory | 62.75% Memory free
2.41 Gb Paging File | 2.17 Gb Available in Paging File | 90.20% Paging File free
Paging file location(s): C:\pagefile.sys 1536 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 53.59 Gb Free Space | 71.92% Space Free | Partition Type: NTFS

Computer Name: ADISOR-Y8QK9EN9 | User Name: adi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/19 16:12:42 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\adi\Desktop\OTL.exe
PRC - [2012/07/03 19:21:30 | 004,273,976 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2012/07/03 19:21:29 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2010/01/12 12:41:00 | 003,168,216 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
PRC - [2009/11/09 12:20:14 | 000,818,432 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Firewall Plus\FWService.exe
PRC - [2007/06/13 13:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/08/04 01:56:52 | 000,015,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe


========== Modules (No Company Name) ==========

MOD - [2012/07/19 10:06:41 | 001,784,320 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\defs\12071901\algo.dll
MOD - [2012/07/19 02:58:03 | 001,783,808 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\defs\12071900\algo.dll
MOD - [2010/11/29 21:02:28 | 000,021,952 | ---- | M] () -- C:\WINDOWS\system32\SpyShelterShellExt.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [Disabled | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®
SRV - [2012/07/03 19:21:29 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/08/17 21:05:03 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011/06/26 09:45:56 | 000,256,000 | R--- | M] () [Auto | Stopped] -- C:\ff33\pev.3XE -- (PEVSystemStart)
SRV - [2010/12/21 15:04:30 | 000,987,704 | ---- | M] (Secunia) [On_Demand | Stopped] -- C:\Program Files\Secunia\PSI\psia.exe -- (Secunia PSI Agent)
SRV - [2009/11/09 12:20:14 | 000,818,432 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\PC Tools Firewall Plus\FWService.exe -- (PCToolsFirewallPlus)
SRV - [2009/10/10 11:57:50 | 000,246,272 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Join Air\AssistantServices.exe -- (UI Assistant Service)
SRV - [2005/01/14 10:32:38 | 000,053,248 | ---- | M] () [Disabled | Stopped] -- C:\WINDOWS\system32\PAStiSvc.exe -- (STI Simulator)
SRV - [2004/08/04 01:56:52 | 000,015,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (W3SVC)
SRV - [2004/08/04 01:56:52 | 000,015,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (SMTPSVC) Simple Mail Transfer Protocol (SMTP)
SRV - [2004/08/04 01:56:52 | 000,015,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN)
SRV - [2004/08/04 01:56:46 | 000,086,016 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\p2pgasvc.dll -- (p2pgasvc)
SRV - [2004/08/04 01:56:44 | 000,035,328 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\iprip.dll -- (Iprip)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Disabled | Stopped] -- system32\DRIVERS\usbser_lowerflt.sys -- (upperdev)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\adi\LOCALS~1\Temp\mfe_rr.sys -- (MFE_RR)
DRV - File not found [File_System | Disabled | Stopped] -- system32\DRIVERS\ImmunetProtect.sys -- (ImmunetProtectDriver)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\adi\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | Boot | Stopped] -- System32\DRIVERS\avgarkt.sys -- (AVG Anti-Rootkit)
DRV - File not found [File_System | Disabled | Stopped] -- system32\DRIVERS\5154868drv.sys -- (5154868drv)
DRV - File not found [Kernel | Disabled | Stopped] -- system32\DRIVERS\40567467.sys -- (40567467)
DRV - File not found [File_System | System | Stopped] -- system32\DRIVERS\2749258drv.sys -- (2749258drv)
DRV - File not found [Kernel | Disabled | Stopped] -- system32\DRIVERS\06912180.sys -- (06912180)
DRV - [2012/07/03 19:21:54 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/07/03 19:21:53 | 000,721,000 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/07/03 19:21:53 | 000,353,688 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/07/03 19:21:53 | 000,097,608 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2012/07/03 19:21:53 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2012/07/03 19:21:53 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012/07/03 19:21:52 | 000,025,256 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/08/04 22:26:49 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/08/04 22:26:49 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2011/07/21 11:27:22 | 000,121,560 | ---- | M] (Zemana Ltd.) [Kernel | System | Running] -- C:\Program Files\AntiLogger\AntiLog32.sys -- (AntiLog32)
DRV - [2011/05/05 01:45:15 | 000,304,712 | ---- | M] (BitDefender S.R.L.) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Trufos.sys -- (Trufos)
DRV - [2011/05/05 01:45:15 | 000,031,952 | ---- | M] (Windows ® Codename Longhorn DDK provider) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\ImmunetSelfProtect.sys -- (ImmunetSelfProtectDriver)
DRV - [2010/12/30 15:19:40 | 000,016,640 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Apowersoft_AudioDevice.sys -- (Apowersoft_AudioDevice)
DRV - [2010/12/18 22:16:24 | 000,188,352 | ---- | M] (SpyShelter) [Kernel | System | Running] -- C:\Program Files\SpyShelter Premium\SpyShelter.sys -- (SpyShelter)
DRV - [2010/11/26 18:02:52 | 000,014,776 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV - [2010/09/09 19:06:10 | 000,065,136 | ---- | M] (ITOS) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\ShredderDriver32.sys -- (ShredderVolumeDriver)
DRV - [2010/09/01 11:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\psi_mf.sys -- (PSI)
DRV - [2010/01/13 09:59:28 | 000,115,216 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pctplfw.sys -- (pctplfw)
DRV - [2010/01/12 10:34:14 | 000,070,664 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pctNdis-PacketFilter.sys -- (PCTFW-PacketFilter)
DRV - [2010/01/07 13:40:26 | 000,233,136 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\pctgntdi.sys -- (pctgntdi)
DRV - [2010/01/07 12:35:06 | 000,058,816 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pctNdis.sys -- (pctNDIS)
DRV - [2009/11/23 14:54:20 | 000,088,040 | ---- | M] (PC Tools) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\PCTAppEvent.sys -- (PCTAppEvent)
DRV - [2009/09/27 09:46:32 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2009/09/27 09:46:32 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2009/09/27 09:46:32 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2009/09/27 09:46:16 | 000,009,216 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\massfilter.sys -- (massfilter)
DRV - [2008/08/26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/06/20 12:52:06 | 000,225,920 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2007/07/29 01:39:55 | 000,008,704 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ggsemc.sys -- (ggsemc)
DRV - [2007/04/03 13:57:54 | 000,099,080 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s116unic.sys -- (s116unic) Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (WDM)
DRV - [2007/04/03 13:57:52 | 000,098,696 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s116obex.sys -- (s116obex)
DRV - [2007/04/03 13:57:52 | 000,023,176 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s116nd5.sys -- (s116nd5) Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (NDIS)
DRV - [2007/04/03 13:57:50 | 000,100,488 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s116mgmt.sys -- (s116mgmt) Sony Ericsson Device 116 USB WMC Device Management Drivers (WDM)
DRV - [2007/04/03 13:57:48 | 000,108,680 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s116mdm.sys -- (s116mdm)
DRV - [2007/04/03 13:57:48 | 000,015,112 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s116mdfl.sys -- (s116mdfl)
DRV - [2007/04/03 13:57:42 | 000,083,336 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s116bus.sys -- (s116bus) Sony Ericsson Device 116 driver (WDM)
DRV - [2006/11/10 11:46:52 | 000,061,600 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE2Bbus.sys -- (SE2Bbus) Sony Ericsson Device 043 Driver driver (WDM)
DRV - [2006/11/10 09:47:18 | 000,090,800 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se2Bunic.sys -- (se2Bunic) Sony Ericsson Device 043 USB Ethernet Emulation SEMC43 (WDM)
DRV - [2006/11/10 09:47:10 | 000,086,560 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE2Bobex.sys -- (SE2Bobex)
DRV - [2006/11/10 09:47:08 | 000,018,704 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se2Bnd5.sys -- (se2Bnd5) Sony Ericsson Device 043 USB Ethernet Emulation SEMC43 (NDIS)
DRV - [2006/11/10 09:47:06 | 000,088,688 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE2Bmgmt.sys -- (SE2Bmgmt) Sony Ericsson Device 043 USB WMC Device Management Drivers (WDM)
DRV - [2006/11/10 09:47:00 | 000,097,184 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE2Bmdm.sys -- (SE2Bmdm)
DRV - [2006/11/10 09:46:58 | 000,009,360 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE2Bmdfl.sys -- (SE2Bmdfl)
DRV - [2006/02/20 14:46:13 | 000,009,856 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2004/08/03 22:32:32 | 000,084,480 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ac97via.sys -- (VIAudio) VIA AC'97 Audio Controller (WDM)
DRV - [2004/08/03 22:29:28 | 000,701,440 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004/05/26 17:08:00 | 000,007,296 | R--- | M] (ASUSTeK Computer Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\EIO.sys -- (EIO)
DRV - [2004/04/23 10:47:20 | 000,041,344 | R--- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2001/08/17 16:51:32 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\irsir.sys -- (irsir)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Use Custom Search URL = 0
IE - HKLM\..\SearchScopes,DefaultScope = {56256A51-B582-467e-B8D4-7786EDA79AE0}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ro/
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask...C-7934EA008FD1
IE - HKCU\..\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}: "URL" = http://www.crawler.c...rms}&tbid=60076
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT1060933
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.ro/"
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: File not found
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.3: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.775: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.775: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=1.0.0.0: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.775: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\[email protected]/YahooActiveXPluginBridge;version=1.0.0.1: File not found
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: File not found
FF - HKCU\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine: C:\Documents and Settings\adi\Application Data\nprhapengine.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2012/07/04 00:30:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/18 00:13:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/06/25 14:10:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Pale Moon 9.2\extensions\\Components: C:\Program Files\Pale Moon\components [2012/02/27 01:27:02 | 000,000,000 | ---D | M]

[2012/05/10 17:00:24 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\adi\Application Data\Mozilla\Extensions
[2012/07/07 00:30:19 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\adi\Application Data\Mozilla\Firefox\Profiles\39weealm.default\extensions
[2012/06/25 13:56:14 | 000,000,000 | ---D | M] (Qualys BrowserCheck) -- C:\Documents and Settings\adi\Application Data\Mozilla\Firefox\Profiles\39weealm.default\extensions\{7D2FB79E-E58C-4DB5-A36F-AC1C73967F4D}
[2012/05/17 20:55:34 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\adi\Application Data\Mozilla\Firefox\Profiles\39weealm.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2012/05/10 17:10:22 | 000,000,000 | ---D | M] (SimilarWeb) -- C:\Documents and Settings\adi\Application Data\Mozilla\Firefox\Profiles\39weealm.default\extensions\[email protected]
[2012/05/10 17:10:23 | 000,000,000 | ---D | M] (PDF and Print with Joliprint) -- C:\Documents and Settings\adi\Application Data\Mozilla\Firefox\Profiles\39weealm.default\extensions\[email protected]
[2012/05/10 17:10:23 | 000,000,000 | ---D | M] (Is It Compatible?) -- C:\Documents and Settings\adi\Application Data\Mozilla\Firefox\Profiles\39weealm.default\extensions\[email protected]
[2012/03/21 23:17:40 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\adi\Application Data\Mozilla\Firefox\Profiles\nodvhopv.default\extensions
[2012/03/04 13:53:43 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\adi\Application Data\Mozilla\Firefox\Profiles\nodvhopv.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2012/01/07 12:55:35 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\adi\Application Data\Mozilla\Firefox\Profiles\nodvhopv.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2012/02/12 04:45:01 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Documents and Settings\adi\Application Data\Mozilla\Firefox\Profiles\nodvhopv.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2011/12/24 10:04:24 | 000,000,000 | ---D | M] (SimilarWeb) -- C:\Documents and Settings\adi\Application Data\Mozilla\Firefox\Profiles\nodvhopv.default\extensions\[email protected]
[2011/09/25 00:17:46 | 000,000,000 | ---D | M] (PDF and Print with Joliprint) -- C:\Documents and Settings\adi\Application Data\Mozilla\Firefox\Profiles\nodvhopv.default\extensions\[email protected]
[2012/02/05 02:30:14 | 000,000,000 | ---D | M] (Is It Compatible?) -- C:\Documents and Settings\adi\Application Data\Mozilla\Firefox\Profiles\nodvhopv.default\extensions\[email protected]
[2012/03/01 04:23:09 | 000,000,000 | ---D | M] (Awesome screenshot: Capture and Annotate) -- C:\Documents and Settings\adi\Application Data\Mozilla\Firefox\Profiles\nodvhopv.default\extensions\jid0-GXjLLfbCoAx0LcltEdFrEkQdQPI@jetpack
[2012/06/09 19:42:16 | 000,002,112 | ---- | M] () -- C:\Documents and Settings\adi\Application Data\Moonchild Productions\Pale Moon\Profiles\tsf524v6.default\searchplugins\wot-safe-search.xml
[2012/05/10 17:00:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/02/27 01:45:02 | 000,084,737 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\ADI\APPLICATION DATA\MOONCHILD PRODUCTIONS\PALE MOON\PROFILES\TSF524V6.DEFAULT\EXTENSIONS\{02450914-CDD9-410F-B1DA-DB004E18C671}.XPI
[2012/02/02 16:12:58 | 000,000,000 | ---D | M] (WOT) -- C:\DOCUMENTS AND SETTINGS\ADI\APPLICATION DATA\MOONCHILD PRODUCTIONS\PALE MOON\PROFILES\TSF524V6.DEFAULT\EXTENSIONS\{A0D7CCB3-214D-498B-B4AA-0E8FDA9A7BF7}
[2012/02/02 16:12:59 | 000,634,964 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\ADI\APPLICATION DATA\MOONCHILD PRODUCTIONS\PALE MOON\PROFILES\TSF524V6.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012/02/27 01:26:57 | 000,058,429 | ---- | M] () (No name found) -- C:\PROGRAM FILES\PALE MOON\EXTENSIONS\[email protected]
[2012/07/18 00:13:49 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2004/07/02 15:51:00 | 000,327,904 | ---- | M] (Macromedia, Inc.) -- C:\Program Files\mozilla firefox\components\np32asw.dll
[2004/07/02 15:51:00 | 000,327,904 | ---- | M] (Macromedia, Inc.) -- C:\Program Files\mozilla firefox\plugins\np32asw.dll
[2010/12/27 12:36:17 | 000,075,256 | ---- | M] (Foxit Corporation) -- C:\Program Files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
[2012/06/25 15:00:59 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/06/25 15:00:59 | 000,001,179 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipediaro.xml

O1 HOSTS File: ([2012/06/26 16:59:54 | 000,000,002 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll ()
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O4 - HKLM..\Run: [00PCTFW] C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe (PC Tools)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\StartUp\RDS.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesMyComputer = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileAssociate = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Advanced\Folder\Hidden\SHOWALL: CheckedValue = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoManageMyComputerVerb = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuPinnedList = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoUserNameInStartMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuSubFolders = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCommonGroups = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPrinterTabs = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDeletePrinter = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAddPrinter = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPrinters = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetworkConnections = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFavoritesMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeAnimation = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeKeyboardNavigationIndicators = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Advanced\Folder\Hidden\SHOWALL: CheckedValue = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Avast = C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run-Disabled: SpyShelter = C:\PROGRAM FILES\SPYSHELTER PREMIUM\SPYSHELTER.EXE ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoSecCpl = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bit...m/qsax/qsax.cab (Reg Error: Key error.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {7D2FB79E-E58C-4DB5-A36F-AC1C73967F4D} https://browsercheck....com/qbc_ax.cab (Qualys BrowserCheck)
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} http://fichiers.tous...fig_4_0_2_0.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_05)
O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_05)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9C312060-C0EE-462D-9DDB-B5580F6FF6F9}: NameServer = 193.231.252.221 213.154.124.221
O18 - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/10/18 02:06:08 | 000,000,002 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010/08/25 10:59:08 | 000,000,061 | ---- | M] () - C:\autoexec.plu -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (SmartDefragBootTime.exe)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/19 16:31:24 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\adi\Recent
[2012/07/19 16:12:27 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\adi\Desktop\OTL.exe
[2012/07/19 07:28:21 | 000,000,000 | --SD | C] -- C:\ff33
[2012/07/18 00:25:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\adi\Desktop\MIHAI S4 statie 25.07 DAU
[2012/07/17 13:10:23 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\adi\Desktop\HijackThis.exe
[2012/07/16 22:53:57 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/07/16 22:47:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\adi\Desktop\Bajenaru S6 1m Trotuar 19.07 DAU
[2012/07/16 22:36:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\adi\Desktop\ADRIAN S4 inters.Mitropolie LocGRESIT 24iulieDAU
[2012/07/15 23:20:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2012/07/14 08:52:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\adi\Desktop\gmer
[2012/07/14 07:40:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\adi\Desktop\Bleeping TOOLS
[2012/07/14 07:31:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\adi\Desktop\MODELE Plangeri
[2012/07/12 06:16:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\adi\Desktop\Panescu S6 1m Trotuar 19iulieDAU
[2012/07/06 20:27:03 | 193,497,560 | ---- | C] (Norman ASA) -- C:\Documents and Settings\adi\Desktop\Norman_Malware_Cleaner(1).exe
[2012/07/04 05:21:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\adi\Application Data\Foxit Software
[2012/07/03 15:43:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\adi\Doctor Web
[2012/06/30 19:38:27 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/06/30 19:38:26 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/06/30 19:00:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\adi\Desktop\LOGS
[2012/06/30 02:45:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\adi\Application Data\Panda Security
[2012/06/30 02:41:58 | 000,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2012/06/30 02:41:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Panda Security
[2012/06/30 02:40:27 | 000,000,000 | ---D | C] -- C:\temp
[2012/06/28 00:04:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sophos
[2012/06/27 17:23:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\adi\Desktop\UNELTE Dezinfectie
[2012/06/27 02:23:44 | 000,000,000 | ---D | C] -- C:\Program Files\RegCleaner
[2012/06/26 18:57:42 | 000,205,072 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2012/06/26 14:23:41 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/06/26 14:23:41 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/06/26 12:28:23 | 004,566,027 | R--- | C] (Swearware) -- C:\Documents and Settings\adi\Desktop\ff33.exe
[2012/06/25 14:30:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Foxit Reader
[2012/06/25 14:16:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\adi\Local Settings\Application Data\Sun
[2012/06/25 14:12:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/06/25 14:11:00 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle
[2012/06/25 14:10:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\adi\Application Data\Oracle
[2012/06/24 01:27:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2012/06/23 19:32:51 | 000,288,417 | ---- | C] (S!Ri) -- C:\WINDOWS\System32\SrchSTS.exe
[2012/06/23 19:32:51 | 000,053,248 | ---- | C] (http://www.beyondlogic.org) -- C:\WINDOWS\System32\Process.exe
[2012/06/23 15:57:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\adi\Application Data\Simply Super Software
[2012/06/23 15:52:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Trojan Remover
[2012/06/23 15:52:48 | 000,605,968 | ---- | C] (Igor Pavlov) -- C:\WINDOWS\System32\ztv7z.dll
[2012/06/23 15:52:45 | 000,000,000 | ---D | C] -- C:\Program Files\Trojan Remover
[2012/06/23 15:52:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Simply Super Software
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/07/19 16:33:02 | 000,001,028 | ---- | M] () -- C:\Documents and Settings\adi\My Documents\cc_20120719_163253.reg
[2012/07/19 16:12:42 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\adi\Desktop\OTL.exe
[2012/07/19 13:13:55 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012/07/19 13:11:42 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/07/18 16:23:56 | 000,010,369 | ---- | M] () -- C:\Documents and Settings\adi\Application Data\mainhst.zgh
[2012/07/18 00:30:01 | 000,000,318 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2012/07/17 13:18:40 | 000,000,668 | ---- | M] () -- C:\WINDOWS\zipgenius.xml
[2012/07/17 13:10:27 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\adi\Desktop\HijackThis.exe
[2012/07/15 23:59:50 | 143,162,232 | ---- | M] () -- C:\Documents and Settings\adi\Desktop\setup_11.0.0.1245.x01_2012_07_15_22_55.exe
[2012/07/14 08:35:20 | 000,000,144 | ---- | M] () -- C:\WINDOWS\Wininit.ini
[2012/07/14 07:27:10 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\adi\defogger_reenable
[2012/07/13 18:42:39 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\adi\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/07/12 21:17:36 | 000,000,334 | ---- | M] () -- C:\Documents and Settings\adi\Local Settings\Application Data\magnifier.ini
[2012/07/07 21:28:22 | 092,604,408 | ---- | M] () -- C:\Documents and Settings\adi\Desktop\drweb-cureit.exe
[2012/07/07 21:18:27 | 000,028,826 | ---- | M] () -- C:\Documents and Settings\adi\My Documents\cc_20120707_211821.reg
[2012/07/06 20:30:04 | 193,497,560 | ---- | M] (Norman ASA) -- C:\Documents and Settings\adi\Desktop\Norman_Malware_Cleaner(1).exe
[2012/07/04 05:25:23 | 000,000,809 | ---- | M] () -- C:\Documents and Settings\adi\Application Data\Microsoft\Internet Explorer\Quick Launch\Foxit Reader.lnk
[2012/07/04 00:30:32 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012/07/03 19:21:54 | 000,054,232 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2012/07/03 19:21:53 | 000,721,000 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2012/07/03 19:21:53 | 000,353,688 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2012/07/03 19:21:53 | 000,097,608 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2012/07/03 19:21:53 | 000,089,624 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2012/07/03 19:21:53 | 000,035,928 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2012/07/03 19:21:53 | 000,021,256 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2012/07/03 19:21:52 | 000,025,256 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2012/07/03 19:21:32 | 000,041,224 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2012/07/03 19:21:28 | 000,227,648 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/07/02 06:35:21 | 000,000,211 | -H-- | M] () -- C:\boot.ini
[2012/07/02 05:39:54 | 000,001,718 | ---- | M] () -- C:\Documents and Settings\adi\Application Data\Microsoft\Internet Explorer\Quick Launch\avast! Free Antivirus.lnk
[2012/06/30 19:37:39 | 004,566,027 | R--- | M] (Swearware) -- C:\Documents and Settings\adi\Desktop\ff33.exe
[2012/06/28 23:19:30 | 000,000,512 | ---- | M] () -- C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task 09a1b4e4-acdc-4a60-97c9-c92582f1b3aa.job
[2012/06/27 17:33:22 | 000,000,645 | ---- | M] () -- C:\Documents and Settings\adi\Application Data\Microsoft\Internet Explorer\Quick Launch\RegCleaner.lnk
[2012/06/27 17:22:04 | 001,241,947 | ---- | M] () -- C:\Documents and Settings\adi\Desktop\avenger.zip
[2012/06/26 22:00:35 | 001,012,656 | ---- | M] () -- C:\Documents and Settings\adi\Desktop\iExplore.exe
[2012/06/26 18:57:40 | 000,205,072 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2012/06/26 18:01:41 | 000,532,620 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/06/26 18:01:41 | 000,096,744 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/06/26 17:45:27 | 000,000,026 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.backup
[2012/06/26 16:59:54 | 000,000,002 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/06/26 04:24:05 | 000,002,106 | ---- | M] () -- C:\Documents and Settings\adi\My Documents\cc_20120626_042400.reg
[2012/06/24 04:02:36 | 000,000,842 | ---- | M] () -- C:\Documents and Settings\adi\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to procexp.exe.lnk
[2012/06/24 03:32:51 | 000,004,784 | ---- | M] () -- C:\Documents and Settings\adi\My Documents\cc_20120624_033244.reg
[2012/06/23 19:42:16 | 000,000,908 | ---- | M] () -- C:\WINDOWS\System32\tmp.reg
[2012/06/23 15:52:52 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\adi\Application Data\Microsoft\Internet Explorer\Quick Launch\Trojan Remover.lnk
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/07/19 16:34:29 | 000,025,944 | ---- | C] () -- C:\WINDOWS\System32\SmartDefragBootTime.exe
[2012/07/19 16:33:00 | 000,001,028 | ---- | C] () -- C:\Documents and Settings\adi\My Documents\cc_20120719_163253.reg
[2012/07/15 23:46:24 | 143,162,232 | ---- | C] () -- C:\Documents and Settings\adi\Desktop\setup_11.0.0.1245.x01_2012_07_15_22_55.exe
[2012/07/14 07:27:10 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\adi\defogger_reenable
[2012/07/07 21:23:59 | 092,604,408 | ---- | C] () -- C:\Documents and Settings\adi\Desktop\drweb-cureit.exe
[2012/07/07 21:18:25 | 000,028,826 | ---- | C] () -- C:\Documents and Settings\adi\My Documents\cc_20120707_211821.reg
[2012/07/04 05:25:23 | 000,000,809 | ---- | C] () -- C:\Documents and Settings\adi\Application Data\Microsoft\Internet Explorer\Quick Launch\Foxit Reader.lnk
[2012/07/04 00:30:31 | 000,000,318 | -H-- | C] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2012/07/02 22:17:53 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012/06/30 19:38:27 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/06/27 17:33:22 | 000,000,645 | ---- | C] () -- C:\Documents and Settings\adi\Application Data\Microsoft\Internet Explorer\Quick Launch\RegCleaner.lnk
[2012/06/27 02:10:44 | 001,241,947 | ---- | C] () -- C:\Documents and Settings\adi\Desktop\avenger.zip
[2012/06/26 21:59:43 | 001,012,656 | ---- | C] () -- C:\Documents and Settings\adi\Desktop\iExplore.exe
[2012/06/26 14:23:43 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/06/26 14:23:41 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/06/26 14:23:41 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/06/26 14:23:41 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/06/26 04:24:04 | 000,002,106 | ---- | C] () -- C:\Documents and Settings\adi\My Documents\cc_20120626_042400.reg
[2012/06/24 04:02:36 | 000,000,842 | ---- | C] () -- C:\Documents and Settings\adi\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to procexp.exe.lnk
[2012/06/24 03:32:49 | 000,004,784 | ---- | C] () -- C:\Documents and Settings\adi\My Documents\cc_20120624_033244.reg
[2012/06/23 15:52:52 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\adi\Application Data\Microsoft\Internet Explorer\Quick Launch\Trojan Remover.lnk
[2012/06/23 15:52:48 | 000,185,616 | ---- | C] () -- C:\WINDOWS\System32\ztvunrar39.dll
[2012/05/20 06:28:17 | 000,224,690 | ---- | C] () -- C:\Documents and Settings\adi\Local Settings\Application Data\census.cache
[2012/05/20 06:28:02 | 000,208,536 | ---- | C] () -- C:\Documents and Settings\adi\Local Settings\Application Data\ars.cache
[2011/08/31 03:47:14 | 000,110,602 | ---- | C] () -- C:\WINDOWS\System32\xcdsfx32.bin
[2011/08/28 18:44:05 | 000,014,776 | ---- | C] () -- C:\WINDOWS\System32\drivers\SmartDefragDriver.sys
[2011/08/16 23:07:54 | 000,000,218 | ---- | C] () -- C:\Documents and Settings\adi\.recently-used.xbel
[2011/07/27 02:17:02 | 000,034,704 | ---- | C] () -- C:\WINDOWS\syscall.dat
[2011/05/11 00:09:43 | 000,002,036 | ---- | C] () -- C:\WINDOWS\System32\ASOROSet.bin
[2011/05/04 08:21:12 | 000,016,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011/04/25 13:56:50 | 016,609,280 | ---- | C] () -- C:\Documents and Settings\adi\NTUSER.rhk
[2011/04/13 16:51:27 | 000,293,194 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-515967899-179605362-682003330-1003-0.dat
[2011/04/07 21:30:22 | 000,293,194 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2011/03/13 07:59:00 | 000,000,924 | ---- | C] () -- C:\Documents and Settings\adi\Application Data\DownloadManagerFiles.xml
[2011/01/27 00:50:23 | 000,021,952 | ---- | C] () -- C:\WINDOWS\System32\SpyShelterShellExt.dll
[2011/01/27 00:50:22 | 001,740,800 | ---- | C] () -- C:\WINDOWS\System32\Osklauncher.exe
[2011/01/27 00:50:22 | 000,054,784 | ---- | C] () -- C:\WINDOWS\System32\inject_logon_dll.dll
[2011/01/23 20:18:27 | 000,334,144 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/11/26 14:43:47 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\adi\.recently-used.xbel.ZSESMV
[2010/11/11 04:28:34 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\adi\.recently-used.xbel.ECXULV
[2010/11/06 21:08:52 | 000,000,218 | ---- | C] () -- C:\Documents and Settings\adi\.recently-used.xbel.PDKVLV
[2010/10/29 22:00:06 | 000,000,164 | ---- | C] () -- C:\WINDOWS\install.dat
[2010/08/26 16:24:39 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\adi\Local Settings\Application Data\housecall.guid.cache
[2010/03/03 00:26:20 | 000,000,334 | ---- | C] () -- C:\Documents and Settings\adi\Local Settings\Application Data\magnifier.ini
[2009/09/07 02:14:21 | 000,044,098 | ---- | C] () -- C:\Documents and Settings\adi\usrlgo.bmp
[2009/08/15 17:55:13 | 000,000,440 | RHS- | C] () -- C:\Documents and Settings\adi\ntuser.pol
[2009/07/28 19:11:59 | 000,010,369 | ---- | C] () -- C:\Documents and Settings\adi\Application Data\mainhst.zgh
[2008/01/24 04:29:11 | 000,001,024 | ---- | C] () -- C:\Documents and Settings\adi\Application Data\WavCodec.wff
[2007/04/30 01:34:17 | 000,000,588 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol
[2007/03/14 23:11:24 | 000,018,944 | ---- | C] () -- C:\Documents and Settings\adi\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/01/05 04:15:45 | 000,001,798 | ---- | C] () -- C:\Program Files\norton-etc.html

========== LOP Check ==========

[2011/07/28 13:35:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\adi\Application Data\Abelssoft
[2006/02/20 21:49:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\adi\Application Data\ACD Systems
[2011/07/14 01:51:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\adi\Application Data\Apowersoft
[2011/06/16 04:21:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\adi\Application Data\Auslogics
[2010/07/13 05:43:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\adi\Application Data\DeepBurner
[2011/04/24 14:46:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\adi\Application Data\Easy Watermark Studio
[2012/05/14 04:22:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\adi\Application Data\EurekaLog
[2012/07/04 05:21:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\adi\Application Data\Foxit Software
[2012/05/13 23:57:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\adi\Application Data\FreeFixer
[2010/08/07 20:41:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\adi\Application Data\GlarySoft
[2011/05/18 21:17:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\adi\Application Data\Godlike
[2012/06/18 03:01:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\adi\Application Data\ImgBurn
[2011/07/19 14:31:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\adi\Application Data\IObit
[2009/07/02 06:28:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\adi\Application Data\KC Softwares
[2011/06/17 06:50:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\adi\Application Data\Moonchild Productions
[2011/07/04 14:26:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\adi\Application Data\NCH Swift Sound
[2012/06/14 23:24:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\adi\Application Data\NeoDownloader
[2011/05/10 07:47:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\adi\Application Data\Nokia
[2012/06/25 14:10:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\adi\Application Data\Oracle
[2012/06/30 02:45:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\adi\Application Data\Panda Security
[2008/07/16 06:29:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\adi\Application Data\PC Suite
[2011/03/13 13:40:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\adi\Application Data\PCToolsFirewallPlus
[2011/07/30 18:50:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\adi\Application Data\PhotoScissorsPilot
[2012/05/10 21:32:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\adi\Application Data\POP Peeper
[2012/01/06 00:27:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\adi\Application Data\ProcessLasso
[2011/01/11 05:13:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\adi\Application Data\Qualys
[2011/05/04 11:08:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\adi\Application Data\QuickScan
[2012/06/23 15:57:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\adi\Application Data\Simply Super Software
[2007/07/31 13:52:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\adi\Application Data\Sony Setup
[2011/01/27 00:53:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\adi\Application Data\SpyShelter
[2011/05/30 00:37:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\adi\Application Data\Systweak
[2009/09/23 12:41:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\adi\Application Data\Teleca
[2011/02/24 19:46:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\adi\Application Data\TuneUp Software
[2010/08/26 20:58:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\adi\Application Data\Ulead Systems
[2011/11/21 23:08:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\adi\Application Data\URSoft
[2011/11/04 02:08:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\adi\Application Data\WinPatrol
[2012/06/14 23:13:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\adi\Application Data\Workrave
[2010/12/22 20:45:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\adi\Application Data\ZipGenius
[2011/08/04 22:26:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\!SASCORE
[2006/02/20 14:46:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ACD Systems
[2010/03/18 00:13:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2011/01/11 07:29:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ashampoo
[2012/05/13 17:31:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HitmanPro
[2012/06/30 16:26:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2012/01/07 16:01:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallMate
[2008/01/24 04:05:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2012/06/30 02:41:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Panda Security
[2008/07/16 06:29:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2011/06/09 03:34:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ProcessLasso
[2012/06/23 15:52:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Simply Super Software
[2012/06/28 00:04:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sophos
[2011/05/30 00:37:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Systweak
[2011/04/15 01:55:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2011/03/11 07:52:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2009/07/31 23:07:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YAHOO
[2011/07/27 02:16:53 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{09A359E3-1191-4CB0-AA60-38A84C758D70}
[2011/02/24 19:43:51 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
[2012/07/18 00:30:01 | 000,000,318 | -H-- | M] () -- C:\WINDOWS\Tasks\avast! Emergency Update.job
[2012/07/19 09:06:09 | 000,032,552 | ---- | M] () -- C:\WINDOWS\Tasks\SCHEDLGU.TXT
[2012/06/28 23:19:30 | 000,000,512 | ---- | M] () -- C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 09a1b4e4-acdc-4a60-97c9-c92582f1b3aa.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 220 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB0AACC9
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C31F31E6

< End of report >

Edited by Idefix12, 19 July 2012 - 11:08 AM.

  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP